The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Disclosed are systems and methods for delegating computations of resource-constrained mobile clients, in which multiple servers interact to construct an encrypted program representing a garbled circuit. Implementing the garbled circuit, garbled outputs are returned. Such implementations ensure privacy of each mobile client's data, even if an executing server has been colluded. The garbled circuit provides secure cloud computing for mobile systems by incorporating cryptographically secure pseudo random number generation that enables a mobile client to efficiently retrieve a result of a computation, as well as verify that an evaluator actually performed the computation. Cloud computation and communication complexity are analyzed to demonstrate the feasibility of the proposed system for mobile systems.

The disclosed embodiments illustrate methods and systems for identifying a targeted content item for a user. The method includes receiving one or more encrypted first attributes of the user, and a first key. Thereafter, one or more content items are encrypted using the first key. The one or more content items are stored in a data structure such that the one or more content items are indexed in the data structure according to one or more second attributes of the one or more content items. Thereafter, at least one encrypted content item is retrieved from the data structure based on the one or more encrypted content items, the indexing of the one or more content items, and the one or more encrypted first attributes. The at least one encrypted content item is decrypted to generate the targeted content item.

The invention proposes a method comprising the calculation of a function written as a product of: a sub-function f.sub.X of a datum of a client unit a sub-function f.sub.Y of a datum of a client unit, and a product of n indexed sub-functions f.sub.i of both data,
the method comprising the steps of: randomly generating, by the server unit, n indexed invertible data r.sub.i from the set with m being a prime number, generating, by the server unit, for each i from 1 to n, a set for which each element is formed by a product of a datum r.sub.i with a possible result of the sub-function of two variables f.sub.i evaluated in both data, applying an oblivious transfer protocol between the client unit and the server unit so that the client unit recovers, for each i from 1 to n, an intermediate datum t.sub.i equal to:

t.sub.i=r.sub.i×f.sub.i(x.sub.i,Y) obtaining, by the client unit a result T from intermediate data such that:

[00001]$T=f_X\left(X^{\prime }\right)\times \underset{i=1}{\overset{n}{.Math.}}.Math..Math.t_i$ obtaining, by the server unit a result R from inverted data such that:

[00002]$R=f_Y\left(Y\right)\times \underset{i=1}{\overset{n}{.Math.}}.Math..Math.r_i^{-1}$ using the results T and R in a cryptographic application.

The invention proposes a method comprising the evaluation of a function F obtained by applying to n sub-functions f.sub.i a first operation, the evaluation comprising: the application of a series of calculation steps in which a first unit assumes a role of a client and a second unit assumes a role of a server, and the repetition of the series of calculation steps in which the roles of client and of server are exchanged between the units,
each series of steps comprising: a) randomly generating, by the server, first data, and a second datum, b) for each sub-function f.sub.i, generating by the server a set of elements formed by: a result of f.sub.i evaluated in the data of the client and of the server, masked by a first datum, by applying the first operation between the result and the first datum, and masked by the second datum, by applying between the masked result and the second datum of a second operation different from the first and distributed relatively to the latter, c) recovering by oblivious transfer, by the client, an intermediate datum corresponding to one of the elements generated by the server, d) generating, by the server, a first result portion, by: masking each first datum with the second datum, applying to all the first masked data of the first operation, and e) generating by the client, a second result portion, by applying all the intermediate data of the first operation.

Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.

Implementations of this specification provide methods and apparatuses for oblivious data transfer between computing devices. An example method includes receiving, by a second computing device, an oblivious transfer from a first computing device. The first computing device splits feature data in a feature dataset into a plurality of sub-data and uses the plurality of sub-data as input, and the second computing device uses label data in a label dataset as input. The second computing device selects target sub-data from the plurality of sub-data input by the first computing device, and determines a first summation result of the selected target sub-data. The second computing device receives from the first computing device a second summation result of the one or more splitting parameters in the splitting parameter set, and calculates a statistical indicator based on the first summation result and the second summation result.

The present disclosure involves systems, software, and computer implemented methods for a communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values, including use of an oblivious transfer mechanism. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

Some embodiments are directed to a data retrieval device 210 for data-obliviously copying a subarray of a first array to a second array. The length of the second array is more than one and less than the length of the first array. The length of the subarray is at most the length of the second array. For each first element at a first index in the first array, the data retrieval device selects a second index in the second array for the first index in the first array; data-obliviously computes a choice bit indicative of whether to copy the first element to the second index in the second array; and replaces a second element at the second index in the second array by a replacement element, the replacement element being data-obliviously set to the first element or the second element based on the choice bit.

Systems and methods for implementing a secure and efficient cryptographic protocol for analyzing data objects while providing assurances of data privacy and security. A data object may be obfuscated and provided for analysis (e.g., to a data analytics service) without necessarily providing access to the (e.g., plaintext) data object. For example, a first computing entity and second computing entity may agree upon a function or circuit that performs a certain type of computational task, such as comparing a first data set controlled by the first computing entity and a second data set controlled by the second computing entity. An event-driven function may be invoked by the event-driven compute service in response to detecting satisfaction of a condition as part of monitoring alerts that are generated as a result of the output of the computational task described above.