A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.

A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value (e.g., associated with a key) based on a blinding key (e.g., homomorphic encryption) to generate a blinded value and generates an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., associated with a Key Management System (KMS) service) and receives a blinded key therefrom that is based on a Partially-Oblivious Pseudorandom Function (P-OPRF). The computing device processes the blinded key based on the blinding key (e.g., homomorphic decryption) to generate the key (e.g., associated with the input value). In some examples, the computing device accesses secure information based on the key.

Systems, computer-readable media and methods for enabling secure computation on spreadsheet software. A secure spreadsheet is implemented as an add-in to an existing spreadsheet program, or as a new spreadsheet program/web application, to allow secure computations on private input data (and also optionally with private functions) without the parties learning anything about them, via the familiar spreadsheet interface and its formula language. Automatic conversion of previous spreadsheet data and formulas is provided whenever possible, or assisted via a helper. The secure computation can be executed between the computers of the involved parties, or outsourced to a third-partycloud computing system (FIG. 4): the secure cryptographic calculation module automatically optimizes for the best performing technique of secure computation (for example, homomorphic encryption, garbled circuits, oblivious transfers, secret sharing, oblivious random access machines and/or a combination of the previous crypto-primitives).

The invention proposes a method comprising the evaluation of a function F obtained by applying to n sub-functions f.sub.i a first operation, the evaluation comprising: the application of a series of calculation steps in which a first unit assumes a role of a client and a second unit assumes a role of a server, and the repetition of the series of calculation steps in which the roles of client and of server are exchanged between the units, each series of steps comprising: a) randomly generating, by the server, first data, and a second datum, b) for each sub-function f.sub.i, generating by the server a set of elements formed by: a result of f.sub.i evaluated in the data of the client and of the server, masked by a first datum, by applying the first operation between the result and the first datum, and masked by the second datum, by applying between the masked result and the second datum of a second operation different from the first and distributed relatively to the latter, c) recovering by oblivious transfer, by the client, an intermediate datum corresponding to one of the elements generated by the server, d) generating, by the server, a first result portion, by: masking each first datum with the second datum, applying to all the first masked data of the first operation, and e) generating by the client, a second result portion, by applying all the intermediate data of the first operation.

A form of the invention is applicable for use in conjunction with a6 security credential management system that produces and manages pseudonym digital certificates issued to vehicles and used by vehicles to establish trust in vehicle-to-vehicle communications, the security credential management system including a pseudonym certificate authority processor entity which issues pseudonym digital certificates to vehicles, a registration authority processor entity that validates, processes and forwards requests for pseudonym digital certificates to the pseudonym certificate authority processor entity, and a misbehavior authority processor entity that receives misbehavior reports from reporter vehicles that include information about the reporter vehicles and suspect misbehaving vehicles and is responsible for producing a list of revoked credentials; the pseudonym certificate processor entity and registration authority processor entity participating in producing linkage values to be contained within the issued pseudonym digital certificates, the linkage values being derived ultimately, using a one-way function, from linkage seeds thereby enabling, in predetermined circumstances, at least some of the certificates containing linkage values derived from a given linkage seed to be revoked. A method is set forth for improving operation of the security credential management system, including the following steps: in conjunction with deriving the linkage values from the linkage seeds, additionally producing encrypted linkage maps that relate, in encrypted form, linkage values with linkage seeds from which they are derived; determining particular linkage values deemed to be of interest based at least in part on information derived from misbehavior reports; and determining linkage seeds associated with the particular linkage values utilizing decryptions of the encrypted linkage maps.

the invention proposes a method and an associated system for authenticating a user, by means of the redundancy present between several images of a video, the method using garbled circuits, named variant garbled circuits, associated with the alternative bits between the images of the video and a garbled circuit named invariant garbled circuit, associated with the invariant bits between the images of the video, so that the invariant garbled circuit only needs to be evaluated a single time.

Methods, systems, and articles of manufacture are provided for oblivious order preserving encryption. A method may include: traversing, by a cloud service provider, an order preserving encryption (OPE) tree based on a result of an oblivious comparison performed by a data owner and a data client, the OPE tree having nodes that each correspond to a ciphertext of data associated with the data owner, the ciphertext of the data being stored at the cloud service provider, and a relative position of the nodes within the OPE tree corresponding to an order that is present in the data associated with the data owner; and determining, based on the traversing of the OPE tree, an OPE encoding for an input value from the data client, the OPE encoding for the input value indicative of a position of a node corresponding to the input value within the OPE tree.

A method for calculating a function as a sub-function f.sub.X of a datum of a client, a sub-function f.sub.Y of a datum, and a product of n indexed sub-functions f.sub.i of both data by randomly generating, n indexed invertible data r.sub.i from the set with m being a prime number, generating, for each i from 1 to n, a set for which each element is formed by a product of a datum r.sub.i with a possible result of the sub-function of two variables f.sub.i evaluated in both data, applying an oblivious transfer protocol between the client and a server so that the client recovers, for each i an intermediate datum t.sub.i equal to: t.sub.i=r.sub.if.sub.i(x.sub.i,Y), obtaining, by the client a result T from intermediate data such that: T=f.sub.X(X).sub.i=1.sup.nt.sub.i, obtaining, by the server a result R from inverted data such that: R=f.sub.Y(Y).sub.i=1.sup.nr.sub.i.sup.1 using the results in a cryptographic application.

The disclosed embodiments illustrate methods and systems for identifying a targeted content item for a user. The method includes receiving one or more encrypted first attributes of the user, and a first key. Thereafter, one or more content items are encrypted using the first key. The one or more content items are stored in a data structure such that the one or more content items are indexed in the data structure according to one or more second attributes of the one or more content items. Thereafter, at least one encrypted content item is retrieved from the data structure based on the one or more encrypted content items, the indexing of the one or more content items, and the one or more encrypted first attributes. The at least one encrypted content item is decrypted to generate the targeted content item.

A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.