Some embodiments are directed to a hash tree computation device. The hash tree computation device computes a top hash of a hash tree. A hash preimage of a leaf node of the hash tree comprises a type of the leaf node. A hash preimage of an internal node of the hash tree comprises a type count comprising a number of descendants of the internal node having a given type. The hash tree computation device computes the top hash by computing hashes of a current node and of its ancestors, where a hash of an ancestor is computed based on its type count, the type count being computed from types or type counts of its descendants.

Methods, systems, and devices for wireless communications are described. Aspects include a device generating data to be sent to a receiving device and determining to provide provenance for the data. The device may generate a data identifier based on an identifier generation key and encrypt the data using an encryption key generated from a key associated with an owner of the device. The device may sign they encrypted data transmission using a signing key where the signing key is based on the encrypted data and the data identifier. In some cases, the device may send the data to a receiving device via one or more proxy devices. In some cases, multiple device may send signed data transmissions to a proxy device and the proxy device may process the multiple data transmission and send the processed data to the receiving device. The receiving device may verify provenance of the data.

Embodiments may include a two-round-trip protocol by which two parties can securely conduct an already-agreed-upon exchange of digital assets (i.e., in the provable absence of settlement risk). For example, in the first round of the protocol, each party may send to a specially designed “settlement contract” the “statement” corresponding to the party's portion of the proposed bilateral transaction (e.g., how much asset the party will transfer, and to whom), as well as a hash of the party's “proof”. Between rounds, each party checks that the other party's statement transfers to the party the agreed-upon amount. The settlement contract may then lock the proof hashes against future misuse, and in particular against use by unauthorized parties. In the second round, each party sends its proof to the settlement contract. The settlement contract then dispatches both statement-proof pairs and executes the bilateral exchange.

A hardware accelerator for accelerating the zero knowledge succinct non-interactive argument of knowledge (zk-SNARK) protocol by reducing the computation time of the cryptographic verification is disclosed. The accelerator includes a zk-SNARK engine having one or more processing units running in parallel. The processing unit can include one or more multiply-accumulate operation (MAC) units, one or more fast Fourier transform (FFT) units; and one or more elliptic curve processor (ECP) units. The one or more ECP units are configured to reduce a bit-length of a scalar d.sub.i in an ECP algorithm used for generating a proof, thereby the cryptographic verification requires less computation power.

A computer-implemented method of pseudo-randomly generating winning game elements for use in playing a game. An oracle obtains: a set of seed data items, the set of seed data items comprising one or more user seed data items; and a sequence of first public keys, each first public key representing a respective one of the set of first game elements. The oracle generates an output of a game transaction that comprises an output script. The script comprises the sequence of at least some of the first public keys, and wherein the output script is configured to, when executed, generate at least one pseudorandom number, the pseudorandom number being based on the set of seed data items, and to select a winning key, the winning public key being the public key at a position in the sequence of first public keys corresponding to the pseudorandom number.

Techniques for server control of client authorization proof of possession are described herein. In various embodiments, a first server provisions client authorization proof of possession for a client device a real-world time, a client public key, and a client private key. The first server generates provisioning response message(s) including the client public key, the client private key, the real-world time, and/or an assertion object, and sends the message(s) to the client device. In various embodiments, a client device obtains an authorization proof token generated based on a client public key, a client private key, and a real-world time provisioned by a first server. The client device generates a request and sends the request to a second server, the request includes the authorization proof token and an assertion object from the first server signed by a server private key and an expiration time and a reference to the client public key.

Provided is a process that establishes user identities within a decentralized data store, like a blockchain. A user's mobile device may establish credential values within a trusted execution environment of the mobile device. Representations of those credentials may be generated on the mobile device and transmitted for storage in association with an identity of the user established on the blockchain. Similarly, one or more key-pairs may be generated or otherwise used by the mobile device for signatures and signature verification. Private keys may remain resident on the device (or known and input by the user) while corresponding public keys may be stored in associated with the user identity on the blockchain. A private key is used to sign representations of credentials and other values as a proof of knowledge of the private key and credential values for authentication of the user to the user identity on the blockchain.

Disclosed are various embodiments for issuing virtual cards to client devices. Also disclosed are embodiments for provisioning a transaction terminal to process transactions with virtual cards. A zero-knowledge proof algorithm can be utilized to validate the transactions. A virtual card can be based upon a public key of a client device that is managed by a hardware security module.

The instant invention provides a real-time environment where the proof of insurance information is updated as the insurance status changes. It provides users with processes that benefit from a live proof or a smart certificate of insurance. It utilizes flexible storage architecture so that users can leverage both distributed ledger technology as well as more traditional storage methods to provide real time secure storage and retrieval of certificate of insurance information to all parties involved in a transaction.

The generation device (20) is a generation device for generating certification information used for verification using zero-knowledge proof, and includes a conditional expression generation unit (23a) and a certification information generation unit (23b). The conditional expression generation unit (23a) generates, for different conditions, a plurality of conditional expressions that defines confidential information under one or more conditions. The certification information generation unit (23b) generates, as the certification information, a plurality of proofs based on each of the conditional expressions.