Abstract: A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.

Abstract: A method disclosed herein may include receiving, at a first computing system, encrypted identifiers and encrypted values, performing, by the first computing system, a concealing operation on the encrypted identifiers to produce concealed encrypted identifiers, wherein the concealing operation conceals the encrypted identifiers from the first computing system and a second computing system but enables matching between the concealed encrypted identifiers, decrypting, by the second computing system, the concealed encrypted identifiers to produce concealed identifiers, and performing, by the second computing system, an aggregation operation using the concealed identifiers and the encrypted values to produce an encrypted aggregate value without accessing personally identifiable information associated with the encrypted values.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

Abstract: A method is disclosed. The method includes: a) receiving node identifiers from nodes of a plurality of nodes in a computer network; b) determining a plurality of node committees in a sampler graph comprising a plurality of nodes, wherein the node is present in a node committee in the plurality of node committees; c) and i) generating a random string; ii) performing a proof of work process using the random string and a hash function; iii) if the proof of work process yields a solution that is acceptable, then broadcasting the solution to all other nodes in the plurality of nodes, wherein the other nodes verify the solution; and iv) if the other nodes verify the solution, the node is elected to a subcommittee for the node committee, wherein the subcommittee updates the sampler graph; and d) repeating steps b) and c) until a leader committee is determined.

Abstract: This document relates to using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes receiving, by a first computing system of a secure MPC system and from a client device, a digital component request and a nonce. The first computing system generates, based on the nonce and a function, an array including a share of a Bloom filter representing user group identifiers for user groups that include a user of the client device as a member. For each of multiple user group identifiers, the first computing system calculates, in collaboration with one or more second computing systems of the secure MPC system and using the array, a respective first secret share of one or more user group membership condition parameters.

Abstract: A method includes executing an instruction to execute a query for a data block, the data block associated with a corresponding memory level of a logarithmic number of memory levels (li) of memory, each memory level (li) including physical memory (RAMi) residing on memory hardware of a distributed system. The method also includes retrieving a value associated with the data block from an oblivious hash table using a corresponding key, and extracting un-queried key value pairs from the oblivious hash table associated with un-queried data blocks after executing a threshold number of queries for data blocks. The method also includes a multi-array shuffle routine on the extracted key value pairs from the oblivious hash table to generate an output array containing the un-queried key value pairs.

Abstract: A method includes: a) receiving node identifiers from nodes of a plurality of nodes in a computer network; b) determining a plurality of node committees in a sampler graph comprising a plurality of nodes, wherein the node is present in a node committee in the plurality of node committees; c) and i) generating a random string; ii) performing a proof of work process using the random string and a hash function; iii) if the proof of work process yields a solution that is acceptable, then broadcasting the solution to all other nodes in the plurality of nodes, wherein the other nodes verify the solution; and iv) if the other nodes verify the solution, the node is elected to a subcommittee for the node committee, wherein the subcommittee updates the sampler graph; and d) repeating steps b) and c) until a leader committee is determined.

Abstract: A method includes executing an instruction to execute a query for a data block, the data block associated with a corresponding memory level of a logarithmic number of memory levels (li) of memory, each memory level (li) including physical memory (RAMi) residing on memory hardware of a distributed system. The method also includes retrieving a value associated with the data block from an oblivious hash table using a corresponding key, and extracting un-queried key value pairs from the oblivious hash table associated with un-queried data blocks after executing a threshold number of queries for data blocks. The method also includes a multi-array shuffle routine on the extracted key value pairs from the oblivious hash table to generate an output array containing the un-queried key value pairs.

Abstract: A method disclosed herein may include receiving, at a first computing system, encrypted identifiers and encrypted values, performing, by the first computing system, a concealing operation on the encrypted identifiers to produce concealed encrypted identifiers, wherein the concealing operation conceals the encrypted identifiers from the first computing system and a second computing system but enables matching between the concealed encrypted identifiers, decrypting, by the second computing system, the concealed encrypted identifiers to produce concealed identifiers, and performing, by the second computing system, an aggregation operation using the concealed identifiers and the encrypted values to produce an encrypted aggregate value without accessing personally identifiable information associated with the encrypted values.

Abstract: A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.

Abstract: A method includes executing an instruction to execute a query for a data block, the data block associated with a corresponding memory level of a logarithmic number of memory levels (li) of memory, each memory level (li) including physical memory (RAMi) residing on memory hardware of a distributed system. The method also includes retrieving a value associated with the data block from an oblivious hash table using a corresponding key, and extracting un-queried key value pairs from the oblivious hash table associated with un-queried data blocks after executing a threshold number of queries for data blocks. The method also includes a multi-array shuffle routine on the extracted key value pairs from the oblivious hash table to generate an output array containing the un-queried key value pairs.

Abstract: A method includes executing an instruction to execute a query for a data block, the data block associated with a corresponding memory level of a logarithmic number of memory levels (li) of memory, each memory level (li) including physical memory (RAMi) residing on memory hardware of a distributed system. The method also includes retrieving a value associated with the data block from an oblivious hash table using a corresponding key, and extracting un-queried key value pairs from the oblivious hash table associated with un-queried data blocks after executing a threshold number of queries for data blocks. The method also includes a multi-array shuffle routine on the extracted key value pairs from the oblivious hash table to generate an output array containing the un-queried key value pairs.

Abstract: A method is disclosed. The method includes: a) receiving node identifiers from nodes of a plurality of nodes in a computer network; b) determining a plurality of node committees in a sampler graph comprising a plurality of nodes, wherein the node is present in a node committee in the plurality of node committees; c) and i) generating a random string; ii) performing a proof of work process using the random string and a hash function; iii) if the proof of work process yields a solution that is acceptable, then broadcasting the solution to all other nodes in the plurality of nodes, wherein the other nodes verify the solution; and iv) if the other nodes verify the solution, the node is elected to a subcommittee for the node committee, wherein the subcommittee updates the sampler graph; and d) repeating steps b) and c) until a leader committee is determined.

Abstract: A method includes executing an instruction to execute a query for a data block, the data block associated with a corresponding memory level of a logarithmic number of memory levels (li) of memory, each memory level (li) including physical memory (RAMi) residing on memory hardware of a distributed system. The method also includes retrieving a value associated with the data block from an oblivious hash table using a corresponding key, and extracting un-queried key value pairs from the oblivious hash table associated with un-queried data blocks after executing a threshold number of queries for data blocks. The method also includes a multi-array shuffle routine on the extracted key value pairs from the oblivious hash table to generate an output array containing the un-queried key value pairs.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the server module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: Shares for one or more data values in a dataset can be computed using evaluation point values and sharing polynomials. Lagrangian coefficients can also be computed for the evaluation point values. The shares and the Lagrangian coefficients may be used to evaluate the polynomials on the data values. The technique can also include encrypting the Lagrangian coefficients according to an encryption scheme that provides for addition operations between encrypted values. An operation on representations of coefficients of the evaluation polynomial, representations of the shares, and the encrypted representations of the Lagrangian coefficients can be delegated to a remote computing environment. The operation can be performed at the remote computing environment, such as by performing a map-reduce operation. Results of the delegated operation can be received from the remote computing environment and processed to produce representation(s) of evaluation(s) of the polynomial on the data value(s).