Abstract: A method for secure aggregation using public randomness is provided. The method includes determining, based on the public randomness from a random service beacon, a set of super-clients from a plurality of clients. The method further includes obtaining masked inputs from the clients and aggregated random values based on the set of super-clients. Each of the masked inputs is associated with a client from the plurality of clients and each of the aggregated random values is associated with a super-client from the set of super-clients. The method also includes aggregating the masked inputs from the plurality of clients and the aggregated random values from the set of super-clients.

Abstract: The present invention provides a computer-implemented method for providing a service to a trusted execution environment (TEE). A data item is written by a process running in the TEE to a pre-defined cache location. The data item is monitored to determine whether it is evicted from the pre-defined cache location. A setup procedure is accepted as complete based on the data item not being evicted from the pre-defined cache location. The present invention can be used in a variety of applications including, but not limited to, several anticipated use cases in cloud services, machine learning, and medical/healthcare. This invention can also provide lower access times if optimized for performance.

Abstract: A computer-implemented method mitigates side channel attacks in cache memory. The method includes: loading data into a cache line of the cache memory, which includes marking the data as sensitive in metadata of the cache line based on the data being tagged as sensitive; tracking interactions with the data; and determining whether the interactions with the data are not normal based on a preset criteria and the tracked interactions with the data.

Abstract: A computer-implemented method for performing at least one computational operation on an encrypted input by at least one processor of a server in a client-server setting, where parameters of the computational operation are private to the server and the input is private to the client is provided. The method includes receiving, by the server, a ciphertext c of a leveled homomorphic encryption (LHE) scheme as encrypted input. Randomness is homomorphically added by the server to the ciphertext c and the resulting ciphertext b is transmitted to the client. The server receives a refreshed ciphertext b? obtained by the client in a ciphertext refresh procedure including decrypting and re-encrypting the ciphertext b. The server homomorphically removes the previously added randomness from the received refreshed ciphertext b? to obtain a refreshed ciphertext c?. The server performs the at least one computational operation on the refreshed ciphertext c?.

Abstract: A method training an artificial neural network (ANN) on a remote host computes, using a trusted process deployed in a trusted execution environment (TEE) on the remote host, a key-pair for a homomorphic encryption scheme and shares, by the trusted process, the public key (PK) of the key-pair with an untrusted process deployed on the remote host. The method splits the training procedure of the ANN between the untrusted process and the trusted process, wherein the untrusted process computes encrypted inputs to neurons of the ANN by means of the homomorphic encryption scheme, while the trusted process computes outputs of the neurons based on the respective encrypted inputs to the neurons as provided by the untrusted process.

Abstract: A method for enabling enclave migration is provided, where the contents of the enclave and its sealed data are transferred from a sending host to a receiving host. An attestation is performed between a security monitor of the sending host and a security monitor of the receiving host, where the attestation includes an exchange of a shared cryptographic key K between the two security monitors. The shared cryptographic key K is used to implement a secure communication channel between the two security monitors. The two security monitors execute, via the secure communication channel, a predetermined transfer protocol. The predetermined transfer protocol includes an initial exchange of verification messages between the security monitors to verify that both security monitors are ready and can execute the transfer, and a subsequent transfer of enclave data between the security monitors.

Abstract: A method for secure aggregation, by a server, of client-provided inputs includes receiving, from each of a plurality of clients, a respective client input, for which a commitment is published. The commitments were computed using randomness and are aggregated by at least two super-clients and a sum of the aggregated commitments is published by each super-client. A sum of the received client inputs is published such that validity of the sum is checkable, by the clients, by comparing the sum of the received client inputs to a verification algorithm result that uses a sum of additive shares computed by the clients using the randomness, and by verifying that the published sum of the aggregated commitments is the same for each super-client. The method can be applied to use cases, for example, in digital medicine using medical data or smartcity applications to support decision-making.

Abstract: The present invention relates to a computer-implemented method for execution of a cryptographic sortition among a group of parties (210, 220). According to an embodiment of the invention, the method comprises committing, by a first party (210) of the group, to a set of n party-specific secret keys k1, . . . , kn for a block cipher E; obtaining, by the first party (210) and at least a second party (220) of the group, a common input x and an index r; encrypting, by the first party (210), the input x with the r-th key kr of the committed keys k1, . . . , kn, thereby generating an output y1 of the block-cipher E, and publishing the output y1 together with the key kr used for encryption; and encrypting, by the second party (220), the common input x with the key kr published by the first party (210), thereby generating an output y1? of the block-cipher E, and comparing the generated output y1? with the output y1 published by the first party (210).

