Abstract: Embodiments of the invention relate to a distributed network. The distributed network comprises a replicated computing cluster and the replicated computing cluster comprises a plurality of nodes. Each of the plurality of nodes of the replicated computing cluster is configured to run a replica and each of the replicas is configured to run one or more computational units. Furthermore, each of the replicas is configured to perform consecutive processing rounds. The consecutive processing rounds comprise a consecutive processing of input blocks in a deterministic and replicated manner and thereby a sequence of round states is computed. Each of the replicas is further configured to perform software upgrades of the replica at handover states of pre-agreed handover rounds of the consecutive processing rounds and to provide, upon request of another replica, via a communication interface that is independent of the software upgrades, a handover package.

Abstract: According to an embodiment of an aspect of the invention, there is a computer-implemented method for authenticating users of a network. The method comprises steps of maintaining, by an identity service, user accounts under a main user identifier, wherein the user accounts support a method of authentication by the user. The method further comprises generating, by an application frontend, a session public key of a public key verification scheme and providing, by the application frontend, the session public key to the identity service. Further steps include obtaining, by the application frontend, a certification from the identity service, the certification comprising the session public key and an application user identifier. The application user identifier is derived from the main user identifier and an application frontend identifier.

Abstract: According to an embodiment of a first aspect of the invention, there is a distributed network comprising a plurality of network nodes. Each of the plurality of network nodes is linked to a first node identity of a plurality of first node identities. Each of the plurality of first node identities comprises a first verification key of a public-key signature scheme. The distributed network is configured to perform a key shuffling step adapted to perform an unlinkable one-to-one mapping between the plurality of first node identities and a plurality of second node identities. Each of the plurality of second node identities comprises a second verification key of a public-key signature scheme. The distributed network is configured to perform a consensus protocol with a subset of the plurality of second node identities. Further aspects of the invention relate to a corresponding computer-implemented method, a network node and a computer program product.

Abstract: According to an embodiment of a first aspect of the invention, there is provided a distributed network comprising a plurality of nodes. Each of the plurality of nodes is configured to run one or more computational units comprising its own unit state. The network is configured to individually execute, by an execution subset of the plurality of nodes, s set of execution messages in a deterministic manner, thereby mutating the unit states of one or more of the computational units of the execution subset. The network is further configured to regularly make, by the nodes of the execution subset, a read snapshot of the unit states of the one or more computational units of the execution subset and to provide, by one or more nodes of the execution subset, user access to the read snapshot. Further aspects of the invention relate to a corresponding computer-implemented method, a node, a computer program product and a software architecture.

Abstract: Embodiments of the invention relate to a computer-implemented method for authenticating data in a distributed network. The distributed network comprises at least one application subnet. The application subnet comprises a plurality of nodes and each of the plurality of nodes is configured to run one or more computational units. The computational units are configured to execute computations in a deterministic and replicated manner across the application subnet. The method comprises steps of regularly computing, by the plurality of nodes of the application subnet, a digest of an application subnet accumulator. The application subnet accumulator comprises for each of the computational units of a respective application subnet an assigned accumulator element as unit variable. The method comprises further steps of regularly executing, by the nodes of the application subnet, a joint signature on the digest of the application subnet accumulator, thereby producing an application subnet certificate.

Abstract: Embodiments of the invention relate to a computer-implemented method for storing data. The method comprises storing the data in a hierarchical accumulator structure. The hierarchical accumulator structure comprises at least a first level and a second level. The first level comprises a first level accumulator and the second level comprises a plurality of second level accumulators. The first level accumulator encompasses a plurality of first level elements and a first level digest of the plurality of first level elements. Each of the plurality of second level accumulators encompasses a plurality of second level elements and a second level digest of the plurality of second level elements and each of the second level digests of the plurality of second level accumulators corresponds to one of the plurality of first level elements. A subset of the plurality of first level elements comprises or is associated with metadata. The metadata comprises accumulator information for the corresponding second level accumulator.

Abstract: Embodiments of the invention relate to a distributed network which comprises a replicated computing cluster. The replicated computing cluster comprises a plurality of nodes, wherein each of the plurality of nodes of the replicated computing cluster is configured to run a replica and each of the replicas is configured to run one or more computational units. The replicated computing cluster is configured to perform consecutive consensus rounds to reach a consensus on a sequence of payloads and to perform consecutive processing rounds comprising a consecutive processing of the sequence of payloads in a deterministic and replicated manner. The replicated computing cluster is further configured to perform consecutive computations of a random seed for each of the payloads of the sequence of payloads and to use the random seed of a respective payload of the sequence of payloads to provide randomness to the payload.

Abstract: Method for redistribution of a (n,t)-secret sharing of a secrets from a set of dealers to a set of receivers. The method comprises performing by each of at least the threshold number t of dealers, —creating a (n?,t?)-secret sharing of its respective secret share, —creating a set of ciphertexts comprising for each receiver one encrypted sub-share of the n1 secret sub-shares of its respective secret share and being encrypted with respect to a public encryption key of the respective receiver. The public encryption key is a key of a public-key encryption scheme. —generating a non-interactive zero-knowledge proof that the set of ciphertexts jointly contain a redistribution of its secret share—broadcasting a dealing to the set of receivers, the dealing comprising the set of ciphertexts for the set of receivers and the corresponding non-interactive zero-knowledge proof.

