Abstract: An example operation may include one or more of anonymizing, via an anonymization service hosted within a trusted execution environment (TEE), raw data provided by a computing node to generate anonymized data, generating, via the anonymization service, an authenticator object that binds together a hash of the raw data and a hash of the anonymized data, transmitting the generated anonymized data to the computing node, and submitting the authenticator object to a blockchain ledger via a blockchain transaction.

Abstract: An example operation may include one or more of receiving, from a plurality of providers by a secure enclave, a plurality of training data sets and a plurality of salts paired with the plurality of training data sets, respectively, hashing, via the secure enclave, pairs of training data sets and salts to generate a plurality of salted hashes, and combining the plurality of salted hashes to generate a digest, training, via the secure enclave, a model based on the plurality of training data sets to generate a trained model, and providing the trained model and the digest to a plurality of data providers of the plurality of training data sets and the plurality of salts.

Abstract: A computer executes a causal total order broadcast (CTOB) protocol, in a Byzantine fault-tolerant, distributed computerized system comprising a set of nodes acting as servers for clients of the system. The nodes host a trusted proxy client (TPC) process that executes in a trusted execution environment of the nodes. The TPC process includes for each client request (which include encrypted contents) received from any of the clients, signing the client request. The TPC process invokes a total order broadcast (TOB) protocol to obtain a sequence number for the signed request, whereby the nodes establish a total order in which the signed request is processed by the nodes. Upon determining that the signed request is assigned this sequence number, the TPC process reveals a decrypted version of the encrypted contents of the client request to the set of nodes, and the decrypted version is processed according to the TOB protocol.

Abstract: A computer executes a causal total order broadcast (CTOB) protocol, in a Byzantine fault-tolerant, distributed computerized system comprising a set of nodes acting as servers for clients of the system. The nodes host a trusted proxy client (TPC) process that executes in a trusted execution environment of the nodes. The TPC process includes for each client request (which include encrypted contents) received from any of the clients, signing the client request. The TPC process invokes a total order broadcast (TOB) protocol to obtain a sequence number for the signed request, whereby the nodes establish a total order in which the signed request is processed by the nodes. Upon determining that the signed request is assigned this sequence number, the TPC process reveals a decrypted version of the encrypted contents of the client request to the set of nodes, and the decrypted version is processed according to the TOB protocol.

Abstract: An example operation may include one or more of anonymizing, via an anonymization service hosted within a trusted execution environment (TEE), raw data provided by a computing node to generate anonymized data, generating, via the anonymization service, an authenticator object that binds together a hash of the raw data and a hash of the anonymized data, transmitting the generated anonymized data to the computing node, and submitting the authenticator object to a blockchain ledger via a blockchain transaction.

Abstract: An example operation may include one or more of receiving, from a plurality of providers by a secure enclave, a plurality of training data sets and a plurality of salts paired with the plurality of training data sets, respectively, hashing, via the secure enclave, pairs of training data sets and salts to generate a plurality of salted hashes, and combining the plurality of salted hashes to generate a digest, training, via the secure enclave, a model based on the plurality of training data sets to generate a trained model, and providing the trained model and the digest to a plurality of data providers of the plurality of training data sets and the plurality of salts.

Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.

Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.

Abstract: A method for providing integrity and consistency of a cloud storage service to a group of mutually trusted clients may be provided. The cloud storage service may offer a set of operations, such as read, write, update, delete in respect to stored data to the clients, whereby each client only executes its own client operations when consuming one of the set of operations of the cloud storage service, and wherein each client detects data correctness of the cloud storage service based on a protocol providing fork-linearizablity.

Abstract: A method for providing integrity and consistency of a cloud storage service to a group of mutually trusted clients may be provided. The cloud storage service may offer a set of operations, such as read, write, update, delete in respect to stored data to the clients, whereby each client only executes its own client operations when consuming one of the set of operations of the cloud storage service, and wherein each client detects data correctness of the cloud storage service based on a protocol providing fork-linearizablity.