Abstract: A method to enhance an anonymous signature scheme with user-controlled linkability includes generating, by a signer of a ring signature scheme or a group signature scheme, a signer-specific secret (x) and generating a secret key based on the generated secret (x). The signer augments a message to be signed with a message-unique value that is related to the signer-specific secret (x) thereby generating an augmented message. The signer signs the augmented message with the secret key of the signer and produces a proof that an arbitrary set of signed messages embed the signer-specific secret (x). The signer anonymously publishes the produced proof for verification by a third-party verifier.

Abstract: A method for secure aggregation using public randomness is provided. The method includes determining, based on the public randomness from a random service beacon, a set of super-clients from a plurality of clients. The method further includes obtaining masked inputs from the clients and aggregated random values based on the set of super-clients. Each of the masked inputs is associated with a client from the plurality of clients and each of the aggregated random values is associated with a super-client from the set of super-clients. The method also includes aggregating the masked inputs from the plurality of clients and the aggregated random values from the set of super-clients.

Abstract: A method provides trusted timing services to an enclave of a computer having memory and a trusted hardware timer. The computer executes a privileged management program and an untrusted operating system. The privileged management program has access to the memory and the trusted hardware timer, has higher privileges than the untrusted operating system, and exposes a system call to the enclave for requesting the trusted timing services. The method includes: receiving, by the privileged management program, a request for timing services from the enclave, via the system call; reserving, by the privileged management program, a memory region of the memory for tracking time; and writing, by the privileged management program, at least one value of the trusted hardware timer into the memory region.

Abstract: A method for providing anonymous symmetric authenticated key establishment (ASAKE) is provided. The method includes a server encrypting an ephemeral secret using a broadcast encryption (BE) scheme to generate one or more ciphertexts. The method further includes the server providing the ciphertexts indicating the encrypted ephemeral secret to a client device. The method also includes the server executing a symmetric authenticated key establishment protocol (SAKE) with the client device based on using the ephemeral secret as a common secret.

Abstract: A method for detecting a trusted execution environment (TEE) clone application operating on a computing device includes measuring a plurality of read time periods associated with a plurality of monitored cache sets within a memory cache based on executing a first auxiliary thread of a TEE application on the computing device. Each of the read time periods indicating a time period that is used to read data within one of the monitored cache sets. The read time periods are compared with a time threshold to determine one or more cache misses. The TEE clone application is detected as operating on the computing device based on the determined cache misses.

Abstract: A method for detecting a cache-based side-channel attack includes utilizing a timer thread that continuously increments a variable in code of an application. The code has been instrumented such that the instrumented code uses the variable incremented by the timer thread to infer an amount of time taken for running a part of the code. A number of cache misses during execution of the part of the code is determined based on the amount of time. It is determined whether the application is experiencing the cache-based side-channel attack using a classifier which uses as input the number of cache misses.

Abstract: A method executes inter-enclave communication via cache memory of a processor. The method includes: instantiating a first enclave such that it is configured to execute a first communication thread, which is configured to read/write data to the cache memory; instantiating a second enclave such that it is configured to execute a second communication thread, which is configured to read/write data to cache memory; executing, by the first enclave, the first communication thread to send message data to the second enclave, executing the first communication thread comprising writing the message data to the cache memory; and executing, by the second enclave, the second communication thread to receive the message data. Executing the second communication thread can include: monitoring the cache memory to determine whether the data message is being sent; and based upon determining the data message is being sent, reading from the cache memory to receive the data message.

Abstract: A method for providing a trusted service to a trusted execution environment running on a remote host machine includes receiving a message from the trusted execution environment and incrementing a counter of the trusted service. A response message is sent to the trusted execution environment using a value of the incremented counter.

Abstract: A method for performing computation of a function over encrypted data by a computation entity is provided. According to the method, the computation of a quadratic function is performed by the computation entity, the encrypted data are encrypted by a linearly homomorphic encryption scheme, and a homomorphic message authentication code is used for providing verifiable computation on encrypted data.

Abstract: A method executes inter-enclave communication via cache memory of a processor. The method includes: instantiating a first enclave such that it is configured to execute a first communication thread, which is configured to read/write data to the cache memory; instantiating a second enclave such that it is configured to execute a second communication thread, which is configured to read/write data to cache memory; executing, by the first enclave, the first communication thread to send message data to the second enclave, executing the first communication thread comprising writing the message data to the cache memory; and executing, by the second enclave, the second communication thread to receive the message data. Executing the second communication thread can include: monitoring the cache memory to determine whether the data message is being sent; and based upon determining the data message is being sent, reading from the cache memory to receive the data message.

Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Abstract: In a system having a plurality of servers, a method is executed to perform an encryption scheme. The method includes a server of the plurality of servers receiving a request token to compute a function on a data point, the data point being encrypted as a ciphertext and the request token being based on the ciphertext and the function. The server grants the request to compute the function on the datapoint by sending a function evaluation key, and participates in a distributed decryption protocol for determining a result of computing the function on the data point by sending a master secret key.