Computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first and second polynomials P, Q by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first server transmits coefficients of the polynomials to a second server in encrypted form. The second sever computes encrypted values <P(Xi′)> and <Q(Xi′)> of the polynomials for a number Xi′ in a second set from the encrypted coefficients. The second server computes an encrypted binary value <di> from the encrypted value <p(Xi′) of the first polynomial p and computes an encrypted value of a product <di Q(Xi′) Wi>.

A secure multi-party computing system performs a multi-pivot partial sorting operation on a secret shared array of values. The use of multiple pivots supports efficient computations in a multi-party computation setting. Partial sorting determines percentile values without the need for a full sort. The secret shared array is first permuted by a secret random permutation. A multi-pivot sort, which can be a partial sort, is performed on the permuted array to obtain a public sorting permutation. The multi-pivot sort uses oblivious comparisons that produce secret shared Boolean indications of whether one secret shared value is less than another. The Boolean indications are revealed and used to produce the public sorting permutation, which in turn, is applied to the secret random permutation to obtain a secret shared sorting permutation. The secret shared sorting permutation is then applied to the secret shared array to obtain a sorted secret shared result.

A form of the invention is applicable for use in conjunction with a security credential management system that produces and manages pseudonym digital certificates issued to vehicles and used by vehicles to establish trust in vehicle-to-vehicle communications, the security credential management system including a pseudonym certificate authority processor entity which issues pseudonym digital certificates to vehicles, a registration authority processor entity that validates, processes and forwards requests for pseudonym digital certificates to the pseudonym certificate authority processor entity, and a misbehavior authority processor entity that receives misbehavior reports from reporter vehicles that include information about the reporter vehicles and suspect misbehaving vehicles and is responsible for producing a list of revoked credentials; the pseudonym certificate processor entity and registration authority processor entity participating in producing linkage values to be contained within the issued pseudonym digital certificates, the linkage values being derived ultimately, using a one-way function, from linkage seeds thereby enabling, in predetermined circumstances, at least some of the certificates containing linkage values derived from a given linkage seed to be revoked. A method is set forth for improving operation of the security credential management system, including the following steps: in conjunction with deriving the linkage values from the linkage seeds, additionally producing encrypted linkage maps that relate, in encrypted form, linkage values with linkage seeds from which they are derived; determining particular linkage values deemed to be of interest based at least in part on information derived from misbehavior reports; and determining linkage seeds associated with the particular linkage values utilizing decryptions of the encrypted linkage maps.

According to an aspect, there is provided a computer-implemented method of operating a first node. The first node has an algorithm for evaluating input data from another node, with the input data having a plurality of different attributes. The method comprises receiving, from a second node, a proposal for the evaluation of a first set of input data by the algorithm; estimating the performance of the algorithm in evaluating the first set of input data based on the proposal; and outputting, to the second node, an indication of the estimated performance of the algorithm. A corresponding first node is also provided.

Methods are provided for discovering related attributes with respect to an element in a customer data record, based on provided associations and for generating new associations between various elements of the customer data record. In these method, the context service system obtains, from a subscriber, a lookup request including a first blinded attribute. The first blinded attribute is obtained by applying an oblivious pseudo random function (OPRF) to a first element of a data record. The method further includes the context service system identifying at least one second blinded attribute associated with the first blinded attribute in a shared data partition of the context service system and providing, to the subscriber, at least one second element of the data record associated with the at least one second blinded attribute.

A method of securely accessing a database with sensitive data, such as the clinical information of patients, by a client in a privacy-preserving manner, including: communicating with the server to obtain tags for specific attribute-value pairs when the client is authorized to make a query; imposing a tag quota per client and restricting tag generation to authorized query terms with valid digital signatures from a third-party authority; storing the tags and their associated query terms in confidence for future queries; sending a combination of tags that define the terms of a conjunctive query over a secure channel to a proxy; receiving from the proxy encrypted coefficients of a polynomial whose roots are indices to the query results; decrypting the encrypted coefficients in a first protocol with the server; calculating the roots of the polynomial based upon the decrypted coefficients and discarding any superfluous roots; obtaining the encrypted records associated with the calculated roots from the proxy; and decrypting the encrypted records in a second protocol with the server.

Techniques for implementing efficient three-party private set intersection (PSI) are provided. In one set of embodiments these techniques make use of an oblivious key-value store (OKVS), which is a cryptographic data structure that encodes a set of key-value pairs ({k.sub.i, v.sub.i}) and exhibits the following properties: (A) if a receiver decodes the OKVS on some input q=k.sub.j, the output will be v.sub.j, and (B) the receiver cannot tell, from the outputs generated by the OKVS, what keys (i.e., k.sub.i's) are encoded. By using an OKVS, the techniques of the present disclosure can achieve three-party PSI in a manner that is more efficient and scalable than existing protocols.

A secure inference over Deep Neural Networks (DNNs) using secure two-party computation to perform privacy-preserving machine learning. The secure inference uses a particular type of comparison that can be used as a building block for various layers in the DNN including, for example, ReLU activations and divisions. The comparison securely computes a Boolean share of a bit representing whether input value x is less than input value y, where x is held by a user of the DNN, and where y is held by a provider of the DNN. Each party computing system parses their input into leaf strings of multiple bits. This is much more efficient than if the leaf strings were individual bits. Accordingly, the secure inference described herein is more readily adapted for using in complex DNNs.

A method, apparatus and computer program product to detect whether specific sensitive data of a client is present in a cloud computing infrastructure is implemented without requiring that data be shared with the cloud provider, or that the cloud provider provide the client access to all data in the cloud. Instead of requiring the client to share its database of sensitive information, preferably the client executes a tool that uses a cryptographic protocol, namely, Private Set Intersection (PSI), to enable the client to detect whether their sensitive information is present on the cloud. Any such information identified by the tool is then used to label a document or utterance, send an alert, and/or redact or tokenize the sensitive data.

Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.