Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypted one-time-pad key and sends the ciphertext to the receiver system.

Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.

Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.

An approach for increasing security of biometric templates is described. An improved system is adapted to split a full set of features or representations of a trained model into a first partial template and a second partial template, the second partial template being stored on a secure enclave accessible only through zero-knowledge proof based interfaces. During verification using the template, a new full set of features is received for comparison, and a model is loaded based on the available portions of the model. Comparison utilizing the second partial template requires the computation of zero-knowledge proofs as direct access to the underlying second partial template is prohibited by the secure enclave.

According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state (Ss) of the server or an encrypted current monitoring state (S) of the monitoring function, the current monitoring state (Ss) of the server relating to the current monitoring state (S) of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition. The evaluation is performed using a privacy-preserving computation (PPC), with the server providing the current monitoring state (Ss) of the server as a first private input to the PPC or the encrypted current monitoring state (S) of the monitoring function as a first input to the PPC, and the first client node providing the first event or an encryption thereof as a private input to the PPC. The evaluation of the monitoring function provides an encrypted updated monitoring state (S′) of the monitoring function or an updated monitoring state (Ss′) of the server as an output of the monitoring function and an indication of whether the first event satisfies the trigger condition.

A method, apparatus and computer program product to detect whether specific sensitive data of a client is present in a cloud computing infrastructure is implemented without requiring that data be shared with the cloud provider, or that the cloud provider provide the client access to all data in the cloud. Instead of requiring the client to share its database of sensitive information, preferably the client executes a tool that uses a cryptographic protocol, namely, Private Set Intersection (PSI), to enable the client to detect whether their sensitive information is present on the cloud. Any such information identified by the tool is then used to label a document or utterance, send an alert, and/or redact or tokenize the sensitive data.

According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state Ss of the server or an encrypted current monitoring state S of the monitoring function, the current monitoring state Ss of the server relating to the current monitoring state S of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition. The evaluation is performed using a privacy-preserving computation, PPC, with the server providing the current monitoring state Ss of the server as a first private input to the PPC or the encrypted current monitoring state S of the monitoring function as a first input to the PPC, and the first client node providing the first event or an encryption thereof as a private input to the PPC. The evaluation of the monitoring function provides an encrypted updated monitoring state S′ of the monitoring function or an updated monitoring state Ss′ of the server as an output of the monitoring function and an indication of whether the first event satisfies the trigger condition.

The present disclosure involves systems, software, and computer implemented methods for a communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption and oblivious transfer. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values, including use of an oblivious transfer mechanism. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

Systems and methods for computing a private set intersection are disclosed. A method includes storing, at a sender device, a first set of values. The method includes receiving, from a receiver device, a homomorphic encryption of a receiver device value. The method includes computing a homomorphically encrypted number based on a difference between the homomorphic encryption of the receiver device value and each value in the first set of values, and based on a hash function of the encryption of the receiver device value. The method includes transmitting the homomorphically encrypted number to the receiver device for determination, at the receiver device, whether the receiver device value is in the first set of values.

This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.