Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Abstract: A method for operating a mining pool includes running, by a mining pool operator, a blockchain node and at least one enclave. The blockchain node is connected to the enclave as well as to a blockchain P2P network and to a publicly available site. The method further includes checking, by the blockchain node, validity of incoming blocks and transactions received from the blockchain P2P network, and forwarding information on the received blocks and transactions to the at least one enclave. The method further includes creating, by the at least one enclave, a state transparency log and inserting the block and transaction information received from the blockchain node into the state transparency log, and signing, by the at least one enclave, the state transparency log and publishing the state transparency log at the publicly available site.

Abstract: A full blockchain node for preserving privacy of a lightweight blockchain client in a blockchain network includes at least one computer device having an operating system. A trusted execution environment is installed on the at least one computer device such that code is executable by the trusted execution environment in isolation from the operating system. The trusted execution environment is configured to communicate with the lightweight blockchain client for performing blockchain transactions in a blockchain network.

Abstract: A method for executing smart contracts in a cryptocurrency, in which a state of the smart contract is stored on a blockchain of the cryptocurrency, is performed by a contract creator and includes determining a distributed set of service providers. A smart contract is deployed and a trust model is defined that allows the distributed set of service providers to perform a transaction that effects a state transition of the smart contract in a case that a predefined or configurable quorum of the service providers of the distributed set of service providers attests to validity of the transaction. Contract execution is offloaded to the distributed set of service providers and, in a case of achieving the quorum, the state transition effected by the transaction is included in the blockchain.

Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a trusted execution environment (TEE). A secure communication is established between the lightweight blockchain client and the TEE. The TEE receives a request from the lightweight blockchain client for at least one transaction or address of the lightweight blockchain client. The TEE obtains unspent transaction output (UTXO) information with respect to the request from the lightweight blockchain client from a UTXO database by oblivious database access using an oblivious RAM (ORAM) protocol.

Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Abstract: A full blockchain node for preserving privacy of a lightweight blockchain client in a blockchain network includes at least one computer device having an operating system. A trusted execution environment is installed on the at least one computer device such that code is executable by the trusted execution environment in isolation from the operating system. The trusted execution environment is configured to communicate with the lightweight blockchain client for performing blockchain transactions in a blockchain network.

Abstract: A method for storing a data file, ‘DF’ on a storage entity, ‘SE’ includes a computing entity, ‘CE’, chunking the DF into a number of blocks using a one-way-function and a chunking key. The CE may compute a hash value for each of the blocks. One or more proxies, ‘PE’, may check whether the blocks are already stored, resulting in a first number of already stored blocks and a second number of blocks not being stored. The CE may encrypt the blocks not being stored using an encryption key, transmit the encrypted blocks to the SE for storing, and inform the PE about the hash value of each of the transmitted blocks and corresponding storage location information of the transmitted blocks.

Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a trusted execution environment (TEE). A secure communication is established between the lightweight blockchain client and the TEE. The TEE receives a request from the lightweight blockchain client for at least one transaction or address of the lightweight blockchain client. The TEE obtains unspent transaction output (UTXO) information with respect to the request from the lightweight blockchain client from a UTXO database by oblivious database access using an oblivious RAM (ORAM) protocol.

Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a secure software guard extensions (SGX) enclave. A request is received from the lightweight blockchain client for a setup of a secure network connection. A client unique ID is received from the lightweight blockchain client, and is acknowledged following a successful attestation by the lightweight blockchain client. A request is received from the lightweight blockchain client for transaction(s)/address(es) of the lightweight blockchain client. The SGX enclave loads and searches unspent transaction outputs (UTXO) from a memory of the full blockchain node and sends a response to the request from the lightweight blockchain client for the transaction(s)/address(es) based on a match from the searching the UTXO. The secure communication is then terminated with the lightweight blockchain client.

Abstract: A method for controlling access to a shared resource for a plurality of collaborative users includes securely providing, on a storage and device entity, the shared resource. The shared resource is created by a resource owner entity. The method further includes specifying access control rules for the shared resource, translating the access control rules into a smart contract, including the smart contract into a blockchain, and if a second user requests access to the shared resource, performing access decisions for the shared resource by evaluating the smart contract with regard to the access control rules.

Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.

Abstract: A communication apparatus comprising a plurality of communication processes, each of the communication processes configured to be executed in an environment allocated thereto and isolated from each of one or more environments arranged for remaining one or more processes, each of the communication processes performing communication processing on a flow associated thereto, a network interface connected to a network; a dispatcher that dispatches a packet to the communication process based on a dispatch rule that defines association of a flow with a communication process.

Abstract: A method operates a blockchain to provide mutable transactions. The blockchain has a sequence of blocks, each block having transaction information, having a transaction, in its data record. A mutability policy is includable in the transaction information, and specifies conditions for changing its transaction.

Abstract: A method for controlling access to a shared resource for a plurality of collaborative users includes securely providing, on a storage and device entity, the shared resource. The shared resource is created by a resource owner entity. The method further includes specifying access control rules for the shared resource, translating the access control rules into a smart contract, including the smart contract into a blockchain, and if a second user requests access to the shared resource, performing access decisions for the shared resource by evaluating the smart contract with regard to the access control rules.

Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a secure software guard extensions (SGX) enclave. A request is received from the lightweight blockchain client for a setup of a secure network connection. A client unique ID is received from the lightweight blockchain client, and is acknowledged following a successful attestation by the lightweight blockchain client. A request is received from the lightweight blockchain client for transaction(s)/address(es) of the lightweight blockchain client. The SGX enclave loads and searches unspent transaction outputs (UTXO) from a memory of the full blockchain node and sends a response to the request from the lightweight blockchain client for the transaction(s)/address(es) based on a match from the searching the UTXO. The secure communication is then terminated with the lightweight blockchain client.

Abstract: A method for encrypting data based on all-or-nothing encryption includes: providing, by an encryption system, data to be encrypted and an encryption key; dividing, by the encryption system, the data into an odd number of blocks, wherein each of the blocks has the same size; encrypting, by the encryption system, the blocks with the encryption key to obtain an intermediate ciphertext c? comprising intermediate ciphertext blocks c0?, . . . , cN?, wherein c0? corresponds to a random seed and c1?, . . . , cN? corresponds to the encrypted blocks; and obtaining, by the encryption system, a final ciphertext c using the intermediate ciphertext c?. An intermediate overall ciphertext t is obtained based on XOR'ing the intermediate ciphertext blocks c0?, . . . , cN?; and obtaining a plurality of final ciphertext blocks c1, . . . cN by XOR'ing respective intermediate ciphertext blocks c1?, . . . , cN? with the intermediate overall ciphertext t.

Abstract: A method for storing a data file, ‘DF’ on a storage entity, ‘SE’ includes a computing entity, ‘CE’, chunking the DF into a number of blocks using a one-way-function and a chunking key. The CE may compute a hash value for each of the blocks. One or more proxies, ‘PE’, may check whether the blocks are already stored, resulting in a first number of already stored blocks and a second number of blocks not being stored. The CE may encrypt the blocks not being stored using an encryption key, transmit the encrypted blocks to the SE for storing, and inform the PE about the hash value of each of the transmitted blocks and corresponding storage location information of the transmitted blocks.

Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.

Abstract: A communication apparatus comprising a plurality of communication processes, each of the communication processes configured to be executed in an environment allocated thereto and isolated from each of one or more environments arranged for remaining one or more processes, each of the communication processes performing communication processing on a flow associated thereto, a network interface connected to a network; a dispatcher that dispatches a packet to the communication process based on a dispatch rule that defines association of a flow with a communication process.