A method includes providing a public encryption key and a seed to a party and receiving a first encrypted data set encrypted using the public encryption key and marked by the party with a first mark based on the seed. The method also includes aggregating the first encrypted data set into an aggregated data set at an aggregator and receiving an indication that a first operation associated with the party has been performed on the aggregated data set. In response to the receiving, updating the first encrypted data set of the aggregated data set by updating the first mark to a second mark according to the first operation, generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation, verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set.