Abstract: In an approach, a processor creates a first transfer transaction by a transaction sender for an asset managed by a distributed ledger system to a transaction receiver, where: the first transfer transaction comprises an output and a related delayed auditing script indicative of a legitimate owner of the output; and the first transfer transaction is in a pending status. A processor submits the first transfer transaction by the transaction sender to the distributed ledger system, thereby committing the first transfer transaction by the distributed ledger system such that the pending status is dissolved. A processor creates a second transfer transaction by the transaction receiver based upon the output, wherein for a validity of the second transfer transaction, only a signature from an auditor for the first transfer transaction is presented to the distributed ledger system.

Abstract: Extending an unspent-transaction-output-(UTXO)-based privacy-preserving token system to enable digital cash functionalities and privacy-preserving limit enforcement includes determining, by a central instance system, epochs of time-wise equally long and adjacent time periods, issuing, by the central instance system, digital cash tokens relating to a user-identifier, and storing a sum number of the issued digital cash tokens in an actual epoch relating to the user-identifier, preventing, by the central instance system, an issuing of digital cash tokens larger than a predefined maximum number of digital cash tokens relating to the user-identifier in the actual epoch, and resetting, by the central instance system, the sum number of issued tokens in the actual epoch at an end of the epoch.

Abstract: A tree data structure having a root node, internal nodes and leaf nodes can be generated. A liability to a user can be mapped to a leaf node of the tree data structure, where each internal node of the tree data structure contains vector commitments to its child nodes and the root node contains a commitment to a sum of all leaf nodes in the tree. Responsive to receiving a query, an authentication path along the tree data structure and a plurality of proofs that prove that sums of terms in vectors along the authentication path are correct, that each entry in the vectors along the authentication path is positive, and that a sum associated with a vector in each node along the authentication path is an entry in a parent node's vector, can be generated.

Abstract: A network may receive a cheque script with a signature from a drawer and generate an unspent transaction output (UTXO) satisfied by the script and the signature from the drawer. The Network may also transfer crypto assets of the drawer to the UTXO and execute the cheque script to claim a portion of the crypto assets for a payee.

Abstract: The present invention is directed to a computer-implemented method for linking identity information of a physical identifier to a digital identifier. The identity information comprises a plurality of symbols. The method comprises cryptographically obfuscating one or more symbols of the identity information separately into an obfuscated symbol such that a separate deobfuscation information is needed for each obfuscated symbol to deobfuscate it and storing the obfuscated symbols within the digital identifier.

Abstract: The invention is notably directed to a computer-implemented method of managing user overdrafts in a privacy-preserving manner. The method comprises issuing a first overdraft token computed based on a user identifier of a given user, an initial overdraft value, a first serial number, and an encryption key that is shared with the given user. Next, the method generates a zero-knowledge proof of that said overdraft value is equal to a maximal value of credit granted to said given user. The method subsequently computes an overdraft issuance transaction based on the first overdraft token and the first zero-knowledge proof, signs the computed overdraft issuance transaction using a secret key that is not shared with the given user, and finally submits the overdraft issuance transaction to a blockchain for validation.

Abstract: A computer-implemented method for privacy preserving authentication augmented with physical biometric proof is disclosed. The computer-implemented method comprises providing an integrated smart entity comprising both, a visual indicator of a physical entity and a persistent memory storing picture identifier data. The visual indicator and the persistent memory are physically inseparable. The computer-implemented method further comprises comparing the visual indicator and a related feature of the physical entity to be authenticated, receiving an output value of a function having the picture identifier data as argument and a verifiable credential. Upon determining that the output value of the function and the received verifiable credential are satisfy a matching predicate, confirming the verifiable credential.

Abstract: An example operation may include one or more of extracting a data object from a machine-readable code. The data object can include fields of data signed with a digital signature of a private key, detecting an identifier of an issuer of the data object from the extracted data object, retrieving a public key from a blockchain based on the identifier of the issuer detected from the field of the extracted data object, and verifying the digital signature of the private key based on the fetched public key.

Abstract: The present disclosure relates to storing a set of n data entries. The method includes creating a tree of ary l such that n leaf nodes of the tree comprise a set of hash values of the set of data entries respectively. For each parent node of the tree, a bilinear accumulator of hash values of l children of the parent node may be computed. A hash value of the bilinear accumulator may be computed. The root node of the tree may be stored as a representation of the content of the set of data entries.

