System And Method For Providing Privacy-preserving Proofs Of Membership
A system and method for providing privacy-preserving proofs of membership are disclosed. A particular embodiment includes: a network node in data communication with other network nodes via a data network, the network node having a secure processing enclave, the enclave configured to include: at least one isolated memory device, processing logic isolated from operating system (OS) calls, and a remote attestation capability, the network node further configured to maintain a first Merkle tree to support transaction output proof-of-membership queries, and a sorted second Merkle tree to support key image proof-of-non-membership queries; a wallet configured as executable code on a client device, the wallet configured to establish a secure data communication with the network node and to request validation of a transaction by sending a transaction output proof-of-membership and a key image proof-of-non-membership to the network node; and the network node configured to receive the transaction output proof-of-membership and the key image proof-of-non-membership within the enclave from the client device, the enclave configured to use the transaction output proof-of-membership to traverse the first Merkle tree to validate that a corresponding transaction is a member of a transaction ledger, the enclave configured to use the key image proof-of-non-membership to traverse the second Merkle tree to validate that a corresponding key image is not a member of the transaction ledger.
Much More than Average Length Specification
- Claim CLM-00001. 1. A secure transaction network comprising:
a network node in data communication with other network nodes via a data network, the network node having a secure processing enclave, the enclave configured to include: at least one isolated memory device, processing logic isolated from operating system (OS) calls, and a remote attestation capability, the network node further configured to maintain a first Merkle tree to support transaction output proof-of-membership queries, and a sorted second Merkle tree to support key image proof-of-non-membership queries; a wallet configured as executable code on a client device, the wallet configured to establish a secure data communication with the network node and to request validation of a transaction by sending a transaction output proof-of-membership and a key image proof-of-non-membership to the network node; and the network node configured to receive the transaction output proof-of-membership and the key image proof-of-non-membership within the enclave from the client device, the enclave configured to use the transaction output proof-of-membership to traverse the first Merkle tree to validate that a corresponding transaction is a member of a transaction ledger, the enclave configured to use the key image proof-of-non-membership to traverse the second Merkle tree to validate that a corresponding key image is not a member of the transaction ledger.
- Claim CLM-00010. 10. A method comprising:
providing a network node in data communication with other network nodes via a data network, the network node having a secure processing enclave, the enclave configured to include: at least one isolated memory device, processing logic isolated from operating system (OS) calls, and a remote attestation capability, the network node further configured to maintain a first Merkle tree to support transaction output proof-of-membership queries, and a sorted second Merkle tree to support key image proof-of-non-membership queries; providing a wallet configured as executable code on a client device, the wallet configured to establish a secure data communication with the network node and to request validation of a transaction by sending a transaction output proof-of-membership and a key image proof-of-non-membership to the network node; and using the network node to receive the transaction output proof-of-membership and the key image proof-of-non-membership within the enclave from the client device, the enclave using the transaction output proof-of-membership to traverse the first Merkle tree to validate that a corresponding transaction is a member of a transaction ledger, the enclave using the key image proof-of-non-membership to traverse the second Merkle tree to validate that a corresponding key image is not a member of the transaction ledger.
- Claim CLM-00019. 19. In a secure transaction network having a network node in data communication with other network nodes via a data network, the network node having a secure processing enclave, the enclave configured to include: at least one isolated memory device, processing logic isolated from operating system (OS) calls, and a remote attestation capability, the network node further configured to maintain a first Merkle tree to support transaction output proof-of-membership queries, and a sorted second Merkle tree to support key image proof-of-non-membership queries; and a wallet configured as executable code on a client device, a non-transitory machine-useable storage medium embodying instructions which, when
executed by a machine, cause the machine to: establish a secure data communication with the client device, receive a transaction output proof-of-membership and a key image proof-of-non-membership within the enclave from the client device, use the enclave and the transaction output proof-of-membership to traverse the first Merkle tree to validate that a corresponding transaction is a member of a transaction ledger, and use the enclave and the key image proof-of-non-membership to traverse the second Merkle tree to validate that a corresponding key image is not a member of the transaction ledger.
