The disclosed concepts achieve privacy for data operated on by an algorithm in an efficient manner A method includes receiving a first algorithm subset, receiving a second algorithm subset, generating two shares of a first mathematical set based on the first algorithm subset and transmitting the two shares of the first mathematical set from a first entity to a second entity. The method can include generating two shares of a second mathematical set based on the second algorithm subset, transmitting the two shares of the second mathematical set from the second entity to the first entity, receiving first split data subset of a full data set and receiving a second split data subset of the full data set. The system, based on these subsets of data, generates a first output subset and a second output subset which are combined for the final output.

Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MFC) system from an application on a user device, a request for a digital component. The request is parsed into distinct sub-requests. Each sub-request is transmitted to a different server. A set of candidate selection values is received from a separate server. The first server performs, in collaboration with one or more second servers of the MFC system, a selection process to generate a selection result for a winning digital component, including merging, the first set of candidate selection values and a set of cached selection values to create a final set of candidate selection values and sorting the final set according to the values of the candidate selection values.

Multiple systems may determine neural-network output data and neural-network parameter data and may transmit the data therebetween to train and run the neural-network model to predict an event given input data. A data-provider system may perform a dot-product operation using encrypted data, and a secure-processing component may decrypt and process that data using an activation function to predict an event. Multiple secure-processing components may be used to perform a multiplication operation using homomorphic encrypted data.

Division is realized with a small number of processing stages. A secure computation apparatus (1) obtains a secret value representing a result of divided N by D using a secret value [N] of a real number N and a secret value [D] of a natural number D. An initialization unit (12) sets a secret value [P.sub.L1] of a partial remainder P.sub.L1 to 0. A parallel comparison unit (13) computes secret values [E.sub.1], . . . , [E.sub.R?1] of comparison results E.sub.1, . . . , E.sub.R?1 of comparing a secret value [n] of a partial divisor n=P.sub.j+1R+N.sub.j with [D]?g for each integer g not less than 1 and less than R in parallel. An update unit (14) computes a secret value [Q.sub.j] of a quotient Q.sub.j and a secret value [P.sub.j] of a partial remainder P.sub.j that satisfy n=DQ.sub.j+P.sub.j using the secret values [E.sub.1], . . . , [E.sub.R?1] of the comparison results E.sub.1, . . . , E.sub.R?1. An iterative control unit (15) executes the parallel comparison unit (13) and the update unit (14) for each integer j from L.sub.1?1 to ?L.sub.0.

An apparatus is one of a plurality of apparatuses that participate in multi-party computation and the apparatus implements a protocol to perform zero-knowledge proof in secret-distribution-based multi-party computation. The apparatus includes an acquisition unit that acquires a share of data related to a matter to be certified, and an output unit that outputs an output share obtained as a result of performing calculation according to the protocol using the acquired share as an input. Verification in zero-knowledge proof can be performed using output shares collected from the plurality of apparatuses participating in the multi-party computation.

A method for privacy-preserving inventory matching may include: (1) receiving a plurality of axe submissions; (2) arranging the parties into data structures based on a direction in the party's axe submission; (3) sending each party's commitment to the other party; (4) receiving, from each party, output secret-shares of an arithmetized comparison circuit; (5) verifying that the output secret-shares of the arithmetized comparison circuit received from the parties match commitments to the output secret-shares sent by the respective opposite party; (6) identifying a minimal party based on the outputs of the arithmetized comparison circuit; (7) generating and sending a proof of the minimal party identification to the minimal party; (8) receiving a minimal quantity integer from the minimal party; (9) revealing the minimal quantity integer to the first party and the second party; and (10) executing the trade for the minimal quantity integer.

Systems and methods for a bifurcated self-executing program that wraps a first self-executing program (e.g., a first smart contract) on a blockchain within a second self-executing program (e.g., a second smart contract), in which the second self-executing program enforces the digital signature requirement. The bifurcated self-executing program comprises a single compiled self-executing program that combines the first self-executing program and the second self-executing program.

A system includes circuitry for performing hybrid blockchain rewrites by trusted parties. The hybrid blockchain may include blocks with multiple parts. In some cases, the blocks may include a core part and a tertiary part. The system may include conditions for validity preserving and/or non-tamper-evident rewrites to the parts of the block. The conditions to support rewrites to the core part may be more stringent than the corresponding conditions to support rewrites to the tertiary part. In some cases, the core part may be write-locked.

Fisher's exact test is efficiently computed through secure computation. It is assumed that a, b, c and d are frequencies of a 22 contingency table, [a], [b], [c] and [d] are secure texts of the respective frequencies a, b, c and d, and N is an upper bound satisfying a+b+c+dN. A reference frequency computation part 12 computes a secure text ([a.sub.0], [b.sub.0], [c.sub.0], [d.sub.0]) of a combination of reference frequencies (a.sub.0, b.sub.0, c.sub.0, d.sub.0) which are integers satisfying a.sub.0+b.sub.0=a+b, c.sub.0+d.sub.0=c+d, a.sub.0+c.sub.0=a+c, and b.sub.0+d.sub.0=b+d. A number-of-patterns determination part 13 determines integers h.sub.0 and h.sub.1 satisfying h.sub.0h.sub.1. A pattern computation part 14 computes [ai]=[a.sub.0]+i, [b.sub.i]=[b.sub.0]i, [c.sub.i]=[c.sub.0]i and [d.sub.i]=[d.sub.0]+i for i=h.sub.0, . . . , h.sub.1, and obtains a set S={([a.sub.i], [b.sub.i], [c.sub.i], [d.sub.i])}.sub.i of secure texts of combinations of frequencies (a.sub.i, b.sub.i, c.sub.i, d.sub.i).