TWI625957B - Method and system of verifiable data streaming - Google Patents

Method and system of verifiable data streaming Download PDF

Info

Publication number
TWI625957B
TWI625957B TW106114613A TW106114613A TWI625957B TW I625957 B TWI625957 B TW I625957B TW 106114613 A TW106114613 A TW 106114613A TW 106114613 A TW106114613 A TW 106114613A TW I625957 B TWI625957 B TW I625957B
Authority
TW
Taiwan
Prior art keywords
data
node
arithmetic
merkle tree
server device
Prior art date
Application number
TW106114613A
Other languages
Chinese (zh)
Other versions
TW201843986A (en
Inventor
游家牧
吳欣明
Original Assignee
元智大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 元智大學 filed Critical 元智大學
Priority to TW106114613A priority Critical patent/TWI625957B/en
Application granted granted Critical
Publication of TWI625957B publication Critical patent/TWI625957B/en
Publication of TW201843986A publication Critical patent/TW201843986A/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

一種可驗證資料串流方法,包括以下步驟。於用戶端裝置中:取得第i筆資料D(i),其中i為大於等於1的整數;傳送加密後的第i筆資料E[D(i)]給服務端裝置;以及更新其算術Merkle樹,並僅儲存所有根節點的資料。於服務端裝置中:接收來自於用戶端裝置傳送的加密後的第i筆資料E[D(i)];以及更新其算術Merkle樹,並儲存所有節點的資料。A method of verifiable data streaming, including the following steps. In the client device: obtaining the ith data D(i), where i is an integer greater than or equal to 1; transmitting the encrypted ith data E[D(i)] to the server device; and updating its arithmetic Merkle Tree and store only the data of all root nodes. In the server device: receiving the encrypted ith data E [D(i)] transmitted from the client device; and updating its arithmetic Merkle tree, and storing the data of all the nodes.

Description

可驗證資料串流方法與系統Verifiable data stream method and system

本發明是有關於一種資料串流方法,且特別是一種用戶端裝置可以驗證服務端裝置回傳之資料是否正確的可驗證資料傳流方法與系統。The present invention relates to a data streaming method, and more particularly to a verifiable data streaming method and system in which a client device can verify whether the data returned by the server device is correct.

目前,物聯網與大數據技術的發展已經有了初步成果,透過物聯網與大數據技術,用戶的各種行為可以被知悉,從而讓企業找出可能獲利的商業方式。於,用戶端裝置獲取很多的資料,且不太可能自己儲存這些資料,故用戶端裝置會將這些資料送到服務端的服務端裝置(例如,伺服器)中儲存。不過,用戶端裝置在向服務端裝置查詢先前之資料時,可能會有無法確認服務端裝置回傳之資料是否正確的問題,亦即,無法防止服務端裝置欺瞞用戶端裝置。At present, the development of the Internet of Things and big data technology has achieved initial results. Through the Internet of Things and big data technology, users' behaviors can be known, so that enterprises can find a business method that may be profitable. Therefore, the client device acquires a lot of data, and is unlikely to store the data by itself, so the client device sends the data to the server device (for example, a server) of the server for storage. However, when the client device queries the server device for the previous data, there may be a problem that it is impossible to confirm whether the data returned by the server device is correct, that is, the server device cannot be prevented from deceiving the client device.

舉例來說,用戶端裝置在時間t=i時,取得資料D i,並且將資料D i傳送給服務端裝置儲存,其中i為大於等於1的整數。然而,在時間t=i時,因為用戶端裝置並未儲存先前取得的資料D j(j為小於i的整數),用戶端裝置無從得知其向服務端裝置所查詢的資料D j是否正確。因此,需要一種可驗證資料串流方法與系統可以讓用戶端裝置在不用儲存過多之資料的情況下,對服務端裝置回傳的資料進行驗證,以判斷真偽。 For example, the client device obtains the data D i at time t=i and transmits the data D i to the server device for storage, where i is an integer greater than or equal to 1. However, at time t=i, since the client device does not store the previously obtained data D j (j is an integer less than i), the client device has no way to know whether the data D j queried by the server device is correct. . Therefore, there is a need for a verifiable data stream method and system that allows a client device to verify the data returned by the server device without storing too much data to determine the authenticity.

