Abstract: Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypted one-time-pad key and sends the ciphertext to the receiver system.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.

Abstract: An example operation may include one or more of connecting, by a participating node, to a blockchain configured to store user assets, receiving, by the participating node, login data from a user, receiving, by the participating node, an asset transfer request from the user identified by the login data, the asset transfer request including identification data of an asset recipient, confirming, by the participating node, that the user is an owner of the asset based on a previous asset transfer transaction associated with the user, verifying, by the participating node, integrity and validity of the asset based on blockchain records, determining, by the participating node, that the asset recipient is a registered user of the blockchain, in response to the determining, by the participating node, that the asset recipient is the registered user of the blockchain, encrypting, by the participating node, an asset transfer transaction by a public key associated with a private key of an auditor; and providing, by the par

Abstract: Communicating a message via a leakage-deterring encryption scheme. A sender computer stores a public key pko of a recipient key-pair (pko, sko) of a message recipient, a commitment c, bound to the public key pko, to a secret s of the message recipient, and a public key pkt of a decryptor key-pair (pkt, skt). A receiver computer stores a secret key sko of the recipient key-pair (pko, sko), the commitment c and an opening o to the commitment. A decryptor computer stores a secret key skt of the decryptor key-pair (pkt, skt). The sender computer is adapted to encrypt a message m for the message recipient by generating ciphertexts. The sender computer sends the ciphertexts to the receiver computer. The receiver computer is adapted to send a ciphertext to the decryptor computer and provide a proof. The decryptor computer is adapted to verify the proof.

Abstract: An example operation may include one or more of receiving a signed transaction from a blockchain member device, responsive to receiving the signed transaction, identifying a credential assigned to the blockchain member device, and the credential certifies a public key is assigned to the blockchain member device and was used to sign the signed transaction, determining whether to commit the signed transaction to a blockchain based on the credential, and responsive to determining to commit the signed transaction based on the credential, storing the signed transaction anonymously in the blockchain.

Abstract: Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme, the attributes including predefined time period data and a receiver system identifier, with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypting one-time-pad key and sends to the receiver system.

Abstract: Computer-implemented methods for privacy attribute based credentials include issuing a privacy-preserving attribute-based credential, which is signed with a private key and has a unique credential handle; updating an accumulator in a tamperproof log to incorporate the credential handle; and facilitating providing access to a service in response to a zero-knowledge proof that the accumulator contains the credential handle. The methods also include generating revocation conditions and initial revocation information; submitting the initial revocation information and the revocation conditions to the tamperproof log; revoking a credential by adding a credential handle of the credential to the initial revocation information; and submitting the updated revocation information to the tamperproof log. Further, the methods include writing to the tamperproof log an audit token that contains an encrypted credential handle, which is encrypted by an auditor's public key that is published on the tamperproof log.

Abstract: An example operation may include one or more of connecting, by a participating node, to a blockchain configured to store user assets, receiving, by the participating node, login data from a user, receiving, by the participating node, an asset transfer request from the user identified by the login data, the asset transfer request including identification data of an asset recipient, confirming, by the participating node, that the user is an owner of the asset based on a previous asset transfer transaction associated with the user, verifying, by the participating node, integrity and validity of the asset based on blockchain records, determining, by the participating node, that the asset recipient is a registered user of the blockchain, in response to the determining, by the participating node, that the asset recipient is the registered user of the blockchain, encrypting, by the participating node, an asset transfer transaction by a public key associated with a private key of an auditor; and providing, by the par

Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.

Abstract: Communicating a message via a leakage-deterring encryption scheme. A sender computer stores a public key pko of a recipient key-pair (pko, sko) of a message recipient, a commitment c, bound to the public key pko, to a secret s of the message recipient, and a public key pkt of a decryptor key-pair (pkt, skt). A receiver computer stores a secret key sko of the recipient key-pair (pko, sko), the commitment c and an opening o to the commitment. A decryptor computer stores a secret key skt of the decryptor key-pair (pkt, skt). The sender computer is adapted to encrypt a message m for the message recipient by generating ciphertexts. The sender computer sends the ciphertexts to the receiver computer. The receiver computer is adapted to send a ciphertext to the decryptor computer and provide a proof. The decryptor computer is adapted to verify the proof.

