Abstract: Blockchain systems operate over a network of computing devices. Proof of space blockchain consensus systems utilize data stored in storage devices across the computing devices within the network. These storage devices are utilized to generate and store proof of space consensus data. This data is then accessed at a later time to respond to challenges issued across the blockchain network. In order to limit successful submissions of these challenge responses, one or more filters are utilized. These filters result in only a fraction of the stored data on a storage device to be useable for solving the blockchain challenge. Attackers may attempt to circumvent this filter to increase their odds of submitting an approved solution to the blockchain challenge. In order to address this, additional data structures are stored within the storage device and are registered at the time of creation on the blockchain to make these filters more robust.

Abstract: A back-end server computer comprises a processor and computer-readable medium that comprises code executable by the processor for implementing the following method. The back-end server computer obtains a message comprising content to provide to an application installed on a user device. The back-end server computer encrypts the message with a master secret key or a key derived from the master secret key to obtain an encrypted message. The back-end server computer provides the encrypted message to the user device. The user device, using a secure element, signs the encrypted message, cryptographically recovers, using a whitebox in the application, a secure element public key from a certified key using a back-end server computer public key, cryptographically recovers, using the whitebox, the encrypted message from the signed encrypted message, and decrypts, using the whitebox, the encrypted message using the master secret key or the key derived therefrom to obtain the message.

Abstract: Certain aspects of the present disclosure provide techniques for proving possession of data in a storage device participating in a distributed data storage network. An example storage device includes a storage circuitry and a trusted circuit. The storage circuitry is configured to store a plurality of data blocks. The trusted circuit generally has a private signing key securely stored thereon. The trusted circuit is generally configured to compute a hash over data stored in a plurality of data blocks and to generate an anonymous digital signature for the data stored in the plurality of data blocks based at least in part on the private signing key and the computed hash. The trusted circuit may be interposed on a write path to the storage circuitry such that data written to the storage circuitry is processed through the trusted circuit.

Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.

Abstract: A method is disclosed. The method includes receiving, by a user device, an encrypted message from a server computer. The encrypted message is a message encrypted with a master secret key or a key derived from the master secret key. The user device signs the encrypted message with a secure element private key. The user device, using a whitebox, cryptographically recovers a secure element public key from a certified key using a server computer public key. The certified key is certified by the server computer and based on at least the secure element public key. The user device, using the whitebox, cryptographically recovers the encrypted message from the signed encrypted message using the secure element public key. The user device, using the whitebox, decrypts the encrypted message using the master secret key or the key derived from the master secret key in the whitebox to obtain the message.

Abstract: A method includes a validation computer receiving an authorization request message comprising a user state and a user proof from a user device. The user state comprises first and second user state elements. The user proof comprises first, second, and third user proof elements. The validation computer computes a first verification value by multiplying the first user proof element raised to the power of the second user state element, and the second user proof element raised to the power of the first user state element. The computer computes a second verification value by raising the second user proof element to the power of the second user state element. The computer compares the first verification value to a first accumulated state element of an accumulated state. The compares the second verification value to a second accumulated state element. The validation computer authorizes the authorization request message based on the comparison steps.

Abstract: Methods and systems for privacy-preserving identity attribute verification are presented. During an interaction between a relying entity and a user, a relying entity computer can transmit a policy token to a user device. The policy token may indicate the information needed by the relying entity in order to perform the interaction. The user device can verify the policy token, then use the policy token in conjunction with an identity token to generate a zero-knowledge proof. The user device may transmit the zero-knowledge proof to an identity service provider computer. The identity service provider computer may verify the zero-knowledge proof, then generate a verification message. The identity service provider computer may sign the verification message and transmit the signed verification message to the relying entity computer. The relying entity computer may verify the verification message and complete the interaction with the user.

Abstract: At an authorization server, a shared secret electronic key may be shared with a second computer. A selection to use a system to complete a transaction may be received from a first computing device. An image may be communicated to the first computing device. A digital representation entered by the user representing the image and a PIN based on the copy of the shared electronic key may be received from the second computing device. The system and method may determine if the digital representation entered by the user on the second computing device matches the image communicated to the first computing device. The system and method may determine if the PIN based on the copy of the shared electronic key from the second computing device is as expected. In response to determining the digital representation entered by the user matches the image and the PIN the second computing device is as expected, the user may be authorized.

