Abstract: Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.

Abstract: Remote terminals are configured to generate ciphertexts from plaintext polynomials. Each ciphertext corresponds to a plaintext polynomial bound to a message space of a polynomial-based fully homomorphic cryptographic scheme. At least one server is configured to receive ciphertexts via a network from the plurality of remote terminals. The server performs a multiplication operation and an addition operation on the ciphertexts to obtain resultant ciphertexts. The multiplication operation includes performing a bitwise decomposition function on a ciphertext to obtain a bitwise decomposed ciphertext. The bitwise decomposition function maps a multi-bit data type to a sequence of bits. The multiplication operation further includes performing matrix multiplication on the bitwise decomposed ciphertext and a data element belonging to a set of data elements. Message filters, data search engines, and other applications are discussed.

Abstract: An encryption and cryptosystem for fast and efficient searching of ciphertexts. Unencrypted secret data may be transformed into encoded secret data using an injective encoding such that each distinct value of the unencrypted secret data is mapped to a unique index in the encoded secret data. The encoded secret data may be homomorphically encrypted using the homomorphic encryption key to generate secret data ciphertexts. The secret data ciphertexts may be transmitted to an external system for searching the secret data ciphertexts for encoded queries. The encoded queries are encoded by the same injective encoding as the secret data, to directly search only indices of the secret data ciphertexts corresponding to query indices having non-zero query values, to detect if values of the secret data ciphertexts match values of the encoded queries at the query indices, without searching the remaining indices of the secret data ciphertexts.

Abstract: A multi-party system comprising a garbler and an evaluator for interactively executing homomorphic SIMD operations using garbled circuits. The garbler and evaluator may each store a unique share of a shared secret key, a ciphertext, and a shared public key. The garbler and evaluator may each partially decrypt the ciphertext using its key share to generate a unique data share. The garbler may linearize and reduce the size of the unique garbler data share. The garbler may send to the evaluator a garbled circuit, a garbling of the linear unique garbled data share, and garbled potential wires for the evaluator to garble its linear unique evaluator data share by oblivious transfer. The evaluator may evaluate the garbled circuit to execute a SIMD program to combine, in parallel, multiple indices of the linear garbler and evaluator unique data shares to efficiently generate an encrypted result of the garbled circuit.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: Systems and methods for distributing bootstrapping in homomorphic encryption schemes include: splitting a decryption key into a plurality of n shares; transmitting to each of a plurality of n computer processors: (i) a ciphertext; (ii) a unique share of the plurality of n shares of the decryption key; and (iii) an indication of a publicly available encryption key; receiving, from each of the plurality of n computer processors, n encrypted values; and computing a homomorphic sum of the n encrypted values to obtain an encryption of the sum of n decrypted values, such that bootstrapping of the encryption is distributed.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: An interactive multi-party system for collaboratively performing homomorphic operations, such that no party has access to unencrypted data or an unencrypted operator. A first party device may add noise to encrypted data and an encrypted linear operator to generate noisy encrypted data and a noisy encrypted operator, and transmit the noisy encrypted data and operator to a second party device possessing a secret decryption key for the encryption. The second party device may decrypt the noisy encrypted data and noisy encrypted operator to generate unencrypted noisy data and an unencrypted noisy operator, solve the linear operation using the unencrypted noisy data and an unencrypted noisy operator to generate a noisy solution, encrypt the noisy solution to the linear operation, and transmit it to the first party device. The first party device may then cancel the noise of the encrypted noisy solution to generate the encrypted solution to the linear operation.

Abstract: An interactive multi-party system for collaboratively performing homomorphic operations, such that no party has access to unencrypted data or an unencrypted operator. A first party device may add noise to encrypted data and an encrypted linear operator to generate noisy encrypted data and a noisy encrypted operator, and transmit the noisy encrypted data and operator to a second party device possessing a secret decryption key for the encryption. The second party device may decrypt the noisy encrypted data and noisy encrypted operator to generate unencrypted noisy data and an unencrypted noisy operator, solve the linear operation using the unencrypted noisy data and an unencrypted noisy operator to generate a noisy solution, encrypt the noisy solution to the linear operation, and transmit it to the first party device. The first party device may then cancel the noise of the encrypted noisy solution to generate the encrypted solution to the linear operation.

Abstract: Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.

