The invention proposes a method comprising the evaluation of a function F obtained by applying to n sub-functions f.sub.i a first operation, the evaluation comprising: the application of a series of calculation steps in which a first unit assumes a role of a client and a second unit assumes a role of a server, and the repetition of the series of calculation steps in which the roles of client and of server are exchanged between the units,
each series of steps comprising: a) randomly generating, by the server, first data, and a second datum, b) for each sub-function f.sub.i, generating by the server a set of elements formed by: a result of f.sub.i evaluated in the data of the client and of the server, masked by a first datum, by applying the first operation between the result and the first datum, and masked by the second datum, by applying between the masked result and the second datum of a second operation different from the first and distributed relatively to the latter, c) recovering by oblivious transfer, by the client, an intermediate datum corresponding to one of the elements generated by the server, d) generating, by the server, a first result portion, by: masking each first datum with the second datum, applying to all the first masked data of the first operation, and e) generating by the client, a second result portion, by applying all the intermediate data of the first operation.

P.sub.i and P.sub.+ have stored a.sub.+∈{a.sub.0, a.sub.1, a.sub.2} and b.sub.+∈{b.sub.0, b.sub.1, b.sub.2} therein, and P.sub.i and P.sub.− have stored a.sub.−∈A.sub.− and b.sub.−∈B.sub.− therein. Here, P.sub.+−P.sub.(i+1)mod 3, P.sub.−=P.sub.(i−1)mod 3, and a and b are arbitrary values and satisfy a=a.sub.0+a.sub.1+a.sub.2 and b=b.sub.0+b.sub.1+b.sub.2, where A.sub.− is a complement of a.sub.+ in {a.sub.0, a.sub.1, a.sub.2} and B.sub.− is a complement of b.sub.+ in {b.sub.0, b.sub.1, b.sub.2}. P.sub.i and P.sub.+ share r.sub.+, P.sub.i and P.sub.− share r.sub.−, and P.sub.i calculates c.sub.+=(a.sub.++a.sub.−)(b.sub.++b.sub.−)−a.sub.−b.sub.−+r.sub.+−r.sub.−. P.sub.i sends c.sub.+ to P.sub.+.

A communication device according to an embodiment is a communication device that communicates with another communication device using an encryption key shared through a quantum key distribution and includes a communication unit, an encrypting unit, a first checking unit, and a communication control unit. The communication unit performs communication of data with the another communication device. The encrypting unit encrypts data using the encryption key. The first checking unit checks an accumulation amount of the encryption key. The communication control unit control transmission of dummy data according to checked results.

The described technology is generally directed towards secure collaborative processing of private inputs. A secure execution engine can process encrypted data contributed by multiple parties, without revealing the encrypted data to any of the parties. The encrypted data can be processed according to any program written in a high-level programming language, while the secure execution engine handles cryptographic processing.

The technology disclosed relates to a system and method for assigning participants to groups in a clinical trial. The system includes a federated server configured with group assignability data specifying a plurality of groups assignable to participants in a clinical trial and group distribution data specifying distribution of the participants into groups. The groups include at least one placebo group and one or more treatment groups. The system includes an intervention server configured to generate group encryption keys for encrypting the group assignability data. The system includes edge devices of each of the participants. The edge devices are in communication with the federated server.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

A secure equijoin technique of generating one table from two tables while curbing the volume of communications traffic is provided. The technique includes: a first permutation generating means 110 that generates a permutation <σ> from an element sequence which is generated from the first column of a table L and the first column of a table R; a first column generating means 120 that generates, for j=2, . . . , a, by using the permutation <σ>, a prefix sum, and an inverse permutation <σ.sup.−1>, the j-th column of a table J from an element sequence which is generated from the to j-th column of the table L; a join-result element sequence generating means 130 that generates a join-result element sequence from an element sequence ([[1]], . . . , [[1]], [[0]], . . . , [[0]], [[−1]], . . . , [[−1]]) by using the permutation <σ>, the prefix sum, and the inverse permutation <σ.sup.−1>; a second column generating means 140 that generates, for j=a+1, . . . , a+b−1, the j-th column of the table J by using the join-result element sequence and the j−a+1-th column of the table R; and a third column generating means 150 that generates the first column of the table J by using the join-result element sequence and the first column of the table R.

One embodiment provides a system that facilitates encrypted-domain aggregation of data in a star network. During operation, the system receives a set of ciphertexts, representing respective encrypted polynomial shares, of an input value from each participant in a plurality of participants. Each ciphertext in the set of ciphertexts is associated with a specific participant in the plurality of participants. The system computes an encrypted partial value for each participant by aggregating in the encrypted-domain a respective ciphertext associated with that participant received from the plurality of participants and sends a message comprising the encrypted partial value to that participant. This encrypted partial value is encrypted based on a public key of a corresponding participant. The system receives a decrypted partial value from each participant and computes a target value based on a set of decrypted partial values received from a set of participants in the plurality of participants.

The subject matter discloses a method operated on at least two servers for a third-party client, the method comprising receiving by a first server a first result of the first irreversible function applied to a secret key from a first third-party client, receiving by a second server a second result of the second irreversible function applied to the secret key from the third-party client, receiving by the first server, a message from a second third-party client, the first server computing a first hash function on said first result and on said message, and sending a result of the first hash function from the first server to the second server, the second server computing a second hash function on said second result and on the result of the first hash function sent from first server and outputting the result generated by second server as HMAC result.

An aggregate maximum is efficiently obtained while keeping confidentiality. A flag converting part (12) converts a form of a share of a flag representing a last element of a group. A flag applying part (13) generates a share of a vector in which a value of a value attribute is set if a flag representing the last element of the group is true, and a predetermined value is set if the flag is false. A sorting part (14) generates a share of a sorted vector obtained by sorting the vector with a permutation which moves elements so that the last elements of each group are sequentially arranged from beginning. An output part (15) generates and outputs a share of a vector representing a maximum of each group from the sorted vector.