Abstract: Among four secure computation nodes, one secure computation node is selected as a receiving node. Two of three remaining secure computation nodes among the four secure computation nodes are operated as resharing nodes, and a remaining secure computation node is operated as a verifying node. The resharing node(s) performs a mini-shuffle for resharing share(s) held therein by using a permutation that the receiving node does not know and transmits a result(s) of the mini-shuffle to the receiving node. The verifying node computes data to verify the result(s) of the mini-shuffle performed by the resharing node(s) by using a permutation that the receiving node does not know and transmits the data to the receiving node. Shuffling of shares is achieved by repeatedly performing a round as described above so that each of the four secure computation nodes is selected as the receiving node at least once.

Abstract: A computation system according to the present disclosure includes: shuffling secure computation means for executing secure computation processing by shuffling; random bit sharing means for generating, as security parameters, K pieces of random data; and unauthorized action detecting secure computation means for determining that an exclusive OR operation of values for all rows obtained by multiplying the exclusive OR operation of each row of the tables before the shuffling processing for each data designated by the i-th random data by the i-th random bit of each row is the same as an exclusive OR operation of values for all rows obtained by multiplying the exclusive OR operation of each row of the tables after the shuffling processing for each data designated by the i-th random data by the i-th random bit of each row.

Abstract: In a secret computation system, each of the three or more secret computation servers is configured to transmit, to the auxiliary server, carry computation information for computing a carry indicating whether or not digit carry occurs when a share of arithmetic operation is added as a binary number. The auxiliary server is configured to compute the carry based on the carry computation information received and compute an adjustment value used for computing the share of the arithmetic operation from a share of logical operation by using the computed carry. The auxiliary server distributes the computed adjustment value to the three or more secret computation servers. Each of the three or more secret computation servers is configured to convert the share of the logical operation to the share of the arithmetic operation by using a distributed value of the adjustment value.

Abstract: There is provided a conversion apparatus with which a secure computation execution environment may be easily constructed. The conversion apparatus comprises an input part and a conversion part. The input part inputs a source code. The conversion part converts the input source code so that a secure computation compiler processes it based on setting information relating to secret computation executed by a plurality of secure computation servers.

Abstract: A secure computation server includes: a computation processing part that performs secure computation by using data x received from a client and computes a computation result R; and a trail registration part that makes a predetermined trail storage system to store first trail data for certifying identity of the data x, the first trail data having been calculated from the data x, and second trail data for certifying a relationship between the data x and the computation result R. The predetermined trail storage system manages the first and second trail data in a non-rewritable manner and provides the first and second trail data to a predetermined audit node.

Abstract: There is provided a system for computing a secure statistical classifier, comprising: at least one hardware processor executing a code for: accessing code instructions of an untrained statistical classifier, accessing a training dataset, accessing a plurality of cryptographic keys, creating a plurality of instances of the untrained statistical classifier, creating a plurality of trained sub-classifiers by training each of the plurality of instances of the untrained statistical classifier by iteratively adjusting adjustable classification parameters of the respective instance of the untrained statistical classifier according to a portion of the training data serving as input and a corresponding ground truth label, and at least one unique cryptographic key of the plurality of cryptographic keys, wherein the adjustable classification parameters of each trained sub-classifier have unique values computed according to corresponding at least one unique cryptographic key, and providing the statistical classifier, whe

Abstract: An information processing apparatus that performs bit embedding processing by four-party MPC using 2-out-of-4 replicated secret sharing stores a seed to generate a random number used when performing an operation concerning shares, generates, by using the seed, share reconstruction data for reconstructing a share used when performing bit embedding, and constructs a share for bit embedding by using at least the share reconstruction data.

Abstract: There is provided an information processing apparatus that executes efficient type conversion processing in four-party computation using 2-out-of-4 replicated secret sharing. The information processing apparatus comprises a basic operation seed storage part, a reshare value computation part, and a share construction part. The basic operation seed storage part stores a seed for generating a random number used when computation is performed on a share. The reshare value computation part generates a random number using the seed, computes a share reshare value using the generated random number, and transmits data regarding the generated random number to other apparatuses. The share construction part constructs a share for type conversion using the data regarding the generated random number and the share reshare value received from other apparatuses.

Abstract: There is provided a system for computing a secure statistical classifier, comprising: at least one hardware processor executing a code for: accessing code instructions of an untrained statistical classifier, accessing a training dataset, accessing a plurality of cryptographic keys, creating a plurality of instances of the untrained statistical classifier, creating a plurality of trained sub-classifiers by training each of the plurality of instances of the untrained statistical classifier by iteratively adjusting adjustable classification parameters of the respective instance of the untrained statistical classifier according to a portion of the training data serving as input and a corresponding ground truth label, and at least one unique cryptographic key of the plurality of cryptographic keys, wherein the adjustable classification parameters of each trained sub-classifier have unique values computed according to corresponding at least one unique cryptographic key, and providing the statistical classifier, whe

Abstract: A random number generation server device includes a random number generation unit generating random numbers, a share addition unit generating secret shared data masked using random numbers and the secret shared data of operands in secret equality determination, a secret shared data generation unit generating secret shared data of inputted values, a secret shared data restoration unit obtaining the original values by restoring the secret shared data, and a determination bit-conjunction unit using the secret shared data to perform secret equality determination. A mask value restoration server device includes a secret shared data generation unit, a secret shared data restoration unit, and a determination bit-conjunction unit. A secure computation server device includes a secret shared data generation unit, a secret shared data restoration unit, and a determination bit-conjunction unit.

