SECRET BATCH APPROXIMATION SYSTEM, SECURE COMPUTATION DEVICE, SECRET BATCH APPROXIMATION METHOD, AND PROGRAM

Abstract

Calculation time is reduced without degrading approximation accuracy in calculation of a complicated function through secure computation. A secret batch approximation system calculates a concealed text [z] of an approximate value z for a function value y satisfying yj=f(xj) by using a concealed text [x] of a value x as input. g is defined as a polynomial for approximating each section of m sections into which the function f is divided. A parameter acquisition unit acquires a concealed text [a] of a parameter a corresponding to the value x for each integer j that is not less than 1 and not more than n, where aj is defined as a parameter pi corresponding to a section Ri including a value xj. A polynomial calculation unit calculates a polynomial g([x], [a]) by using the concealed text [x] of the value x as input based on the concealed text [a].

Claims

1. A secret batch approximation system including a plurality of secure computation devices for calculating a concealed text [z]:=([z.sub.1], . . . , [z.sub.n]) of an approximate value z:=(z.sub.1, . . . , z.sub.n) for a function value y:=(y.sub.1, . . . , y.sub.n) satisfying y.sub.j=f(x.sub.j) for each integer j, the integer j being not less than 1 and not more than n, by using a concealed text [x]:=([x.sub.1], . . . , [x.sub.n]) of n pieces of values x:=(x.sub.1, . . . , x.sub.n) as input when n is defined as an integer being not less than 1, wherein m is defined as an integer being not less than 2, g is defined as a polynomial for approximating each section of m sections into which the function f is divided, i is defined as each integer being not less than 1 and not more than m, R.sub.i is defined as the section, and p.sub.i is defined as a parameter of the polynomial g corresponding to the section R.sub.i, each of the secure computation devices comprises processing circuitry configured to: acquire a concealed text [a]:=([a.sub.1], . . . , [a.sub.n]) of a parameter a:=(a.sub.1, . . . , a.sub.n) corresponding to the value x:=(x.sub.1, . . . , x.sub.n) for each integer j, where a.sub.j is defined as the parameter p.sub.i corresponding to the section R.sub.i including the value x.sub.j; and calculate the polynomial g([x], [a]) by using the concealed text [x] of the value x as input based on the concealed text [a] of the parameter a so as to obtain the concealed text [z] of the approximate value z for the function value y.

2. The secret batch approximation system according to claim 1, wherein the processing circuitry acquires the concealed text [a]:=([a.sub.1], . . . , [a.sub.n]) of the parameter a:=(a.sub.1, . . . , a.sub.n) based on a formula:
([a.sub.1], . . . ,[a.sub.n])←BatchMap([x],(u.sub.1, . . . ,u.sub.m),(p.sub.1, . . . ,p.sub.m)) where BatchMap is defined as a secure computation batch mapping algorithm, u.sub.i is defined as a value indicating a boundary of the section R.sub.i, and u.sub.i<u.sub.i+1 holds.

3. The secret batch approximation system according to claim 2, wherein the function f is a sigmoid function with a domain of definition expressed as X:=[0, 1000), m≤5000 holds, and the polynomial g is a cubic polynomial.

4. A secure computation device that is included in a secret batch approximation system, the secret batch approximation system calculating a concealed text [z]:=([z.sub.1], . . . , [z.sub.n]) of an approximate value z:=(z.sub.1, . . . , z.sub.n) for a function value y:=(y.sub.1, . . . , y.sub.n) satisfying y.sub.j=f(x.sub.j) for each integer j, the integer j being not less than 1 and not more than n, by using a concealed text [x] ([x.sub.1], . . . , [x.sub.n]) of n pieces of values x:=(x.sub.1, . . . , x.sub.n) as input when n is defined as an integer being not less than 1, wherein m is defined as an integer being not less than 2, g is defined as a polynomial for approximating each section of m sections into which the function f is divided, i is defined as each integer being not less than 1 and not more than m, R.sub.i is defined as the section, and p.sub.i is defined as a parameter of the polynomial g corresponding to the section R.sub.i, the secure computation device comprises processing circuitry configured to: acquire a concealed text [a]:=([a.sub.1], . . . , [a.sub.n]) of a parameter a:=(a.sub.1, . . . , a.sub.n) corresponding to the value x:=(x.sub.1, . . . , x.sub.n) for each integer j, where a.sub.j is defined as the parameter p.sub.i corresponding to the section R.sub.i including the value x.sub.j; and calculate the polynomial g([x], [a]) by using the concealed text [x] of the value x as input based on the concealed text [a] of the parameter a so as to obtain the concealed text [z] of the approximate value z for the function value y.

