Abstract: According to an embodiment of a first aspect of the invention, there is a distributed network comprising a plurality of network nodes. Each of the plurality of network nodes is linked to a first node identity of a plurality of first node identities. Each of the plurality of first node identities comprises a first verification key of a public-key signature scheme. The distributed network is configured to perform a key shuffling step adapted to perform an unlinkable one-to-one mapping between the plurality of first node identities and a plurality of second node identities. Each of the plurality of second node identities comprises a second verification key of a public-key signature scheme. The distributed network is configured to perform a consensus protocol with a subset of the plurality of second node identities. Further aspects of the invention relate to a corresponding computer-implemented method, a network node and a computer program product.

Abstract: Embodiments of the invention relate to a distributed network which comprises a replicated computing cluster. The replicated computing cluster comprises a plurality of nodes, wherein each of the plurality of nodes of the replicated computing cluster is configured to run a replica and each of the replicas is configured to run one or more computational units. The replicated computing cluster is configured to perform consecutive consensus rounds to reach a consensus on a sequence of payloads and to perform consecutive processing rounds comprising a consecutive processing of the sequence of payloads in a deterministic and replicated manner. The replicated computing cluster is further configured to perform consecutive computations of a random seed for each of the payloads of the sequence of payloads and to use the random seed of a respective payload of the sequence of payloads to provide randomness to the payload.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.

Abstract: Hardware security modules for executing zero-knowledge proofs are provided. Such a module includes multiple computational engines for executing respective primitive operations of zero-knowledge proofs, and memory storing multiple data-flow graphs. Each data-flow graph defines computational functionality of a respective one of the proofs, and comprises a set of nodes, each representing a said primitive operation, interconnected by edges representing input/output data of nodes. At least edges which represent security-sensitive data are indicated by edge-labels in the graphs. The module further comprises a set of registers, comprising at least a subset of secure registers, for storing data during execution of proofs, and a processor configured to control execution, using said engines, of proofs defined by the set of dataflow graphs such that data corresponding to a security-sensitive edge in a graph is stored in a secure register during execution.

Abstract: An example operation may include one or more of receiving a signed transaction from a blockchain member device, responsive to receiving the signed transaction, identifying a credential assigned to the blockchain member device, and the credential certifies a public key is assigned to the blockchain member device and was used to sign the signed transaction, determining whether to commit the signed transaction to a blockchain based on the credential, and responsive to determining to commit the signed transaction based on the credential, storing the signed transaction anonymously in the blockchain.

Abstract: Hardware security modules for executing zero-knowledge proofs are provided. Such a module includes multiple computational engines for executing respective primitive operations of zero-knowledge proofs, and memory storing multiple data-flow graphs. Each data-flow graph defines computational functionality of a respective one of the proofs, and comprises a set of nodes, each representing a said primitive operation, interconnected by edges representing input/output data of nodes. At least edges which represent security-sensitive data are indicated by edge-labels in the graphs. The module further comprises a set of registers, comprising at least a subset of secure registers, for storing data during execution of proofs, and a processor configured to control execution, using said engines, of proofs defined by the set of dataflow graphs such that data corresponding to a security-sensitive edge in a graph is stored in a secure register during execution.

Abstract: The present disclosure relates to a method for using a secret key for cryptographically processing a data item in an enclave enabled system. The method comprises: computing a first set of shares of the secret key and storing them in an encrypted format. Each encrypted share may be sent to respective component in a first set of components. In response to sending the encrypted shares, a modified encryption of the respective share may be received from each of the first set of components. Each of the received modified encryptions may be encrypted and the resulting modified share is sent to the respective first set of components. In response to sending the decrypted modified shares, a data item cryptographically processed using the respective share may be received from each of the first set of components. The received data items may be combined to obtain a cryptographically processed data item.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.

Abstract: An example operation may include one or more of receiving a signed transaction from a blockchain member device, responsive to receiving the signed transaction, identifying a credential assigned to the blockchain member device, and the credential certifies a public key is assigned to the blockchain member device and was used to sign the signed transaction, determining whether to commit the signed transaction to a blockchain based on the credential, and responsive to determining to commit the signed transaction based on the credential, storing the signed transaction anonymously in the blockchain.

Abstract: The present disclosure relates to a method for using a secret key for cryptographically processing a data item in an enclave enabled system. The method comprises: computing a first set of shares of the secret key and storing them in an encrypted format. Each encrypted share may be sent to respective component in a first set of components. In response to sending the encrypted shares, a modified encryption of the respective share may be received from each of the first set of components. Each of the received modified encryptions may be encrypted and the resulting modified share is sent to the respective first set of components. In response to sending the decrypted modified shares, a data item cryptographically processed using the respective share may be received from each of the first set of components. The received data items may be combined to obtain a cryptographically processed data item.