Abstract: |
A system and method for providing privacy-preserving proofs of membership are disclosed. A particular embodiment includes: a network node in data communication with other network nodes via a data network, the network node having a secure processing enclave, the enclave configured to include: at least one isolated memory device, processing logic isolated from operating system (OS) calls, and a remote attestation capability, the network node further configured to maintain a first Merkle tree to support transaction output proof-of-membership queries, and a sorted second Merkle tree to support key image proof-of-non-membership queries; a wallet configured as executable code on a client device, the wallet configured to establish a secure data communication with the network node and to request validation of a transaction by sending a transaction output proof-of-membership and a key image proof-of-non-membership to the network node; and the network node configured to receive the transaction output proof-of-membership and the key image proof-of-non-membership within the enclave from the client device, the enclave configured to use the transaction output proof-of-membership to traverse the first Merkle tree to validate that a corresponding transaction is a member of a transaction ledger, the enclave configured to use the key image proof-of-non-membership to traverse the second Merkle tree to validate that a corresponding key image is not a member of the transaction ledger. |
Inventor: |
FAULKNER, Matthew (San Francisco, CA, US); BECK, Chris (San Francisco, CA, US); DRAKELEY, Sara (San Francisco, CA, US); RUNDSTEIN, Eran (San Francisco, CA, US) |
Applicant: |
MobileCoin (San Francisco, CA, US) |
Face Assignee: |
N/A |
Filed: |
2019-09-13 |
Issued: |
2021-03-18 |
Claims: |
20 |
|
US20210081935
|
1. A secure transaction network comprising:
(8)
(3)
|
|
10. A method comprising:
(8)
(3)
|
|
19. In a secure transaction network having a network node in data communication with other network nodes via a data network, the network node having a secure processing enclave, the enclave configured to include: at least one isolated memory device, processing logic isolated from operating system (OS) calls, and a remote attestation capability, the network node further configured to maintain a first Merkle tree to support transaction output proof-of-membership queries, and a sorted second Merkle tree to support key image proof-of-non-membership queries; and a wallet configured as executable code on a client device, a non-transitory machine-useable storage medium embodying instructions which, when
(1)
(1)
|
|