Abstract: A method for execution of a Byzantine Fault Tolerant (BFT) protocol among a number of participating nodes of a network includes: receiving, by a primary node of the BFT protocol, a transaction request, applying, by the primary node, a data dissemination protocol for distributing the transaction request among the participating nodes via a data-plane of the network, and generating, by the primary node, a hash of the transaction request and requesting consensus among the participating nodes via a control-plane of the network using the hash of the transaction request.

Abstract: A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

Abstract: A method for supporting identity management of travelers in an airport using a distributed ledger system includes receiving, by a global identity blockchain, a registration request from a traveler via a traveler device. The registration request includes a commitment for identity data that is uploaded by the traveler in a secure cloud storage. The method further includes recording the commitment in the global identity blockchain, receiving, by the global identity blockchain, a result of an identity verification with respect to the traveler from a verifier entity, recording the result in the global identity blockchain, and receiving, by a security blockchain, a ticket registration transaction issued by an airline entity. The ticket registration transaction comprises a unique traveler ID of the traveler. The method further includes issuing, by the security blockchain, an access control list update upon reception of consent by the traveler.

Abstract: A method for securing a genuine machine learning model against adversarial samples includes the steps of attaching a trigger to a sample to be classified and classifying the sample with the trigger attached using a backdoored model that has been backdoored using the trigger. In a further step, it is determined whether an output of the backdoored model is the same as a backdoor class of the backdoored model, and/or an outlier detection method is applied to logits compared to honest logits that were computed using a genuine sample. These steps are repeated using different triggers and backdoored models respectively associated therewith. It is compared a number of times that an output of the backdoored models is not the same as the respective backdoor class, and/or a difference determined by applying the outlier detection method, against one or more thresholds so as to determine whether the sample is adversarial.

Abstract: A method for securing an interblockchain transaction includes receiving, from a first user application, a registration request including a first permissioned blockchain public key and a first permissionless blockchain public key. The method also includes performing, by the processing circuitry, receiving, from a second user application, a second registration request including a second permissioned blockchain public key and a second permissionless blockchain public key. The permissioned blockchain public keys are valid on the permissioned blockchain and the permissionless blockchain public keys are valid on the permissionless public blockchain. In addition, the method includes receiving, from the first user application, a transaction identification, the transaction identification identifying a first transfer transaction executed on the permissionless public blockchain. The transaction identification identifies the first and second permissionless blockchain public keys.

Abstract: A method for thwarting attacks on a machine-learning (ML) model is provided. The method includes determining, by the ML model, a classification vector based on an input. The method further includes evaluation the classification vector based on a threshold parameter to determine a threshold result. The method also includes outputting a classification prediction based on the threshold result.

Abstract: A computer-implemented method for supporting smart contracts in a blockchain network includes: translating a source code of a smart contract into an abstract syntax tree model; generating a code property graph based on the abstract syntax tree model; performing an enrichment phase, wherein the code property graph is enriched with information that is obtained from the abstract syntax tree model; performing a vulnerability detection phase, wherein the code property graph is analyzed for one or more predetermined vulnerability patterns in order to detect one or more predetermined vulnerabilities; and performing a vulnerability patching phase, wherein one or more patches are applied in order to fix the one or more predetermined vulnerabilities detected in the vulnerability detection phase, wherein the one or more patches are inserted into the code property graph such that a patched code property graph is generated.

Abstract: A method for secure chain division of a satellite chain by a validator node of a permission-based blockchain system includes executing, by communicating with a set of validator nodes of an original satellite chain of the blockchain system, a validator assignment scheme that splits the set of validator nodes of the original satellite chain into subsets of validator nodes of child chains of the original satellite chain, and running, by communicating with the validator nodes of the respective subsets, a reconfiguration protocol to set up the respective child chains and sending, to an identity management component that maintains identity information of all members of the blockchain system in a registry, a configuration update to record the division of the original satellite chain and corresponding creation of the child chains.

Abstract: A method for sharing of digital health data in a travel environment is provided. Traveler's identities are managed using a distributed ledger system, that includes a global identity blockchain, security blockchains, and a health blockchain. The method comprises sending a request for predetermined number of health data records, receiving consecutive access keys for the requested records and a zero knowledge proof, verifying the zero knowledge proof, wherein the zero knowledge proof validates a latest access key of the consecutive access keys. Upon verification, retrieving the health data records from the health blockchain based on hashed access keys, wherein the hashed access keys are generated from the consecutive access keys, and verifying the consecutive access keys provided by the traveler using hashed previous access keys included in the retrieved health data records, to determine whether the traveler has provided the access keys required for the retrieved health data records as requested.

Abstract: A method for registering a mining computing entity (MCE) with a trusted execution environment entity (TEEE) in a blockchain of a distributed blockchain consensus network (DBCN), based on a proof-of-stake protocol, includes determining public signing information, secret signing information, and a registration timestamp and determining public account information and secret account information for a virtual wallet of the blockchain. The method further includes generating attestation information based on signing integrity information and hashing the public signing information and the public account information, and based on the attestation information, obtaining, from an attestation providing entity (APE), proving information. The method also includes sending, to the blockchain, a registration transaction that is signed with the secret account information, and registering the MCE to the blockchain.