本發明實施例提供一種可驗證資料串流方法,包括以下步驟。於用戶端裝置中:取得第i筆資料D(i),其中i為大於等於1的整數;傳送加密後的第i筆資料E[D(i)]給服務端裝置;以及更新其算術Merkle樹,並僅儲存所有根節點的資料,其中第i筆資料D(i)填入算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為兩節點之資料的路徑權重加總。於服務端裝置中:接收來自於用戶端裝置傳送的加密後的第i筆資料E[D(i)];以及更新其算術Merkle樹,並儲存所有節點的資料,其中加密後的第i筆資料E[D(i)]填入算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為兩節點之資料的路徑權重加總。The embodiment of the invention provides a method for verifying data stream, which includes the following steps. In the client device: obtaining the ith data D(i), where i is an integer greater than or equal to 1; transmitting the encrypted ith data E[D(i)] to the server device; and updating its arithmetic Merkle Tree, and only store data of all root nodes, where the i-th data D(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the data of the parent node of the two nodes is the path weight of the data of the two nodes. . In the server device: receiving the encrypted i-th data E[D(i)] transmitted from the client device; and updating its arithmetic Merkle tree, and storing the data of all the nodes, wherein the encrypted i-th pen The data E[D(i)] is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the data of the parent nodes of the two nodes is the sum of the path weights of the data of the two nodes.

本發明實施例提供一種可驗證資料串流方法,包括以下步驟。於用戶端裝置中:取得第i筆資料D(i),其中i為大於等於1的整數;傳送加密後的第i筆資料D(i)給服務端裝置;以及更新其算術Merkle樹,並僅儲存所有根節點的資料,其中第i筆資料D(i)填入算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為兩節點之資料的路徑權重加總。於服務端裝置中:接收來自於用戶端裝置傳送的第i筆資料D(i);以及更新其算術Merkle樹,並儲存所有節點的資料,其中加密後的第i筆資料D(i)填入算術Merkle樹底層的第i個節點,算術Merkle樹底層的兩節點之父節點之資料為兩節點之加密後的資料的加密路徑權重加總,以及非底層之兩節點之父節點之資料為兩節點之資料的加密路徑權重加總。The embodiment of the invention provides a method for verifying data stream, which includes the following steps. In the client device: obtaining the i-th data D(i), where i is an integer greater than or equal to 1; transmitting the encrypted i-th data D(i) to the server device; and updating its arithmetic Merkle tree, and Only the data of all the root nodes is stored, wherein the i-th data D(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the data of the parent nodes of the two nodes is the sum of the path weights of the data of the two nodes. In the server device: receiving the i-th data D(i) transmitted from the client device; and updating its arithmetic Merkle tree, and storing the data of all the nodes, wherein the encrypted i-th data D(i) is filled in Entering the i-th node of the bottom layer of the arithmetic Merkle tree, the data of the parent node of the two nodes at the bottom of the arithmetic Merkle tree is the sum of the encrypted path weights of the encrypted data of the two nodes, and the data of the parent nodes of the two nodes that are not the bottom layer are The encryption path weights of the data of the two nodes are summed.

本發明實施例提供一種可驗證資料串流系統,所述可驗證資料串流系統包括用戶端裝置以及服務端裝置,其中用戶端裝置以及服務端裝置彼此連結,且可驗證資料串流系統用以執行前述可驗證資料串流方法。The embodiment of the present invention provides a verifiable data stream system, where the verifiable data stream system includes a client device and a server device, wherein the client device and the server device are connected to each other, and the data stream system can be verified. Perform the aforementioned verifiable data stream method.

