Abstract: A computer-implemented method for granting permission to a requestor to join a first network. The first network comprises a set of bridging nodes and a set of devices controllable by one or more of the set of bridging nodes. Each bridging node is also a respective node of a blockchain network. The method is performed by a registration authority and comprises generating a first blockchain transaction. The first blockchain transaction comprises an input comprising a signature linked to a first public key of the registration authority. The first blockchain transaction also comprises a first output comprising a first certificate, the first certificate comprising an identifier assigned to the requestor. The method further comprises transmitting the first blockchain transaction to the blockchain network for inclusion in the blockchain.

Abstract: A computer-implemented method for controlling one or more devices of a first network. The first network comprises a set of bridging nodes and a set of devices controllable by one or more of the set of bridging nodes. Each bridging node is also a node of a blockchain network, and each device has a respective device identifier. The method is performed by a first one of the bridging nodes and comprises generating a first blockchain transaction. The first blockchain transaction comprises a first input comprising a signature linked to a first public key of the first node, and a first output comprising command data. The command data comprises a respective identifier of a first one of the devices controlled by a second one of the bridging nodes, and a command message for controlling the first device.

Abstract: At least one proof transaction is received at a node of a blockchain network and comprises at least one Elliptic Curve Digital Signature Algorithm (ECDSA) signature and at least one zero-knowledge proof (ZKP) component. The node verifies the ECDSA signature of the at least one proof transaction based on a public key associated with the ECDSA signature and a signed part of the at least one proof transaction, and determined whether the ZKP component is correct for the ECDSA signature and a defined hash value and a defined hash function, in that it proves an ephemeral key counterpart to an r-part of the ECDSA signature to be a preimage of the defined hash value with respect to the defined hash function.

Abstract: A method of executing a transaction of a blockchain. The transaction comprises at least one output comprising a locking script, and the locking script comprises an instance of a first opcode and one or more instances of a second opcode. Each instance of the second opcode separates portions of the locking script. Upon calling the instance of the first opcode, a first data element is read from at least one stack, the first data element being generated during execution of the locking script with an unlocking script of a different transaction. A first part of the locking script that follows an instance of the second opcode corresponding to the first data element is output.

Abstract: A method of executing transactions of a blockchain network. A first transaction comprises at least a first output comprising a first locking script of a stack-based scripting language, the first locking script comprising a portion of the first locking script to be executed before a first instance of an opcode is executed. A second transaction comprises a first unlocking script that references the first output in the first transaction. Upon executing the first instance of the opcode, execution of the first locking script is terminated whilst not invalidating the first transaction. A first data element is read from at least one stack, wherein the first data element is generated during execution of the first unlocking script and the portion of the first locking script. The first data element as read from the at least one stack is supplied to an off-chain function, wherein the function is configured to generate a result based on at least said first data element.

Abstract: A computer-implemented method comprising, at a verifying nodes of a blockchain network: obtaining a first transaction which comprises runnable code; receiving a second transaction which includes information comprising at least a submitted instance of an r-part and an s-part of a first ECDSA signature, and further comprising a nonce; and miming the code from the first transaction. The code is configured to verify that HPoW(ƒ(r, d)) meets a predetermined condition defined in the code, and to return a result of true on condition thereof, where r is the submitted instance of the r-part, d is the nonce, HPoW is a hash function, and f is a function combining q and d.

Abstract: A method of validating transactions for recordal in a blockchain comprises receiving one or more transactions at a node of a blockchain network. For each received transaction a protocol for validating the transaction is applied. The protocol is configured to allow a termination opcode to be included in an output script of the transaction. The termination opcode is configured to, upon being executed by the node, a) terminate execution of the output script, and b) not to invalidate the transaction based only on the inclusion of the termination opcode in the output script. The protocol is also configured to disallow any instance of the termination opcode from being included in an input script of the transaction, said disallowing comprising the node at least invalidating the transaction if any instance of the termination opcode is included in the input script.

Abstract: A knowledge proof is performed using a set of transactions for recording in a blockchain maintained in a blockchain network. A challengee receives a competition challenge. The competition challenge has a derivable challenge solution but the challenge solution is not communicated to the challengee directly. The challengee competes with one or more other challengees to derive an independent instance of the challenge solution from the competition challenge. Upon the challengee successfully deriving the independent instance of the challenge solution before any of the other one or more challengees, the challengee uses data thereof as a secret challengee key to sign at least one message, and thereby generate at least one transaction signature, and submits the at least one transaction signature and the at least one message to the blockchain network for verifying at a node of the blockchain network.

Abstract: A method comprising, at a node of a blockchain network: obtaining a first transaction including runnable code specifying a reference instance of an r-part of ant ECDSA signature; receiving a second transaction including information comprising at least an s-part of the ECDSA signature, and obtaining a public key wherein the ECDSA signature signs a message based on a corresponding private key; and running the code from the first transaction, the code being configured to return a result of true, irrespective of whose private key was used as the first private key, on condition that: the ECDSA verification function, as applied to the ECDSA signature, verifies that the s-part received in the second transaction corresponds to the reference instance of the r-part specified by the first transaction, given the message received in the second transaction and the obtained first public key.

Abstract: At a node of a blockchain network: obtaining a first transaction which including runnable code, including reference data for evaluating a challenge defined based on a joint r-value rjoint; receiving one or more second transactions including information comprising an r-part ri and s-part si of each of a pair of ECDSA signatures (i=1, 2), each signing part of one of the one or more second transactions based on a respective first private key Vi corresponding to a respective first public key Pi; and running the code. The code verifies whether the challenge is met based on the reference data and the r-parts ri. The challenge comprises a criterion that: R1+R2=(?2?rjoint) mod p, where rjoint=[Rjoint]x, Rjoint=R1+R2, p is a prime modulus, (Formula (I)) mod p, Ri=ki. G, xi=[Ri]x, Yi=[Ri]y, ki is an ephemeral key, and G is an elliptic curve generator point.