Abstract: Disclosed is a method, system, and computer program product for determining solvency of a digital asset exchange system. The method includes identifying a plurality of blockchain addresses corresponding to a plurality of users of a digital asset exchange system, generating a first commitment to an amount of digital assets corresponding to the plurality of blockchain addresses, and generating a second commitment to a balance of each user of the plurality of users. The method also includes generating a first component of a zero-knowledge algorithm that is configured to receive, as input, the first commitment. The method further includes generating, with at least one processor, a second component of the zero-knowledge algorithm that is configured to receive, as input, the second commitment. The method further includes determining that the digital asset exchange system is solvent based on the zero-knowledge algorithm.

Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.

Abstract: Blockchain systems operate over a network of computing devices. Proof-of-space blockchain consensus systems utilize data (called plots) stored in storage devices across the computing devices within the network. These storage devices are utilized to generate and store proof-of-space consensus data. This data is then accessed at a later time to respond to challenges issued across the blockchain network. The owner of a plot may wish to sell a plot to another miner. If the seller is a bad-faith actor, they may retain copies of the secret key(s) and use them to continue mining the plot along with the buyer. To prevent these attacks, it may be desirable to submit a challenge response block where the proof-of-space is not visible as part of the challenge response. This may be done by replacing the proof-of-space with a proof-of-knowledge.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: Methods and systems for privacy-preserving identity attribute verification are presented. During an interaction between a relying entity and a user, a relying entity computer can transmit a policy token to a user device. The policy token may indicate the information needed by the relying entity in order to perform the interaction. The user device can verify the policy token, then use the policy token in conjunction with an identity token to generate a zero-knowledge proof. The user device may transmit the zero-knowledge proof to an identity service provider computer. The identity service provider computer may verify the zero-knowledge proof, then generate a verification message. The identity service provider computer may sign the verification message and transmit the signed verification message to the relying entity computer. The relying entity computer may verify the verification message and complete the interaction with the user.

Abstract: Blockchain-based, smart contract platforms have great promise to remove trust and add transparency to distributed applications. However, this benefit often comes at the cost of greatly reduced privacy. Techniques for implementing a privacy-preserving smart contract is described. The system can keep accounts private while not losing functionality and with only a limited performance overhead. This is achieved by building a confidential and anonymous token on top of a cryptocurrency. Multiple complex applications can also be built using the smart contract system.

Abstract: An initiator device can broadcast a witness request to one or more authentication devices. The one or more authentication devices can then determine an assurance level from a range of assurance levels and determine a token share corresponding to the assurance level. The initiator device can then receive, from the one or more authentication devices, at least one witness response comprising the token share corresponding to the assurance level. The initiator device can generate an authentication token using a set of token shares. The initiator device can then transmit the authentication token to an authentication server, wherein the authentication server verifies the authentication token.

Abstract: Blockchain-based, smart contract platforms have great promise to remove trust and add transparency to distributed applications. However, this benefit often comes at the cost of greatly reduced privacy. Techniques for implementing a privacy-preserving smart contract is described. The system can keep accounts private while not losing functionality and with only a limited performance overhead. This is achieved by building a confidential and anonymous token on top of a cryptocurrency. Multiple complex applications can also be built using the smart contract system.

Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.

Abstract: System, methods, and devices described herein utilize blockchain systems to tie physical storage devices to a digital non-fungible token (NFT). By utilizing this association, the manufacturer can provide software to assure purchasers that their devices are genuine. Furthermore, ownership transfers can be verified and utilized as a means to provide accurate provenance of a storage device, which can increase the value of the device in certain collectible situations. Associating a storage device to an NFT can include pair the drive with a unique identifier provided by the manufacturer, and an address that consists of an encryption key and a secret key that only the owner will know. A user can then encrypt their data and transfer ownership of the storage device to a new owner who will generate a new encryption key. The new owner cannot access data stored on the device, preventing the original owner’s data from being compromised.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Blockchain systems operate over a network of computing devices. Proof-of-space blockchain consensus systems utilize data (called plots) stored in storage devices across the computing devices within the network. These storage devices are utilized to generate and store proof-of-space consensus data. This data is then accessed at a later time to respond to challenges issued across the blockchain network. The owner of a plot may wish to sell a plot to another miner. If the seller is a bad-faith actor, they may retain copies of the secret key(s) and use them to continue mining the plot along with the buyer. To prevent these attacks, it may be desirable to submit a challenge response block where the proof-of-space is not visible as part of the challenge response. This may be done by replacing the proof-of-space with a proof-of-knowledge.