據此,相較於先前技術,本發明實施例提供的可驗證資料串流方法與系統具有以下優點:Accordingly, the provable data stream method and system provided by the embodiments of the present invention have the following advantages compared with the prior art:

(1) 透過僅儲存用戶端裝置之算術Merkle樹中的根節點之資料,減少用戶端裝置所需要儲存的資料量;(1) reducing the amount of data that the client device needs to store by storing only the data of the root node in the arithmetic Merkle tree of the client device;

(2) 可以對服務端裝置進行的資料附加、資料查詢與資料更新等動作,亦即支援基礎的的資料附加、資料查詢與資料更新指令;(2) actions such as data attachment, data query and data update that can be performed on the server device, that is, support for basic data attachment, data query and data update instructions;

(3) 在進行資料更新時,可以依據差異量來更新算術Merkle樹中對應節點的資料,而不用全部重新建置算術Merkle樹,故減少了許多的運算量;以及(3) When updating the data, the data of the corresponding nodes in the arithmetic Merkle tree can be updated according to the difference amount, instead of re-establishing the arithmetic Merkle tree, thus reducing the amount of calculation;

(4) 實施例的其中一種可驗證串流方法更可以支援不具有加密解密能力的用戶端裝置,故特別適用於物聯網系統中。(4) One of the verifiable streaming methods of the embodiment can support the client device without encryption and decryption capability, and is therefore particularly suitable for use in an Internet of Things system.

本發明實施例提供一種可驗證資料串流方法與系統,其主要透過建立算術Merkle樹(arithmetic Merkle tree)與使用同形加密(homomorphic encryption)來實現,其中所述算術Merkle樹不同於傳統Merkle樹,其中兩個相鄰節點的父節點之資料為所述兩個相鄰節點之資料的權重加總,或為所述兩個相鄰節點之資料加密後的權重加總,且所述權重可以是路徑上的權重經加密或未加密者。Embodiments of the present invention provide a method and system for verifying data stream, which are mainly implemented by establishing an arithmetic Merkle tree and using homomorphic encryption, wherein the arithmetic Merkle tree is different from a traditional Merkle tree. The data of the parent node of the two adjacent nodes is the sum of the weights of the data of the two adjacent nodes, or the weights of the data of the two adjacent nodes are added, and the weight may be The weight on the path is encrypted or unencrypted.

於本發明實施例中,用戶端裝置在取得第i筆資料時,會將第i筆資料填入算術Merkle樹最底層的第i個節點,並建構算術Merkle樹,其中根節點的資料會被儲存,而非根節點的資料則會被清除,以藉此減少要儲存的資料量。用戶端裝置可以選擇將第i筆資料加密或不加密就送出給服務端裝置。服務端裝置將其接收的第i筆資料或第i筆加密資料填入到算術Merkle樹最底層的第i個節點,並建構出算術Merkle樹,以儲存所有算術Merkle樹中的資料。In the embodiment of the present invention, when acquiring the i-th data, the user equipment fills the i-th data into the i-th node at the bottom of the arithmetic Merkle tree, and constructs an arithmetic Merkle tree, wherein the data of the root node is Data stored instead of the root node is cleared to reduce the amount of data to be stored. The client device may choose to send the ith data to the server device if it is encrypted or not. The server device fills the i-th data or the i-th encrypted data received by the server into the i-th node at the bottom of the arithmetic Merkle tree, and constructs an arithmetic Merkle tree to store the data in all the arithmetic Merkle trees.

當用戶端裝置向服務端裝置查詢其取得的第i筆資料時,服務端裝置會傳送算術Merkle樹最底層的第i個節點之資料,並且也會傳送由算術Merkle樹最底層的第i個節點至根節點之路徑上所有兄弟節點的資料給用戶端裝置。如此一來,用戶端裝置可以根據其儲存的資料與由服務端裝置回傳的資料來驗證服務端裝置所傳送之算術Merkle樹最底層的第i個節點之資料是否正確,亦即,判斷服務端裝置是否有所欺瞞。When the client device queries the server device for the ith data obtained by the server device, the server device transmits the data of the i-th node at the bottom of the arithmetic Merkle tree, and also transmits the ith node at the bottom of the arithmetic Merkle tree. The information of all sibling nodes on the path from the node to the root node is given to the client device. In this way, the client device can verify, according to the stored data and the data returned by the server device, whether the information of the i-th node of the bottom layer of the arithmetic Merkle tree transmitted by the server device is correct, that is, the service is determined. Whether the end device is bullied.

