33 results about "Oblivious transfer" patented technology

A method, article of manufacture and apparatus for performing private retrieval of information from a database is disclosed. In one embodiment, the method comprising obtaining an index corresponding to information to be retrieved from the database and generating a query that does not reveal the index to the database. The query is an arithmetic function of the index and a secret value, wherein the arithmetic function includes a multiplication group specified by a modulus of a random value whose order is divisible by a prime power, such that the prime power is an order of the random value. The secret value is an arithmetic function of the index that comprises a factorization into prime numbers of the modulus. The method further comprises communicating the query to the database for execution of the arithmetic function against the entirety of the database.

A method, article of manufacture and apparatus for performing private retrieval of information from a database is disclosed. In one embodiment, the method comprising obtaining an index corresponding to information to be retrieved from the database and generating a query that does not reveal the index to the database. The query is an arithmetic function of the index and a secret value, wherein the arithmetic function includes a multiplication group specified by a modulus of a random value whose order is divisible by a prime power, such that the prime power is an order of the random value. The secret value is an arithmetic function of the index that comprises a factorization into prime numbers of the modulus. The method further comprises communicating the query to the database for execution of the arithmetic function against the entirety of the database.

The invention provides a design method of a safety face verification system based on a CNN (convolutional neural network) feature extractor, belongs to the field of biological feature identification, and particularly relates to a method of utilizing the CNN to extract face features and using a Paillier algorithm and an oblivious transfer technique to encrypt. Compared with the SCiFi (secure computation of face identification) system, the method has the advantages that the manually extracted feature is converted into the CNN self-learning feature, and the CNN self-learning feature is performed with binarization to remove the noise effect, so that the identification accuracy is higher; the testing identification rate is 91.48% on a view 2 of an LFW (labeled face wild) base; in the whole identification process, a server will not obtain any feature information of a requester, and only receive the feature ciphertext information, but not decrypt; a client only obtains whether the identification is passed or not, and does not know the other information, including hamming distance; one face picture is expressed by the 320bit feature, and compared with the SCiFi system, the feature data volume is decreased by 2/3, so that the consumption time of encrypting and identification is low, and the real-time performance is high.

A server (120) uses a password (π) to construct a multiplicative group (Z_N*) with a (hidden) smooth order subgroup (<x′>), where the group order (P_π) depends on the password. The client (110) uses its knowledge of the password to generate a root extraction problem instance (z) in the group and to generate data (y) allowing the server to construct a discrete logarithm problem instance (y′) in the subgroup. The server uses its knowledge of the group order to solve the root extraction problem, and solves the discrete logarithm problem efficiently by leveraging the smoothness of the subgroup. A shared key (sk) can be computed as a function of the solutions to the discrete logarithm and root extraction problem instances. In some embodiments, in an oblivious transfer protocol, the server queries the client (at 230) for data whose position in a database (210) is defined by the password. The client provides (240) such data without knowing the data position associated with the server's query. The client obtains the data position independently from the password. The data positions and/or the respective data are used for authentication and shared secret key generation. Other embodiments are also provided.

A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.

Methods and apparatus are provided for secure function evaluation for a covert client and a semi-honest server using string selection oblivious transfer. An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C₁, . . . C_n,that are evaluated. Consider any wire w_j of C that is an output wire of C_i, and is an input wire of C_i+1. When a slice C_i is evaluated, C_i's 1-bit wire key for w_j is computed by the evaluator, and then used, via string selection oblivious transfer (SOT), to obtain the wire key for the corresponding input wire of C_i+1. This process repeats until C's output wire keys are computed by the evaluator. The 1-bit wire keys of the output wires of the slice are randomly assigned to wire values.

A method and system for privacy-preserving ridge regression using masks is provided. The method includes the steps of requesting a garbled circuit from a crypto service provider, collecting data from multiple users that has been formatted and encrypted using homomorphic encryption, summing the data that has been formatted and encrypted using homomorphic encryption, applying prepared masks to the summed data, receiving garbled inputs corresponding to prepared mask from the crypto service provider using oblivious transfer, and evaluating the garbled circuit from the crypto service provider using the garbled inputs and masked data.

Methods and systems according to embodiments of the invention provide for a framework for privacy-preserving machine learning which can be used to obtain solutions for training linear regression, logistic regression and neural network models. Embodiments of the invention are in a three-server model, wherein data owners secret-share their data among three servers who train and evaluate models on the joint data using three-party computation (3PC). Embodiments of the invention provide for efficient conversions between arithmetic, binary, and Yao 3PC, as well as techniques for fixed-point multiplication and truncation of shared decimal values. Embodiments also provide customized protocols for evaluating polynomial piecewise functions and a three-party oblivious transfer protocol.

