Abstract: A method for registering a mining computing entity (MCE) with a trusted execution environment entity (TEEE) in a blockchain of a distributed blockchain consensus network (DBCN), based on a proof-of-stake protocol, includes determining public signing information, secret signing information, and a registration timestamp and determining public account information and secret account information for a virtual wallet of the blockchain. The method further includes generating attestation information based on signing integrity information and hashing the public signing information and the public account information, and based on the attestation information, obtaining, from an attestation providing entity (APE), proving information. The method also includes sending, to the blockchain, a registration transaction that is signed with the secret account information, and registering the MCE to the blockchain.

Abstract: A method for detecting a cache-based side-channel attack includes utilizing a timer thread that continuously increments a variable in code of an application. The code has been instrumented such that the instrumented code uses the variable incremented by the timer thread to infer an amount of time taken for running a part of the code. A number of cache misses during execution of the part of the code is determined based on the amount of time. It is determined whether the application is experiencing the cache-based side-channel attack using a classifier which uses as input the number of cache misses.

Abstract: A method for providing a trusted service to a trusted execution environment running on a remote host machine includes receiving a message from the trusted execution environment and incrementing a counter of the trusted service. A response message is sent to the trusted execution environment using a value of the incremented counter.

Abstract: Systems and methods for validation of transaction policy compliance are provided. Code is implemented, including a transaction policy compliance check, in a form of a trusted application to be executed in a trusted execution environment (TEE). A secret is attested and provisioned to a trusted application instance in the TEE. The trusted application instance is executed on a client transaction request to generate a policy compliance result. A transaction object is generated, including the policy compliance result and a proof of the execution. The transaction object is proposed to a distributed ledger system. The policy compliance result and a proof of the execution during transaction validation in the distributed ledger system is verified.

Abstract: A method for registering a mining computing entity (MCE) with a trusted execution environment entity (TEEE) in a blockchain of a distributed blockchain consensus network (DBCN), based on a proof-of-stake protocol, includes providing public signing and corresponding secret signing information and trusted time information by the TEEE of the MCE, providing public and secret account information for a virtual wallet of the blockchain by the MCE, and generating integrity information by the TEEE. The method further includes generating attestation information by signing the integrity information, hashed public signing information and public account information, computing proving information, by an attestation providing entity (APE), by attesting the attestation information, and sending a transaction to the blockchain, signed with the secret account information, the transaction including the public signing information and the proving information.

Abstract: A method for storing information includes receiving information to be stored and an information tag from a user computing entity, and storing the information and the information tag. The information to be stored includes a chunk that is divided into a plurality of blocks each comprising one or more elements. The information tag comprises a plurality of tags each having been computed for one of the blocks, wherein the tag for the j-th block of the i-th chunk is based on: an output of a random function using as input: 1) an output of an index function mapping each index j to a certain value, and/or 2) a seed sampled for the i-th chunk; the j-th block; and a representation of a second secret comprising one or more random elements each associated with a respective one of the one or more elements of one of the blocks.

Abstract: A method for execution of a Byzantine Fault Tolerant (BFT) protocol among a number of participating nodes of a network includes: receiving, by a primary node of the BFT protocol, a transaction request, applying, by the primary node, a data dissemination protocol for distributing the transaction request among the participating nodes via a data-plane of the network, and generating, by the primary node, a hash of the transaction request and requesting consensus among the participating nodes via a control-plane of the network using the hash of the transaction request.

Abstract: A method detects model-poisoning attempts in a federated learning system. The federated learning system includes a server orchestrating with clients to train a machine-learning model. The method includes receiving, by the server, results of a poisoning detection analysis. The poisoning detection analysis includes at least one of an analysis of class-specific misclassification rates or an analysis of activation clustering of a current state of the machine-learning model.

Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Abstract: A method for securing a cryptocurrency transaction on a permissioned blockchain, which involves cryptocurrencies of a permissionless public blockchain, includes receiving a join request including a transaction identification. The transaction identification identifies an enroll transaction involving a public smart contract deployed on the permissionless public blockchain, the enroll transaction identifying a permissioned blockchain public key being valid on the permissioned blockchain and transferring a cryptocurrency balance to the public smart contract. The method further includes verifying that the enroll transaction was properly executed, crediting an account corresponding to the permissioned blockchain public key with the cryptocurrency balance, and receiving a send request identifying a second cryptocurrency balance and a second permissioned blockchain public key being valid on the permissioned blockchain.