Abstract: Methods and systems for supporting trusted communication between nodes from different blockchains are provided. The method comprises using a bootstrapping service for bootstrapping trust among blockchains of a group of federated blockchains. The bootstrapping service records security parameters of the federated blockchains. The security parameters include information on consensus configurations of the federated blockchains.

Abstract: A method for registering a mining computing entity (MCE) with a trusted execution environment entity (TEEE) in a blockchain of a distributed blockchain consensus network (DBCN), based on a proof-of-stake protocol, includes providing public signing and corresponding secret signing information and trusted time information by the TEEE of the MCE, providing public and secret account information for a virtual wallet of the blockchain by the MCE, and generating integrity information by the TEEE. The method further includes generating attestation information by signing the integrity information, hashed public signing information and public account information, computing proving information, by an attestation providing entity (APE), by attesting the attestation information, and sending a transaction to the blockchain, signed with the secret account information, the transaction including the public signing information and the proving information.

Abstract: A method for execution of a Byzantine Fault Tolerant (BFT) protocol among a number of participating nodes of a network includes: receiving, by a primary node of the BFT protocol, a transaction request, applying, by the primary node, a data dissemination protocol for distributing the transaction request among the participating nodes via a data-plane of the network, and generating, by the primary node, a hash of the transaction request and requesting consensus among the participating nodes via a control-plane of the network using the hash of the transaction request.

Abstract: A method for securing a cryptocurrency transaction on a permissioned blockchain, which involves cryptocurrencies of a permissionless public blockchain, includes receiving a join request including a transaction identification. The transaction identification identifies an enroll transaction involving a public smart contract deployed on the permissionless public blockchain, the enroll transaction identifying a permissioned blockchain public key being valid on the permissioned blockchain and transferring a cryptocurrency balance to the public smart contract. The method further includes verifying that the enroll transaction was properly executed, crediting an account corresponding to the permissioned blockchain public key with the cryptocurrency balance, and receiving a send request identifying a second cryptocurrency balance and a second permissioned blockchain public key being valid on the permissioned blockchain.

Abstract: A method for securing an interblockchain transaction includes receiving, from a first user application, a registration request including a first permissioned blockchain public key and a first permissionless blockchain public key. The method also includes performing, by the processing circuitry, receiving, from a second user application, a second registration request including a second permissioned blockchain public key and a second permissionless blockchain public key. The permissioned blockchain public keys are valid on the permissioned blockchain and the permissionless blockchain public keys are valid on the permissionless public blockchain. In addition, the method includes receiving, from the first user application, a transaction identification, the transaction identification identifying a first transfer transaction executed on the permissionless public blockchain. The transaction identification identifies the first and second permissionless blockchain public keys.

Abstract: A method of generating a deniable commitment of personal data of a user with an unlinkable proof of the commitment of the personal data for securing user privacy in a digital identity system includes receiving the personal data of the user and receiving the commitment of the personal data according to a commitment scheme. An interactive zero-knowledge proof is engaged in with the user so as to verify that the commitment of the personal data opens to the personal data of the user.

Abstract: A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

Abstract: A method for supporting sharing of travel history of travelers in airports, wherein the travelers' identity is managed using a distributed ledger system, wherein the distributed ledger system includes a global identity blockchain and several per segment security blockchains, wherein the global identity blockchain is accessible by entities of the distributed ledger system, and wherein a per segment security blockchain is employed for a predetermined flight segment, such that the per segment security blockchain is accessible only by entities of the distributed ledger system that are involved in the predetermined flight segment, the method comprising the steps of: a) generating a history secret of a traveler according to a resistance mechanism for resisting a creation of multiple identities, in particular a Sybil-resistance mechanism; b) receiving, by the global identity blockchain, a registration request of the traveler, wherein the registration request comprises a commitment of the traveler's history secret, a

Abstract: A method for securing a genuine machine learning model against adversarial samples includes the steps of attaching a trigger to a sample to be classified and classifying the sample with the trigger attached using a backdoored model that has been backdoored using the trigger. In a further step, it is determined whether an output of the backdoored model is the same as a backdoor class of the backdoored model, and/or an outlier detection method is applied to logits compared to honest logits that were computed using a genuine sample. These steps are repeated using different triggers and backdoored models respectively associated therewith. It is compared a number of times that an output of the backdoored models is not the same as the respective backdoor class, and/or a difference determined by applying the outlier detection method, against one or more thresholds so as to determine whether the sample is adversarial.

Abstract: A method for securing a genuine machine learning model against adversarial samples includes receiving a sample, as well as receiving a classification of the sample using the genuine machine learning model or classifying the sample using the genuine machine learning model. The sample is classified using a plurality of backdoored models, which are each a backdoored version of the genuine machine learning model. The classification of the sample using the genuine machine learning model is compared to each of the classifications of the sample using the backdoored models to determine a number of the backdoored models outputting a different class than the genuine machine learning model. The number of the backdoored models outputting a different class than the genuine machine learning model is compared against a predetermined threshold so as to determine whether the sample is an adversarial sample.