Abstract: A device, system and method for secure collaborations on encrypted data in a hybrid environment of a homomorphic encryption (HE) enabled device and trusted hardware. A set of computations may be divided into a subset of linear computations and a subset of non-linear computations. The linear computations on the encrypted data may be executed using homomorphic encryption (HE) in the homomorphic encryption (HE) enabled device. The non-linear computations on the unencrypted data may be executed in the trusted hardware in an unencrypted domain and encrypting the result. The results of the linear and non-linear computations may be decrypted and merged to generate a result equivalent to executing the set of linear and non-linear computations on the unencrypted data.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: Remote terminals are configured to generate ciphertexts from plaintext polynomials. Each ciphertext corresponds to a plaintext polynomial bound to a message space of a polynomial-based fully homomorphic cryptographic scheme. At least one server is configured to receive ciphertexts via a network from the plurality of remote terminals. The server performs a multiplication operation and an addition operation on the ciphertexts to obtain resultant ciphertexts. The multiplication operation includes performing a bitwise decomposition function on a ciphertext to obtain a bitwise decomposed ciphertext. The bitwise decomposition function maps a multi-bit data type to a sequence of bits. The multiplication operation further includes performing matrix multiplication on the bitwise decomposed ciphertext and a data element belonging to a set of data elements. Message filters, data search engines, and other applications are discussed.

Abstract: A multi-party system, devices, and method for token-based obfuscation of secret information. A first party device may store a secret original program T and original data D, retrieve a set of secret keys SK, obfuscate the original program T with the set of secret keys SK to generate an obfuscated program T?, obfuscate the original data D with the set of secret keys SK to generate a token of the data Token(D), and transfer the obfuscated program T? and Token(D) to a second party device. The second party device may evaluate the obfuscated program T? on the token of the data Token(D) to generate a result equivalent to evaluating the original program T on the original data D if the same set of secret keys SK is used to obfuscate the original program T and the original data D, without exposing the original program T to the second party.

Abstract: Remote terminals are configured to generate ciphertexts from plaintext polynomials. Each ciphertext corresponds to a plaintext polynomial bound to a message space of a polynomial-based fully homomorphic cryptographic scheme. At least one server is configured to receive ciphertexts via a network from the plurality of remote terminals. The server performs a multiplication operation and an addition operation on the ciphertexts to obtain resultant ciphertexts. The multiplication operation includes performing a bitwise decomposition function on a ciphertext to obtain a bitwise decomposed ciphertext. The bitwise decomposition function maps a multi-bit data type to a sequence of bits. The multiplication operation further includes performing matrix multiplication on the bitwise decomposed ciphertext and a data element belonging to a set of data elements. Message filters, data search engines, and other applications are discussed.

Abstract: An encryption and cryptosystem for fast and efficient searching of ciphertexts. Unencrypted secret data may be transformed into encoded secret data using an injective encoding such that each distinct value of the unencrypted secret data is mapped to a unique index in the encoded secret data. The encoded secret data may be homomorphically encrypted using the homomorphic encryption key to generate secret data ciphertexts. The secret data ciphertexts may be transmitted to an external system for searching the secret data ciphertexts for encoded queries. The encoded queries are encoded by the same injective encoding as the secret data, to directly search only indices of the secret data ciphertexts corresponding to query indices having non-zero query values, to detect if values of the secret data ciphertexts match values of the encoded queries at the query indices, without searching the remaining indices of the secret data ciphertexts.

Abstract: A device, system and method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.

Abstract: A device, system and method for secure collaborations on encrypted data in a hybrid environment of a homomorphic encryption (HE) enabled device and trusted hardware. A set of computations may be divided into a subset of linear computations and a subset of non-linear computations. The linear computations on the encrypted data may be executed using homomorphic encryption (HE) in the homomorphic encryption (HE) enabled device. The non-linear computations on the unencrypted data may be executed in the trusted hardware in an unencrypted domain and encrypting the result. The results of the linear and non-linear computations may be decrypted and merged to generate a result equivalent to executing the set of linear and non-linear computations on the unencrypted data.

Abstract: A multi-party system, devices, and method for token-based obfuscation of secret information. A first party device may store a secret original program T and original data D, retrieve a set of secret keys SK, obfuscate the original program T with the set of secret keys SK to generate an obfuscated program T?, obfuscate the original data D with the set of secret keys SK to generate a token of the data Token(D), and transfer the obfuscated program T? and Token(D) to a second party device. The second party device may evaluate the obfuscated program T? on the token of the data Token(D) to generate a result equivalent to evaluating the original program T on the original data D if the same set of secret keys SK is used to obfuscate the original program T and the original data D, without exposing the original program T to the second party.