5. A secret batch approximation method that is executed by a secret batch approximation system, the secret batch approximation system including a plurality of secure computation devices for calculating a concealed text [z]: ([z.sub.1], . . . , [z.sub.n]) of an approximate value z:=(z.sub.1, . . . , z.sub.n) for a function value y:=(y.sub.1, . . . , y.sub.n) satisfying y.sub.j=f(x.sub.j) for each integer j, the integer j being not less than 1 and not more than n, by using a concealed text [x]:=([x.sub.1], . . . , [x.sub.n]) of n pieces of values x:=(x.sub.1, . . . , x.sub.n) as input when n is defined as an integer being not less than 1, wherein m is defined as an integer being not less than 2, g is defined as a polynomial for approximating each section of m sections into which the function f is divided, i is defined as each integer being not less than 1 and not more than m, R.sub.i is defined as the section, and p.sub.i is defined as a parameter of the polynomial g corresponding to the section R.sub.i, the secret batch approximation method comprising: acquiring, by processing circuitry of each of the secure computation devices, a concealed text [a]:=([a.sub.1], . . . , [a.sub.n]) of a parameter a:=(a.sub.1, . . . , a.sub.n) corresponding to the value x:=(x.sub.1, . . . , x.sub.n) for each integer j, where a.sub.j is defined as the parameter p.sub.i corresponding to the section R.sub.i including the value x.sub.j, and calculating, by the processing circuitry of each of the secure computation devices, the polynomial g([x], [a]) by using the concealed text [x] of the value x as input based on the concealed text [a] of the parameter a so as to obtain the concealed text [z] of the approximate value z for the function value y.

6. A non-transitory computer readable medium having a program recorded thereon for making a computer function as the secure computation device according to claim 4.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0010] FIG. 1 is a diagram for explaining an approximation method of related art.

[0011] FIG. 2 is a diagram for explaining a processing flow of the related art.

[0012] FIG. 3 is a diagram for explaining an approximation method of the present invention.

[0013] FIG. 4 is a diagram for explaining a processing flow of the present invention.

[0014] FIG. 5 is a diagram illustrating a functional configuration of a secret batch approximation system.

[0015] FIG. 6 is a diagram illustrating a functional configuration of a secure computation device.

[0016] FIG. 7 is a diagram illustrating a processing procedure of a secret batch approximation method.

DETAILED DESCRIPTION OF THE EMBODIMENTS

[0017] Notation and definitions of terms in this specification are first described.

[0018] <Notation>

[0019] A value obtained by concealing a certain value a through encryption, secret sharing, or the like is referred to as a concealed text of a and expressed as [a]. Further, a is referred to as a plaintext of [a]. When concealment is performed through secret sharing, a set of shares of secret sharing, which are held by each secure computation device, is referred to by [a].

[0020] [a, b] (square bracket) in a domain of definition of a variable denotes a closed section and (a, b) (parentheses) denotes an open section. For example, i∈[a, b] represents that i is a value which is not less than a and not more than b. Further, i∈[a, b) represents that i is a value which is not less than a and less than b.

[0021] <Addition, Subtraction, Multiplication>

[0022] In each operation of addition, subtraction, and multiplication with respect to concealed texts, concealed texts [c.sub.1], [c.sub.2], and [c.sub.3] of respective calculation results c.sub.1, c.sub.2, and c.sub.3 of a+b, a−b, and ab are calculated by using concealed texts [a] and [b] of two values a and b as input. Execution of these operations are respectively expressed as the following formulas.

[c.sub.1]←Add([a],[b])

[c.sub.2]←Sub([a],[b])

[c.sub.3]←Mul([a],[b])

[0023] When there is no possibility of misunderstanding, Add([a], [b]), Sub([a], [b]), and Mul([a], [b]) are respectively abbreviated as [a]+[b], [a]−[b], and [a]×[b].

[0024] <Batch Mapping>

[0025] In an operation of batch mapping, concealed texts ([y.sub.1], . . . , [y.sub.n]) of n pieces of values (y.sub.1, . . . , y.sub.n) (here, it is assumed that each y.sub.i satisfies y.sub.i=a.sub.j where j satisfies x.sub.i<u.sub.j when j=1 and u.sub.j-1≤x.sub.i<u.sub.j otherwise) are calculated by using concealed texts ([x.sub.1], . . . , [x.sub.n]) of n pieces of values (x.sub.1, . . . , x.sub.n) (here, it is assumed that each x.sub.j satisfies x.sub.j<u.sub.m for later-described u.sub.m) and tuples of m pieces of values (u.sub.1, . . . , u.sub.m) (here, u.sub.i<u.sub.i+1) and m pieces of values (a.sub.1, . . . , a.sub.m) as input. Execution of this operation is expressed as the following formula.