再者,本發明實施例的可驗證資料串流方法與系統還支援了資料更新指令。在用戶端裝置指示服務端裝置將其之前傳送的第i筆資料更新為另加密的資料E[K]或未加密的資料K時,除了執行前述查詢用戶端裝置所傳送的第i筆資料的步驟外,用戶端裝置會計算回傳的第i筆資料與資料K的差異量,根據差異量更新算術Merkle樹最底層的第i個節點上之根節點的資料,並且接著指示服務端裝置進一步地將算術Merkle樹最底層的第i個節點之資料更新為加密的資料E[K]或未加密的資料K。然後,服務端裝置還進一步地根據差異量更新整個算術Merkle樹。如此一來,當進行資料更新時,用戶端裝置與服務端裝置不用刪除現有的算術Merkle樹與建構新的算術Merkle樹,用戶端裝置僅需要根據差異量對算術Merkle樹最底層的第i個節點上之根節點的資料進行更新,而服務端裝置僅需要根據差異量對算術Merkle樹最底層的第i個節點至根節點之路徑上的所有節點之資料進行更新。Furthermore, the verifiable data stream method and system of the embodiment of the present invention further supports a data update instruction. When the client device instructs the server device to update the ith data previously transmitted by the server device to the additionally encrypted data E[K] or the unencrypted material K, in addition to performing the foregoing querying the ith data transmitted by the client device. In addition, the client device calculates the difference between the returned i-th data and the data K, updates the data of the root node on the i-th node of the lowest layer of the arithmetic Merkle tree according to the difference amount, and then instructs the server device to further The data of the i-th node at the bottom of the arithmetic Merkle tree is updated to the encrypted data E[K] or the unencrypted material K. Then, the server device further updates the entire arithmetic Merkle tree according to the amount of difference. In this way, when updating the data, the client device and the server device do not need to delete the existing arithmetic Merkle tree and construct a new arithmetic Merkle tree, and the client device only needs to calculate the ith of the lowest level of the arithmetic Merkle tree according to the difference amount. The data of the root node on the node is updated, and the server device only needs to update the data of all the nodes on the path from the i-th node to the root node of the lowest level of the arithmetic Merkle tree according to the difference amount.

上述內容為本發明之可驗證資料串流方法與系統的概念與原理,細節的部分將配合下面的圖式仔細地說明。The above is the concept and principle of the verifiable data stream method and system of the present invention, and the details will be carefully explained in conjunction with the following figures.

首先,請參照第1圖,第1圖是本發明實施例之可驗證串流系統的方塊圖。可驗證串流系統1包括用戶端裝置11與服務端裝置12,其中服務端裝置12與用戶端裝置11透過有線或無線的方式彼此連結。用戶端裝置11可以是物聯網裝置,並具有傳感器,以持續不斷地獲取資料,但用戶端裝置11可不限定是物聯網裝置。服務端裝置12可以是雲端伺服器,用以接收與儲存用戶端裝置11傳送過來的資料。所述可驗證串流系統1支援基本的資料附加、資料查詢與資料更新等指令。First, please refer to FIG. 1. FIG. 1 is a block diagram of a verifiable streaming system according to an embodiment of the present invention. The verifiable streaming system 1 includes a client device 11 and a server device 12, wherein the server device 12 and the client device 11 are connected to each other by wire or wirelessly. The client device 11 may be an Internet of Things device and has sensors to continuously acquire data, but the client device 11 may not be limited to an Internet of Things device. The server device 12 may be a cloud server for receiving and storing the data transmitted by the client device 11. The verifiable streaming system 1 supports basic data attachment, data query, and data update commands.

