The invention provides systems and methods for converting high level source code into an arithmetic circuit which represents the functionality expressed in the source code. The invention comprises a translation/interpretation component for performing this conversion. In a preferred embodiment, the source code is a smart contract such as those used in relation to a blockchain platform. The invention could be used in relation to the Bitcoin network, for example. A method in accordance with an embodiment comprises the steps of: processing a portion of high level source code (e.g. a smart contract) to generate an arithmetic circuit. The arithmetic circuit comprises one or more arithmetic gates arranged to represent at least some of the functionality expressed in the source code. The processing involves evaluating one or more constants provided in the source code to produce one or more expressions that include Boolean and/or arithmetic operators. The arithmetic circuit comprises n-bit wires connected to arithmetic gates; it can be used to provide a hardware and/or software circuit. The arithmetic circuit can be used to generate a quadratic program which can be executed upon a processor.

Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.

Methods, media, and systems for secure provisioning of servers within a cloud computing environment are provided for herein. In some embodiments, a management service can delegate provisioning of a server of the cloud computing environment to an imaging service. In response, the imaging service can generate an operating system image for the server and can utilize disk encryption to protect to operating system image. In embodiments, a volume encryption key of the disk encryption can be encrypted utilizing a public key of a trusted platform manager of the server, to produce an encrypted volume encryption key that is protected by the trusted platform module of the server. The encrypted operating system image and the encrypted volume encryption key can then be transmitted to the server to cause the server to be provisioned with the operating system image. Other embodiments may be described and/or claimed herein.

A method for establishing a secure data communication based on a cryptographic key is provided. The method includes submitting a cryptographic key request to a trust module. A digital signature is verified based on a public key assigned to the processing device. An internal cryptographic key is generated based on the public key assigned to the processing device and a secret key assigned to the trust module. The cryptographic key is generated based on the internal cryptographic key and a key identifier of the processing device. The cryptographic key is encrypted using the public key assigned to the processing device. The encrypted cryptographic key is transmitted to the processing device. The trust module is implemented as a stateless Lambda trust anchor.

A data processing method based on an integrated chip is provided. The method includes providing computing information of a trusted computing chip to a high-speed encryption chip, and invoking the high-speed encryption chip to perform data encryption or trusted computing based on the computing information. As such, after these two types of chips are integrated, these two types of secure computing (the trusted computing and the data encryption) can share common computing information. Compared with using individual sets of computing information before integration, corresponding hardware and management costs are reduced. Moreover, the trusted computing chip is superior to the high-speed encryption chip in terms of functional integrity and reliability for data encryption functions. Storing the computing information by the trusted computing chip can improve the security of the data encryption. For trusted computing functions, the utilization of the computing power of the high-speed encryption chip is increased, and the computational efficiency of the trusted computing is improved.

In one example an apparatus comprises a computer readable memory, a signing facility comprising a plurality of hardware security modules, and a state synchronization manager comprising processing circuitry to select, from the plurality of hardware security modules, a set of hardware security modules to be assigned to a digital signature process, the set of hardware security modules comprising at least a first hardware security module and a second hardware module, and assign a set of unique state synchronization counter sequences to the respective set of hardware security modules, the set of state synchronization counter sequences comprising at least a first state synchronization counter sequence and a second state synchronization counter sequence. Other examples may be described.

Embodiments of the invention provide enhanced security solutions which are enforced through the use of cryptographic techniques. It is suited for, but not limited to, use with blockchain technologies such as the Bitcoin blockchain. Methods and devices for generating an elliptic curve digital signature algorithm signature (r, w) are described. In one embodiment, a method includes: i) forming, by a node, a signing group with other nodes; ii) obtaining, by the node, based on a secure random number: a) a multiplicative inverse of the secure random number; and b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point; iii) determining, by the node, a partial signature based on a private secret share, the multiplicative inverse of the secure random number and the first signature component; iv) receiving, by the node, partial signatures from other nodes of the signing group; and v) generating, by the node, the second signature component, w, based on determined and received partial signatures.

Methods, media, and systems for secure provisioning of servers within a cloud computing environment are provided for herein. In some embodiments, a management service can delegate provisioning of a server of the cloud computing environment to an imaging service. In response, the imaging service can generate an operating system image for the server and can utilize disk encryption to protect to operating system image. In embodiments, a volume encryption key of the disk encryption can be encrypted utilizing a public key of a trusted platform manager of the server, to produce an encrypted volume encryption key that is protected by the trusted platform module of the server. The encrypted operating system image and the encrypted volume encryption key can then be transmitted to the server to cause the server to be provisioned with the operating system image. Other embodiments may be described and/or claimed herein.

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.