Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

The present invention provides a technique for performing confidential sort at a faster speed than in the prior art. A confidential sort system comprises first to Mth apparatuses. The first to Mth apparatuses obtain inverse substitution [[.sub.0.sup.1]] of L-bit stable sort of {.sup..fwdarw.k.sub.0}. The first to Mth apparatuses perform, on i=1, . . . , N1, a process of converting [[.sub.i1.sup.1]] to hybrid substitution to obtain {.sub.i1.sup.1}, a process of inversely substituting {.sup..fwdarw.k.sub.i} with {.sub.i1.sup.1} to obtain {.sub.i1.sup..fwdarw.k.sub.i}, a process of obtaining inverse substitution [[.sub.i.sup.1]] of L-bit stable sort of [[.sub.i1.sup..fwdarw.k.sub.i]], a process of synthesizing {.sub.i1.sup.1} with [[.sub.i.sup.1]] to obtain [[.sub.i.sup.1]]:=[[.sub.i1.sup.1.sub.i.sup.1]], and a process of converting [[.sub.N1.sup.1]] to hybrid substitution to obtain {.sub.N1.sup.1}. The first to Mth apparatuses inversely substitute [[.sup..fwdarw.v]] with {.sub.N1.sup.1} and output [[.sub.N1.sup..fwdarw.v]].

Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a client system may receive, from a server system, an authentication challenge that includes a first partial signature value. The client system may access key-pair information that includes, for a server key-pair, a server public key and a second component of a server private key, where the server system has access to a first component of the server private key. The client system may then generate a second partial signature value using the second component of the server private key but not an entirety of the server private key, and may generate a final signature value based on the first and second partial signature values. Using the final signature value, the client system may then determine whether the authentication challenge was sent by the server system.

An agreement apparatus P(i) (where i=0, . . . , n1) which executes a consensus protocol generates an opinion value with a signature X.sub.ij=(x.sub.i, sig.sub._i(x.sub.i)) including an opinion value x.sub.i indicating an opinion and a signature sig.sub._i(x.sub.i) on the opinion value x.sub.i or information different from the opinion value with the signature X.sub.ij as an opinion value with a signature X.sub.ij=(x.sub.ij, e.sub.ij) and outputs the opinion value with the signature X.sub.ij to an agreement apparatus P(j) (where j=0, . . . , n1, ij). The agreement apparatus P(j) accepts the opinion value with the signature X.sub.ij and outputs the opinion value with the signature X.sub.ij or information different from the opinion value with the signature X.sub.ij to an agreement apparatus P(m) (where m=0, . . . , n1, mi, mj) as an opinion value with a signature X.sub.ij.

Respective sets of homomorphically encrypted training data are received from multiple users, each encrypted by a key of a respective user. The respective sets are provided to a combined machine learning model to determine corresponding locally learned outputs, each in an FHE domain of one of the users. Conversion is coordinated of the locally learned outputs in the FHE domains into an MFHE domain, where each converted locally learned output is encrypted by all of the users. The converted locally learned outputs are aggregated into a converted composite output in the MFHE domain. A conversion is coordinated of the converted composite output in the MFHE domain into the FHE domains of the corresponding users, where each converted decrypted composite output is encrypted by only a respective one of the users. The combined machine learning model is updated based on the converted composite outputs. The model may be used for inferencing.

The present disclosure relates to exchanging data for multi-party computation. In some aspects, a server generates a first random number set, a second random number set, a third random number set, and a fourth random number set based on a first random seed, a second random seed, a third random seed, and a fourth random seed, respectively. The sever generates a fifth random number set and a sixth random number set, respectively, based on the first random number set, the second random number set, the third random number set, and the fourth random number set. The random numbers in the random number sets satisfy a predetermined condition. The server sends the first random seed, the second random seed, and the fifth random number set to a first device. The server sends the third random seed, the fourth random seed, and the sixth random number set to a second device.

New and efficient protocols are provided for privacy-preserving machine learning training (e.g., for linear regression, logistic regression and neural network using the stochastic gradient descent method). A protocols can use the two-server model, where data owners distribute their private data among two non-colluding servers, which train various models on the joint data using secure two-party computation (2PC). New techniques support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to non-linear functions, such as sigmoid and softmax.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training a multi-party secure logistic regression model (SLRM). One of the methods includes receiving, at a plurality of secure computation nodes (SCNs), a plurality of random numbers from a random number provider; encrypting, at each SCN, data stored at the SCN using the received random numbers; iteratively updating a secure logistic regression model (SLRM) by using the encrypted data from each SCN; and after iteratively updating the SLRM, outputting a result of the SLRM, wherein the result is configured to enable a service to be performed by each SCN.

A method for performing secure computations on records, comprising: receiving a request to apply a computation on a record; assigning a respective partial record of a plurality of partial records of the record to each of a plurality of computational processes; instructing each of the plurality of computational proccesses to perform a computation scheme comprising: applying a semi honest multiparty computation on the partial record; iteratively repeating a predetermined number of times: using a secure multiparty arithmetic computation to generate random terms; using the secure multiparty arithmetic computation to assign the random terms and an outcome of the application to at least one predetermined equation; verifying an integrity of the semi honest multiparty computation by comparison of the assignments to the at least one predetermined equation to at least one constant; and when the integrity is valid, combining the applications of the semi honest multiparty computations on the partial records.

Described is a system for improving data authentication using blockchain technology and multi-party computation (MPC). The system ensures authenticity of distributed data sent from one or more servers to the distributed clients. The system initializes MPC protocols to ensure secrecy of keys used to sign a new data element. Blockchain technology is utilized to ensure correctness and integrity of the new data element. A bidirectional blockchain is used such that a forward blockchain stores the new data element to be received by the distributed clients, and a reverse blockchain stores a public key used by the distributed clients to verify authenticity of the new data element stored in the forward blockchain. Signing of the new data element with the public key causes a previous public key to expire.