Abstract: A method for managing data in a decentralized blockchain consensus network of nodes interrelated with each other according to a tree-like structure includes publishing, by a root node, a product contract description for a new product, the product contract description including at least product information and product state information. The method further includes generating, by the root node, at least one product item for the new product by publishing a product item contract including at least item identification information, the product contract for the item, item state information, and valid modifier information for information of at least one node to be able to modify the item state. The method also includes updating, by the root node upon generating a new item for a product, the product contract description by including item information into the product contract description.

Abstract: A method for executing a trusted execution environment (TEE) based application in a cloud includes receiving, by a proxy, a request from a client, requesting, by the proxy from an attestation service, attestation, and sending, by the proxy to the client, a result of the attestation.

Abstract: A node of a blockchain network executes a blockchain protocol. The node receives a request for data processing and a refund-transaction data structure with a bootstrap value entry. Based upon determining to execute the requested data processing, the node creates a micropayment data structure with an entry based upon the bootstrap value entry, signs the refund-transaction data structure, and sends the signed refund-transaction data structure to the thin client. The node then receives a filter for performing the requested data processing; and executes the requested data processing based upon the filter to locate: a blockchain transaction and its blockchain proof. The nodes sends the located blockchain transaction and proof to the thin client. The node then receives an update-transaction data structure from the thin client, the update-transaction data structure having an update value entry and being signed by the thin client.

Abstract: A method for securing smart contracts in a blockchain includes receiving in the blockchain a contract creation transaction having a control flow graph (CFG) and contract code for a smart contract to be created. The contract creation transaction is verified by checking a signature of a creator of the smart contract and determining that the CFG is correct based on the contract code. The verified contract creation transaction is included as a block in a distributed ledger of the blockchain.

Abstract: A method of providing a transaction forwarding service in a blockchain includes executing a smart contract in the blockchain so as to determine whether a respective full node is eligible to execute the smart contract. The smart contract specifies eligible full nodes, a filter of a respective light client and a reward for executing the smart contract. The respective full node forwards data relating to a transaction that matches the filter of the respective light client to the respective light client with a proof that the transaction is included in the blockchain. The respective full node receives a signed acknowledgement from the respective light client verifying the transaction. Then, the respective full node claims the reward using the acknowledgement.

Abstract: A method for executing a trusted execution environment (TEE) based application in a cloud computing system. The method includes executing a proxied attestation procedure with a client to enable the client to attest that an enclave management layer (EML) application provided by the cloud computing system runs on a TEE-enabled platform. The method also includes receiving, by the cloud computing system from the client, application code corresponding to the TEE-based application and receiving, by the EML application from the client, application parameters corresponding to the TEE-based application. In addition, the method includes writing, by the EML, application to a secure storage layer, the application parameters corresponding to the TEE-based application and creating, by the cloud computing system, an enclave configured to execute the TEE-based application.

Abstract: A method for storing data on a storage entity (SE) includes: computing a file identifier for a file to be stored on the SE; checking if the file has already been stored using the file identifier; generating a user-specific private and public identifier, wherein generating the user-specific private identifier is based on using an oblivious key generation protocol between the client and a trusted entity, and wherein the user-specific private identifier is a deterministic private identifier; updating or computing tags of the file by the client such that the updating or computing is homomorphic in the user-specific private identifier and in parts of the file; and providing the user-specific public identifier, the updated tags and a proof of possession of the secret identifier to the SE to enable the SE to store information associated with the file.

Abstract: A method for encrypting data with an encryption entity includes, in a step a), dividing a plaintext into a number of N blocks. In a step b), each of the blocks are encrypted with an encryption key resulting in a number of ciphertext blocks. In a step c), a linear All-Or-Nothing scheme is applied on the ciphertext blocks. In a step d), each of the ciphertext blocks output from step c) is transformed with a transformation procedure, which performs a cyclic bitwise operation, such that the information in different ciphertext blocks is transformed differently based on the encryption key and such that the transformation procedure is only revertable with knowledge of the encryption key. In a step e), the transformed ciphertext blocks are dispersed according to an information dispersal procedure.

Abstract: A method for enabling pruning of a blockchain of a blockchain network includes creating an active blocks commitments Merkle tree from hashes of active blocks and creating an active smart contracts commitments Merkle tree from hashes of active smart contracts. The Merkle trees are created after an amount of blocks created in the blockchain has reached a threshold set by a pruning threshold parameter stored in the blockchain network. Hashes of the roots of the Merkle trees are stored in a header of a new block as a new genesis block. The new genesis block is broadcast to the blockchain network. A set of the active blocks and active smart contracts used respectively to create the active blocks commitments Merkle tree and the active smart contracts commitments Merkle tree are committed to upon the blockchain network reaching consensus on the new genesis block.

