Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

Abstract: This document describes systems and techniques for protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first computing system of MPC systems, a digital component request including distributed point functions that represent a secret share of a respective point function that indicates whether a user of the client device is a member of a first user group. Selection values are identified. Each selection value corresponds to a respective digital component, a set of contextual signals, and a respective second user group identifier for a respective second user group to which the respective digital component is eligible to be distributed. A determination is made, for each selection value and using the distributed point functions in a secure MPC process, a candidate parameter that indicates whether the second user group identifier matches a user group that includes the user as a member.

Abstract: This document relates to using secure MPC to select digital components in ways that preserve user privacy and protects the security of data of each party that is involved in the selection process. In one aspect, a method includes receiving, by a first computing system of a secure MPC system and from a client device, a digital component request and a nonce. The first computing system generates, based on the nonce and a function, an array including a share of a Bloom filter representing user group identifiers for user groups that include a user of the client device as a member. For each of multiple user group identifiers, the first computing system calculates, in collaboration with one or more second computing systems of the secure MPC system and using the array, a respective first secret share of one or more user group membership condition parameters.

Abstract: This document describes systems and techniques for improving the integrity and protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first server of a secure multi-party computation (MFC) system from an application on a user device, a request for a digital component. The request is parsed into distinct sub-requests. Each sub-request is transmitted to a different server. A set of candidate selection values is received from a separate server. The first server performs, in collaboration with one or more second servers of the MFC system, a selection process to generate a selection result for a winning digital component, including merging, the first set of candidate selection values and a set of cached selection values to create a final set of candidate selection values and sorting the final set according to the values of the candidate selection values.

Abstract: Methods, systems, and computer readable medium facilitating encrypted information retrieval. Methods can include receiving a batch of queries that includes queries to special buckets in each database shard. Query results responsive to the batch of queries are transmitted to the client device. The query results includes server-encrypted secret shares obtained from the special buckets. Client-encrypted versions of the secret shares are received. A full set of server-encrypted secret shares is transmitted to the client device, which is encrypted by the client device to create a full set of client-server-encrypted secret shares. The client device is classified based on how many of the secret shares are included in both of the client-encrypted secret shares received from the client device and the full set of client-server-encrypted secret shares received from the client device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allowing suitable digital components to be automatically selected and provided to a client device. Methods can include generating a universal identifier for a digital component that is presented in the application. The application updates a set of universal identifiers that has been created for digital components presented by the application over a specified time period. The application identifies digital components and the corresponding universal identifiers that are blocked and generates a probabilistic data structure representing the set of blocked universal identifiers. The application creates multiple shares of the probabilistic data structure and transmits different shares to different servers.