Abstract: In some embodiments, a processor may generate a request associated with a transaction, collect an anchor associated with the request, and transition the transaction into a collection of two or more hashes; the processor may submit the transaction to an ordering service. In some embodiments, a processor may receive a request associated with a transaction, identify that a first preimage associated with a first hash is known to a first shard, and generate a first identification tag associated with the transaction. In some embodiments, a processor may receive a request associated with a transaction, assign a first shard a first task, and identify that a first preimage associated with a first hash is known to the first shard; the processor may perform the task.

Abstract: A method, system, and computer program product are disclosed. The method includes separating a user certificate into a private component and a non-private component. The method further includes storing the non-private component in a database and providing a pointer to the non-private component stored in the database.

Abstract: The present invention is directed to a computer-implemented method for linking identity information of a physical identifier to a digital identifier. The identity information comprises a plurality of symbols. The method comprises cryptographically obfuscating one or more symbols of the identity information separately into an obfuscated symbol such that a separate deobfuscation information is needed for each obfuscated symbol to deobfuscate it and storing the obfuscated symbols within the digital identifier.

Abstract: A Byzantine fault-tolerant distributed computing system of nodes configured to process client requests, executes a leader-based total order broadcast (LBTOB) protocol. The computing system concurrently executes multiple instances of the LBTOB protocol at the nodes, on respective disjoint partitions of the client requests, and the disjoint partitions are assigned to the instances using a deterministic function of a state of the system. The computing system multiplexes outputs of the executing instances in an ordered log of the client requests, and the ordered log is maintained at each of the nodes.

Abstract: A computer executes a causal total order broadcast (CTOB) protocol, in a Byzantine fault-tolerant, distributed computerized system comprising a set of nodes acting as servers for clients of the system. The nodes host a trusted proxy client (TPC) process that executes in a trusted execution environment of the nodes. The TPC process includes for each client request (which include encrypted contents) received from any of the clients, signing the client request. The TPC process invokes a total order broadcast (TOB) protocol to obtain a sequence number for the signed request, whereby the nodes establish a total order in which the signed request is processed by the nodes. Upon determining that the signed request is assigned this sequence number, the TPC process reveals a decrypted version of the encrypted contents of the client request to the set of nodes, and the decrypted version is processed according to the TOB protocol.

Abstract: A computer manages reconfigurations of a Byzantine fault-tolerant, distributed computing system comprising a network of first nodes adhering to a given consensus protocol at a reconfiguration service. The computer services the network by receiving a request of change of status of a second node with respect to the network. The computer informs at least a subset of the first nodes of the received request. The computer obtains an approval of the request, whereby at least a subset of the first nodes collectively approve the change of status as a result of contributions processed according to the given consensus protocol. The computer updates a configuration log according to request approvals obtained by servicing the network. The computer addresses requests of clients about configurations of the network based on the updated configuration log.

Abstract: A processor may store a write set of a transaction in a cache. The cache may include state information, and the cache may be uncommitted to a blockchain. The processor may identify a subsequent transaction. The subsequent transaction may read from the cache when a requested key is present in the cache. The processor may order the transaction and the subsequent transaction based on what is read from the cache. Ordering the transaction and the subsequent transaction may avoid an abort of the subsequent transaction.

Abstract: An example operation may include one or more of extracting a data object from a machine-readable code, where the data object comprises fields of data signed with a digital signature of a private key, detecting an identifier of an issuer of the data object from the extracted data object, retrieving a public key from a blockchain based on the identifier of the issuer detected from the field of the extracted data object, and verifying the digital signature of the private key based on the fetched public key

Abstract: A processor may generate a request associated with a transaction. The processor may collect an anchor associated with the request. The processor may transition the transaction into a collection of two or more hashes. The processor may submit the transaction to an ordering service. A processor may receive a request associated with a transaction. The processor may identify that a first preimage associated with a first hash is known to a first shard. The processor may generate a first identification tag associated with the transaction. A processor may receive a request associated with a transaction. The processor may assign a first shard a first task. The processor may identify that a first preimage associated with a first hash is known to the first shard. The processor may perform the task.

Abstract: An example operation may include one or more of receiving, by each of one or more peripheral peers of a blockchain network, a sequence of new blocks from an orderer peer, calculating hashes for the sequence of new blocks, adding the hashes to a merkle tree, determining the merkle tree is different than merkle trees from a majority of peripheral peers, determining that one or more blocks that correspond to the different merkle trees from the majority of peripheral peers are different from the sequence of new blocks, and in response ceasing committing blocks to the blockchain network.

Abstract: An example operation may include one or more of receiving, by each of one or more peripheral peers of a blockchain network, a new block from an orderer peer, calculating a hash of the new block, determining the calculated hash is different than hashes from a majority of peripheral peers, determining that one or more blocks that correspond to the different hashes from the majority of peripheral peers are different from the new block, and in response ceasing committing blocks to the blockchain network.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: Embodiments of the present invention may provide techniques by which replay attacks in a blockchain network may be efficiently resisted, while preserving valid user permissions and privacy in the blockchain network. For example, in an embodiment of the present invention, in a network of computer systems, a method of communication may comprise at a user computer system, generating a security value that is to be used only once, generating a message signed with a security certificate and including the security value, and transmitting the message over the network of computer systems.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: A method for byzantine fault tolerant data replication with a plurality of 2f+1 data servers and one or more clients includes storing data in at least f+1 different data servers out of the 2f+1 data servers, and storing metadata of the stored data under a metadata-identifier in a metadata-service (MDS). The stored metadata includes a unique identifier of the stored data, a fingerprint of the stored data, and a list of the at least f+1 different data servers which have stored the data.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: Embodiments of the present invention may provide techniques by which replay attacks in a blockchain network may be efficiently resisted, while preserving valid user permissions and privacy in the blockchain network. For example, in an embodiment of the present invention, in a network of computer systems, a method of communication may comprise at a user computer system, generating a security value that is to be used only once, generating a message signed with a security certificate and including the security value, and transmitting the message over the network of computer systems.

Abstract: A method for byzantine fault tolerant data replication with a plurality of 2f+1 data servers and one or more clients includes storing data in at least f+1 different data servers out of the 2f+1 data servers, and storing metadata of the stored data under a metadata-identifier in a metadata-service (MDS). The stored metadata includes a unique identifier of the stored data, a fingerprint of the stored data, and a list of the at least f+1 different data servers which have stored the data.

Abstract: Methods and systems for reading from and writing to a distributed, asynchronous and fault-tolerant storage system. The storage system includes storage nodes communicating with clients. The method includes a first client writing an object to the storage system and a second client reading the object from the storage system. For the first client, previous transient metadata relating to a previously written version of the object is retrieved and a new version of the object together with new transient metadata is stored. For the second client, a set of transient metadata from a third set of nodes amongst storage nodes is retrieved, a specific version of the object as stored on the storage system is determined, and a specific version of the corresponding object from a fourth set of nodes amongst storage nodes is retrieved. Two sets of nodes amongst all sets have at least one node in common.