A method of cryptographically secured decentralized testing, includes receiving, by a computing device and from a secure test apparatus, an output of a cryptographic function of a secret test result identifier, authenticating the output, and recording, in a data repository, an indication of a test result as a function of the output.

A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.

According to an aspect, there is provided a computer-implemented method of operating a first node. The first node has an algorithm for evaluating input data from another node, with the input data having a plurality of different attributes. The method comprises receiving, from a second node, a proposal for the evaluation of a first set of input data by the algorithm; estimating the performance of the algorithm in evaluating the first set of input data based on the proposal; and outputting, to the second node, an indication of the estimated performance of the algorithm. A corresponding first node is also provided.

Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme, the attributes including predefined time period data and a receiver system identifier, with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypting one-time-pad key and sends to the receiver system.

Some embodiments are directed to a computation device configured to verify that an edit script is for transforming a first string to a second string. The edit script has match operations and difference operations as allowed edit operations. The computation device obtains a representation of the edit script and subsequently performs a validation computation. For each match operation, the computation device determines a character at a current position in the first string and a character at a current position in the second string, verifies that they match, increments the current position in the first string by one and increments the current position in the second string by one. For each difference operation, the computation device increments the current position in the first string and/or the current position in the second string by one.

A method for outsourcing exponentiation in a private group includes executing a query instruction to retrieve a query element stored on an untrusted server by selecting a prime factorization of two or more prime numbers of a modulus associated with the query element stored on the server, obtaining a group element configured to generate a respective one of the prime numbers, generating a series of base values using the prime factorization and the group element, and transmitting the series of base values from the client device to the server. The server is configured to determine an exponentiation of the group element with an exponent stored on the server using the series of base values. The method also includes receiving a result from the server based on the exponentiation of the group element with the exponent.

A computing device is configured to divide an Oblivious Pseudorandom Function (OPRF) key to generate a plurality of N partial keys, distribute a respective one of the plurality of N partial keys to a corresponding plurality of N Key Management System (KMS) units. The computing device receives from a threshold number T of KMS units, a plurality T partial blinded keys, wherein the plurality T partial blinded keys are based on processing of a value of a blinded key received by a respective KMS unit and a corresponding stored partial key of the N partial keys, combines the plurality T of partial blinded keys into the blinded key, processes the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate a key and accesses secure information based on the key.

The computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first polynomial and second polynomial by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first device transmits coefficients of the first and second polynomial P, Q to a second server in encrypted form. The second sever computes encrypted values <P(Xi)> and <Q(Xi)> of the first and second polynomial P, Q for a number Xi in a second set from the encrypted coefficients. The second server uses a secure multiparty equality protocol to compute an encrypted binary value <di> from the encrypted value <p(XT) of the first polynomial p, having a first and second binary value when the value p(Xi) of the first polynomial p is zero and not zero respectively. The second server uses a secure multiparty multiplication protocol to compute an encrypted value of a product <di Q(Xi) Wi> and the second server may compute a sum encrypted sum of the products from the encrypted product <di Q(Xi) Wi> computed for all of the numbers Xi and associated values Wi from the second set.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media for secure collaborative computation of a matrix product of a first matrix including private data of a first party and a second matrix including private data of the second party by secret sharing without a trusted initializer. One method includes obtaining a first matrix including private data of the first party; generating a first random matrix; identifying a first sub-matrix and a second sub-matrix of the first random matrix; computing first scrambled private data of the first party based on the first matrix, the first random matrix, the first sub-matrix, and the second sub-matrix; receiving second scrambled private data of the second party; computing a first addend of the matrix product; receiving a second addend of the matrix product; and computing the matrix product by summing the first addend and the second addend.

An item rating and recommendation platform identifies rating data including respective ratings of multiple items with respect to multiple users; identifies user-feature data including user features contributing to the respective ratings of the multiple items with respect to the multiple users; and receives, from a social network platform via a secret sharing scheme without a trusted initializer, manipulated social network data computed based on social network data and a first number of random variables. The social network data indicate social relationships between any two of the number of users. In the secret sharing scheme without the trust initializer, the social network platform shares with the item rating and recommendation platform manipulated social network data without disclosing the social network data. The item rating and recommendation platform updates the user-feature data based on the rating data and the manipulated social network data.