The present invention relates to a method of secure generation by a client device A and a server device B of at least a RSA current signature and a RSA next signature with a private exponent component d of an RSA key, comprising: •a handshake phase (P1) comprising: a. receiving (S1) a handshake request comprising a hash of the next client value (pvA_next), b. checking (S2) the value of the next client value (pvA_next) and: —when the next client value (pvA_next) equals a first default value (DUMMY): generating (S3) a new value (x) and updating the next server value (pvB_next) with the generated new value, and sending (S4) to the client device (A) the generated new value (x), to be used by the client device as next client value (pvA_next), —when the next client value (pvA_next) is not equal to said first default value (DUMMY): checking the value of the next server value (pvB_next) and when the next server value (pvB_next) is equal to a second default value (NULL) and the next client value (pvA_next) equals the current server value (pvB): sending to the client device (A) a fix request; and when the next server value (pvB_next) is equal to said second default value (NULL) and the next client value (pvA_next) is not equal to the current server value (pvB), suspending performing said method. •a signing phase (P2) performed by the server device (B) after the handshake phase and generating the current signature; said signing phase comprising: a. generating (S5) a server part of the current RSA signature (HS2) from the server device private exponent component (dB) and from an updated server dynamic offset (hB′) function of the current server dynamic offset (hB) and of a server shift value (cB), said server shift value (cB) being function of the current server value (pvB), such that the current RSA signature can be generated by combining said server part of the current RSA signature (HS2) and a client part of the current RSA signature (HS1) generated by the client device (A), b. setting (S8) the current server dynamic offset (hB) to the updated server dynamic offset (hB′) value, the current server value (pvB) to the value of the next server value (pvB_next) and the next server value (pvB_next) to a second default value (NULL), •performing the handshake phase and the signing phase with the next signature as current signature, for generating the next signature.

A blockchain-implemented transaction from an originator node is to be broadcast. The originator node is communicatively coupled to proxy nodes. The method, implemented by a proxy node, includes: receiving a transaction including an input taking x+r units of computing resources, an output providing x units to the output address and another output providing d+r units to a 1-of-n multi-signature address unlockable by any one of a set of private keys associated the proxy nodes. The proxy node selects a quantity of computing resources, t units, to be allocated to the proxy node for broadcasting the transaction and having it included in the blockchain and generates a further transaction taking d+r units sourced from the multi-signature address and an output providing t units to the proxy node. The proxy node broadcasts both transactions timed to permit their inclusion in the same block of the blockchain.

Access to an array is efficiently performed without reveling an accessed position. A storage 10 stores an array of concealed values [x′.sup..fwdarw.] of an array x′.sup..fwdarw. and an array of addresses a′.sup..fwdarw. corresponding to respective elements of the array of concealed values [x′.sup..fwdarw.]. A refresh unit 11 determines a concealed value [F] of a random parameter F, an array of concealed values [x.sup..fwdarw.] of an array x.sup..fwdarw. generated by permutating the array x′.sup..fwdarw. with random permutation ρ, and an array of public tags b.sup..fwdarw. calculated from respective elements of the array of addresses a.sup..fwdarw. with the function Tag.sub.F. An access unit 12 performs a desired access to an element of the array of concealed values [x.sup..fwdarw.] corresponding to a tag that is calculated from a concealed value [j] of an access position j with the function Tag and the concealed value [F] of the parameter.

A secure computation system calculates concealed text of a difference x−r from concealed text by using concealed text and generates concealed text and of an integer portion e and a decimal fraction portion f (0≤f<1) of the difference x−r from the concealed text; reconstructs the decimal fraction portion f from the concealed text; generates, from the decimal fraction portion f and the concealed text, concealed text of a left shift value y obtained by shifting 2.sup.f, which is 2 raised to the power f which is the decimal fraction portion f, to the left by e bit; and calculates, as concealed text, concealed text of a value 2.sup.r×y obtained by multiplying 2.sup.r, which is a power of 2, by the left shift value y from the concealed text by using the concealed text.