接著,請參照地2圖,第2圖是本發明實施例之算術Merkle樹的示意圖。在此請注意,第2圖雖以4層的樹狀結構為例,但本發明並不限制算術Merkle樹的層數,諸如3層、5層或更多層,皆在本發明所保護的範圍內。算術Merkle樹的最底層有8個節點L1~L8。節點L1、L2的父節點為節點K1,且節點K1的資料D(K1)可以是節點L1、L2之資料D(L1)、D(L2)的權重加總或節點L1、L2之資料加密後(E[D(L1)]與E[D(L2)])的權重加總,例如,K1的資料D(K1)=E[D(L1)]+E[D(L2)]或D(K1)= D(L1)]+D(L2),若節點L1、L2到節點K1之路徑上的權重皆為1,且使用的權重為路徑上的權重,而非使用路徑上加密後的權重。根據上述說明,本發明所屬技術領域具有通常知識者可以知悉節點K2~K4、R1、R2與RR的資料係如何計算。Next, please refer to FIG. 2, which is a schematic diagram of an arithmetic Merkle tree according to an embodiment of the present invention. It should be noted here that although FIG. 2 is exemplified by a 4-layer tree structure, the present invention does not limit the number of layers of the arithmetic Merkle tree, such as 3 layers, 5 layers or more, which are all protected by the present invention. Within the scope. The bottom layer of the arithmetic Merkle tree has eight nodes L1 to L8. The parent node of the nodes L1 and L2 is the node K1, and the data D(K1) of the node K1 may be the weight of the data D(L1) and D(L2) of the nodes L1 and L2 or the data of the nodes L1 and L2 are encrypted. (E[D(L1)] and E[D(L2)]) are added together, for example, K1 data D(K1)=E[D(L1)]+E[D(L2)] or D( K1)= D(L1)]+D(L2), if the weights on the path of node L1, L2 to node K1 are all 1, and the weight used is the weight on the path, instead of using the encrypted weight on the path . According to the above description, those skilled in the art can understand how the data systems of nodes K2 to K4, R1, R2 and RR are calculated.

進一步地,根據上述內容,以資料D(K1)為例,可以知悉資料D(K1)的通式為D(K1)=w 11D(L1)+w 22D(L2)與D(K1)=w 11E[D(L1)]+w 22E[D(L2)]的其中一者,其中權重w 11與w 22為節點L1、L2到節點K1之路徑上的原始權重e 11、e 22或經過加密後的權重E[e 11]、E[e 22]。前述通式的選擇或權重的選擇係決定算術Merkle樹係根據實際使用狀況來決定。 Further, according to the above, taking the data D(K1) as an example, it can be known that the general formula of the data D(K1) is D(K1)=w 11 D(L1)+w 22 D(L2) and D(K1). =w 11 E[D(L1)]+w 22 E[D(L2)], wherein the weights w 11 and w 22 are the original weights e 11 , e on the path from the node L1, L2 to the node K1 22 or the encrypted weights E[e 11 ], E[e 22 ]. The selection of the above formula or the selection of the weight determines that the arithmetic Merkle tree is determined according to the actual use conditions.

第3A圖至第3D圖是用以表示本發明實施例之用戶端裝置與服務端裝置在不同時間點所儲存之資料的示意圖。第3A至第3D圖可以用來解釋兩種不同的可驗證串流方法,其中第一種可驗證串流方法是用戶端裝置會對取得的資料加密後送給服務端裝置,而第二種可驗證串流方法則是用戶端裝置將取得的資料直接送給服務端裝置(亦即,用戶端裝置不對取得的資料進行加密)。3A to 3D are diagrams showing data stored at different time points by the client device and the server device according to the embodiment of the present invention. Figures 3A through 3D can be used to explain two different verifiable streaming methods, wherein the first verifiable streaming method is that the client device encrypts the obtained data and sends it to the server device, and the second The verifiable streaming method is that the user equipment directly sends the obtained data to the server device (that is, the user device does not encrypt the obtained data).

