Abstract: The invention relates to a cryptographic method and variants thereof based on homomorphic encryption enabling the evaluation of univariate or multivariate real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: Some embodiments are directed to a computer-implemented blind rotation method for use in fully homomorphic encryption (FHE). The method comprises rotating a polynomial (210) over a masked value and iterating over secret key digits, e.g., they may be ternary. The secret key digits can have at least three different values. An iteration further blind rotating the polynomial as indicated by a current secret key digit and a corresponding masking value. In the iteration an encrypted multiplier polynomial may be computed from bootstrapping keys and the masking values. One external product may be done in an iteration with the encrypted multiplier polynomial to further blind rotate the polynomial.

Abstract: The disclosed embodiments are directed toward cryptographic methods and variants thereof based on homomorphic encryption enabling the evaluation of real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: The disclosed embodiments are directed toward cryptographic methods and variants thereof based on homomorphic encryption enabling the evaluation of real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: The invention relates to a cryptographic method and variants thereof based on homomorphic encryption enabling the evaluation of real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: Some embodiments are directed to a computer-implemented method (500) of determining a set of coefficients for homomorphically multiplying an encrypted value by a scalar. The encrypted value is represented by multiple respective value ciphertexts encrypting the value multiplied by respective powers of an even radix. The scalar multiplication is performed as a linear combination of the multiple respective value ciphertexts according to the set of coefficients. The set of coefficients are determined as digits of a radix decomposition of the scalar with respect to the radix. The determined digits lie between minus half the radix, inclusive, and plus half the radix, inclusive. It is ensured that no two subsequent digits are both equal in absolute value to half the radix.

Abstract: Some embodiments are directed to a computer-implemented blind rotation method for use in fully homomorphic encryption (FHE). The method comprises rotating a polynomial (210) over a masked value and iterating over secret key digits, e.g., they may be ternary. The secret key digits can have at least three different values. An iteration further blind rotating the polynomial as indicated by a current secret key digit and a corresponding masking value. In the iteration an encrypted multiplier polynomial may be computed from bootstrapping keys and the masking values. One external product may be done in an iteration with the encrypted multiplier polynomial to further blind rotate the polynomial.

Abstract: Some embodiments are directed to a fully homomorphic encryption (FHE) cryptography, wherein some encrypted data items are clipped, thereby reducing a bit-size of the encrypted data item and increasing an associated noise level of the encrypted data item. An FHE operation or a decrypt operation that operates on the clipped encrypted data item as input, has noise tolerance above a noise level associated with the clipped encrypted data item.

Abstract: Some embodiments are directed to a computer-implemented method (500) of determining a set of coefficients for homomorphically multiplying an encrypted value by a scalar. The encrypted value is represented by multiple respective value ciphertexts encrypting the value multiplied by respective powers of an even radix. The scalar multiplication is performed as a linear combination of the multiple respective value ciphertexts according to the set of coefficients. The set of coefficients are determined as digits of a radix decomposition of the scalar with respect to the radix. The determined digits lie between minus half the radix, inclusive, and plus half the radix, inclusive. It is ensured that no two subsequent digits are both equal in absolute value to half the radix.

Abstract: Some embodiments are directed to a fully homomorphic encryption (FHE) cryptography, wherein some encrypted data items are clipped, thereby reducing a bit-size of the encrypted data item and increasing an associated noise level of the encrypted data item. An FHE operation or a decrypt operation that operates on the clipped encrypted data item as input, has noise tolerance above a noise level associated with the clipped encrypted data item.

Abstract: The invention relates to a cryptographic method and variants thereof based on homomorphic encryption enabling the evaluation of real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: The invention relates to a cryptographic method and variants thereof based on homomorphic encryption enabling the evaluation of univariate or multivariate real-valued functions on encrypted data, in order to allow carrying out homomorphic processing on encrypted data more broadly and efficiently.

