A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.

A first component determines encrypted data representing an event and encrypted threshold data corresponding to an outlier of the event. The first system may process the data using, for example, one or more composite integers, and may send the result to a second system. This second system may subtract the data to determine of the encrypted data is greater than, less than, or equal to the encrypted threshold. If so, the second system may determine that the encrypted data corresponds to an outlier of the data. The second system may send an indication of this determination to a third system.

A system for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained. A second transducer has a digital electronic signal output characterizing a biometric of the subject; a second computing facility to receive the digital electronic signal; an array of servers; and a third computing facility. These components implement processes including generating shards from the digital electronic signal and distributing of the generated shards to the array of servers; receiving and storing by the array of servers the generated shards; performing a data exchange process using a subset of the generated shards to develop information relating to authentication of the subject; and transmitting to a third computing facility, the information developed, to cause the third computing facility to generate an output value indicating whether the subject is authenticated as the individual. A related enrollment system is also provided.

A system and method is provided for providing distributed computing platform on untrusted hardware. An exemplary method includes launching a hypervisor on an untrusted computing node and receiving a request generated to provide a computing function using hardware of the untrusted computing node. Upon receiving the request, an enclave in memory of the untrusted computing node is created and a virtual machine is launched in the memory enclave. Moreover, a guest operating system of the virtual machine verifies the security of the untrusted computing node. Finally, the guest operating system performs the computing function using the hardware of the untrusted computing node upon the guest operating system verifying the security of the untrusted computing node and the hypervisor.

Systems and methods for privacy-preserving inventory matching are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for inventory matching may include: (1) receiving, from each of a plurality of clients, a masked submission comprising an identification of at least one security to buy or sell and a desired quantity to buy or sell; (2) aggregating the masked submissions resulting in a sum of the desired quantities to buy or sell; (3) matching at least two of the clients to conduct a transaction based on aggregation and their respective masked submissions; and (4) conducing the transaction between the matched clients.

Encrypted first data and encrypted second data may be received, where each data is from different client servers. A request to perform an operation with the first data and the second data may be received. Whether the operation is authorized to be performed with the first data and the second data at an enclave may be verified. In response to verifying that the operation is authorized to be performed with the first data and the second data at the enclave, the encrypted first data and the encrypted second data may be decrypted to the first data and the second data, respectively. Furthermore, the operation may be performed with the first data and the second data at the enclave.

A system to enable change in state and/or configuration of digital assets without access to the private key for enabling complex operations includes one or more user computer based device and one or more server computer based device having an operably associated digital asset custody layer application engine, rules basket, protocol adapter and MPC/Self-Custody integration enabling complex actions or transaction to occur between user computer based device and server without surrendering private digital key access to a particular entity or individual.

Computer-implemented systems and methods are disclosed herein for use within secure multi-party computation. A system and method are used for storing an operation preference and a cryptographic preference. A data set is stored based on the operation preference and the cryptographic preference. A determination is made that processing the query involves performing an allowable operation on the data set based on the operation preference.

According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state (Ss) of the server or an encrypted current monitoring state (S) of the monitoring function, the current monitoring state (Ss) of the server relating to the current monitoring state (S) of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition. The evaluation is performed using a privacy-preserving computation (PPC), with the server providing the current monitoring state (Ss) of the server as a first private input to the PPC or the encrypted current monitoring state (S) of the monitoring function as a first input to the PPC, and the first client node providing the first event or an encryption thereof as a private input to the PPC. The evaluation of the monitoring function provides an encrypted updated monitoring state (S′) of the monitoring function or an updated monitoring state (Ss′) of the server as an output of the monitoring function and an indication of whether the first event satisfies the trigger condition.

A method for performing privacy-preserving or secure multi-party computations enables multiple parties to collaborate to produce a shared result while preserving the privacy of input data contributed by individual parties. The method can produce a result with a specified high degree of precision or accuracy in relation to an exactly accurate plaintext (non-privacy-preserving) computation of the result, without unduly burdensome amounts of inter-party communication. The multi-party computations can include a Fourier series approximation of a continuous function or an approximation of a continuous function using trigonometric polynomials, for example, in training a machine learning classifier using secret shared input data. The multi-party computations can include a secret share reduction that transforms an instance of computed secret shared data stored in floating-point representation into an equivalent, equivalently precise, and equivalently secure instance of computed secret shared data having a reduced memory storage requirement.