Participatory sensing is a crowd-sourcing technique which relies both on active contribution of citizens and on their location and mobility patterns. As such, it is particularly vulnerable to privacy concerns, which may seriously hamper the large-scale adoption of participatory sensing applications. In this paper, we present a privacy-preserving system architecture for participatory sensing contexts which relies on cryptographic techniques and distributed computations in the cloud. Each individual is represented by a personal software agent, which is deployed on one of the popular commercial cloud computing services. The system enables individuals to aggregate and analyse sensor data by performing a collaborative distributed computation among multiple agents. No personal data is disclosed to anyone, including the cloud service providers. The distributed computation proceeds by having agents execute a cryptographic protocol based on a homomorphic encryption scheme in order to aggregate data. We show formally that our architecture is secure in the Honest-But-Curious model both for the users and the cloud providers. Our approach was implemented and validated on top of the NoiseTube system, which enables participatory sensing of noise. In particular, we repeated several mapping experiments carried out with NoiseTube, and show that our system is able to produce identical outcomes in a privacy-preserving way. We experimented with real and simulated data, and present a live demo running on a heterogeneous set of commercial cloud providers. The results show that our approach goes beyond a proof-of-concept and can actually be deployed in a real-world setting. To the best of our knowledge this system is the first operational privacy-preserving approach for participatory sensing. While validated in terms of NoiseTube, our approach is useful in any setting where data aggregation can be performed with efficient homomorphic cryptosystems.