Abstract: A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed by one or more computing devices, includes updating the global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key, wherein the non-interactive oblivious key exchange uses an oblivious protocol; and reencrypting the data chunk to be re-keyed with the updated global secret.

Abstract: A method for storing data on a storage entity (SE) includes: computing a file identifier for a file to be stored on the SE; checking if the file has already been stored using the file identifier; generating a user-specific private and public identifier; updating or computing tags of the file by the client such that the updating or computing is homomorphic in the user-specific private identifier and in parts of the file; providing the user-specific public identifier, the updated tags and a proof of possession of the secret identifier to the SE; verifying the proof-of-possession; verifying validity of the tags; upon successful checking, storing a public identifier for the file incorporating the user-specific public identifier and the updated tags by the SE; and upon a case where it is determined that the file has not already been stored, storing the file.

Abstract: A method for detecting a cache-based side-channel attack includes utilizing a timer thread that continuously increments a variable in code of an application. The code has been instrumented such that the instrumented code uses the variable incremented by the timer thread to infer an amount of time taken for running a part of the code. A number of cache misses during execution of the part of the code is determined based on the amount of time. It is determined whether the application is experiencing the cache-based side-channel attack using a classifier which uses as input the number of cache misses.

Abstract: A method for pruning a blockchain of a blockchain network includes creating an active blocks commitments Merkle tree from hashes of active blocks and creating an active smart contracts commitments Merkle tree from hashes of active smart contracts. The Merkle trees are created after an amount of blocks created in the blockchain has reached a threshold set by a pruning threshold parameter stored in the blockchain network. Hashes of the roots of the Merkle trees are stored in a header of a new block as a new genesis block. The new genesis block is broadcast to the blockchain network. A local copy of the blockchain is pruned at a pruning point in accordance with the pruning threshold parameter based on the blockchain network having reached consensus on the new genesis block.

Abstract: A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed in a memory available to a computing device, includes partially updating a global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key; and reencrypting the data chunk to be re-keyed with the updated global secret.

Abstract: A method for signing a new block of a blockchain of a distributed blockchain consensus network (DBCN), comprising a mining computing entity (MCE) and a node computing entity, includes the step of signing and/or encrypting of predefined MCE information by the MCE, using a secret key of a public key/secret key key pair of the MCE to obtain hidden information (HI). The new block is signed by the MCE using the secret key and block information comprising block height information to create a signature for the new block. In a case of at least one further signing of a different block with the respective same block height information by the MCE, reveal information is provided to reveal the HI to the DBCN by another node computing entity of the DBCN when the node computing entity has received two signatures comprising the same corresponding block height information.

Abstract: A method for securing a blockchain and incentivizing the storage of blockchain data using a publicly verifiable proof of retrievability (PoR) includes receiving a PoR transaction having a PoR proof, determining whether the PoR proof is a verified PoR proof, and based upon determining that the PoR proof is a verified PoR proof, incorporating, by a block creator node, the PoR transaction into a new block of the blockchain.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: A method for securing a blockchain and incentivizing the storage of blockchain data using a publicly verifiable proof of retrievability (PoR) includes receiving a PoR transaction having a PoR proof; determining whether the PoR proof is a verified PoR proof; and based upon determining that the PoR proof is a verified PoR proof, incorporating, by a block creator node, the PoR transaction into a new block of the blockchain.

Abstract: A method is provided for preparing a plurality of distributed nodes to perform a protocol to establish a consensus on an order of received requests. The plurality of distributed nodes includes a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media. The method includes preparing a set of random numbers, each being a share of an initial secret. Each share of the initial secret corresponds to one of the plurality of active nodes. The method further includes encrypting each respective share of the initial secret, binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value, and generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret.

Abstract: A method for secure user authentication using a blockchain includes computing a cryptographic puzzle and a solution to the cryptographic puzzle. The solution is sent to a user to be authenticated and the cryptographic puzzle is sent to the blockchain. Thereby, the user is authenticatable by a relaying party having read access to the blockchain to fetch the cryptographic puzzle from the blockchain and determine whether the solution as presented to the relaying party by the user is a valid solution to the cryptographic puzzle.