SECURE COMPUTATION OF PRIVATE VALUES

US 20110075846A1
Filed: 12/06/2010
Published: 03/31/2011
Est. Priority Date: 12/18/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a hardware-based processing unit toencrypt a private value of a party with a public-key encryption system and a public key to generate an encrypted private value anddecrypt an encrypted blinded result with the public-key encryption system and a private key to generate a blinded result; and

a communication unit tosend the encrypted private value to a further party,receive the encrypted blinded result of a function, the function having, as input the private value, andsend the blinded result to the further party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment may include a system having a communication unit and a processing unit. The communication unit may be configured to receive an encrypted private value of a party, the encrypted private value being generated from a private value with a public-key encryption system and a public key, to send an encrypted blinded result to the party, and to receive a blinded result generated from the encrypted blinded result. The processing unit may be configured to compute a result of a function, the function having as input the private value, to blind the result of the function to generate the encrypted blinded result, and to compute the result by unblinding the blinded result.

25 Citations

View as Search Results

34 Claims

1. A system comprising:
- a hardware-based processing unit toencrypt a private value of a party with a public-key encryption system and a public key to generate an encrypted private value anddecrypt an encrypted blinded result with the public-key encryption system and a private key to generate a blinded result; and
  
  a communication unit tosend the encrypted private value to a further party,receive the encrypted blinded result of a function, the function having, as input the private value, andsend the blinded result to the further party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, whereinthe hardware-based processing unit is further tocompute a check value using an identifier of the party and the blinded result,encrypt the check value with the public-key encryption system and the public key to generate an encrypted check value,decrypt an encrypted sum of check values of the party and the further parties to generate a sum of check values, andcompare the sum of check values to a result of adding the check value to further check values of further parties, each one of the further check values computed from the blinded result and an identifier of the further parties;
    - andthe communication unit is further toreceive the encrypted blinded result of the function, the function having as further input private values of the further parties,send the encrypted check value to the further party, andreceive the encrypted sum of check values.
  - 3. The system of claim 2, wherein the processing unit is to compute the check value and each one of the further check values using a hash function having as input a sum of a random variable, the identifier of a party of the further parties, and the blinded result.
  - 4. The system of claim 1, wherein the public-key encryption system is homomorphic and semantically secure.
  - 5. The system of claim 1, wherein the blinded result is identical to a result multiplied by a random variable.
  - 6. The system of claim 1, wherein the function is a summation function that adds the private value to private values of further parties.
  - 7. The system of claim 1, wherein the private value indicates if the party contributes to a result and the function is a counting function that counts contributions from the party and further parties to generate a total number of contributing parties.
  - 8. The system of claim 1, wherein a first private value is a numerical value and the function is a summation function that adds the private value to private values of further parties, wherein a second private value indicates if the party contributes to a result of the summation function and the function is a counting function that counts contributions from the party and the further parties to generate a total number of contributing parties, wherein the communication unit is further to receive an average value generated from the result of the summation function and a result of the counting function, and wherein a third private value is a square of a difference between the numerical value and the average value and the function is the summation function.

9. A system comprising:
- a communication unit toreceive an encrypted private value of a party, the encrypted private value being generated from a private value with a public-key encryption system and a public key,send an encrypted blinded result to the party, andreceive a blinded result generated from the encrypted blinded result; and
  
  a hardware-based processing unit tocompute a result of a function, the function having as input the private value,blind the result of the function to generate the encrypted blinded result, andcompute the result by unblinding the blinded result.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein:
    - the hard-ware based processing unit is further tocompute the result of the function, the function having as further input private values of further parties andadd a check value to check values of the further parties to generate an encrypted sum of check values of the party and the further parties; and
      
      the communication unit is further toreceive an encrypted check value generated from the check value with a public-key encryption system and a public key andsend the encrypted sum of check values to the party.
  - 11. The system of claim 9, wherein the public-key encryption system is homomorphic and semantically secure.
  - 12. The system of claim 9, wherein the processing unit is to blind the result of the function by multiplying the result by a random variable.
  - 13. The system of claim 9, wherein the function is a summation function that adds the private value to private values of further parties.
  - 14. The system of claim 9, wherein the private value indicates if the party contributes to a further result and the function is a counting function that counts contributions from the party and further parties to generate a total number of contributing parties.
  - 15. The system of claim 9, wherein a first private value is a numerical value and the function is a summation function that adds the private value to private values of further parties, wherein a second private value indicates if the party contributes to a result of the summation function and the function is a counting function that counts contributions from the party and the further parties to generate a total number of contributing parties, wherein the processing unit is further to compute an average value generated from the result of the summation function and a result of the counting function and wherein the communication unit is further to send the average value to the party, and wherein a third private value is a square of a difference between the numerical value and the average value and the function is the summation function.

