Privacy protection methods, systems, and apparatus, including computer programs encoded on computer storage media, are provided. One of the methods is performed by a first computing device and includes: obtaining a plurality of object IDs, wherein the plurality of object IDs include a target object ID; sending the plurality of object IDs to a second computing device storing a plurality of pieces of data respectively associated with the plurality of object IDs for the second computing device to generate a plurality of ciphertexts respectively based on the plurality of pieces of data; and executing a cryptography protocol with the second computing device to obtain a ciphertext corresponding to the target object ID from the plurality of ciphertexts generated by the second computing device, wherein the target object ID is unknown to the second computing device.

A method for outsourcing exponentiation in a private group includes executing a query instruction to retrieve a query element stored on an untrusted server by selecting a prime factorization of two or more prime numbers of a modulus associated with the query element stored on the server, obtaining a group element configured to generate a respective one of the prime numbers, generating a series of base values using the prime factorization and the group element, and transmitting the series of base values from the client device to the server. The server is configured to determine an exponentiation of the group element with an exponent stored on the server using the series of base values. The method also includes receiving a result from the server based on the exponentiation of the group element with the exponent.

There is a need for more effective and efficient secure data transmission. This need can be addressed by, for example, solutions for secure data transmission that utilize per-user-functionality secret shares. In one example, a method includes generating a hashed user identifier based on a received user identifier; transmitting the hashed user identifier to an external computing entity; and receiving a data retrieval secret share from the external computing entity, wherein: (i) the data retrieval secret share is selected from a plurality of per-user-functionality secret shares, (ii) the plurality of per-user-functionality secret shares are generated based on a secret value, (iii) the secret value is generated based on the hashed user identifier, (iv) the secret value is used to generate a user data private key, and (v) the external computing entity is configured to encrypt user-provided data using the user data private key prior to transmission of the encrypted user-provided data.

A method of approximate address shuffling of an array includes receiving an array having an array size and non-null elements located in initial locations. The method includes receiving a pseudo-random function (PRF) key and initializing an output array to null. The method includes shuffling the non-null elements to generate shuffled locations for the non-null elements. The shuffling may include determining an intermediate shuffled location for a first non-null element. If a location in the output array corresponding to the intermediate shuffled location is null, the shuffling may include outputting a shuffled location as the intermediate shuffled location. If not, the shuffling may include generating an updated intermediate shuffled location. The method includes returning the output array having the first non-null element the location in the output array corresponding to the shuffled location.

The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

A computing device is configured to divide an Oblivious Pseudorandom Function (OPRF) key to generate a plurality of N partial keys, distribute a respective one of the plurality of N partial keys to a corresponding plurality of N Key Management System (KMS) units. The computing device receives from a threshold number T of KMS units, a plurality T partial blinded keys, wherein the plurality T partial blinded keys are based on processing of a value of a blinded key received by a respective KMS unit and a corresponding stored partial key of the N partial keys, combines the plurality T of partial blinded keys into the blinded key, processes the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate a key and accesses secure information based on the key.

A method for anonymous authentication and key establishment based on passwords (APAKE), includes instantiating, by the server, an OPRF scheme and a symmetric encryption scheme; engaging in, by the client and the server, an OPRFEvaluate protocol so that the client learns a decryption key associated with its password while the server learns nothing; securely transferring, by the server, a nonce and a symmetric encryption key to the client if the client holds a valid password; sending, by the client, its nonce encrypted under the symmetric encryption key; using, by the server, the symmetric encryption key to decipher ciphertext received by virtue of the sending, by the client, its nonce encrypted under the symmetric encryption key and to recover the client's nonce; and computing, by the server and the client, a compute key based on the client's nonce and the server's nonce.

Systems and methods for computing a private set intersection are disclosed. A method includes storing, at a sender device, a first set of values. The method includes receiving, from a receiver device, a homomorphic encryption of a receiver device value. The method includes computing a homomorphically encrypted number based on a difference between the homomorphic encryption of the receiver device value and each value in the first set of values, and based on a hash function of the encryption of the receiver device value. The method includes transmitting the homomorphically encrypted number to the receiver device for determination, at the receiver device, whether the receiver device value is in the first set of values.

This application describes systems and methods for using a physical unclonable function (PUF) to authenticate a device, which may include circuitry for generating PUF values that may uniquely identify the device. According to one aspect, the device may provide enrollment PUF values to an authentication device. The device may later be authenticated if PUF values generated by the device are within a threshold distance of the enrollment PUF values. Since the PUF values are compared using a distance, it may not necessary to apply an error correcting code to the PUF values. The enrollment values and/or the calculated distance may be adjusted to compensate for time variations in the PUF values due to circuit aging. Systems and methods are also described herein for authenticating the device without revealing new PUF values to any second party, for example using a cryptographic technique known as a garbled circuit.

A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.