([y.sub.1], . . . ,[y.sub.n])←BatchMap(([x.sub.1], . . . ,[x.sub.n]),(u.sub.1, . . . ,u.sub.m),(a.sub.1, . . . ,a.sub.m))

[0026] Reference Literatures 1 and 2 below describe a secure computation batch mapping algorithm for efficiently calculating batch mapping through secure computation. [0027] [Reference Literature 1] Koki Hamada, Dai Ikarashi, Koji Chida, “A Batch Mapping Algorithm for Secure Function Evaluation”, The transactions of the Institute of Electronics, Information and Communication Engineers. A, Vol. J96-A, No. 4, pp. 157-165, 2013 [0028] [Reference Literature 2] Peeter Laud, “Parallel Oblivious Array Access for Secure Multiparty Computation and Privacy-Preserving Minimum Spanning Trees”, PoPETs 2015(2), pp. 188-205, 2015.

General Outline of Invention

[0029] The present invention utilizes the fact that even a complicated function can be approximated with sufficient accuracy even by a low-order polynomial if sections of the function are limited. Specifically, a function is divided into a plurality of sections, each of the sections is approximated by a lower-order polynomial, and the whole function is thus approximated by a plurality of low-order polynomials. In practical calculation, a section in which an input is included is specified and a low-order polynomial is calculated by using a parameter corresponding to the section. Accordingly, approximation exhibiting accuracy equivalent to accuracy of related art can be realized by using approximate formulas of a lower order when a number of calculation is performed in batch. Since calculation time of a polynomial is proportional to an order of the polynomial, entire calculation time can be reduced without degrading approximation accuracy.

[0030] FIG. 1 illustrates a specific example of calculating a complicated function through polynomial approximation according to related art. A function f(x) which is a calculation target has five peaks on top and bottom, so that at least the sixth-order polynomial is required to apply approximation by a polynomial g(x, a). In order to obtain sufficient accuracy, approximation is performed with the use of a higher-order polynomial in practice. For example, a parameter a of the polynomial g(x, a) is a:=(b, c, d, e, f, g, h) and the polynomial g(x, a) can be defined as g(x, a)=bx.sup.6+cx.sup.5+dx.sup.4+ex.sup.3+fx.sup.2+gx+h. In this case, the number of times of calculation required for obtaining one solution is 11 times for multiplication and six times for addition-and-subtraction.

[0031] FIG. 2 illustrates a processing flow of the related art. The parameter a of the polynomial g(x, a) for approximating the function f(x) is first calculated. Then, a polynomial [z.sub.j]=g([x.sub.j], a) is calculated for each integer j which is not less than 1 and not more than n by using concealed texts [x]:=([x.sub.1], . . . , [x.sub.n]) of input values x:=(x.sub.1, . . . , x.sub.n) and the parameter a so as to obtain concealed texts [z] ([z.sub.1], . . . , [z.sub.n]) of approximate values z:=(z.sub.1, . . . , z.sub.n) of function values y (y.sub.1, . . . , y.sub.n).

[0032] FIG. 3 illustrates a specific example for calculating a complicated function through polynomial approximation according to the present invention. A domain of definition of a function f(x) which is a calculation target is divided into m pieces of sections and each of the sections is approximated by a quadratic polynomial (that is, a quadratic function). Here, a parameter a of a polynomial g(x, a) is a:=(b, c, d) and the polynomial g(x, a) can be defined as g(x, a)=bx.sup.2+cx+d. In this case, the number of times of calculation required for obtaining one solution can be reduced to three times for multiplication and twice for addition-and-subtraction.

