Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for batch retrieving data are described. In one aspect, a method includes receiving, from a client device and by a first multi-party computation (MPC) server of a cluster of MPC servers, a batch request for retrieving multiple database values stored in one or more databases. The batch request includes a first byte array that includes, for each requested key of multiple requested keys, a first secret share of the requested key. Each database includes multiple data items that each include a database key and a corresponding value. The MPC server processes each database key to generate first secret shares of matching data indicating whether the database key matches at least one requested key. The MPC server generates one or more results that represent database values corresponding to each database key that matches at least one requested key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

Abstract: This document describes systems and techniques for protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first computing system of MPC systems, a digital component request including distributed point functions that represent a secret share of a respective point function that indicates whether a user of the client device is a member of a first user group. Selection values are identified. Each selection value corresponds to a respective digital component, a set of contextual signals, and a respective second user group identifier for a respective second user group to which the respective digital component is eligible to be distributed. A determination is made, for each selection value and using the distributed point functions in a secure MPC process, a candidate parameter that indicates whether the second user group identifier matches a user group that includes the user as a member.

Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

Abstract: This document relates to using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes receiving, by a first computing system of a secure MPC system and from a client device, a digital component request and a nonce. The first computing system generates, based on the nonce and a function, an array including a share of a Bloom filter representing user group identifiers for user groups that include a user of the client device as a member. For each of multiple user group identifiers, the first computing system calculates, in collaboration with one or more second computing systems of the secure MPC system and using the array, a respective first secret share of one or more user group membership condition parameters.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allowing suitable digital components to be automatically selected and provided to a client device. Methods can include generating a universal identifier for a digital component that is presented in the application. The application updates a set of universal identifiers that has been created for digital components presented by the application over a specified time period. The application identifies digital components and the corresponding universal identifiers that are blocked and generates a probabilistic data structure representing the set of blocked universal identifiers. The application creates multiple shares of the probabilistic data structure and transmits different shares to different servers.

Abstract: Methods, systems, and computer readable medium facilitating encrypted information retrieval. Methods can include receiving a batch of queries that includes queries to special buckets in each database shard. Query results responsive to the batch of queries are transmitted to the client device. The query results includes server-encrypted secret shares obtained from the special buckets. Client-encrypted versions of the secret shares are received. A full set of server-encrypted secret shares is transmitted to the client device, which is encrypted by the client device to create a full set of client-server-encrypted secret shares. The client device is classified based on how many of the secret shares are included in both of the client-encrypted secret shares received from the client device and the full set of client-server-encrypted secret shares received from the client device.

Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

Abstract: Methods and devices for treating dental caries includes one or more of assessing, disinfecting, neutralizing, remineralizing, and sealing of a carious region of a tooth. The method of treating dental caries includes assessing the condition of the tooth before treatment. A treatment instrument disclosed herein can be used to disinfect, neutralize, remineralize, and/or seal the carious region of the tooth. The method of treating dental caries can further include assessing the conditions of the tooth after remineralizing and again after sealing.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allowing suitable digital components to be automatically selected and provided to a client device. Methods can include generating a universal identifier for a digital component that is presented in the application. The application updates a set of universal identifiers that has been created for digital components presented by the application over a specified time period. The application identifies digital components and the corresponding universal identifiers that are blocked and generates a probabilistic data structure representing the set of blocked universal identifiers. The application creates multiple shares of the probabilistic data structure and transmits different shares to different servers.

Abstract: Methods, systems, and computer readable medium facilitating encrypted information retrieval. Methods can include receiving a batch of queries that includes queries to special buckets in each database shard. Query results responsive to the batch of queries are transmitted to the client device. The query results includes server-encrypted secret shares obtained from the special buckets. Client-encrypted versions of the secret shares are received. A full set of server-encrypted secret shares is transmitted to the client device, which is encrypted by the client device to create a full set of client-server-encrypted secret shares. The client device is classified based on how many of the secret shares are included in both of the client-encrypted secret shares received from the client device and the full set of client-server-encrypted secret shares received from the client device.

Abstract: This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MPC) system from an application on a user device, a request for a digital component. The request is parsed into distinct sub-requests. Each sub-request is transmitted to a different server. A set of candidate selection values is received from a separate server. The first server performs, in collaboration with one or more second servers of the MPC system, a selection process to generate a selection result for a winning digital component, including merging, the first set of candidate selection values and a set of cached selection values to create a final set of candidate selection values and sorting the final set according to the values of the candidate selection values.

Abstract: This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MFC) system from an application on a user device, a request for a digital component. The request is parsed into distinct sub-requests. Each sub-request is transmitted to a different server. A set of candidate selection values is received from a separate server. The first server performs, in collaboration with one or more second servers of the MFC system, a selection process to generate a selection result for a winning digital component, including merging, the first set of candidate selection values and a set of cached selection values to create a final set of candidate selection values and sorting the final set according to the values of the candidate selection values.

Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

Abstract: This document describes systems and techniques for protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first computing system of MPC systems, a digital component request including distributed point functions that represent a secret share of a respective point function that indicates whether a user of the client device is a member of a first user group. Selection values are identified. Each selection value corresponds to a respective digital component, a set of contextual signals, and a respective second user group identifier for a respective second user group to which the respective digital component is eligible to be distributed. A determination is made, for each selection value and using the distributed point functions in a secure MPC process, a candidate parameter that indicates whether the second user group identifier matches a user group that includes the user as a member.

Abstract: This document relates to using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes receiving, by a first computing system of a secure MPC system and from a client device, a digital component request and a nonce. The first computing system generates, based on the nonce and a function, an array including a share of a Bloom filter representing user group identifiers for user groups that include a user of the client device as a member. For each of multiple user group identifiers, the first computing system calculates, in collaboration with one or more second computing systems of the secure MPC system and using the array, a respective first secret share of one or more user group membership condition parameters.

Abstract: This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MFC) system from an application on a user device, a request for a digital component. The request is parsed into distinct sub-requests. Each sub-request is transmitted to a different server. A set of candidate selection values is received from a separate server. The first server performs, in collaboration with one or more second servers of the MFC system, a selection process to generate a selection result for a winning digital component, including merging, the first set of candidate selection values and a set of cached selection values to create a final set of candidate selection values and sorting the final set according to the values of the candidate selection values.

Abstract: A target image of a target circuit board and a gold image of a gold circuit board are taken by an image acquisition system. Fiducial points are located on the target image and on the gold image. Perspective transformation is performed on the target image using the fiducial points on the target image for reference and on the gold image using the fiducial points on the gold image for reference. After perspective transformation, an anomalous section of the target image is identified by identifying pixels that have different intensities between the target image and the gold image, the anomalous section being indicative of an unauthorized modification to the target circuit board.