Described are a system, method, and computer program product for secure real-time n-party computation. The method includes communicating, to a trusted execution environment (TEE), a first computation input and a first portion of a one-time key. The method also includes receiving, from the TEE, an encrypted output of a computation based on the first computation input and a second computation input communicated to the TEE by a second computing device. The method further includes communicating the encrypted output to the second computing device and receiving a digital signature indicating that the second computing device received the encrypted output. The method further includes communicating the first portion of the one-time key to the second computing device and, in response to not receiving the second portion of the one-time key from the second computing device, executing a fallback computation process using the TEE and a shared ledger to determine the computation.

One embodiment provides a method, including: receiving, at a service provider and from a user, a request for computation of a function, wherein the request includes a description of the function to be computed and requirements of the user; identifying, from data sources accessible to the service provider, a plurality of data sources to participate in the computation in view of the requirements and the description of the function, wherein each of the plurality of data sources includes data of a data owner and constraints on use of the data; identifying a multi-party computation protocol and parameters of the multi-party computation protocol for performing the computation; and running the computation of the function using the data of the plurality of data sources and in view of the requirements of the user and the constraints of the plurality of data sources.

According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state Ss of the server or an encrypted current monitoring state S of the monitoring function, the current monitoring state Ss of the server relating to the current monitoring state S of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition. The evaluation is performed using a privacy-preserving computation, PPC, with the server providing the current monitoring state Ss of the server as a first private input to the PPC or the encrypted current monitoring state S of the monitoring function as a first input to the PPC, and the first client node providing the first event or an encryption thereof as a private input to the PPC. The evaluation of the monitoring function provides an encrypted updated monitoring state S′ of the monitoring function or an updated monitoring state Ss′ of the server as an output of the monitoring function and an indication of whether the first event satisfies the trigger condition.

Provided are systems and methods for the computation of sparse, (ε, δ)-differentially private (DP) histograms in the two-server model of secure multi-party computation (MPC). Example protocols enable two semi-honest non-colluding servers to compute histograms over the data held by multiple users, while only learning a private view of the data.

Protection of access to artificial neural network (ANN) models in outsourcing deep learning computations via shuffling parts. For example, an ANN model can be configured as the sum of a plurality of randomized model parts. Some of the randomized parts can be applied an offset operation and/or encrypted to generate modified parts for outsourcing. Such model parts from different ANN models can be shuffled and outsourced to one or more external entities to obtain the responses of the model parts to inputs. Data samples as inputs to the ANN models can also be split into sample parts as inputs to model parts to protect the data samples. The result of a data sample as an input applied to an ANN model can be obtained from a sum of responses of model parts with the sample parts applied as inputs.

The present disclosure involves systems, software, and computer implemented methods for a communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values, including use of an oblivious transfer mechanism. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

A secure computation technique of calculating a polynomial in a shorter calculation time is provided. A secure computation system generates concealed text [[u]] of u, which is the result of magnitude comparison between a value x and a random number r, from concealed text [[x]] by using concealed text [[r]]; generates concealed text [[c]] of a mask c from the concealed text [[x]], [[r]], and [[u]]; reconstructs the mask c from the concealed text [[c]]; calculates, for i=0, . . . , n, a coefficient b.sub.i from an order n, coefficients a.sub.0, a.sub.1, . . . , a.sub.n, and the mask c; generates, for i=1, . . . , n, concealed text [[s.sub.i]] of a selected value s.sub.i, which is determined in accordance with the result u of magnitude comparison, from the concealed text; [[u]]; and calculates a linear combination b.sub.0+b.sub.1[[s.sub.1]]+ . . . +b.sub.n[[s.sub.n]] of the coefficient b.sub.i and the concealed text [[s.sub.i]] as concealed text [[a.sub.0+a.sub.1x.sup.1+ . . . +a.sub.nx.sup.n]].

Implementations disclose data processing methods, apparatuses, and computer devices for privacy protection in secure multi-party computation, including encoding private data to a coefficient of a first polynomial function. A plurality of function values of the first polynomial function are obtained as a plurality of fragments obtained after the private data is split, where the fragments of the private data are used for computation by using a secret sharing algorithm to obtain fragments of target data.

There is provided a requestor device for digital signing of a message, comprising: at least one hardware processor executing a code for: transmitting the message for signing thereof, in a single request session over the network to each one of a plurality of validator devices, wherein a beacon device computes and transmits over a network to each one of a plurality of validator devices a signature-data value computed and signed by the beacon device, receiving in a single response session from each one of the plurality of validator devices, a respective partial-open decrypted value computed for the signature-data value and the message, and aggregating the partial-opens decrypted values received from the plurality of validator devices to compute the digital signature of the message.

Secure multi-party information retrieval is disclosed. One example is a system including a query processor to request secure retrieval of candidate terms similar to a query term. A collection of information processors, where a given information processor receives the request and generates a random permutation. A plurality of data processors, where a given data processor generates clusters of a plurality of terms in a given dataset, where the clusters are based on similarity scores for pairs of terms, and selects a representative term from each cluster. The given information processor determines similarity scores between a secured query term received from the query processor and secured representative terms received from the given data processor, where the secured terms are based on the permutation, and the given data processor filters, without knowledge of the query term, the candidate terms of the plurality of terms based on the determined similarity scores.