[0033] FIG. 4 illustrates a processing flow of the present invention. A parameter p.sub.i of the polynomial g(x, a) for approximating each section R.sub.i (i=1, . . . , m) of the function f(x) is first calculated. Then, concealed texts [a]:=([a.sub.1], . . . , [a.sub.n]) of n pieces of parameters are calculated by using the concealed texts [x]:=([x.sub.1], . . . , [x.sub.n]) of input values x:=(x.sub.1, . . . , x.sub.n) and tuples of a section (R.sub.1, . . . , R.sub.m) and a parameter (p.sub.1, . . . , p.sub.m). Here, [a.sub.j] is a concealed text of the parameter p.sub.i corresponding to the section R.sub.i to which x.sub.j belongs. At the end, polynomials [z.sub.j]=g([x.sub.j], [a.sub.j]) are calculated for respective integers j which are not less than 1 and not more than n by using the concealed texts [x]:=([x.sub.1], . . . , [x.sub.n]) of the input values x:=(x.sub.1, . . . , x.sub.n) and the concealed texts [a]:=([a.sub.1], . . . , [a.sub.n]) of the parameters a:=(a.sub.1, . . . , a.sub.n) so as to obtain concealed texts [z]:=([z.sub.1], . . . , [z.sub.n]) of approximate values z:=(z.sub.1, . . . , z.sub.n) for the function values y (y.sub.1, . . . , y.sub.n).

[0034] Embodiments according to the present invention are described in detail below. It is to be noted that components mutually having the same function are identified with the same reference character in the drawings and duplicate description thereof are omitted.

First Embodiment

[0035] A configuration example of a secret batch approximation system 100 according to a first embodiment will be described with reference to FIG. 5. The secret batch approximation system 100 includes K (≥2) pieces of secure computation devices 1.sub.1, . . . , 1.sub.k. In the present embodiment, the secure computation devices 1.sub.1, . . . , 1.sub.K are each connected to a communication network 9. The communication network 9 is a circuit-switched or packet-switched communication network configured to allow mutual communication of devices connected thereto, and Internet, local area network (LAN), and wide area network (WAN), for example, can be used as the communication network 9. Here, each device is not necessarily communicable via the communication network 9 online. For example, the configuration may be employed in which information to be inputted into the secure computation devices 1.sub.1, . . . , 1.sub.K is stored in a portable recording medium such as a magnetic tape and a USB memory and the information is inputted into the secure computation devices 1.sub.1, . . . , 1.sub.K from the portable recording medium offline.

[0036] A configuration example of the secure computation device 1.sub.k (k=1, . . . , K) included in the secret batch approximation system 100 according to the present embodiment will be described with reference to FIG. 6. The secure computation device 1.sub.k includes a storage 10, an input unit 11, a parameter acquisition unit 12, a polynomial calculation unit 13, and an output unit 14, for example, as illustrated in FIG. 6. The secure computation device 1.sub.k (k=1, . . . , K) performs processing of each step described later in cooperation with other secure computation devices 1.sub.k′ (k′=1, . . . , K, where k≠k′), realizing the secret batch approximation method according to the present embodiment.

[0037] The secure computation device 1.sub.k is a special device configured in a manner that a special program is read in a known or dedicated computer including a central processing unit (CPU) and a main storage unit (random access memory: RAM), for example. The secure computation device 1.sub.k executes each processing under the control of the central processing unit, for example. Data inputted into the secure computation device 1.sub.k and data obtained through each processing are stored, for example, in the main storage unit and the data stored in the main storage unit is read onto the central processing unit as needed and used for other processing. At least part of processing units of the secure computation device 1.sub.k may be composed of hardware such as an integrated circuit. Each storage included in the secure computation device 1.sub.k may be composed of a main storage unit such as a random access memory (RAM), an auxiliary storage unit composed of a hard disk, an optical disk, or a semiconductor memory element such as a flash memory, or middleware such as relational database and a key-value store, for example.

[0038] A processing procedure of the secret batch approximation method executed by the secret batch approximation system 100 according to the present embodiment will be described with reference to FIG. 7.

[0039] The polynomial g(x, a) and a sequence ((R.sub.1, p.sub.1), . . . , (R.sub.m, p.sub.m)) of tuples of a section and a parameter are stored in the storage 10 of each secure computation device 1.sub.k. The polynomial g(x, a) is a polynomial for approximating each of sections obtained by dividing the function f(x), which is a calculation target, into predetermined m sections and is a polynomial of lower order than a polynomial for approximating the whole of the function f(x). a denotes a parameter for defining the polynomial g(x, a) and is an array of coefficients of respective terms, for example. R.sub.i (i=1, . . . , m) denotes information indicating each of the sections obtained by dividing the function f(x) into m sections. p.sub.i (i=1, . . . , m) denotes a parameter for approximating the section R.sub.i of the function f(x) by the polynomial g(x, a).

