This document describes techniques that prevent the sharing or leakage of user information. In one aspect, a method includes receiving, by a first MPC server, a request for a selection criterion of at least one interest group to which a user of a client device belongs. The received request does not reveal an identifier of the client device to the first MPC server. In response to receiving the request, the first MPC server determines a set of ordered selection criterion of the at least one interest group retrieved from a cache of the first MPC server. The set of ordered selection criterion is transformed into a set of key/value pairs secured from being revealed by the second MPC server. The first MPC server transmits the set of key/value pairs to the second MPC server with data that enables the second MPC server to identify a key having a highest value.

An improved scheme for confidential computing that combines aspects of multi-party computation (MPC) and fully homomorphic encryption (FHE) is provided. With this improved scheme, private information regarding a confidential computation cannot leak unless the assumptions underlying both the MPC and FHE schemes are broken/compromised.

Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.

A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.

To calculate PageRank with high accuracy using transaction data held by a plurality of data sources as input and keeping the transaction data of each data source secret. A data source apparatus (1) calculates a transaction rate for each combination of transaction entities (S12). The data source apparatus (1) encrypts the transaction rate and transmits the encrypted transaction rate to each secure computation apparatus (2) (S13). Each secure computation apparatus (2) receives a ciphertext of the transaction rate from a plurality of data source apparatuses (1) (S21). The secure computation apparatus (2) securely calculates a ciphertext which becomes, when decrypted, PageRank of the computational objective transaction entity by using the ciphertext of the transaction rate related to the computational objective transaction entity and the ciphertext of the PageRank of a transaction counterpart (S22).

Systems and methods for a bifurcated self-executing program that wraps a first self-executing program (e.g., a first smart contract) on a blockchain within a second self-executing program (e.g., a second smart contract), in which the second self-executing program enforces the requirement for particular security credentials/certificates. The bifurcated self-executing program comprises a single compiled self-executing program that combines the first self-executing program and the second self-executing program.

A vector generation unit generates a vector x.sub.n so that x.sub.n[i]x.sub.n[j] if k.sub.n[i]=k.sub.n[j] at ij. A set generation unit generates a set B.sub.n,j so that individual elements correspond to combinations of the N1 pieces of elements, which are individually selected from sets M.sub.0, . . . , M.sub.N1 other than a set M.sub.n, and x.sub.n[j] and the elements for all of the combinations are included. A matrix generation unit generates a matrix T.sub.n so that the matrix T.sub.n includes rows identical to T.sub.n[j] in the number equal to the number of elements of the set B.sub.n,j. A key generation unit generates a vector k.sub.n so that elements of the matrix T.sub.n which correspond to a row identical to T.sub.n[j] correspond to combinations of k.sub.n[j] and elements of the set B.sub.n,j and further, the elements of the set B.sub.n,j are different from each other when there are a plurality of rows identical to T.sub.n[j].

According to an aspect, there is provided a first node for use in a system, the system comprising one or more trusted source nodes, one or more worker nodes and a verifier node, wherein the first node is configured to determine a trusted input commitment key for a trusted input to be input into a computation that is to be evaluated by the one or more worker nodes, wherein the trusted input commitment key is for use by the one or more trusted source nodes in forming a trusted input commitment of one or more trusted inputs; determine a computation evaluation key for use by the one or more worker nodes in determining a proof that a computation on one or more trusted inputs is correct and that the one or more trusted inputs were used in the computation, wherein the computation evaluation key comprises key material for one or more trusted input wires that are for inputting the one or more trusted inputs into the computation, wherein the key material is derived from a trapdoor value, one or more polynomials evaluated in a point corresponding to the trapdoor value that are independent of polynomials representing the computation, and one or more polynomials evaluated in a point corresponding to the trapdoor value that represent the computation; determine a computation verification key for use by the verifier node in verifying the result of the computation by the one or more worker nodes; and publish the trusted input commitment key, the computation evaluation key and the computation verification key. A corresponding method of operating a first node is provided. Other aspects also provide a trusted source node, a worker node and a verifier node, and methods of operating the same.

A secure computation technique of calculating a polynomial in a shorter calculation time is provided. A secure computation system includes: a comparing means 120 that generates concealed text [[u]] of u, which is the result of magnitude comparison between a value x and a random number r, from concealed text [[x]] by using concealed text [[r]]; a mask means 130 that generates concealed text [[c]] of a mask c from the concealed text [[x]], [[r]], and [[u]]; a reconstructing means 140 that reconstructs the mask c from the concealed text [[c]]; a coefficient calculating means 150 that calculates, for i=0, . . . , n, a coefficient b.sub.i from an order n, coefficients a.sub.0, a.sub.1, . . . , a.sub.n, and the mask c; a selecting means 160 that generates, for i=1, . . . , n, concealed text [[s.sub.i]] of a selected value s.sub.i, which is determined in accordance with the result u of magnitude comparison, from the concealed text [[u]]; and a linear combination means 170 that calculates a linear combination b.sub.0+b.sub.1[[s.sub.1]]+ . . . +b.sub.n[[s.sub.n]] of the coefficient b.sub.i and the concealed text [[s.sub.i]] as concealed text [[a.sub.0+a.sub.1x.sup.1+ . . . +a.sub.nx.sup.n]].

A device, including: a memory; a processor configured to implement an encrypted machine leaning model configured to: evaluate the encrypted learning model based upon received data to produce an encrypted machine learning model output; producing verification information; a tamper resistant hardware configured to: verify the encrypted machine learning model output based upon the verification information; and decrypt the encrypted machine learning model output when the encrypted machine learning model output is verified.