Abstract: A server device, a secret equality determination system, a secret equality determination method and a secret equality determination program recording medium are provided which, regardless of the server sharing scheme, can run with no difference in the number of communication rounds, whether carried out with a ring of order 2 or with a ring of an order greater than 2. This server device is provided with a secret shared data generation unit, a data storage unit, a mask unit, a random number share bit-conjunction unit, a random number share generation unit, a determination bit-conjunction unit and a secret shared data restoration unit. The secret shared data generation unit generates secret shared data. The data storage unit stores the secret shared data. The mask unit uses random number secret shared data to mask certain shared data. The random number share generation unit generates random number shares in which random numbers are secretly shared.

Abstract: A verification apparatus acquires a source code for multiparty computation, while changing a combination of options settable to a multiparty computation compiler, compiles the source code for each combination of options to generate a plurality of multiparty computation executable codes, selects at least one multiparty computation executable code from the plurality of multiparty computation executable codes as a verification code and provides the at least one verification code to a verification environment of multiparty computation, generates an evaluation index with respect to an execution result of at least one verification code in the verification environment, and selects at least one recommended code from the plurality of multiparty computation executable codes, based on the evaluation index corresponding to at least one verification code and outputs the selected recommended code.

Abstract: An information processing device according to the present invention includes: a memory storing instructions; and at least one processor configured to execute the instructions to perform: acquiring a first time; generating, based on the first time, a term of validity of a first access token, and generating a policy including the first access token, the term of validity, and identification information of a receiver of the first access token; generating a digital signature, based on the policy; generating a second access token including the policy and the digital signature; and transmitting the second access token to another device.

Abstract: There is provided a conversion apparatus with which a secure computation execution environment may be easily constructed. The conversion apparatus comprises an input part and a conversion part. The input part inputs a source code. The conversion part converts the input source code so that a secure computation compiler processes it based on setting information relating to secret computation executed by a plurality of secure computation servers.

Abstract: When an absolute value of a difference value between a first share and a second share which are secret-shared is less than or equal to a natural number t, the information processing apparatus calculates the difference value between the first share and the second share. Furthermore, the information processing apparatus performs a comparison in magnitude of the first share and the second share using bit-decomposition from a least significant bit to an m-th bit (m being a natural number) of the difference value.

Abstract: A random number generation server device includes a random number generation unit generating random numbers, a share addition unit generating secret shared data masked using random numbers and the secret shared data of operands in secret equality determination, a secret shared data generation unit generating secret shared data of inputted values, a secret shared data restoration unit obtaining the original values by restoring the secret shared data, and a determination bit-conjunction unit using the secret shared data to perform secret equality determination. A mask value restoration server device includes a secret shared data generation unit, a secret shared data restoration unit, and a determination bit-conjunction unit. A secure computation server device includes a secret shared data generation unit, a secret shared data restoration unit, and a determination bit-conjunction unit.

Abstract: A server device, a secret equality determination system, a secret equality determination method and a secret equality determination program recording medium are provided which, regardless of the server sharing scheme, can run with no difference in the number of communication rounds, whether carried out with a ring of order 2 or with a ring of an order greater than 2. This server device is provided with a secret shared data generation unit, a data storage unit, a mask unit, a random number share bit-conjunction unit, a random number share generation unit, a determination bit-conjunction unit and a secret shared data restoration unit. The secret shared data generation unit generates secret shared data. The data storage unit stores the secret shared data. The mask unit uses random number secret shared data to mask certain shared data. The random number share generation unit generates random number shares in which random numbers are secretly shared.

Abstract: There is provided a system for computing a secure statistical classifier, comprising: at least one hardware processor executing a code for: accessing code instructions of an untrained statistical classifier, accessing a training dataset, accessing a plurality of cryptographic keys, creating a plurality of instances of the untrained statistical classifier, creating a plurality of trained sub-classifiers by training each of the plurality of instances of the untrained statistical classifier by iteratively adjusting adjustable classification parameters of the respective instance of the untrained statistical classifier according to a portion of the training data serving as input and a corresponding ground truth label, and at least one unique cryptographic key of the plurality of cryptographic keys, wherein the adjustable classification parameters of each trained sub-classifier have unique values computed according to corresponding at least one unique cryptographic key, and providing the statistical classifier, whe

Abstract: In IaaS (Infrastructure as a Service), when it is desirable to delegate the authority to a user outside a system, a recipient of an access token is designated, thereby preventing illegal distribution of the access token. There is provided an access token system including a generator and a verifier. The generator generates, using secret information of a recipient, a recipient-designated access token for which the recipient is designated, and provides the recipient-designated access token to a user. The verifier verifies that the user who makes access using the recipient-designated access token is the designated recipient.

Abstract: An information processing device according to the present invention includes: a memory storing instructions; and at least one processor configured to execute the instructions to perform: acquiring a first time; generating, based on the first time, a term of validity of a first access token, and generating a policy including the first access token, the term of validity, and identification information of a receiver of the first access token; generating a digital signature, based on the policy; generating a second access token including the policy and the digital signature; and transmitting the second access token to another device.