[0040] In step S1, the input unit 11 of each secure computation device 1.sub.k receives the concealed texts [x]:=([x.sub.1], . . . , [x.sub.n]) of n pieces of values x:=(x.sub.1, . . . , x.sub.n) being calculation targets, as input. The input unit 11 outputs the concealed texts [x] of the values x to the parameter acquisition unit 12.

[0041] In step S2, the parameter acquisition unit 12 of each secure computation device 1.sub.k receives the concealed texts [x] of the values x from the input unit 11, and acquires the concealed texts [a]:=([a.sub.1], . . . , [a.sub.n]) of n pieces of parameters a:=(a.sub.1, . . . , a.sub.n) satisfying ∀j∈[1, n] and ∃i s.t. a.sub.j=p.sub.i, x.sub.j∈R.sub.i from the sequence ((R.sub.1, p.sub.1), . . . , (R.sub.m, p.sub.m)) of tuples of a section and a parameter which are stored in the storage 10, for respective integers j which are not less than 1 and not more than n. That is, the concealed texts [a.sub.1], . . . , [a.sub.n] of the parameters a.sub.1, . . . , a.sub.n respectively corresponding to the values x.sub.1, . . . , x.sub.n are generated for respective integers j which are not less than 1 and not more than n, where a.sub.j is defined as the parameter p.sub.i of the section R.sub.i corresponding to the value x.sub.j. The parameter acquisition unit 12 outputs the concealed texts [x] of the values x and the concealed texts [a] of the parameters a to the polynomial calculation unit 13.

[0042] In step S3, the polynomial calculation unit 13 of each secure computation device 1.sub.k receives the concealed texts [x] of the values x and the concealed texts [a] of the parameters a from the parameter acquisition unit 12 and calculates [z.sub.j]=g([x.sub.j], [a.sub.j]) in accordance with the polynomial g(x, a) stored in the storage 10 for respective integers j which are not less than 1 and not more than n. The polynomial calculation unit 13 outputs the concealed texts [z]:=([z.sub.1], . . . , [z.sub.n]) of the approximate values z:=(z.sub.1, . . . , z.sub.n) for the function values y (y.sub.1, . . . , y.sub.n) to the output unit 14.

[0043] In step S4, the output unit 14 of each secure computation device 1.sub.k receives the concealed texts [z] of the approximate values z for the function values y from the polynomial calculation unit 13 and sets the concealed texts [z] as output of the secure computation device 1.sub.k.

Second Embodiment

[0044] A second embodiment describes a more specific example in which the following sigmoid function, a domain of definition of which is expressed as X:=[0, 1000), is approximated by a quadratic function.

[00001] $f (x) = σ (x) = \frac{1}{1 + e^{- x}}$

[0045] Differences from the first embodiment will be mainly described below.

[0046] A polynomial g(x, a) and a sequence ((R.sub.1, p.sub.1), . . . , (R.sub.m, p.sub.m)) of tuples of a section and a parameter are stored in the storage 10 of each secure computation device 1.sub.k. A parameter of the polynomial g(x, a) of the present embodiment is a:=(b, c, d) and the polynomial g(x, a) is defined as g(x, a)=bx.sup.2+cx+d. The section R.sub.i of the present embodiment is defined as R.sub.i:=[1.sub.i, u.sub.i) for i∈[1, m] (here, 1.sub.i=0, u.sub.m=1000, u.sub.i=1.sub.i+i, and 1.sub.i≤u.sub.i for i∈[1, m)). The parameter p.sub.i of the present embodiment is defined as p.sub.i:=(b.sub.i, c.sub.i, d.sub.i).

[0047] The parameter acquisition unit 12 of each secure computation device 1.sub.k according to the present embodiment executes a secure computation batch mapping algorithm as the following formula by using the concealed texts [x], (u.sub.1, . . . , u.sub.m), and ((b.sub.1, c.sub.1, d.sub.1), . . . , (b.sub.m, c.sub.m, d.sub.m)) as input, acquiring concealed texts [a]:=([a.sub.1], . . . , [a.sub.n]) of the parameters a (a.sub.1, . . . , a.sub.n).

([a.sub.1], . . . ,[a.sub.n])←BatchMap([x],(u.sub.1, . . . ,u.sub.m),((b.sub.1,c.sub.1,d.sub.1), . . . ,(b.sub.m,c.sub.m,d.sub.m)))

[0048] Here, a.sub.j satisfies a.sub.j=(b.sub.i, c.sub.i, d.sub.i) for certain i satisfying x.sub.j∈R.sub.i.