Abstract: A method and data processing system for detecting tampering of a machine learning model is provided. The method includes training a machine learning model. During a training operating period, a plurality of input values is provided to the machine learning model. In response to a predetermined invalid input value, the machine learning model is trained that a predetermined output value will be expected. The model is verified that it has not been tampered with by inputting the predetermined invalid input value during an inference operating period. If the expected output value is provided by the machine learning model in response to the predetermined input value, then the machine learning model has not been tampered with. If the expected output value is not provided, then the machine learning model has been tampered with. The method may be implemented using the data processing system.

Abstract: Methods and systems are provided for evaluating Machine Learning models in a Machine-Learning-As-A-Service context, whereby the secrecy of the parameters of the Machine Learning models and the privacy of the input data fed to the Machine Learning model are preserved as much as possible, while requiring the exchange between a client and an MLaaS server of as few messages as possible. The provided methods and systems are based on the use of additive homomorphic encryption in the context of Machine Learning models that are equivalent to models that are based on the evaluation of an inner product of on the one hand a vector that is a function of extracted client data and on the other hand a vector of model parameters. In some embodiments the client computes an inner product of extracted client data and a vector of model parameters that are encrypted with an additive homomorphic encryption algorithm.

Abstract: A method is provided for protecting a trained machine learning model that provides prediction results with confidence levels. The confidence level is a measure of the likelihood that a prediction is correct. The method includes determining if a query input to the model is an attempted attack on the model. If the query is determined to be an attempted attack, a first prediction result having a highest confidence level is swapped with a second prediction result having a relatively lower confidence level so that the first and second prediction results and confidence levels are re-paired. Then, the second prediction result is output from the model with the highest confidence level. By swapping the confidence levels and outputting the prediction results with the swapped confidence levels, the machine learning model is more difficult for an attacker to extract.

Abstract: A method for performing a secure evaluation of a decision tree, including: receiving, by a processor of a server, an encrypted feature vector x=(x1, . . . , xn) from a client; choosing a random mask ?0; calculating m0 and sending m0 to the client, wherein m0=xi0(0)?t0(0)+?0 and t0(0) is a threshold value in the first node in the first level of a decision tree ?; performing a comparison protocol on m0 and ?0, wherein the server produces a comparison bit b0 and the client produces a comparison bit b?0; choosing a random bit s0?{0,1} and when s0=1 switching a left and right subtrees of ?; sending b0?s0 to the client; and for each level =1, 2, . . . , d?1 of the decision tree ?, where d is the number of levels in the decision tree ?, perform the following steps: receiving from the client yk where k=0, 1, . . .

Abstract: Various embodiments relate to a method of encrypting a message m using a Paillier cryptosystem, including: computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r?[1, N); computing a first verification value based upon u and N, where u is randomly chosen such that u?[1, N); computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.

Abstract: A method for producing a white-box implementation of a cryptographic function using garbled circuits, including: producing, by a first party, a logic circuit implementing the cryptographic function using a plurality of logic gates and a plurality of wires; garbling the produced logic circuit, by the first party, including garbling the plurality of logic gates and assigning two garbled values for each of the plurality of wires; and providing a second party the garbled logic circuit and a first garbled circuit input value.

Abstract: A method is provided for protecting a trained machine learning model that provides prediction results with confidence levels. The confidence level is a measure of the likelihood that a prediction is correct. The method includes determining if a query input to the model is an attempted attack on the model. If the query is determined to be an attempted attack, a first prediction result having a highest confidence level is swapped with a second prediction result having a relatively lower confidence level so that the first and second prediction results and confidence levels are re-paired. Then, the second prediction result is output from the model with the highest confidence level. By swapping the confidence levels and outputting the prediction results with the swapped confidence levels, the machine learning model is more difficult for an attacker to extract.

Abstract: A method and data processing system for detecting tampering of a machine learning model is provided. The method includes training a machine learning model. During a training operating period, a plurality of input values is provided to the machine learning model. In response to a predetermined invalid input value, the machine learning model is trained that a predetermined output value will be expected. The model is verified that it has not been tampered with by inputting the predetermined invalid input value during an inference operating period. If the expected output value is provided by the machine learning model in response to the predetermined input value, then the machine learning model has not been tampered with. If the expected output value is not provided, then the machine learning model has been tampered with. The method may be implemented using the data processing system.