A method of applying proof of lottery to select block forgers in a blockchain, comprising performing the following at a certain one of a plurality of computing nodes connected to a blockchain network: (1) transmitting one or more of a plurality of participation transactions submitted by at least some of the plurality of computing nodes for participating in selection process conducted to select forgers from the plurality of computing nodes to forge blocks to be added to the blockchain; (2) determining a respective forger, during each selection process, by applying a selection function to an outcome of a hash function and a plurality of participation transactions extracted from a first subset of blocks preceding the respective block, the hash function is applied to a second subset of blocks preceding the respective block; and (3) forging the respective block in case the certain computing node is selected as the respective forger.

According to an aspect, there is provided a first node for use in a system, the system comprising one or more trusted source nodes, one or more worker nodes and a verifier node, wherein the first node is configured to determine a trusted input commitment key for a trusted input to be input into a computation that is to be evaluated by the one or more worker nodes, wherein the trusted input commitment key is for use by the one or more trusted source nodes in forming a trusted input commitment of one or more trusted inputs; determine a computation evaluation key for use by the one or more worker nodes in determining a proof that a computation on one or more trusted inputs is correct and that the one or more trusted inputs were used in the computation, wherein the computation evaluation key comprises key material for one or more trusted input wires that are for inputting the one or more trusted inputs into the computation, wherein the key material is derived from a trapdoor value, one or more polynomials evaluated in a point corresponding to the trapdoor value that are independent of polynomials representing the computation, and one or more polynomials evaluated in a point corresponding to the trapdoor value that represent the computation; determine a computation verification key for use by the verifier node in verifying the result of the computation by the one or more worker nodes; and publish the trusted input commitment key, the computation evaluation key and the computation verification key. A corresponding method of operating a first node is provided. Other aspects also provide a trusted source node, a worker node and a verifier node, and methods of operating the same.

Fisher's exact test is efficiently computed through secure computation. It is assumed that a, b, c and d are frequencies of a 2×2 contingency table, [a], [b], [c] and [d] are secure texts of the respective frequencies a, b, c and d, and N is an upper bound satisfying a+b+c+dN. A reference frequency computation part computes a secure text ([a.sub.0], [b.sub.0], [c.sub.0], [d.sub.0]) of a combination of reference frequencies (a.sub.0, b.sub.0, c.sub.0, d.sub.0) which are integers satisfying a.sub.0+b.sub.0=a+b, c.sub.0+d.sub.0=c+d, a.sub.0+c.sub.0=a+c, and b.sub.0+d.sub.0=b+d. A number-of-patterns determination part determines integers h.sub.0 and h.sub.1 satisfying h.sub.0≤h.sub.1. A pattern computation part computes [ai]=[a.sub.0]+i, [b.sub.i]=[b.sub.0]−i, [c.sub.i]=[c.sub.0]−i and [d.sub.i]=[d.sub.0]+i for i=h.sub.0, . . . , h.sub.1, and obtains a set S={([a.sub.i], [b.sub.i], [c.sub.i], [d.sub.i])}.sub.i of secure texts of combinations of frequencies (a.sub.i, b.sub.i, c.sub.i, d.sub.i).

An aggregate maximum is efficiently obtained while keeping confidentiality. A flag converting part (12) converts a form of a share of a flag representing a last element of a group. A flag applying part (13) generates a share of a vector in which a value of a value attribute is set if a flag representing the last element of the group is true, and a predetermined value is set if the flag is false. A sorting part (14) generates a share of a sorted vector obtained by sorting the vector with a permutation which moves elements so that the last elements of each group are sequentially arranged from beginning. An output part (15) generates and outputs a share of a vector representing a maximum of each group from the sorted vector.

At least any one of input keys K.sub.A.sup.0, K.sub.A.sup.1, K.sub.B′.sup.0, and K.sub.B′.sup.1 is set so that the input keys K.sub.A.sup.0, K.sub.A.sup.1, K.sub.B′.sup.0, and K.sub.B′.sup.1 which satisfy K.sub.A.sup.1−K.sub.A.sup.0=K.sub.B′.sup.1−K.sub.B′.sup.0=d.sub.i are obtained, and an output key K.sub.i.sup.g(I(A), I(B)) corresponding to an output value g.sub.i(I(A), I(B)) is set by using the input keys K.sub.A.sup.0, K.sub.A.sup.1, K.sub.B′.sup.0, and K.sub.B′.sup.1, where input values of a gate that performs a logical operation are I(A), I(B)∈{0, 1}, an output value of the gate is g.sub.i(I(A), I(B))∈{0, 1}, an input key corresponding to the input value I(A) is K.sub.A.sup.I(A), and an input key corresponding to the input value I(B) is K.sub.B′.sup.I(B).

This application relates to a client-server architecture that enables user accounts registered with a service to be discoverable to other users of the service. A discovery protocol includes accessing personal information data stored in an address book of a client device, obfuscating the personal information data, transmitting a request to a service to determine if the obfuscated personal information data matches any potential contacts that have registered as discoverable with the service, and comparing information related to the potential contacts with the contacts included in the address book to determine if the contacts in the address book match any of the potential contacts.

A method for outsourcing exponentiation in a private group includes executing a query instruction to retrieve a query element stored on an untrusted server by selecting a prime factorization of two or more prime numbers of a modulus associated with the query element stored on the server, obtaining a group element configured to generate a respective one of the prime numbers, generating a series of base values using the prime factorization and the group element, and transmitting the series of base values from the client device to the server. The server is configured to determine an exponentiation of the group element with an exponent stored on the server using the series of base values. The method also includes receiving a result from the server based on the exponentiation of the group element with the exponent.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for controlling authorization of access to user data. One of the methods includes receiving a first request that includes a first digital activity decentralized identifier (DID) and a first hash value of first digital activity data; storing the first digital activity decentralized identifier and the first hash value in a first record in a decentralized identifier blockchain that is configured to store records associated with a plurality of decentralized identifiers of a plurality of users; and controlling authorization of access to the first digital activity data stored in the first consortium blockchain using information stored in the first record in the decentralized identifier blockchain, including determining whether to authorize another user access to the first digital activity data based on the information stored in the first record in the decentralized identifier blockchain.

A device, system and method for secure collaborations on encrypted data in a hybrid environment of a homomorphic encryption (HE) enabled device and trusted hardware. A set of computations may be divided into a subset of linear computations and a subset of non-linear computations. The linear computations on the encrypted data may be executed using homomorphic encryption (HE) in the homomorphic encryption (HE) enabled device. The non-linear computations on the unencrypted data may be executed in the trusted hardware in an unencrypted domain and encrypting the result. The results of the linear and non-linear computations may be decrypted and merged to generate a result equivalent to executing the set of linear and non-linear computations on the unencrypted data.

A method and apparatus for obtaining a privacy set intersection are provided. The method may include: encrypting a privacy set of an intersection initiator by using a homomorphic encryption algorithm to generate a cipher text, a cipher text function, a public key, and a private key of the intersection initiator; delivering the cipher text, the cipher text function, and the public key of the intersection initiator to an intersection server; receiving a to-be-decrypted function value of a privacy set of the intersection server from the intersection server; and decrypting the to-be-decrypted function value of the privacy set of the intersection initiator by using the private key, to obtain an intersection element of the privacy set of the intersection initiator and the privacy set of the intersection server.