[0049] The polynomial calculation unit 13 of each secure computation device 1.sub.k according to the present embodiment calculates the following formula based on [a.sub.j]:=([b′.sub.j], [c′.sub.j], [d′.sub.j]) for each integer j which is not less than 1 and not more than n, obtaining a concealed text [z.sub.j] of an approximate value z.sub.j.

[z.sub.j]←[b′.sub.i]×[x.sub.j]×[x.sub.j]+[c′.sub.i]×[x.sub.j]+[d′.sub.i]

[0050] The present invention utilizes the fact that even a complicated function can be approximated with sufficient accuracy even by a low-order polynomial if sections of the function are limited. Specifically, a function is divided into the predetermined number of sections to obtain parameters for approximating respective sections by low-order polynomials in advance, and low-order polynomial approximation is performed through acquiring a parameter corresponding to an input value depending on the section including the input value. Accordingly, approximation exhibiting accuracy equivalent to accuracy of related art can be realized by using lower-order polynomials when a number of calculation is performed in batch. Especially, polynomial approximation can be more efficiently performed through acquiring parameters corresponding to respective input values of a plurality of input values by using a secure computation batch mapping algorithm for the input values. For example, it is reported that at least tenth order is experimentally required so as to obtain sufficient accuracy in logistic regression for a sigmoid function which is heavily required in each iterative calculation in learning of logistic regression (see Reference Literature 3). However, if the number of sections is set to 5000, for example, approximation can be realized by a cubic polynomial with almost double accuracy and the number of times of multiplication and addition for real numbers can be reduced by 70 percent. [0051] [Reference Literature 3] Payman Mohassel and Yupeng Zhang, “SecureML: A system for scalable privacy-preserving machine learning,” In 2017 IEEE Symposium on Security and Privacy, S P 2017, San Jose, Calif., USA, May 22-26, 2017, pp. 19-38. IEEE Computer Society, 2017.

[0052] While the embodiments of the present invention have been described, specific configurations are not limited to these embodiments, but design modifications and the like within a range not departing from the spirit of the invention are encompassed in the scope of the invention, of course. The various processes described in the embodiments may be executed in parallel or separately depending on the processing ability of a device executing the process or on any necessity, rather than being executed in time series in accordance with the described order.

[0053] [Program and Recording Medium]

[0054] When various types of processing functions in the devices described in the above embodiments are implemented on a computer, the contents of processing function to be contained in each device is written by a program. With this program executed on the computer, various types of processing functions in the above-described devices are implemented on the computer.

[0055] This program in which the contents of processing are written can be recorded in a computer-readable recording medium. The computer-readable recording medium may be any medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory.

[0056] Distribution of this program is implemented by sales, transfer, rental, and other transactions of a portable recording medium such as a DVD and a CD-ROM on which the program is recorded, for example. Furthermore, this program may be stored in a storage unit of a server computer and transferred from the server computer to other computers via a network so as to be distributed.

[0057] A computer which executes such program first stores the program recorded in a portable recording medium or transferred from a server computer once in a storage unit thereof, for example. When the processing is performed, the computer reads out the program stored in the storage unit thereof and performs processing in accordance with the program thus read out. As another execution form of this program, the computer may directly read out the program from a portable recording medium and perform processing in accordance with the program. Furthermore, each time the program is transferred to the computer from the server computer, the computer may sequentially perform processing in accordance with the received program. Alternatively, a configuration may be adopted in which the transfer of a program to the computer from the server computer is not performed and the above-described processing is executed by so-called application service provider (ASP)-type service by which the processing functions are implemented only by an instruction for execution thereof and result acquisition. It should be noted that a program in this form includes information which is provided for processing performed by electronic calculation equipment and which is equivalent to a program (such as data which is not a direct instruction to the computer but has a property specifying the processing performed by the computer).

[0058] In this form, the present device is configured with a predetermined program executed on a computer. However, the present device may be configured with at least part of these processing contents realized in a hardware manner.

SECRET BATCH APPROXIMATION SYSTEM, SECURE COMPUTATION DEVICE, SECRET BATCH APPROXIMATION METHOD, AND PROGRAM

Assignee

Inventors

Cpc classification

Classification Explorer

H04L9/085

ELECTRICITY

Classification Explorer

H04L2209/46

ELECTRICITY

Classification Explorer

H04L9/0894

ELECTRICITY

Classification Explorer

G06F17/17

PHYSICS

International classification

Classification Explorer

G09C1/00

PHYSICS

Classification Explorer

H04L9/08

ELECTRICITY

Abstract

Claims

Description