Embodiments of a secure multi-party computation method applicable to any computing node deployed in a distributed network are provided. A plurality of computing nodes is deployed in the distributed network. The plurality of computing nodes jointly participates in a secure multi-party computation based on private data respectively held by the computing nodes. The method includes: generating a computing parameter related to private data held by one computing node based on a secure multi-party computation algorithm; transmitting the computing parameter to other computing nodes participating in the secure multi-party computation for the other computing nodes to perform the secure multi-party computation based on collected computing parameters transmitted by the computing nodes participating in the secure multi-party computation; and creating an audit log corresponding to the computing parameter, the audit log recording description information related to the computing parameter.

Embodiments of a multi-party secure computation method applicable to any one computing node deployed in a distributed network are provided. A plurality of computing nodes are deployed in the distributed network, the plurality of computing nodes jointly participate in a secure multi-party computation based on respectively held private data, and the computing node that performs the method is connected to a trusted random source. The method includes: obtaining a trusted random number from the trusted random source; performing an operation on the held private data based on the obtained trusted random number to obtain an operation result; and transmitting a computing parameter comprising at least the trusted random number to other computing nodes participating in secure multi-party computation, so that the other computing nodes perform the secure multi-party computation based on collected computing parameters transmitted by the computing nodes participating in the secure multi-party computation.

A server device, a secret equality determination system, a secret equality determination method and a secret equality determination program recording medium are provided which, regardless of the server sharing scheme, can run with no difference in the number of communication rounds, whether carried out with a ring of order 2 or with a ring of an order greater than 2. This server device is provided with a secret shared data generation unit, a data storage unit, a mask unit, a random number share bit-conjunction unit, a random number share generation unit, a determination bit-conjunction unit and a secret shared data restoration unit. The secret shared data generation unit generates secret shared data. The data storage unit stores the secret shared data. The mask unit uses random number secret shared data to mask certain shared data. The random number share generation unit generates random number shares in which random numbers are secretly shared. In parallel with other calculations, the random number share bit-conjunction unit calculates the logical product of the values in which the random numbers are secretly shared. The determination bit-conjunction unit performs a secret equality determination using the value outputted by the random number share bit-conjunction unit.

A method is disclosed. An authentication node may receive a plurality of encrypted match values, wherein the plurality of encrypted match values were formed by a plurality of worker nodes that compare a plurality of encrypted second biometric template parts derived from a second biometric template to a plurality of encrypted first biometric template parts derived from a first biometric template. The authentication node may decrypt the plurality of encrypted match values resulting in a plurality of decrypted match values. The authentication node may then determine if a first biometric template matches the second biometric template using the plurality of decrypted match values. An enrollment node may be capable of enrolling a biometric template and storing encrypted biometric template parts at worker nodes.

Embodiments of the disclosure disclose a system to prevent data of a client from leaking to untrusted parties in a multiparty computation environment. According to one embodiment, in response to a request received at a gateway (e.g., a non-bypassable gateway) of a server from a user device of a user over a network to process user data by an execution service, the system sanitizes the user data by scanning the user data for malicious code. The system selects a trusted execution environment (TEE) worker from a number of TEE workers and initiates an execution of the execution service by the selected TEE worker. The system receives execution results from the selected TEE worker. The system transmits the execution results to the user device of the user over the network.

Embodiments of a secure multi-party computation method are provided. The method can include: dynamically converting a multi-party computation program segment into a first garbled circuit by using a multi-party computation operator of a first main body, and executing garbled gates of the first garbled circuit in sequence through an execution engine of the first main body, to encrypt data of the first main body; transmitting to a second main body the encrypted data of the first main body and identifiers for garbled gates of the first garbled circuit; performing a second encryption on the encrypted data of the first main body by the second main body in sequence according to the received identifiers for the garbled gates of the first garbled circuit, and returning to the first main body a result of the second encryption on the encrypted data of the first main body.