Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.

Abstract: A method is disclosed. The method comprises a receiving a plurality of key-value pairs. The method then generates a random binary matrix of at least weight three. The random binary matrix has a number of non-zero binary values equal to the weight in each row. The method can then assign each key in the plurality of key-value pairs to a row in the random binary matrix. A key matrix can then be generated by appending a dense binary matrix to the random binary matrix. The method can then process the key matrix to output an encoding vector that encodes the values of the plurality of key-value pairs.

Abstract: Methods and systems for securely generating secret shares in a distributed manner and distributing those secret shares to cryptographic devices are disclosed. The cryptographic devices can use these secret shares to perform threshold distributed cryptographic operations (e.g., encryption and decryption). The cryptographic devices can be partitioned into groups based on the total number of devices and a threshold number. One generating device from each group can generate a secret share corresponding to that group, then transmit the secret share to members of the group. The generating devices can also generate commitments and transmit those commitments to other cryptographic devices. A group of confirming devices can use the commitments to generate confirmation values that can be used to confirm that the secret share were generated and distributed correctly.

Abstract: Methods and systems for securely generating secret shares in a distributed manner and distributing those secret shares to cryptographic devices are disclosed. The cryptographic devices can subsequently use these secret shares to perform threshold distributed cryptographic operations (such as encryption or decryption). A threshold number of generating cryptographic devices can each generate their own secret shares. These devices can also each generate partial secret shares that can be combined by receiving cryptographic QC devices to generate their own respective secret shares. Additionally, the generating devices can generate commitments corresponding to their secret shares. The generating devices can transmit the commitments to the other cryptographic devices and the partial secret shares to their corresponding receiving devices. At a later time, cryptographic devices possessing at least a threshold number of secret shares can collectively perform cryptographic operations using those secret shares.

Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.

Abstract: Embodiments of the present disclosure are directed to methods for multi-party fixed point multiplication. The methods can include replicated methods for multi-party fixed point multiplication where the inputs and output are represented using replicated secret sharing. One replication method can require only a single round of communication in the online phase and is secure against a semi-honest adversary. Another replication method can require may include an additional key to identify any malicious communicating parties. The methods can also include a Shamir sharing fixed point multiplication method and an additive secret sharing fixed point multiplication method.

Abstract: A method performed by a user device is disclosed. The method comprising generating a secret and measuring a biometric template of a user operating the user device. The method then generates a plurality of secret shares of the secret and of the biometric template. The user device then transmits the secret shares of the secret and of the biometric template to a plurality of recovery devices. After, the user device may then initiate a recovery of the secret and measure a biometric measurement of the user. Data of the biometric measurement may be transmitted to the plurality of recovery devices, where the recovery devices perform a partial computation. The user device use the plurality of partial computations to determine a match between the biometric template and the biometric measurement. If the two biometrics match, the user device can reconstruct the secret using shares of the secret from the recovery devices.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: Embodiments of the present disclosure are directed to methods and systems used to determine private set intersections (PSIs) and execute private database joins (PDJs). Some embodiments are characterized by binning techniques that enables PSI and PDJ methods to be performed by worker nodes in a computing cluster in parallel, thus reducing execution time. A first party computing system and a second party computing system can each tokenize their respective datasets, then assign the datasets to bins. The bins can each be padded with dummy tokens. Then the first party computing system and second party computing system can execute several Nparallel PSI on pairs of corresponding bins. The results can then be combined to produce a tokenized intersection set, which can then be detokenized to produce the set intersection.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: A method performed by a user device is disclosed. The method comprising generating a secret and measuring a biometric template of a user operating the user device. The method then generates a plurality of secret shares of the secret and of the biometric template. The user device then transmits the secret shares of the secret and of the biometric template to a plurality of recovery devices. After, the user device may then initiate a recovery of the secret and measure a biometric measurement of the user. Data of the biometric measurement may be transmitted to the plurality of recovery devices, where the recovery devices perform a partial computation. The user device use the plurality of partial computations to determine a match between the biometric template and the biometric measurement. If the two biometrics match, the user device can reconstruct the secret using shares of the secret from the recovery devices.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.

Abstract: Methods and systems according to embodiments of the invention provide for a framework for privacy-preserving machine learning which can be used to obtain solutions for training linear regression, logistic regression and neural network models. Embodiments of the invention are in a three-server model, wherein data owners secret-share their data among three servers who train and evaluate models on the joint data using three-party computation (3PC). Embodiments of the invention provide for efficient conversions between arithmetic, binary, and Yao 3PC, as well as techniques for fixed-point multiplication and truncation of shared decimal values. Embodiments also provide customized protocols for evaluating polynomial piecewise functions and a three-party oblivious transfer protocol.

Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.