The invention discloses an ECDSA digital signature method based on two-party collaboration. The method comprises the following steps: step 1), respectively generating corresponding signature public and private key pairs and other parameters by a signature party Alice and a signature party Bob participating in the collaborative signature; and step 2), collaboratively completing ECDSA signature by Alice and Bob, and finally outputting the signature (r,s). According to the ECDSA digital signature method based on the two-party collaboration provided by the invention, under the premise of ensuringthe security and the correctness, a signature process does not introduce high-overhead password operations such as homomorphic encryption, oblivious transfer and the like, so that a signature scheme achieves a good balance between the communication overhead and the computation overhead, and therefore the performance is remarkably superior to that of all existing ECDSA two-party collaborative digital signature methods.

Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.

Methods and systems according to embodiments of the invention provide for a framework for privacy-preserving machine learning which can be used to obtain solutions for training linear regression, logistic regression and neural network models. Embodiments of the invention are in a three-server model, wherein data owners secret-share their data among three servers who train and evaluate models on the joint data using three-party computation (3PC). Embodiments of the invention provide for efficient conversions between arithmetic, binary, and Yao 3PC, as well as techniques for fixed-point multiplication and truncation of shared decimal values. Embodiments also provide customized protocols for evaluating polynomial piecewise functions and a three-party oblivious transfer protocol.

Methods and apparatus are provided for secure function evaluation between a semi-honest client and a semi-honest server using an information-theoretic version of garbled circuits (GC). An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C₁, . . . C_n, that are evaluated. Consider any wire w_j of C that is an output wire of C_i, and is an input wire of C_i+1. When a slice C_i is evaluated, C_i's 1-bit wire key for w_j is computed by the evaluator, and then used, via oblivious transfer (OT), to obtain the wire key for the corresponding input wire of C_i+1. This process repeats until C's output wire keys are computed by the evaluator. The 1-bit wire keys of the output wires of the slice are randomly assigned to wire values.

The invention discloses a k out of n oblivious transfer method and system. The method comprises following steps of outputting a multiplication cyclic group G according to security parameters; randomly selecting two generation elements in the multiplication cyclic group G; selecting k first random numbers from the multiplication cyclic group G, wherein the first random numbers are in one to one correspondence with k pieces of information to be obtained by an information receiver; calculating request data by the information receiver by utilizing an improved batch processing exponent arithmetic product algorithm according to the two generation elements and the first random numbers; sending the request data to an information holder; selecting second random numbers corresponding to n pieces of information held by the information holder from the multiplication cyclic group G; encrypting the n pieces of information by the information holder according to the request data and the second random numbers, thus obtaining ciphertexts; sending the ciphertexts corresponding to the k pieces of information to the information receiver; and decrypting the ciphertexts by the information receiver according to the first random numbers, thus obtaining the k pieces of information. According to the method provided by the invention, the calculating cost can be reduced; and the information transmission efficiency can be improved.

A method, article of manufacture and apparatus for performing private retrieval of information from a database is disclosed. In one embodiment, the method comprising obtaining an index corresponding to information to be retrieved from the database and generating a query that does not reveal the index to the database. The query is an arithmetic function of the index and a secret value, wherein the arithmetic function includes a multiplication group specified by a modulus of a random value whose order is divisible by a prime power, such that the prime power is an order of the random value. The secret value is an arithmetic function of the index that comprises a factorization into prime numbers of the modulus. The method further comprises communicating the query to the database for execution of the arithmetic function against the entirety of the database.

The embodiment of the invention provides a data processing method and device for an oblivious transfer (OT) extension protocol, and the method comprises the steps: executing, by an executor of the OTextension protocol, an OT protocol through another executor for a plurality of times, so as to obtain a first number of initial OT tuples; and then, extending the first number of initial OT tuples byusing a first OT extension algorithm with relatively high network consumption and relatively low calculation consumption to obtain a second number of OT tuples. and extending the second number of OT tuples again by using a second OT extension algorithm with relatively low network consumption and relatively high calculation consumption to obtain a target number of OT tuples.

The invention provides a data processing method, device and system for a machine learning model, that can transmit data of a data holder to a model holder by adopting an oblivious transfer protocol or a homomorphic encryption algorithm (102), and call a function for realizing comparison functionality by each level of a tree model (104), while ignoring a path choice of the data in the tree model. The oblivious transfer protocol or the homomorphic encryption algorithm is combined with the function for realizing comparison functionality, so as to guarantee that the model holder and the data holder do not reveal any information to each other, except a model output result, thereby ensuring the security and privacy of the data interaction.