第一種可驗證串流方法須配合使用Paillier’s同形加密,以具有E[a]+E[b]=E[a+b]與c∙E[b]=E[c∙b]的特性,其中E[*]為加密運算符。另外,第二種可驗證串流方法須配合全(fully)同形加密,以具有E[a]+E[b]=E[a+b]與E[a]∙E[b]=E[a∙b]的特性。The first verifiable streaming method shall be accompanied by Paillier's homomorphic encryption to have the characteristics of E[a]+E[b]=E[a+b] and c∙E[b]=E[c∙b], Where E[*] is the encryption operator. In addition, the second verifiable streaming method must cooperate with full homomorphic encryption to have E[a]+E[b]=E[a+b] and E[a]∙E[b]=E[ The characteristics of a∙b].

首先,於第3A圖中,時間t=1時,用戶端裝置將第1筆資料D(L1)填入節點L1,並且將加密後的資料E[D(L1)](第一種可驗證串流方法)或資料D(L1)(第二種可驗證串流方法)送給服務端裝置。服務端裝置將接收的資料D(L1’)填入節點L1’,其中資料D(L1’)為加密後的資料E[D(L1)](第一種可驗證串流方法)或資料D(L1)(第二種可驗證串流方法),並儲存資料D(L1’)。節點L1於第3A圖中的算術Merkle樹中是根節點,因此用戶端裝置會儲存資料D(L1)。First, in Figure 3A, at time t=1, the client device fills the first data D (L1) into node L1, and encrypts the data E[D(L1)] (the first verifiable The stream method) or the data D (L1) (the second verifiable stream method) is sent to the server device. The server device fills the received data D(L1') into the node L1', wherein the data D(L1') is the encrypted data E[D(L1)] (the first verifiable streaming method) or the data D (L1) (the second verifiable streaming method) and store the data D (L1'). Node L1 is the root node in the arithmetic Merkle tree in Figure 3A, so the client device stores the data D (L1).

接著,於第3B圖中,時間t=2時,用戶端裝置將第2筆資料D(L2)填入節點L2,並且將加密後的資料E[D(L2)](第一種可驗證串流方法)或資料D(L2)(第二種可驗證串流方法)送給服務端裝置。服務端裝置將接收的資料D(L2’)填入節點L2’,其中資料D(L2’)為加密後的資料E[D(L2)](第一種可驗證串流方法)或資料D(L2)(第二種可驗證串流方法),並儲存資料D(L2’)。接著,用戶端裝置會計算節點L1、L2之父節點K1的資料D(K1)=w 11D(L1)+w 22D(L2),以更新算術Merkle樹,其中w 11與w 22為節點L1、L2到節點K1之路徑上的原始權重e 11、e 22Next, in FIG. 3B, when time t=2, the client device fills the second data D (L2) into the node L2, and encrypts the data E[D(L2)] (the first verifiable The stream method) or the data D (L2) (the second verifiable stream method) is sent to the server device. The server device fills the received data D(L2') into the node L2', wherein the data D(L2') is the encrypted data E[D(L2)] (the first verifiable streaming method) or the data D (L2) (the second verifiable streaming method) and store the data D (L2'). Next, the client device calculates the data D(K1)=w 11 D(L1)+w 22 D(L2) of the parent node K1 of the nodes L1, L2 to update the arithmetic Merkle tree, where w 11 and w 22 are nodes. L1, L2 to the original weights e 11 , e 22 on the path of node K1.

此時,算術Merkle樹僅有一個根節點為節點K1,故用戶端裝置僅會儲存算術Merkle樹之節點K1的資料D(K1),並清除其他所有的資料。服務端裝置會計算與儲存算術Merkle樹之節點K1’的D(K1’),其中D(K1’)=w’ 11D(L1’)+w’ 22D(L2’),其中w’ 11與w’ 22為節點L1’、L2’到節點K1’之路徑上的原始權重e’ 11、e' 22(第一種可驗證串流方法)或經過加密後的權重E[e’ 11]、E[e’ 22](第二種可驗證串流方法)。換言之,資料D(K1’)可以是E[e’ 11D(L1)+ e’ 22D(L2)](不管是第一種或第二種可驗證串流方法,其結果相同)。 At this time, the arithmetic Merkle tree has only one root node as the node K1, so the client device only stores the data D (K1) of the node K1 of the arithmetic Merkle tree, and clears all other data. The server device calculates and stores D(K1') of node K1' of the arithmetic Merkle tree, where D(K1')=w' 11 D(L1')+w' 22 D(L2'), where w' 11 And w' 22 is the original weight e' 11 , e ' 22 (the first verifiable streaming method) or the encrypted weight E [e' 11 ] on the path of the node L1', L2' to the node K1' , E[e' 22 ] (the second verifiable streaming method). In other words, the data D(K1') may be E[e' 11 D(L1) + e' 22 D(L2)] (whether the first or second verifiable streaming method, the result is the same).

