At least any one of input keys K.sub.A.sup.0, K.sub.A.sup.1, K.sub.B.sup.0, and K.sub.B.sup.1 is set so that the input keys K.sub.A.sup.0, K.sub.A.sup.1, K.sub.B.sup.0, and K.sub.B.sup.1 which satisfy K.sub.A.sup.1K.sub.A.sup.0=K.sub.B.sup.1K.sub.B.sup.0=d.sub.i are obtained, and an output key K.sub.i.sup.g(I(A), I(B)) corresponding to an output value g.sub.i(I(A), I(B)) is set by using the input keys K.sub.A.sup.0, K.sub.A.sup.1, K.sub.B.sup.0, and K.sub.B.sup.1, where input values of a gate that performs a logical operation are I(A), I(B){0, 1}, an output value of the gate is g.sub.i(I(A), I(B)){0, 1}, an input key corresponding to the input value I(A) is K.sub.A.sup.I(A), and an input key corresponding to the input value I(B) is K.sub.B.sup.I(B).

Embodiments are directed to a method for securely performing biometric authentication online. The method described can be used to securely perform biometric authentication on a mobile device. For protecting the privacy of the users biometric data, a cryptographic comparison protocol can be used to perform matching of encrypted templates. For example, the cryptographic comparison protocol may involve Fuzzy Extractors (FE), Homomorphic Encryption (HE), and/or Secure Multi-Party Computation (SMPC).

A method for implementing a secure multiparty inner product computation between two parties using an SPDZ protocol involves having a first party and a second party compute, for i=k, a vector (I)=(II) based on a vector (x={.sub.1, . . . , x.sub.N}), and a vector (w={W.sub.1, W.sub.N}), respectively, where (I)=(X.sub.2iX.sub.2i) (III)=W.sub.2i1W.sub.2i, N is the total number of elements in the vectors k=N/2. The vectors (I), and (III) are securely shared between the parties. The parties then jointly compute SPDZ protocol Add([w.sub.2i], [x.sub.2i1]) and Add([w.sub.2i], [x.sub.2i1]) to determine shares [w.sub.2i1+x.sub.2i] and [w.sub.2i+x.sub.2i1] respectively, and then compute, for i=1, . . . , k, inner product shares [d.sub.i] by performing SPDZ protocol Mult([w.sub.2i31 1+x.sub.2i], [w.sub.2i+x.sub.2i1]). SPDZ protocol ([Add d.sub.1],. . . , [d.sub.k], (IV), . . . , (V), (VI), , (VII)) is

A secure computation device obtains concealed information {M(i.sub.0, . . . , i.sub.S1)} of a table M(i.sub.0, . . . , i.sub.S1) having one-variable function values as its members. It is to be noted that M(i.sub.b, 0, . . . , i.sub.b, S1) generated by substituting counter values i.sub.b, 0, . . . , i.sub.b, S1 into the table M(i.sub.0, . . . , i.sub.S1) represents a matrix M.sub.b, , , which is any one of M.sub.b, 2, 1, . . . , M.sub.b, 3, 2. The secure computation device obtains concealed information {M.sub.b, , } by secure computation using concealed information {i.sub.b, 0}, . . . , {i.sub.b, S1} and the concealed information {M(i.sub.0, . . . , i.sub.S1)}, and obtains concealed information {M.sub.b, , MU} of a matrix M.sub.b, , MU, which is obtained by execution of a remaining process including those processes among a process P.sub.j, 1, a process P.sub.j, 2, a process P.sub.j, 3, and a process P.sub.j, 4, that are performed subsequent to a process P.sub., .

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

A system and method for secure searching in a semi-trusted environment by comparing first and second data (query and target data). A first data provider may map first secret data to a first plurality of tokens using a token codebook, concatenate the first plurality of tokens to generate a first token signature, and homomorphically encrypt the first token signature. A second data provider may map second data to a second plurality of tokens using the token codebook, concatenate the second plurality of tokens to generate a second token signature, and compare the homomorphically encrypted first token signature and an unencrypted or homomorphically encrypted second token signature to generate a homomorphically encrypted comparison. A trusted party may decrypt the homomorphically encrypted comparison, using a secret homomorphic decryption key, to determine if the token signatures match or not respectively indicating the search query is found or not in the target data.

A method includes dividing a plurality of filters in a first layer of a neural network into a first set of filters and a second set of filters, applying each of the first set of filters to an input of the neural network, aggregating, at a second layer of the neural network, a respective one of a first set of outputs with a respective one of a second set of outputs, splitting respective weights of specific neurons activated in each remaining layer, at each specific neuron from each remaining layer, applying a respective filter associated with each specific neuron and a first corresponding weight, obtaining a second set of neuron outputs, for each specific neuron, aggregating one of the first set of neuron outputs with one of a second set of neuron outputs and generating an output of the neural network based on the aggregated neuron outputs.

Systems, methods, and computer-readable media for achieving privacy for both data and an algorithm that operates on the data. A system can involve receiving an algorithm from an algorithm provider and receiving data from a data provider, dividing the algorithm into a first algorithm subset and a second algorithm subset and dividing the data into a first data subset and a second data subset, sending the first algorithm subset and the first data subset to the algorithm provider and sending the second algorithm subset and the second data subset to the data provider, receiving a first partial result from the algorithm provider based on the first algorithm subset and first data subset and receiving a second partial result from the data provider based on the second algorithm subset and the second data subset, and determining a combined result based on the first partial result and the second partial result.

A computer system may provide Encrypted Deep Learning Service (EDLS) to a client. The computer system includes one or more processors and memory storing instructions. When instructions are executed by the one or more processors, the instructions cause the computer system to perform acts including: receiving training data from the client, where the training data comprise cipher images that are encrypted using an orthogonal transformation that hides sensitive information in original images. The acts further include training a deep neural network using the training data in the computer system; and producing cipher inference using the deep neural network when the computer system receives new data including new images encrypted using the orthogonal transformation.

A method for providing a proof-of-work challenge based on hash mining for reducing spam attacks comprising: receiving an email message from a client device; determining a level of trustworthiness of the client device; generating a challenge message based on the determined trustworthiness of the client device; transmitting the challenge message to the client device; receiving a response to the challenge message from the client device; and forwarding the email to one or more recipients when the response to the challenge message is correct.