Abstract: An example operation may include one or more of anonymizing, via an anonymization service hosted within a trusted execution environment (TEE), raw data provided by a computing node to generate anonymized data, generating, via the anonymization service, an authenticator object that binds together a hash of the raw data and a hash of the anonymized data, transmitting the generated anonymized data to the computing node, and submitting the authenticator object to a blockchain ledger via a blockchain transaction.

Abstract: An example operation may include one or more of receiving, by each of one or more peripheral peers of a blockchain network, a new block from an orderer peer, calculating a hash of the new block, determining the calculated hash is different than hashes from a majority of peripheral peers, determining that one or more blocks that correspond to the different hashes from the majority of peripheral peers are different from the new block, and in response ceasing committing blocks to the blockchain network.

Abstract: An example operation may include one or more of receiving, by each of one or more peripheral peers of a blockchain network, a sequence of new blocks from an orderer peer, calculating hashes for the sequence of new blocks, adding the hashes to a merkle tree, determining the merkle tree is different than merkle trees from a majority of peripheral peers, determining that one or more blocks that correspond to the different merkle trees from the majority of peripheral peers are different from the sequence of new blocks, and in response ceasing committing blocks to the blockchain network.

Abstract: An approach for privacy-preserving auditable accounts on blockchain networks. The approach may include encoding tokens associated with a blockchain network. The encoding may include data relating to the current epoch, where an epoch is a specific time range. The tokens may be received from a user for inspection by an auditing entity. The approach may include performing an audit check on the encoded tokens. If the audit check succeeds, the auditing entity may submit an audit transaction verifying the tokens were generated in the current epoch and making the tokens auditable for the next epoch.

Abstract: In some embodiments, a processor may generate a request associated with a transaction, collect an anchor associated with the request, and transition the transaction into a collection of two or more hashes; the processor may submit the transaction to an ordering service. In some embodiments, a processor may receive a request associated with a transaction, identify that a first preimage associated with a first hash is known to a first shard, and generate a first identification tag associated with the transaction. In some embodiments, a processor may receive a request associated with a transaction, assign a first shard a first task, and identify that a first preimage associated with a first hash is known to the first shard; the processor may perform the task.

Abstract: An example operation may include one or more of receiving, from a plurality of providers by a secure enclave, a plurality of training data sets and a plurality of salts paired with the plurality of training data sets, respectively, hashing, via the secure enclave, pairs of training data sets and salts to generate a plurality of salted hashes, and combining the plurality of salted hashes to generate a digest, training, via the secure enclave, a model based on the plurality of training data sets to generate a trained model, and providing the trained model and the digest to a plurality of data providers of the plurality of training data sets and the plurality of salts.

Abstract: A system may prove one or more attributes of a user by generating cyclic groups, generating an aggregate anonymous credential by a regulatory authority and issuers of the system, setting up an issuer with a multi-signature of administrators of the system, generating user credentials, and validating an operation signed with the user credentials.

Abstract: An example operation may include one or more of receiving an event from a node, extracting an identifier from the event, determining whether the event is authorized, and generating a notification of the event when the identifier is authorized, wherein the identifier includes a hashed value of an event counter and wherein the identifier is authorized when the hashed value matches a hashed value of the event counter stored in a storage area of or coupled to the client.

Abstract: A method, system, and computer program product are disclosed. The method includes separating a user certificate into a private component and a non-private component. The method further includes storing the non-private component in a database and providing a pointer to the non-private component stored in the database.

Abstract: A method for documenting asset exchanges between users by connecting to a first blockchain network configured to store user assets, receiving login data from a first user, receiving an asset lock transaction for an asset from the first user, confirming that the first user is an owner of the asset based on a previous asset transfer transaction associated with the user, verifying availability of the asset based on blockchain network records, determining that the second user is a registered user of the blockchain network, assigning the asset to a unique identifier of the asset lock transaction, receiving at least one of a claim request from the second user, prior to expiration of the deadline, and a reclaim transaction from the user following expiration of the deadline, and responding to the at least one of the claim request and the reclaim request according to the deadline.

Abstract: A method for providing privacy-preserving asset transfers between networks, by connecting to a first blockchain network, receiving login data from a user, receiving an asset pledge transaction for an asset, confirming that the user is an owner of the asset based on a previous asset transfer transaction associated with the user, verifying an availability of the asset based on first blockchain network records, determining that a recipient is a registered user of a second blockchain network, assigning the asset to a first unique identifier, receiving at least one of a pledge proof request, from the recipient prior to expiration of the deadline, and an asset reclaim transaction, from the user after expiration of the deadline, the pledge proof request and reclaim transaction each comprising the first unique identifier and responding to the at least one of the pledge proof request and the asset reclaim request according to the deadline.