Abstract: According to an embodiment of a first aspect of the invention, there is provided a computer-implemented method for operating a distributed network. The distributed network comprises a plurality of nodes. The network comprises one or more subnets. The method comprises steps of running a set of computational units and assigning each of the computational units to one of the plurality of subnets according to a subnet-assignment, thereby creating an assigned subset of the set of computational units for each of the subnets. The method further comprises running on each node of the plurality of subnets the assigned subset of the computational units, wherein the computational units are configured to execute computations in a deterministic manner, thereby replicating the assigned subsets of the computational units on replicas across the respective subnet.

Abstract: According to an embodiment of a first aspect of the invention, there is provided a distributed network comprising a plurality of subnets. Each of the plurality of subnets comprises a changeable set of nodes. The network is configured to generate for each of the plurality of subnets, by a distributed key generation protocol, an individual static verification key of a public-key signature scheme and a first set of corresponding secret key shares for a first set of nodes of the respective subnet. The network is further configured to redistribute, for each of the plurality of subnets, by a secret-redistribution protocol, the secret key shares of the respective first set of secret key shares to a second set of nodes of the respective subnet, thereby creating a second set of secret key shares corresponding to the same static verification key of the respective subnet.

Abstract: According to an embodiment of a first aspect of the invention, there is provided a computer-implemented method for operating a distributed network. The distributed network comprises a plurality of subnets embodied as replicated computing clusters. The method further comprises migrating a computational unit from a first subnet of the plurality of subnets to a second subnet of the plurality of subnets. The migrating comprises signalling to the first and the second subnet a computational unit of the first subnet as migrant computational unit that shall be migrated. The migrating further comprises transferring the migrant computational unit from the first subnet to the second subnet, installing the migrant computational unit on the second subnet and activating and running the migrant computational unit on the second subnet. Further aspects of the invention relate to a corresponding distributed network, a node, a computer program product and a software architecture.

Abstract: Embodiments of the invention relate to a computer-implemented method for generating verification keys of a public-key signature scheme in a distributed network. The method comprises performing, by a subset of the nodes of a first subnetwork of nodes, a first distributed key generation protocol, the first distributed key generation protocol being configured to generate jointly a verification key for the first subnetwork and a plurality of corresponding secret key shares for the nodes of the first subnetwork. The method further comprises a step of performing, for a second subnetwork, by a subset of the plurality of nodes of the first subnetwork, a second distributed key generation protocol, the second distributed key generation protocol being configured to generate jointly a verification key of the second subnetwork and a plurality of corresponding secret key shares for the nodes of the second subnetwork.

Abstract: An aspect of the invention relates to a distributed network comprising a plurality of network nodes. The distributed network is configured to perform a method for reaching a consensus on a sequence of values in an advantageous manner. The method performs consecutive notarization rounds. The notarization rounds comprise steps of creating value proposals to be added to the sequence, communicating the value proposals to a notarization subset of the plurality of nodes and performing a validity check of received value proposals. The notarization rounds may comprise further steps of executing individual notarization signatures on a subset of the value proposals that are valid. The notarization rounds may further comprise performing a consistency check of the value proposals and executing consistency signatures on a subset of the value proposals. The method may further comprise a finality procedure to finalize a value proposal once a predefined finality rule set has been fulfilled.

Abstract: According to an embodiment of a first aspect of the invention, there is provided a distributed network comprising a plurality of subnets. Each of the plurality of subnets comprises a plurality of nodes. The network is configured to run a set of computational units and to assign each of the computational units to one of the plurality of subnets according to a subnet-assignment, thereby creating an assigned subset of the set of computational units for each of the subnets. The network is further configured to run on each node of the plurality of subnets the assigned subset of the computational units and to replicate the assigned subsets of the computational units across the respective subnets. The network is further configured to exchange unit-to-unit messages between the computational units via a messaging protocol based on the subnet-assignment. Further aspects of the invention relate to a corresponding computer-implemented method, a node, a computer program product and a software architecture.

Abstract: An aspect of the invention relates to a computer-implemented method for charging and paying for a use of resources of a distributed network. The distributed network comprises a plurality of nodes, wherein each of the plurality of nodes is configured to run one or more computational units. The one or more computational units comprise one or more application units for providing application services to users of the distributed network. The embodied method comprises steps of running, by each user of the network, one or more local user gas accounts at one or more of the application units and processing, via the local user gas accounts, payments for the use of the resources of the distributed network. Further aspects relate to a distributed network, a node of a distributed network and a corresponding computer program product.

Abstract: According to an embodiment of a first aspect of the invention, there is provided a distributed network comprising a plurality of nodes. Each of the plurality of nodes is configured to run one or more computational units comprising its own unit state. The network is configured to individually execute, by an execution subset of the plurality of nodes, s set of execution messages in a deterministic manner, thereby mutating the unit states of one or more of the computational units of the execution subset. The network is further configured to regularly make, by the nodes of the execution subset, a read snapshot of the unit states of the one or more computational units of the execution subset and to provide, by one or more nodes of the execution subset, user access to the read snapshot. Further aspects of the invention relate to a corresponding computer-implemented method, a node, a computer program product and a software architecture.

Abstract: According to an embodiment of a first aspect of the invention, there is a distributed network comprising a plurality of network nodes. Each of the plurality of network nodes is linked to a first node identity of a plurality of first node identities. Each of the plurality of first node identities comprises a first verification key of a public-key signature scheme. The distributed network is configured to perform a key shuffling step adapted to perform an unlinkable one-to-one mapping between the plurality of first node identities and a plurality of second node identities. Each of the plurality of second node identities comprises a second verification key of a public-key signature scheme. The distributed network is configured to perform a consensus protocol with a subset of the plurality of second node identities. Further aspects of the invention relate to a corresponding computer-implemented method, a network node and a computer program product.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.