A method and apparatus for obtaining a privacy set intersection are provided. The method may include: encrypting a privacy set of an intersection initiator by using a homomorphic encryption algorithm to generate a cipher text, a cipher text function, a public key, and a private key of the intersection initiator; delivering the cipher text, the cipher text function, and the public key of the intersection initiator to an intersection server; receiving a to-be-decrypted function value of a privacy set of the intersection server from the intersection server; and decrypting the to-be-decrypted function value of the privacy set of the intersection initiator by using the private key, to obtain an intersection element of the privacy set of the intersection initiator and the privacy set of the intersection server.

A system and method are disclosed for providing a privacy-preserving training approach for split learning methods, including blind learning. A method includes receiving, at a server device, encrypted smashed data from a client device, using a secure enclave on the server device, moving, on the server device, a server model, the encrypted smashed data and computer code for a blind learning operation into the secure enclave, performing, in the secure enclave, forward propagation using the decrypted smashed data to generate predicted values, comparing the predicted values to true labels using a loss function to yield a loss value, repeating the comparing step for all smashed data received at the server device from a plurality of clients to yield a plurality of loss values, averaging the plurality of loss values to yield an average loss value, updating model weights of the server model using the average loss value to yield gradients of the smashed data and transmitting the gradients of the smashed data to the client device.

Systems, devices, and methods are provided for secure multiparty computation (MPC) protocols. A first computing entity may send a first cryptographically protected data set to a server and a second computing entity may send a second cryptographically protected data set to the server. The server may lack access to plaintext versions of the data sets. The server may compare cryptographically protected data elements from the first and second data sets as part of a secure MPC protocol to determine certain information regarding the data sets, such as determining which data elements are included in both sets, and perform homomorphic computations according to a homomorphic encryption scheme. The server is accordingly able to determine an encrypted result.

Among four secure computation nodes, one secure computation node is selected as a receiving node. Two of three remaining secure computation nodes among the four secure computation nodes are operated as resharing nodes, and a remaining secure computation node is operated as a verifying node. The resharing node(s) performs a mini-shuffle for resharing share(s) held therein by using a permutation that the receiving node does not know and transmits a result(s) of the mini-shuffle to the receiving node. The verifying node computes data to verify the result(s) of the mini-shuffle performed by the resharing node(s) by using a permutation that the receiving node does not know and transmits the data to the receiving node. Shuffling of shares is achieved by repeatedly performing a round as described above so that each of the four secure computation nodes is selected as the receiving node at least once.

One embodiment provides a method, including: receiving, at a service provider and from a user, a request for computation of a function, wherein the request includes a description of the function to be computed and requirements of the user; identifying, from data sources accessible to the service provider, a plurality of data sources to participate in the computation in view of the requirements and the description of the function, wherein each of the plurality of data sources includes data of a data owner and constraints on use of the data; identifying a multi-party computation protocol and parameters of the multi-party computation protocol for performing the computation; and running the computation of the function using the data of the plurality of data sources and in view of the requirements of the user and the constraints of the plurality of data sources.

An example operation may include one or more of storing blockchain blocks committed to a blockchain based on a protocol executed by a current consensus committee of a blockchain network, receiving random values from the blockchain blocks which are created by nodes of the current consensus committee, randomly determining nodes of a next consensus committee of the blockchain network with respect to the current consensus committee based on the random values created by the nodes of the current consensus committee, and storing a new block to the blockchain based on a protocol based executed by the nodes of the next consensus committee.

A method for searching an encrypted file comprises: receiving a query from a first device of a set of devices; tokenizing the query; searching the encrypted file, without decrypting the file, for the tokenized query; aggregating results of the search; and outputting the aggregated results. The searching includes checking a bloom filter of an index of the encrypted file. The index includes a file public secret (R), a proof of work for the file secret (Rproof), a multipart threshold public encryption key (LKe-pub), a multipart threshold public search key (LKs-pub), and the bloom filter. The bloom filter including index values that are elliptic curve paired between a curve-hashed token of the encrypted file and the product of the encrypted file's ephemeral secret value (r) and the multipart threshold public search key (LKs-pub).

The subject matter discloses computer-implemented method performed during a multi-party computation (MPC) process performed between multiple parties, said method comprising, the multiple parties executing a pre-processing phase and obtain values of correlated random variables to be used in an MPC process, the parties periodically verifying the correctness of the correlated random variables by exchanging information between the multiple parties, refreshing the values of the correlated random variables in each of the multiple parties, wherein no party of the multiple parties has access to values of the correlated random variables stored in another party of the multiple parties during the verifying and refreshing processes, the multiple parties using the correlated random variables during the MPC process after verifying a correctness of the correlated random variables.

In one set of embodiments, each server executing a secure multi-party computation (MPC) protocol can receive shares of inputs to the MPC protocol from a plurality of clients, where each input is private to each client and where each share is generated from its corresponding input using a threshold secret sharing scheme. Each server can then verify whether the shares of the plurality of inputs are valid/invalid and, for each invalid share, determine whether a client that submitted the invalid share or a server that holds the invalid share is corrupted. If the client that submitted the invalid share is corrupted, each server can ignore the input of that corrupted client during a computation phase of the MPC protocol. Alternatively, if the server that holds the invalid share is corrupted, each server can prevent that corrupted server from participating in the computation phase.

The present invention provides techniques to calculate the number of surviving and the number of deaths while still concealing survival time data. The present invention includes: a group data position calculation means configured to calculate a share [[g.sup.A]] of a sequence g.sup.A and a share [[g.sup.B]] of a sequence g.sup.B represented by predetermined equations from a share [[g]] of a sequence g of values of group of survival time data included in a survival time data set D; a group data number calculation means configured to calculate a share [[s.sup.A]] and a share [[s.sup.B]] from a share [[t]] of a sequence t of values of time of survival time data included in the survival time data set D, the share [[g.sup.A]], and the share [[g.sup.B]], by [[s.sup.A]]=GroupSum ([[g.sup.A]], [[t]]), [[s.sup.B]]=GroupSum ([[g.sup.B]], [[t]]); and a survival number calculation means.