According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state Ss of the server or an encrypted current monitoring state S of the monitoring function, the current monitoring state Ss of the server relating to the current monitoring state S of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition. The evaluation is performed using a privacy-preserving computation, PPC, with the server providing the current monitoring state Ss of the server as a first private input to the PPC or the encrypted current monitoring state S of the monitoring function as a first input to the PPC, and the first client node providing the first event or an encryption thereof as a private input to the PPC. The evaluation of the monitoring function provides an encrypted updated monitoring state S′ of the monitoring function or an updated monitoring state Ss′ of the server as an output of the monitoring function and an indication of whether the first event satisfies the trigger condition.

Various embodiments include a first node for providing a function to a second node for evaluation, the first node configured to form a first plurality of garbled circuits for the function, each circuit being formed from a circuit representing the function and a respective set of wire keys and including one or more logic operations, one or more input wires for inputting data into the circuit and one or more output wires for outputting the result of the function, wherein each respective set of wire keys comprises a respective subset of wire keys for each input wire and each output wire, each subset of wire keys comprising a plurality of wire keys, each wire key in the plurality being associated with a possible value for the wire; and publish a first list of the first plurality of garbled circuits for the function for access by a plurality of second nodes.

A method of communicating a secret (k.sub.0, k.sub.1) on the Bitcoin blockchain is disclosed. The method comprises sending information identifying secrets selectable by the recipient and receiving a first public key (U.sub.i) of an elliptic curve cryptography system, corresponding to a first secret (S.sub.i) selected for access by the recipient and for which a first private key (m) is accessible to the recipient. A second public key (U.sub.1-i) is received, corresponding to a second secret not selected for access by the recipient, wherein a corresponding second private key is not available to the recipient. First and second secrets encrypted by means of the respective first and second public keys (X.sub.0, X.sub.1) are sent to the recipient, wherein the first secret is accessible to the recipient by means of the first private key, the second secret is inaccessible to the recipient, and the sender is unable to distinguish between the first and second secrets.

A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed by one or more computing devices, includes updating the global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key, wherein the non-interactive oblivious key exchange uses an oblivious protocol; and reencrypting the data chunk to be re-keyed with the updated global secret.

Privacy protection methods, systems, and apparatus, including computer programs encoded on computer storage media, are provided. One of the methods is performed by a first computing device and includes: obtaining a plurality of object IDs, wherein the plurality of object IDs include a target object ID; sending the plurality of object IDs to a second computing device storing a plurality of pieces of data respectively associated with the plurality of object IDs for the second computing device to generate a plurality of ciphertexts respectively based on the plurality of pieces of data; and executing a cryptography protocol with the second computing device to obtain a ciphertext corresponding to the target object ID from the plurality of ciphertexts generated by the second computing device, wherein the target object ID is unknown to the second computing device.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media for secure collaborative computation of a matrix product of a first matrix including private data of a first party and a second matrix including private data of the second party by secret sharing without a trusted initializer. One method includes obtaining a first matrix including private data of the first party; generating a first random matrix; identifying a first sub-matrix and a second sub-matrix of the first random matrix; computing first scrambled private data of the first party based on the first matrix, the first random matrix, the first sub-matrix, and the second sub-matrix; receiving second scrambled private data of the second party; computing a first addend of the matrix product; receiving a second addend of the matrix product; and computing the matrix product by summing the first addend and the second addend.

A method of cryptographically secured decentralized testing includes receiving, by a computing device and from a secure test apparatus, an output of a cryptographic function of a secret test result identifier, authenticating the output, and recording, in a data repository, an indication of a test result as a function of the output.

A system includes a first plurality of blockchain nodes including first network nodes external to a vehicle and second network nodes internal to the vehicle, the first plurality of blockchain nodes maintaining a first distributed blockchain ledger; and a first computing device. The first computing device is programmed to transmit a first request to the first plurality of blockchain nodes requesting access to a vehicle network via a communications access port in the vehicle; demonstrate a first proof of work by responding to a second request from the first plurality of blockchain nodes; and receive, based on a first majority of the first network nodes and the second network nodes in the first plurality of blockchain nodes accepting the first request, first authorization specifying access to the vehicle access via the communications access port.

A secure authentication method includes: deriving a distributed LSH value using secret LSH, taking a first distributed feature amount which is a feature amount of user information distributed through a secret distribution method and encrypted LSH parameters as inputs; deriving a distributed hash value using a secret unidirectional function, taking the distributed LSH value and a distributed key as inputs; decoding the hash value by reversing distribution of the distributed hash value; selecting, from a secret hash table storing sets of a hash value as an index and a distributed feature amount as a data string, a set including a hash value matching the decoded hash value; computing, in secret, similarity between the distributed feature amount in the set and the first distributed feature amount; deriving, in secret, a user authentication result based on the similarity computed; and outputting the derived authentication result.

A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.