16. A method comprising:
- encrypting, using a hardware-based processing unit of a first device, a private value of a party with a public-key encryption system and a public key to generate an encrypted private value;
  
  sending the encrypted private value to a further party at a second device;
  
  receiving an encrypted blinded result of a function, the function having as input the private value;
  
  decrypting the encrypted blinded result with the public-key encryption system and a private key to generate a blinded result; and
  
  sending the blinded result to the further party.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, further comprising:
    - receiving the encrypted blinded result of the function, the function having as further input private values of further parties;
      
      computing a check value using an identifier of the party and the blinded result;
      
      encrypting the check value with the public-key encryption system and the public key to generate an encrypted check value;
      
      sending the encrypted check value to the further party;
      
      receiving an encrypted sum of check values of the party and the further parties;
      
      decrypting the encrypted sum of check values to generate a sum of check values; and
      
      comparing the sum of check values to a result of adding the check value to further check values of the further parties, each one of the further check values computed from the blinded result and an identifier of the further parties.
  - 18. The method of claim 17, wherein the computing of the check value and each one of the further check values comprises using a hash function having as input a sum of a random variable, the identifier of a party of the further parties, and the blinded result.
  - 19. The method of claim 16, wherein the public-key encryption system is homomorphic and semantically secure.
  - 20. The method of claim 16, wherein the blinded result is identical to a result multiplied by a random variable.
  - 21. The method of claim 16, wherein the function is a summation function that adds the private value to private values of further parties.
  - 22. The method of claim 16, wherein the private value indicates if the party contributes to a result and the function is a counting function that counts contributions from the party and further parties to generate a total number of contributing parties.
  - 23. The method of claim 16, executing operations of claim 16, wherein the private value is a numerical value and the function is a summation function that adds the private value to private values of further parties;
    - executing operations of claim 16, wherein the private value indicates if the party contributes to a result of the summation function and wherein the function is a counting function that counts contributions from the party and the further parties to generate a total number of contributing parties;
      
      receiving an average value generated from the result of the summation function and a result of the counting function; and
      
      executing operations of claim 16, wherein the private value is a square of a difference between the numerical value and the average value and the function is the summation function.

24. A method comprising:
- receiving an encrypted private value of a party, the encrypted private value generated from a private value with a public-key encryption system and a public key;
  
  computing a result of a function, the function having as input the private value;
  
  blinding the result of the function to generate an encrypted blinded result;
  
  sending the encrypted blinded result to the party;
  
  receiving a blinded result generated from the encrypted blinded result; and
  
  computing, using a hardware-based processing unit, the result of the function by blinding the blinded result.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, further comprising:
    - computing the result of the function, the function having as further input private values of further parties;
      
      receiving an encrypted check value generated from a check value with a public-key encryption system and a public key;
      
      adding the check value to check values of the further parties to generate an encrypted sum of check values of the party and the further parties; and
      
      sending the encrypted sum of check values to the party.
  - 26. The method of claim 24, wherein the public-key encryption system is homomorphic and semantically secure.
  - 27. The method of claim 24, wherein blinding the result comprises multiplying the result by a random variable.
  - 28. The method of claim 24, wherein the function is a summation function that adds the private value to private values of further parties.
  - 29. The method of claim 24, wherein the private value indicates if the party contributes to a result and the function is a counting function that counts contributions from the party and further parties to generate a total number of contributing parties.
  - 30. The method of claim 24, executing operations of claim 24, wherein the private value is a numerical value and the function is a summation function that adds the private value to private values of further parties;
    - executing operations of claim 24, wherein the private value indicates if the party contributes to a result of the summation function and wherein the function is a counting function that counts contributions from the party and the further parties to generate a total number of contributing parties;
      
      computing an average value generated from the result of the summation function and a result of the counting function;
      
      sending the average value to the party; and
      
      executing operations of claim 24, wherein the private value is a square of a difference between the numerical value and the average value and the function is the summation function.

31. A non-transitory machine-readable medium storing instruction, which when executed by a processing unit, performs an operation comprising:
- encrypting a private value of a party with a public-key encryption system and a public key to generate an encrypted private value and to decrypt an encrypted blinded result with the public-key encryption system and a private key to generate a blinded result;
  
  sending the encrypted private value to a further party;
  
  receiving the encrypted blinded result of a function, the function having as input the private value; and
  
  sending the blinded result to the further party.

32. A non-transitory machine-readable medium storing instruction, which when executed by a processing unit, performs an operation comprising:
- receiving an encrypted private value of a party, the encrypted private value generated from a private value with a public-key encryption system and a public key;
  
  sending an encrypted blinded result to the party, and to receive a blinded result generated from the encrypted blinded result;
  
  computing a result of a function, the function having as input the private value;
  
  blinding the result of the function to generate the encrypted blinded result; and
  
  computing the result by unblinding the blinded result.

33. A participant system comprising:
- means for encrypting a private value of a party with a public-key encryption system and a public key to generate an encrypted private value and for decrypting an encrypted blinded result with the public-key encryption system and a private key to generate a blinded result; and
  
  means for sending the encrypted private value to a further party, for receiving the encrypted blinded result of a function, the function having as input the private value, and for sending the blinded result to the further party.

34. A platform provider system comprising:
- means for receiving an encrypted private value of a party, the encrypted private value generated from a private value with a public-key encryption system and a public key, for sending an encrypted blinded result to the party, and for receiving a blinded result generated from the encrypted blinded result; and
  
  means for computing a result of a function, the function having as input the private value, for blinding the result of the function to generate the encrypted blinded result, and for computing the result by unblinding the blinded result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Kerschbaum, Florian

Granted Patent

US 8,150,041 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 2209/04   Masking or blinding

H04L 9/008   involving homomorphic encry...

H04L 9/30   Public key, i.e. encryption...

SECURE COMPUTATION OF PRIVATE VALUES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

SECURE COMPUTATION OF PRIVATE VALUES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others