Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for controlling authorization of access to user data. One of the methods includes receiving a first request that includes a first digital activity decentralized identifier (DID) and a first hash value of first digital activity data; storing the first digital activity decentralized identifier and the first hash value in a first record in a decentralized identifier blockchain that is configured to store records associated with a plurality of decentralized identifiers of a plurality of users; and controlling authorization of access to the first digital activity data stored in the first consortium blockchain using information stored in the first record in the decentralized identifier blockchain, including determining whether to authorize another user access to the first digital activity data based on the information stored in the first record in the decentralized identifier blockchain.

A method used in a first environment includes obtaining first data to be processed in a second environment, homomorphically encrypting the first data to produce first encrypted data, and providing the first encrypted data to the second environment. The method also includes receiving supplemental data from the second environment, homomorphically encrypting the supplemental data to produce encrypted supplemental data, and providing the encrypted supplemental data to the second environment. The method further includes receiving second encrypted data from the second environment and homomorphically decrypting the second encrypted data to recover data processing results generated in the second environment using the first encrypted data and the encrypted supplemental data.

A device participates in secret sharing-based MPC. Original data can be restored by combining a share of the device with a corresponding share of another device. The device includes means for acquiring random number and means for updating a share of the device on the basis of the acquired random number. A method for updating by the updating means is designed to perform update in a manner that a share of the device updated on the basis of the acquired random number is combined with the corresponding share of the other device updated on the basis of the random number to cancel an influence of the random number and restore the original data.

Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

A system and method for securely computing an inference of two types of tree-based models, namely XGBoost and Random Forest, using secure multi-party computation protocol. The method includes computing a respective comparison result of each respective node of a plurality of nodes in a tree classifier. Each node has a respective threshold value. The respective comparison result is based on respective data associated with a data owner device being applied to a respective node having the respective threshold value. The method includes computing, based on the respective comparison result, a leaf value associated with the tree classifier, generating a share of the leaf value and transmitting, to the data owner device, a share of the leaf value. The data owner device computes, using a secure multi-party computation and between the model owner device and the data owner device, the leaf value for the respective data of the data owner.

Disclosed is a method that includes training, at a client, a part of a deep learning network up to a split layer of the client. Based on an output of the split layer, the method includes completing, at a server, training of the deep learning network by forward propagating the output received at a split layer of the server to a last layer of the server. The server calculates a weighted loss function for the client at the last layer and stores the calculated loss function. After each respective client of a plurality of clients has a respective loss function stored, the server averages the plurality of respective weighted client loss functions and back propagates gradients based on the average loss value from the last layer of the server to the split layer of the server and transmits just the server split layer gradients to the respective clients.

This disclosure relates to a privacy preserving machine learning platform. In one aspect, a method includes receiving, from a client device and by a computing system of multiple multi-party computation (MPC) systems, a first request for user group identifiers that identify user groups to which to add a user. The first request includes a model identifier for a centroid model, first user profile data for a user profile of the user, and a threshold distance. For each user group in a set of user groups corresponding to the model identifier, a centroid for the user group that is determined using a centroid model corresponding to the model identifier is identified. The computing system determines a user group result based at least on the first user profile data, the centroids, and the threshold distance. The user group result is indicative of user group(s) to which to add the user.

Systems and methods are presented for establishing secure transactions among a group of transacting parties through use of multi-party computation including garbled circuits. The system uses a set of distributed garbled circuit servers, each having a garbled circuit module, to collectively and securely perform a transactional function, such that any party only has access to its own input and output. Each garbled circuit module may receive input financial data for a transacting party and financial data for at least one other transacting party, and perform an operation to obtain output financial data. The operation may relate to a function for determining a plurality of financial transactions among the plurality of transacting parties.

Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the user's biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).