Abstract: An example operation may include one or more of receiving a signed transaction from a blockchain member device, responsive to receiving the signed transaction, identifying a credential assigned to the blockchain member device, and the credential certifies a public key is assigned to the blockchain member device and was used to sign the signed transaction, determining whether to commit the signed transaction to a blockchain based on the credential, and responsive to determining to commit the signed transaction based on the credential, storing the signed transaction anonymously in the blockchain.

Abstract: The invention performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme; computing a pseudorandom tag; indexing the encrypted file with the tag as user set index of the user set and writing the encrypted file and the associated tag to the a storage system of the server. Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server, the tag data enabling the user devices of a respective set to recognize so-called “own” tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags; reading one or more encrypted files associated to the own tags; and decrypting the encrypted files.

Abstract: Computer-implemented methods for privacy attribute based credentials include issuing a privacy-preserving attribute-based credential, which is signed with a private key and has a unique credential handle; updating an accumulator in a tamperproof log to incorporate the credential handle; and facilitating providing access to a service in response to a zero-knowledge proof that the accumulator contains the credential handle. The methods also include generating revocation conditions and initial revocation information; submitting the initial revocation information and the revocation conditions to the tamperproof log; revoking a credential by adding a credential handle of the credential to the initial revocation information; and submitting the updated revocation information to the tamperproof log. Further, the methods include writing to the tamperproof log an audit token that contains an encrypted credential handle, which is encrypted by an auditor's public key that is published on the tamperproof log.

Abstract: The invention relates to a computer-implemented method for handling revocation statuses of credentials, the method including: an issuing computer transmitting a public key to user and verifying computers, a revocation computer sending revocation parameters to user and verifying computer devices, issuing credentials to a user computer by an issuing computer, verifying issued credentials by the user computer, transmitting updated revocation information to the revocation computer by the verifying computer, updating provisional revocation status information by the revocation computer, updating revocation status information by the revocation computer, transmitting updated revocation information to a revocation computer by a verifying computer, updating provisional revocation status information by the revocation computer, transmitting updated revocation status information to the user and verifying computers by the revocation computer, creating a presentation token by the user computer, transmitting the presentation

Abstract: The invention performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme; computing a pseudorandom tag; indexing the encrypted file with the tag as user set index of the user set and writing the encrypted file and the associated tag to the a storage system of the server. Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server, the tag data enabling the user devices of a respective set to recognize so-called “own” tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags; reading one or more encrypted files associated to the own tags; and decrypting the encrypted files.

Abstract: Aspects relate to a computer implemented anonymous credential method for credential abuse prevention and efficient revocation. The method includes acquiring a credential from an issuer at a user, registering the user and credential with an oblivious monitor, generating a user presentation token at the user using the credential, requesting presentation with the oblivious monitor by the user, wherein the user presentation token is transmitted to the oblivious monitor, verifying the user presentation token, wherein presentation is aborted if verification fails, transmitting, from the oblivious monitor, an oblivious monitor presentation token portion to the user in response to the verification passing, transmitting a combined presentation token to a verifier, wherein the combined presentation token includes the user presentation token and the oblivious monitor presentation token portion, and verifying the combined presentation token at the verifier.

Abstract: The invention relates to a computer-implemented method for handling revocation statuses of credentials, the method including: an issuing computer transmitting a public key to user and verifying computers, a revocation computer sending revocation parameters to user and verifying computer devices, issuing credentials to a user computer by an issuing computer, verifying issued credentials by the user computer, transmitting updated revocation information to the revocation computer by the verifying computer, updating provisional revocation status information by the revocation computer, updating revocation status information by the revocation computer, transmitting updated revocation information to a revocation computer by a verifying computer, updating provisional revocation status information by the revocation computer, transmitting updated revocation status information to the user and verifying computers by the revocation computer, creating a presentation token by the user computer, transmitting the presentation

Abstract: A protocol that allows customers to buy database records while remaining fully anonymous, i.e. the database server does not learn who purchases a record, and cannot link purchases by the same customer; the database server does not learn which record is being purchased, nor the price of the record that is being purchased; the customer can only obtain a single record per purchase, and cannot spend more than his account balance; the database server does not learn the customer's remaining balance. In the protocol customers keep track of their own balances, rather than leaving this to the database server. The protocol allows customers to anonymously recharge their balances.

Abstract: A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.

Abstract: A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.