Computer-implemented systems and methods are disclosed herein for use within secure multi-party computation. A system and method are used for storing an operation preference and a cryptographic preference. A data set is stored based on the operation preference and the cryptographic preference. A determination is made that processing the query involves performing an allowable operation on the data set based on the operation preference.

A secure computation technique of calculating a power of 2 in a shorter calculation time is provided. A secure computation system includes: a decimal fraction decomposing means 120 that calculates concealed text [[x]][[r]] of a difference xr between a value x and a random number r from concealed text [[x]] by using concealed text [[r]] and generates concealed text [[e]] and [[f]] of an integer portion e and a decimal fraction portion f (0f<1) of the difference xr from the concealed text [[x]][[r]]; a reconstructing means 130 that reconstructs the decimal fraction portion f from the concealed text [[f]]; a left shift means 140 that generates, from the decimal fraction portion f and the concealed text [[e]], concealed text [[y]] of a left shift value y which is a value obtained by shifting 2.sup.f, which is 2 raised to the power f which is the decimal fraction portion f, to the left by e bit; and a power calculating means 150 that calculates, as concealed text [[2.sup.x]], concealed text [[2.sup.r]][[y]] of a value 2.sup.ry obtained by multiplying 2.sup.r, which is a power of 2, by the left shift value y from the concealed text [[y]] by using the concealed text [[2.sup.r]].

The invention relates to a method for performing a multi-party electronic computation using a plurality of evaluating computer systems. The cryptographic security of the multi-party computation is implemented using lattice-based cryptography. Each evaluating computer system receives from each user of a plurality of users an individual input share of an input chosen by the respective user. Furthermore, each evaluating computer system receives from the user a commitment to the received individual input share and an opening information. Each evaluating computer system checks the commitments received to the individual input shares and generates a first lattice-based zero-knowledge proof that all the commitments received are valid commitments to input shares. Each evaluating computer system publishes the first lattice-based zero-knowledge proof. Thus, a verifier may be enabled to verify that all commitments are valid commitments to input shares.

A method and system securely discloses a shared, identity linked secret known by two parties, while preserving the privacy of the parties. The first party generates a challenge value that only the second party could respond correctly to if and only if the second party shares secret S with the first party. The first party generates a counter-challenge for the challenge value, computes a verifier associated with the challenge and counter-challenge, and sends the counter-challenge to the server. The server sends the counter-challenge value to the second party. The second party computes a verifier associated with the challenge and counter-challenge, the verifier matches the verifier computed by the second party if and only if the second party shares secret S with the first party. The parties execute a gradual release process, which confirms a match if and only if the secret S is shared between the parties.

The present disclosure relates to a multi-party computation based digital signature apparatus, which includes at least: an individual private key generation unit generating an individual private key corresponding to a user; an individual private key pieces generation unit dividing the generated individual private key and generating pieces; an individual distribution key generation unit generating an individual distribution key corresponding to the user by using some of shared individual private key pieces of other users and some of the generated individual private key pieces; and a common public key generation unit generating a common public key by using the individual distribution keys of one or more other users and the individual distribution key of the user, and the individual private key of each user is broken to pieces, and then some of the broken individual private keys are shared for each user again to generate the individual distribution key.

An information processing device includes: a storage that stores execution reservation information transmitted from a user server, wherein the execution reservation information represents an execution reservation of acceptor servers that execute first tasks that have been encrypted and divided; and a processor that: receives a second task from the user server, encrypts and divides the second task to generate the first tasks, requests the acceptor servers to execute the generated first tasks based on the execution reservation information stored in the storage, receives first execution results from the acceptor servers, decrypts and combines the first execution results to generate a second execution result, and transmits the generated second execution result to the user server.

Systems, computer-readable media and methods for enabling secure computation on spreadsheet software. A secure spreadsheet is implemented as an add-in to an existing spreadsheet program, or as a new spreadsheet program/web application, to allow secure computations on private input data (and also optionally with private functions) without the parties learning anything about them, via the familiar spreadsheet interface and its formula language. Automatic conversion of previous spreadsheet data and formulas is provided whenever possible, or assisted via a helper. The secure computation can be executed between the computers of the involved parties, or outsourced to a third-partycloud computing system (FIG. 4): the secure cryptographic calculation module automatically optimizes for the best performing technique of secure computation (for example, homomorphic encryption, garbled circuits, oblivious transfers, secret sharing, oblivious random access machines and/or a combination of the previous crypto-primitives).

The present approaches generally relate to the encryption of data within a database in such a way that the encrypted data may still be easily accessed and utilized by an application. The present approach provides the ability to encrypt and decrypt data at an application layer though the data remains in an encrypted state at the database layer and when in transit.

The subject matter discloses a method and a system for securely distributing a credential and encryption keys for physical devices. The system comprises a security server and a physical device. the physical device comprises a memory module configured to store a share of the credential, a communication module configured to exchange signals, and a processing module configured to execute calculations upon request received on a wireless manner via the communication module from the security server, the calculations are transmitted to the security server to execute a multi-party computation process. The multi-party computation process outputs two shares of the credential, a first share is stored in the physical device. The physical device does not have access to the credential.

The invention proposes a method comprising the evaluation of a function F obtained by applying to n sub-functions f.sub.i a first operation, the evaluation comprising: the application of a series of calculation steps in which a first unit assumes a role of a client and a second unit assumes a role of a server, and the repetition of the series of calculation steps in which the roles of client and of server are exchanged between the units, each series of steps comprising: a) randomly generating, by the server, first data, and a second datum, b) for each sub-function f.sub.i, generating by the server a set of elements formed by: a result of f.sub.i evaluated in the data of the client and of the server, masked by a first datum, by applying the first operation between the result and the first datum, and masked by the second datum, by applying between the masked result and the second datum of a second operation different from the first and distributed relatively to the latter, c) recovering by oblivious transfer, by the client, an intermediate datum corresponding to one of the elements generated by the server, d) generating, by the server, a first result portion, by: masking each first datum with the second datum, applying to all the first masked data of the first operation, and e) generating by the client, a second result portion, by applying all the intermediate data of the first operation.