An artificial intelligence calculation semiconductor device is provided. The artificial intelligence calculation semiconductor device comprising: a control unit; and a MAC (Multiply and Accumulator) calculator which executes a homomorphic encryption calculation through the control unit, wherein the MAC calculator includes an NTT (Numeric Theoretic Transform)/INTT (Inverse NTT) circuit which generates cipher texts by performing a homomorphic multiplication calculation through transformation or inverse transformation of data, a cipher text multiplier which executes a multiplication calculation between the cipher texts, a cipher text adder/subtractor which executes addition and/or subtraction calculations between the cipher texts, and a rotator which performs a cyclic shift of a slot of the cipher texts.

A registration apparatus generates shares by secret sharing of a character string with a plurality of modulus and sends the shares to a plurality of server apparatuses to be stored therein. A retrieval apparatus sends shares generated by secret sharing of a retrieval character string with the plurality of modulus to the plurality of server apparatuses. The plurality of server apparatuses execute a subroutine for shares of the each registration character string stored in a storage unit and for each of the plurality of modulus, reconstruct an execution result, and determine whether or not to return the shares of the registration character string stored in the storage unit as a retrieval result. A retrieval apparatus reconstructs shares returned from the plurality of server apparatuses and obtains a retrieval result in which the retrieval character string hits, from the reconstructed result by the Chinese remainder theorem.

According to an aspect, there is provided a first node for use in a system, wherein the first node is configured to determine a plurality of keys for enabling a computation by a plurality of worker nodes in the system, wherein the computation comprises a plurality of computation parts, wherein the plurality of computation parts comprises one or more types of computation part, and wherein an output from one computation part to another computation part is a shared block; and publish the determined plurality of keys for access by at least one input node in the system, the plurality of worker nodes, and at least one recipient node in the system; wherein the plurality of keys comprises a computation part prove key for each part of the computation; a computation part verification key for each part of the computation; a shared block commitment generation key for each shared block; an input commitment generation key for each input node and computation part combination; and an output commitment generation key for each recipient node and computation part combination. A corresponding method of operating a first node is also provided.

The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

One method of verifying a calculation comprises: receiving a plurality of multiplicand fixed-point values representing respective natural numbers, wherein the multiplicand fixed-point values have respective multiplicand scaling factors; receiving a product fixed-point value representing a respective natural number, wherein the product fixed-point value has a product scaling factor; and determining whether the product fixed-point value is a correctly truncated result of multiplying the multiplicand fixed-point values together by: determining whether the difference between (a) the product of the product fixed-point value and the inverse of a combined scaling factor and (b) the product of the multiplicand fixed-point values is within a range bounded by the negation of an inverse of the combined scaling factor and the inverse of the combined scaling factor, wherein the combined scaling factor is equal to the product of the multiplicand scaling factors divided by the product scaling factor.

A method for implementing a secure multiparty computation protocol between a plurality of parties for a multiparty computation includes performing an offline phase of an SPDZ protocol for each of the parties participating in the multiparty computation. A secret share redistribution phase is then performed wherein the secret shares of the parties are redistributed to a subset of the parties. A secret share recombination phase is performed during which the subset of the parties recombines the redistributed secret shares to recover the secret shares of the parties not in the subset. An online phase of the SPDZ protocol is then performed during which the function is computed with respect to the private inputs of the parties and using the secret shares of all the parties.

The embodiments set forth a technique for securely identifying relevant computing devices that are nearby. The technique can be implemented at a first computing device, and include the steps of (1) receiving, from a second computing device, an advertisement packet that includes: (i) a network address that is associated with the second computing device, and (ii) a hash value that is calculated using the network address and an encryption key that is associated with the second computing device, and (2) for each known encryption key in a plurality of known encryption keys that are accessible to the first computing device: (i) calculating a temporary hash value using the network address and the known encryption key, and (ii) in response to identifying that the temporary hash value and the hash value match: carrying out an operation associated with the second computing device.

An architecture and a method are disclosed for providing secure, scalable, and dynamic user configuration in the distributed network for the cloud computing to provide authentication and authorization for the plurality of the users to use the SaaS service. The system includes a hierarchical tree structure that configures the cloud-computing model by using the certificate less identity-based cryptography to establish the hierarchical relationship between the participating entities. The hierarchical model provides a hierarchical certificateless aggregate signature (HCL-AS) for authentication and non-repudiation for SaaS in cloud computing. The HCL-AS generates a collaborative aggregate signature at a parent level of each child node (users) without the loss of identity of the users in the resulting signature and sends an aggregated signature to the third-party software provider. The HCL-AS significantly reduces the computation and communication cost during the user verification and authentication.

A method and system for performing a calculation of a privacy preserving scalar product are provided. A first party and a second party (e.g., a first computer and a second computer) possessing a first vector and a second vector respectively, can concurrently determine the scalar product of the two vectors, without revealing either vector to the other party. Each vector can be masked and then encrypted using a public key of an asymmetric key pair. Using homomorphic encryption operations, the scalar product of the vectors can be determined while the vectors are still encrypted. Each party can compare the scalar product, or a value derived from the scalar product against a predetermined threshold. As an example, two parties can perform the scalar product to compare two biometric templates expressed as vectors without revealing the biometric templates to one another, preserving the privacy of persons corresponding to those biometrics.

To calculate of an exclusive OR of elements of bits while the bits remain distributed to a plurality of secret calculation devices without communication among the secret calculation devices, and to calculate of an AND of bits with small amounts of communication and calculation while the bits remain distributed, provided is a secret calculation device including a local AND device and an AND redistribution device. The local AND device receives at least two one-bit input elements to produce a first local AND element. The AND redistribution device receives a one-bit mask and a second local AND element acquired by calculating an exclusive OR of the first local AND element and P bits (P is an integer equal to or more than 0), calculates a first OR, and communicates to/from an AND redistribution device of another secret calculation device to produce at least one one-bit output element.