Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.

A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

Provided are computer implemented systems, methods, and computer program products for secure key management, including receiving, by a remote data storage service, a request for data stored as encrypted data by the remote data storage service, the request initiated by a first entity, transmitting, to a first multi-party computation (MPC) server controlled by the first entity, an MPC request, receiving an MPC response from the first MPC server including a secret generated by a secure cryptoprocessor, and decrypting the encrypted data based at least partially on the MPC response. The computer implemented systems, methods, and computer program products may include blocking at least one of a subsequent MPC request from the data storage service, a subsequent MPC response to the data storage service, a link, or a connection between the data storage service and an MPC server computer of the entity to prevent decryption.

Methods and devices for privately verifying and enhancing location data by a distributed ledger system are disclosed. A location-based services server receives a possible location of a mobile device. A location verification system determines a detected location of the mobile device. A distributed ledger system uses a private set intersection technique to determine whether the possible location corresponds to the detected location without the possible location or detected location being shared. Probabilities associated with the possible and detected locations can also be combined to enhance the accuracy of the possible location.

Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server received from each of at least a portion of the multiple client devices, conversion data that includes, for each conversion recorded by the client device, encrypted conversion value data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data.

Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server receives, from each of at least a portion of the multiple client devices, encrypted conversion data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data. Each portion of decrypted impression data and each portion of decrypted conversion data is sent to a respective reporting system.

A method for learning a shared machine learning model while preserving privacy of individual participants is provided. The method includes: receiving, from each of a group of users, an encrypted user input; when a number of user inputs is greater than or equal to a threshold, transmitting, to each user, a list of the group of users; receiving, from each user, a message indicating a mutual agreement regarding a shared secret among the group; and when a number of received messages indicating the mutual agreement is greater than or equal to the threshold, determining information about the shared machine learning model by combining the received encrypted user inputs. The shared machine learning model facilitates a secure multi-party computation of a function that generates an updated version of the shared machine learning model.

Described herein are a secure system for sharing private data and related systems and methods for incentivizing and validating private data sharing. In some embodiments, private data providers may register to selectively share private data under controlled sharing conditions. The private data may be cryptographically secured using encryption information corresponding to one or more secure execution environments. To demonstrate to the private data providers that the secure execution environment is secure and trustworthy, attestations demonstrating the security of the secure execution environment may be stored in a distributed ledger (e.g., a public blockchain). Private data users that want access to shared private data may publish applications for operating on the private data to a secure execution environment and publish, in a distributed ledger, an indication that the application is available to receive private data. The distributed ledger may also store sharing conditions under which the private data will be shared.

To efficiently determine intermediate data for use with an aggregate function while keeping confidentiality, a bit decomposition unit generates a share of a bit string by bit decomposition and concatenation of key attributes. A group sort generation unit generates a share of a first permutation, which performs a stable sort of the bit string in ascending order. A bit string sorting unit generates a share of a sorted bit string obtained by sorting the bit string with the first permutation. A flag generation unit generates a share of a flag indicating a boundary between groups. A key aggregate sort generation unit generates a share of a second permutation, which performs a stable sort of the negation of the flag in ascending order. A de-duplication unit generates shares of de-duplicated key attributes. A key sorting unit generates shares of sorted key attributes by sorting the de-duplicated key attributes.

Data is efficiently read from and written in a sequence without an access position being revealed. A secure reading and writing apparatus (1) receives a read command or a write command as input, and, when the read command is input, outputs a secret text [a[x]] which is an x-th element of a secret text sequence [a], and, when the write command is input, adds the secret text [a[x]] which is the x-th element of the secret text sequence [a], to a secret text [d]. A secure reading part (12) reads the secret text [a[x]] which is the x-th element from the secret text sequence [a]. A buffer addition part (13) adds a secret text [c] of an unreflected value c to the secret text [a[x]]. A buffer appending part (14) appends a secret text [x] and the secret text [d] to a write buffer [b]. When the number of elements of the write buffer [b] exceeds a predetermined value, a secure writing part (15) adds a value indicated with a secret text vector [b.sub.1] to an access position of the secret text sequence [a] which is indicated with a secret text vector [b.sub.0].