Methods, systems, and devices for communications are described. A device or a group of devices may generate data. The group of devices may receive a group profile from a node that identifies the devices to be included, and the group profile may include a function to be evaluated at each of the devices. The node may also provision evaluation parameters which may allow the device to provide authenticated aggregate data to a requesting third party, without sharing the data between the devices, thus concurrently maintaining individual data privacy and data provenance.

Provided are a training method and apparatus for a distributed machine learning model, a device and a medium. The training method includes: acquiring a first homomorphic encryption intermediate parameter and a second homomorphic encryption intermediate parameter; generating a first interference parameter, and forming a first encryption interference parameter by encrypting the first interference parameter by using a second homomorphic public key of a second participant; performing calculation based on the first homomorphic encryption intermediate parameter, the second homomorphic encryption intermediate parameter, the first encryption interference parameter and the homomorphic calculation function of a first submodel to generate a first encryption key parameter.

A secure table reference system includes a first combining part 11.sub.n for generating [v′] of v′ ∈ F.sup.m+nt in which d and v are combined, a difference calculation part 12.sub.n for generating [r″] of r″ that has a difference between a certain element of r and an element before the certain element as an element corresponding to the certain element, a second combining part 13.sub.n for generating [r′] of r′ ∈ F.sup.m+nt in which r″ and an m-dimensional zero are combined, a permutation calculation part 14.sub.n for generating {{σ}} of a permutation σ that stably sorts v′ in ascending order, a permutation application part 15.sub.n for generating [s] of s: =σ(r′) obtained by applying the permutation σ to r′, a vector generation part 16.sub.n for generating [s′] of a prefix-sum s′ of s, an inverse permutation application part for generating [s″] of s″ obtained by applying an inverse permutation σ.sup.−1 of the permutation σ to s′, and an output part 17.sub.n for generating [x] of x ∈ F.sup.m consisting of (n.sub.t+1)th and subsequent elements of s″.

A method for implementing a secure multiparty inner product computation between two parties using an SPDZ protocol involves having a first party and a second party compute, for i=1, . . . , k, a vector (I)=(II) based on a vector (x={x.sub.1, . . . , x.sub.N}), and a vector (w={W.sub.1, W.sub.N}), respectively, where (I)=(X.sub.2i-1X.sub.2i) (III)=W.sub.2i-1W.sub.2i, N is the total number of elements in the vectors k=N/2. The vectors (I), and (III) are securely shared between the parties. The parties then jointly compute SPDZ protocol Add([w.sub.2i], [x.sub.2i-1]) and Add([w.sub.2i], [x.sub.2i-1]) to determine shares [w.sub.2i-1+x.sub.2i] and [w.sub.2i+x.sub.2i-1] respectively, and then compute, for i=1, . . . , k, inner product shares [d.sub.i] by performing SPDZ protocol Mult([w.sub.2i-1+x.sub.2i], [w.sub.2i+x.sub.2i-1]). SPDZ protocol ([Add d.sub.1], . . . , [d.sub.k], -(IV), . . . , -(V), -(VI), -, (VII)) is then performed to determine the inner product.

Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.

In an encryption authentication system, a service server transmits the third encryption information to a user terminal, in a case where the service server receives a request from the user terminal. The user terminal calculates fourth encryption information and transmits the fourth encryption information to an encryption server. The encryption server and the calculation server cooperate with each other to calculate encryption information as a collation target and transmit the encryption information to the service server. The service server obtains a coincidence degree between the first plaintext information included in the encryption information as the collation target and the second plaintext information, by a collation function using a third encryption key and a second encryption key used to calculate registration encryption information, and transmits an authentication result corresponding to the coincidence degree to the user terminal.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

Each of the secure computation server apparatuses includes a bit-decomposition operation part that performs a bit-decomposition for a share value secretly shared with a constant number of rounds; a table operation part that determines a success or failure of an equality at each bit of the bit-decomposition using a table in which determination expressions for determination whether or not the equality holds at each bit are arranged in a row direction, and combinations of the determination expressions are arranged in a column direction; and an equality determination part that performs equality determination with a constant number of rounds for a value that accumulates a result of the success or failure of the equality at each bit of the bit-decomposition to determine an array reference corresponding to the share value.

In response to a key generation request from a client application, a security controller generates a cryptographic key pair and splits the private key portion into a first fragment and a second fragment. The first fragment, but not the second fragment, is encrypted using a symmetric wrapping key that is accessible to the security controller but not the client application. A key package with the encrypted first fragment is returned to the client application. When the client application needs to digitally sign a data value with the split private key, the client application generates a first partial Multiparty Computation (MPC) signature using the second fragment. The security controller generates a second partial MPC signature with the first fragment, which has been decrypted using the symmetric wrapping key. The first and second partial MPC signatures are combinable to digitally sign the data value.

Preventing misuse of a cryptographic key by receiving a request to carry out a cryptographic operation using a cryptographic key from a requesting entity, distributing the request to a quorum comprising multiple computerized devices, receiving a decision from the multiple computerized devices on whether or not the cryptographic operation using the cryptographic key is allowed, and carrying out the cryptographic operation using the cryptographic key according to the decision from the multiple computerized devices.