Abstract: A method for securing an interblockchain transaction includes receiving, from a first user application, a registration request including a first permissioned blockchain public key and a first permissionless blockchain public key. The method also includes performing, by the processing circuitry, receiving, from a second user application, a second registration request including a second permissioned blockchain public key and a second permissionless blockchain public key. The permissioned blockchain public keys are valid on the permissioned blockchain and the permissionless blockchain public keys are valid on the permissionless public blockchain. In addition, the method includes receiving, from the first user application, a transaction identification, the transaction identification identifying a first transfer transaction executed on the permissionless public blockchain. The transaction identification identifies the first and second permissionless blockchain public keys.

Abstract: A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

Abstract: A method for storing information includes receiving information to be stored and an information tag from a user computing entity, and storing the information and the information tag. The information to be stored includes a chunk that is divided into a plurality of blocks each comprising one or more elements. The information tag comprises a plurality of tags each having been computed for one of the blocks, wherein the tag for the j-th block of the i-th chunk is based on: an output of a random function using as input: 1) an output of an index function mapping each index j to a certain value, and/or 2) a seed sampled for the i-th chunk; the j-th block; and a representation of a second secret comprising one or more random elements each associated with a respective one of the one or more elements of one of the blocks.

Abstract: A method for enabling pruning of a blockchain of a blockchain network includes creating an active blocks commitments Merkle tree from hashes of active blocks and creating an active smart contracts commitments Merkle tree from hashes of active smart contracts. The Merkle trees are created after an amount of blocks created in the blockchain has reached a threshold set by a pruning threshold parameter stored in the blockchain network. Hashes of the roots of the Merkle trees are stored in a header of a new block as a new genesis block. The new genesis block is broadcast to the blockchain network. A set of the active blocks and active smart contracts used respectively to create the active blocks commitments Merkle tree and the active smart contracts commitments Merkle tree are committed to upon the blockchain network reaching consensus on the new genesis block.

Abstract: A method is provided for preparing a plurality of distributed nodes to perform a protocol to establish a consensus on an order of received requests. The plurality of distributed nodes includes a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media. The method includes preparing a set of random numbers, each being a share of an initial secret. Each share of the initial secret corresponds to one of the plurality of active nodes. The method further includes encrypting each respective share of the initial secret, binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value, and generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret.

Abstract: A method for supporting sharing of travel history of travelers in airports, wherein the travelers' identity is managed using a distributed ledger system, wherein the distributed ledger system includes a global identity blockchain and several per segment security blockchains, wherein the global identity blockchain is accessible by entities of the distributed ledger system, and wherein a per segment security blockchain is employed for a predetermined flight segment, such that the per segment security blockchain is accessible only by entities of the distributed ledger system that are involved in the predetermined flight segment, the method comprising the steps of: a) generating a history secret of a traveler according to a resistance mechanism for resisting a creation of multiple identities, in particular a Sybil-resistance mechanism; b) receiving, by the global identity blockchain, a registration request of the traveler, wherein the registration request comprises a commitment of the traveler's history secret, a

Abstract: A method for operating a mining pool includes running, by a mining pool operator, a blockchain node and at least one enclave. The blockchain node is connected to the enclave as well as to a blockchain P2P network and to a publicly available site. The method further includes checking, by the blockchain node, validity of incoming blocks and transactions received from the blockchain P2P network, and forwarding information on the received blocks and transactions to the at least one enclave. The method further includes creating, by the at least one enclave, a state transparency log and inserting the block and transaction information received from the blockchain node into the state transparency log, and signing, by the at least one enclave, the state transparency log and publishing the state transparency log at the publicly available site.

Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.

Abstract: A method for securing a blockchain and incentivizing the storage of blockchain data using a publicly verifiable proof of retrievability (PoR) includes receiving a PoR transaction having a PoR proof, determining whether the PoR proof is a verified PoR proof, and based upon determining that the PoR proof is a verified PoR proof, incorporating, by a block creator node, the PoR transaction into a new block of the blockchain.

Abstract: A method for providing information to be stored includes computing a storable first secret for generating a random value based on a random function. The information to be stored is provided as a chunk which is divided into blocks each having an element. A storable second secret comprising a random element is computed. A tag is computed for each block such that the tag for the j-th block of the i-th chunk is computed using: an output of the random function, the j-th block, and a representation of the second secret. The information to be stored is provided together with an information tag comprising the computed tags of each block of each chunk.