公开(公告)号：WO2023016665A1

公开(公告)日：2023-02-16

申请号：PCT/EP2021/073178

申请日：2021-08-20

Applicant: NEC LABORATORIES EUROPE GMBH

Inventor： SORIENTE, Claudio ,  FIORE, Dario

IPC: H04L9/32

Abstract: The present invention relates to a computer-implemented method for execution of a cryptographic sortition among a group of parties (210, 220). According to an embodiment of the invention, the method comprises committing, by a first party (210) of the group, to a set of n party-specific secret keys k1,..., kn for a block cipher E; obtaining, by the first party (210) and at least a second party (220) of the group, a common input x and an index r; encrypting, by the first party (210), the input x with the r-th key kr of the committed keys k1,..., kn, thereby generating an output y1 of the block-cipher E, and publishing the output y1 together with the key kr used for encryption; and encrypting, by the second party (220), the common input x with the key kr published by the first party (210), thereby generating an output y1' of the block-cipher E, and comparing the generated output y1' with the output y1 published by the first party (210).

公开(公告)号：WO2022174933A1

公开(公告)日：2022-08-25

申请号：PCT/EP2021/061196

申请日：2021-04-28

Applicant: NEC LABORATORIES EUROPE GMBH ,  IMDEA SOFTWARE INSTITUTE

Inventor： SORIENTE, Claudio ,  FIORE, Dario

IPC: H04L9/32

Abstract: Anonymous signature schemes, such as ring signatures or group signatures, allow parties to sign messages such that signatures are publicly verifiable but hide the identity of the signer within a set of potential signers. Embodiment of the present invention allow a party to prove authorship of any subset of its signatures, without revealing its identity. In other words, a signer can prove that any subset of its signatures are "linked". The current invention has direct application in IoT, blockchain, and TEE scenarios, where group or ring signatures are used to balance authentication and anonymity.

公开(公告)号：WO2022199861A1

公开(公告)日：2022-09-29

申请号：PCT/EP2021/063353

申请日：2021-05-19

Applicant: NEC LABORATORIES EUROPE GMBH ,  IMDEA SOFTWARE INSTITUTE

Inventor： SORIENTE, Claudio ,  FIORE, Dario

IPC: G06F7/544 ,  H04L9/00 ,  G06F21/53 ,  G06F21/71

Abstract: The present invention provides a computer-implemented method of training an artificial neural network, ANN, on a remote host (110). In order to achieve a high level of accuracy of the ANN training, while at the same time preserving the privacy of the data used to train the ANN, the method comprises computing, by a trusted process (130) deployed in a trusted execution environment, TEE (120), on the remote host (110), a key-pair for a homomorphic encryption scheme and sharing, by the trusted process (130), the public key, PK, of the key-pair with an untrusted process (140) deployed on the remote host (110); and splitting the training procedure of the ANN between the untrusted process (140) and the trusted process (130), wherein the untrusted process (140) computes encrypted inputs to the neurons of the ANN by means of the homomorphic encryption scheme, while the trusted process (130) computes the outputs of the neurons based on the respective encrypted neuron inputs as provided by the untrusted process (140).

公开(公告)号：WO2023072390A1

公开(公告)日：2023-05-04

申请号：PCT/EP2021/079884

申请日：2021-10-27

Applicant: NEC LABORATORIES EUROPE GMBH

Inventor： BRIONGOS, Samira ,  SORIENTE, Claudio ,  KARAME, Ghassan

IPC: G06F21/53 ,  G06F9/455

Abstract: The present invention provides a method for enabling enclave migration, wherein the contents of the enclave and its sealed data are transferred from a first machine – sending host (200S) – to a second machine – receiving host (200R). The method comprises performing attestation between a security monitor (130S) of the sending host (200S) and a security monitor (130R) of the receiving host (200R) including an exchange of a shared cryptographic key K between the two security monitors (130S, 130R); using the shared cryptographic key K to implement a secure communication channel between the two security monitors (130S, 130R); executing, by the two security monitors (130S, 130R) via the secure communication channel, a predetermined transfer protocol, the transfer protocol including an initial exchange of verification messages between the security monitors (130S, 130R) to verify that both security monitors (130S, 130R) are ready and can execute the transfer, and a subsequent transfer of the enclave data between the security monitors (130S, 130R). Timeouts defining a maximum admissible time duration for particular steps of the transfer protocol may be implemented both for the initial exchange of the verification messages and for the subsequent transfer of the enclave data.

公开(公告)号：WO2022053182A1

公开(公告)日：2022-03-17

申请号：PCT/EP2021/053913

申请日：2021-02-17

Applicant: NEC LABORATORIES EUROPE GMBH ,  IMDEA SOFTWARE INSTITUTE

Inventor： SORIENTE, Claudio ,  FIORE, Dario

IPC: H04L9/00 ,  H04L9/32

Abstract: For obtaining a reliable computation result by simple means a corresponding method for performing computation of a function (f) over encrypted data by a computation entity are provided, wherein the computation of a quadratic function (f) is performed by the computation entity, wherein the encrypted data are encrypted by means of a linearly homomorphic encryption scheme, and wherein a homomorphic message authentication code is used for providing verifiable computation on encrypted data. Further, a corresponding computation entity is provided.

公开(公告)号：WO2021104795A1

公开(公告)日：2021-06-03

申请号：PCT/EP2020/080546

申请日：2020-10-30

Applicant: NEC LABORATORIES EUROPE GMBH ,  IMDEA SOFTWARE INSTITUTE

Inventor： SORIENTE, Claudio ,  FAONIO, Antonio ,  GONZALEZ VASCO, Maria Isabel ,  PEREZ DEL POZO, Angel

IPC: H04L9/08

Abstract: A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.

公开(公告)号：WO2021043502A1

公开(公告)日：2021-03-11

申请号：PCT/EP2020/070837

申请日：2020-07-23

Applicant: NEC LABORATORIES EUROPE GMBH

Inventor： KARAME, Ghassan ,  SORIENTE, Claudio

IPC: H04L9/30 ,  H04L9/32

Abstract: A method for secure user authentication using a blockchain includes computing a cryptographic puzzle and a solution to the cryptographic puzzle. The solution is sent to a user to be authenticated and the cryptographic puzzle is sent to the blockchain. Thereby, the user is authenticatable by a relaying party having read access to the blockchain to fetch the cryptographic puzzle from the blockchain and determine whether the solution as presented to the relaying party by the user is a valid solution to the cryptographic puzzle.

公开(公告)号：WO2020177879A1

公开(公告)日：2020-09-10

申请号：PCT/EP2019/061076

申请日：2019-04-30

Applicant: NEC LABORATORIES EUROPE GMBH

Inventor： KARAME, Ghassan ,  SORIENTE, Claudio

IPC: G06F21/57 ,  G06F21/74

Abstract: A method for performing remote attestation, the method comprises using a gateway (30) between a verifier (10) and a remote host (20), wherein the remote host (20) includes a trusted execution environment, TEE (22), in which an application (24) to be attested is running; receiving, by the gateway (30), an attestation request from the verifier (10); determining, by the gateway (30), a type of the TEE (22) of the remote host (20) and an expected identity of the application (24) to be attested and selecting an attestation protocol based on the determined type of the TEE (22) of the remote host (20); and verifying, by the gateway (30), the expected identity of the application (24) to be attested by executing the selected attestation protocol with the remote host (20) and transmitting an attestation result to the verifier (10). Furthermore, a system for performing remote attestation is disclosed, wherein the system comprises an attestation gateway (30) to be disposed between the verifier (10) and the remote host (20).