Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.

Systems and methods for tamper-resistant verification of firmware with a trusted platform module. Embodiments may be configured to ensure the integrity of computer system firmware while still allowing reprogramming of nonvolatile storage devices with arbitrary information.

Examples described herein may provide local key managers on computing nodes of distributed computing systems. The local key managers may protect secrets (e.g. cryptographic keys) in the distributed system such that risk of compromise is reduced or eliminated. In some examples, secure processors, such as trusted platform modules (TPMs), may be incorporated in computing nodes of distributed computing systems described herein. The secure processor may aid in securely protect cryptographic keys in the event of disk or node theft, for example.

Disclosed herein are methods, systems, and apparatus for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node participating in a blockchain network, a request to execute one or more software instructions in a service TEE hosted by the blockchain node, wherein the request is encrypted by a public key associated with the service TEE; decrypting the request with a first private key associated with the service TEE, wherein the first private key is paired with the public key; in response to decrypting the request, executing the one or more software instructions to produce an execution result; encrypting the execution result with a client encryption key associated with the service TEE to produce an encrypted result; and signing the encrypted result using a second private key associated with the TEE to produce a signed encrypted result.

A method comprises generating a first block of a block chain and generating a second block of the block chain. The first block is associated with a first component of a storage device. The first block is generated when the first component is manufactured. The second block is associated with a second component of the storage device. The second block is generated when the second component is manufactured.

A encrypted verification system and method includes detecting an attempt to access a service requiring multi-factor authentication from a first user computing device, requesting a trusted platform module (TPM) public key of a second user computing device, the second user computing device being coupled to the first user computing device, generating a nonce in response to receiving the TPM public key of the second user computing device, sending the nonce for signature by a TPM private key of the second user computing device, receiving a signed nonce, wherein the signed nonce is signed by the TPM private key and decrypted using the TPM public key of the second user computing device, and determining that a value of the signed nonce matches a value of the nonce to authenticate the first user computing device and allowing access to the service.

An apparatus includes an authentication arrangement for a communication connection, using a communication protocol, between two data processing devices of the apparatus. The data processing devices each have an interface unit for the communication connection and a computation unit. The interface units each have an encryption/decryption device, where the encryption/decryption device is at least partially produced by hardware for encrypting at least some of the user data to be transmitted via the communication connection as part of the authentication arrangement. The encryption/decryption device can be applied in a communication layer of the communication protocol to the user data prepared for the physical user data transmission or to the physically received user data. Each data processing device has a security unit, implemented as dedicated hardware that the computation unit cannot access and/or in a manner logically isolated from the computation unit. The security unit produces a trusted execution environment, of the authentication arrangement with in each case at least one piece of a hardware-encoded key information, on the basis of which the user data are encrypted by the encryption/decryption device.

The invention provides systems and methods for converting high level source code into an arithmetic circuit which represents the functionality expressed in the source code. The invention comprises a translation/interpretation component for performing this conversion. In a preferred embodiment, the source code is a smart contract such as those used in relation to a blockchain platform. The invention could be used in relation to the Bitcoin network, for example. A method in accordance with an embodiment comprises the steps of: processing a portion of high level source code (e.g. a smart contract) to generate an arithmetic circuit. The arithmetic circuit comprises one or more arithmetic gates arranged to represent at least some of the functionality expressed in the source code. The processing involves evaluating one or more constants provided in the source code to produce one or more expressions that include Boolean and/or arithmetic operators. The arithmetic circuit comprises n-bit wires connected to arithmetic gates; it can be used to provide a hardware and/or software circuit. The arithmetic circuit can be used to generate a quadratic program which can be executed upon a processor.

Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.