Abstract: A method for securing a genuine machine learning model against adversarial samples includes the steps of attaching a trigger to a sample to be classified and classifying the sample with the trigger attached using a backdoored model that has been backdoored using the trigger. In a further step, it is determined whether an output of the backdoored model is the same as a backdoor class of the backdoored model, and/or an outlier detection method is applied to logits compared to honest logits that were computed using a genuine sample. These steps are repeated using different triggers and backdoored models respectively associated therewith. It is compared a number of times that an output of the backdoored models is not the same as the respective backdoor class, and/or a difference determined by applying the outlier detection method, against one or more thresholds so as to determine whether the sample is adversarial.

Abstract: A method for performing a privacy-preserving membership test includes performing an oblivious pseudo-random function (OPRF) protocol to determine a pseudo-random function (PRF) result based on an input from a proving device and a PRF key. The input indicates a user identity of a user associated with the providing device. The method further includes determining whether the user belongs to a verifier list associated with a verifier device based on testing membership of the user using the verifier list and the PRF result.

Abstract: A method for secure chain division of a satellite chain by a validator node of a permission-based blockchain system includes executing, by communicating with a set of validator nodes of an original satellite chain of the blockchain system, a validator assignment scheme that splits the set of validator nodes of the original satellite chain into subsets of validator nodes of child chains of the original satellite chain, and running, by communicating with the validator nodes of the respective subsets, a reconfiguration protocol to set up the respective child chains and sending, to an identity management component that maintains identity information of all members of the blockchain system in a registry, a configuration update to record the division of the original satellite chain and corresponding creation of the child chains.

Abstract: A method for performing federated learning includes initializing, by a server, a global model G0. The server shares G0 with a plurality of participants (N) using a secure communications channel. The server selects n out of N participants, according to filtering criteria, to contribute training for a round r. The server partitions the selected participants n into s groups and informs each participant about the other participants belonging to the same group. The server obtains aggregated group updates AU1, . . . , AUg from each group and compares the aggregated group updates and identifies suspicious aggregated group updates. The server combines the aggregated group updates by excluding the updates identified as suspicious, to obtain an aggregated update Ufinal. The server derives a new global model Gr from the previous model Gr-1 and the aggregated update Ufinal and shares Gr with the plurality of participants.

Abstract: A method for registering a mining computing entity (MCE) with a trusted execution environment entity (TEEE) in a blockchain of a distributed blockchain consensus network (DBCN), based on a proof-of-stake protocol, includes determining public signing information, secret signing information, and a registration timestamp and determining public account information and secret account information for a virtual wallet of the blockchain. The method further includes generating attestation information based on signing integrity information and hashing the public signing information and the public account information, and based on the attestation information, obtaining, from an attestation providing entity (APE), proving information. The method also includes sending, to the blockchain, a registration transaction that is signed with the secret account information, and registering the MCE to the blockchain.

Abstract: A method for registering a mining computing entity (MCE) with a trusted execution environment entity (TEEE) in a blockchain of a distributed blockchain consensus network (DBCN), based on a proof-of-stake protocol, includes providing public signing and corresponding secret signing information and trusted time information by the TEEE of the MCE, providing public and secret account information for a virtual wallet of the blockchain by the MCE, and generating integrity information by the TEEE. The method further includes generating attestation information by signing the integrity information, hashed public signing information and public account information, computing proving information, by an attestation providing entity (APE), by attesting the attestation information, and sending a transaction to the blockchain, signed with the secret account information, the transaction including the public signing information and the proving information.

Abstract: A method detects model-poisoning attempts in a federated learning system. The federated learning system includes a server orchestrating with clients to train a machine-learning model. The method includes receiving, by the server, results of a poisoning detection analysis. The poisoning detection analysis includes at least one of an analysis of class-specific misclassification rates or an analysis of activation clustering of a current state of the machine-learning model.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: A method for securing a genuine machine learning model against adversarial samples includes the steps of attaching a trigger to a sample to be classified and classifying the sample with the trigger attached using a backdoored model that has been backdoored using the trigger. In a further step, it is determined whether an output of the backdoored model is the same as a backdoor class of the backdoored model, and/or an outlier detection method is applied to logits compared to honest logits that were computed using a genuine sample. These steps are repeated using different triggers and backdoored models respectively associated therewith. It is compared a number of times that an output of the backdoored models is not the same as the respective backdoor class, and/or a difference determined by applying the outlier detection method, against one or more thresholds so as to determine whether the sample is adversarial.

Abstract: A method for securing a genuine machine learning model against adversarial samples includes receiving a sample, as well as receiving a classification of the sample using the genuine machine learning model or classifying the sample using the genuine machine learning model. The sample is classified using a plurality of backdoored models, which are each a backdoored version of the genuine machine learning model. The classification of the sample using the genuine machine learning model is compared to each of the classifications of the sample using the backdoored models to determine a number of the backdoored models outputting a different class than the genuine machine learning model. The number of the backdoored models outputting a different class than the genuine machine learning model is compared against a predetermined threshold so as to determine whether the sample is an adversarial sample.

Abstract: A method prevents posterior-corruption long-range attacks in a proof of stake blockchain protocol in a blockchain network. The method includes: generating, by a blockchain node associated with a TEE device, a signing key pair, including a public key and a private key; remotely-attesting, by the blockchain node, a trusted enclave application, including generating an attestation certificate; and issuing, by the blockchain node, a registration transaction to distribute the attestation certificate; the registration transaction specifying an amount of mining stake purchased by the blockchain validator. Once the registration transaction is confirmed, the TEE device becomes enabled for mining blocks in the blockchain network.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: A method detects model-poisoning attempts in a federated learning system. The federated learning system includes a server orchestrating with clients to train a machine-learning model. The method includes receiving, by the server, results of a poisoning detection analysis. The poisoning detection analysis includes at least one of an analysis of class-specific misclassification rates or an analysis of activation clustering of a current state of the machine-learning model.

Abstract: A method for performing federated learning includes initializing, by a server, a global model G0. The server shares G0 with a plurality of participants (N) using a secure communications channel. The server selects n out of N participants, according to filtering criteria, to contribute training for a round r. The server partitions the selected participants n into s groups and informs each participant about the other participants belonging to the same group. The server obtains aggregated group updates AU1, . . . , AUg from each group and compares the aggregated group updates and identifies suspicious aggregated group updates. The server combines the aggregated group updates by excluding the updates identified as suspicious, to obtain an aggregated update Ufinal. The server derives a new global model Gr from the previous model Gr-1 and the aggregated update Ufinal and shares Gr with the plurality of participants.

Abstract: The present invention relates to a method for registering a mining computing entity, ‘MCE’ with a trusted execution environment entity, ‘TEEE’ in a blockchain of a distributed blockchain consensus network, ‘DBCN’, based on a proof-of-stake protocol, said method comprising the steps of —Providing public signing and corresponding secret signing information and trusted time information by said TEEE of said MCE, —Providing public and secret account information for a virtual wallet of said blockchain by said MCE, —Generating integrity information by said TEEE, —Generating attestation information by signing said integrity information, hashed public signing information and public account information, —Computing proving information, by an attestation providing entity, ‘APE’, by attesting said attestation information, —Sending a transaction to said blockchain, signed with said secret account information, wherein said transaction including said public signing information and said proving information, —Verifying said tr

Abstract: A method prevents posterior-corruption long-range attacks in a proof of stake blockchain protocol on a blockchain network. The method includes: generating, by a blockchain node, a fresh key pair, having a fresh public key to be included into a transaction and a fresh private key to be used for signing a next transaction; generating, by the blockchain node, the transaction having as an input an overall stake associated to an account of the blockchain node, and as an output a transfer stake to be transferred to a second node's public key, and a remaining account stake to be transferred to the fresh public key; signing, by the blockchain node, the transaction with a previous private key; and broadcasting, by the blockchain node, the generated transaction to the blockchain network.