接著,於第3C圖中,時間t=3時,用戶端裝置將第3筆資料D(L3)填入節點L3,並且將加密後的資料E[D(L3)](第一種可驗證串流方法)或資料D(L3)(第二種可驗證串流方法)送給服務端裝置。服務端裝置將接收的資料D(L3’)填入節點L3’,其中資料D(L3’)為加密後的資料E[D(L3)](第一種可驗證串流方法)或資料D(L3)(第二種可驗證串流方法),並儲存資料D(L3’)。此時,算術Merkle樹有兩個根節點為節點K1與L3,故用戶端裝置會儲存算術Merkle樹之節點L3的資料D(L3),但不清除節點K1的資料D(K1),亦即根節點的資料D(K1)與D(L3) 被用戶端裝置所儲存。Next, in FIG. 3C, when the time t=3, the user equipment fills the third data D (L3) into the node L3, and encrypts the data E[D(L3)] (the first verifiable The streaming method) or the data D (L3) (the second verifiable streaming method) is sent to the server device. The server device fills the received data D (L3') into the node L3', wherein the data D (L3') is the encrypted data E[D(L3)] (the first verifiable streaming method) or the data D (L3) (the second verifiable streaming method) and store the data D (L3'). At this time, the arithmetic Merkle tree has two root nodes as nodes K1 and L3, so the client device stores the data D (L3) of the node L3 of the arithmetic Merkle tree, but does not clear the data D (K1) of the node K1, that is, The root node data D(K1) and D(L3) are stored by the client device.

接著,於第3D圖中,時間t=4時,用戶端裝置將第4筆資料D(L4)填入節點L4,並且將加密後的資料E[D(L4)](第一種可驗證串流方法)或資料D(L4)(第二種可驗證串流方法)送給服務端裝置。服務端裝置將接收的資料D(L4’)填入節點L4’,其中資料D(L4’)為加密後的資料E[D(L4)](第一種可驗證串流方法)或資料D(L4)(第二種可驗證串流方法),並儲存資料D(L4’)。接著,用戶端裝置會計算節點L3、L4之父節點K2的資料D(K2)=w 33D(L3)+w 44D(L4),以更新算術Merkle樹,其中w 33與w 44為節點L3、L4到節點K2之路徑上的原始權重e 33、e 44。接著,計算節點K1與K2的父節點之資料D(R1)=w 12D(K1)+w 34D(K4),以更新算術Merkle樹,其中w 12與w 34為節點K1、K2到節點R1之路徑上的原始權重e 12、e 34Next, in the 3D picture, when the time t=4, the user equipment fills the fourth data D (L4) into the node L4, and the encrypted data E[D(L4)] (the first verifiable The streaming method) or the data D (L4) (the second verifiable streaming method) is sent to the server device. The server device fills the received data D (L4') into the node L4', wherein the data D (L4') is the encrypted data E[D(L4)] (the first verifiable streaming method) or the data D (L4) (the second verifiable streaming method) and store the data D (L4'). Next, the client device calculates the data D(K2)=w 33 D(L3)+w 44 D(L4) of the parent node K2 of the nodes L3, L4 to update the arithmetic Merkle tree, where w 33 and w 44 are nodes. The original weights e 33 , e 44 on the path from L3, L4 to node K2. Next, the data D(R1)=w 12 D(K1)+w 34 D(K4) of the parent nodes of the nodes K1 and K2 are calculated to update the arithmetic Merkle tree, where w 12 and w 34 are nodes K1 and K2 to the node. The original weights e 12 , e 34 on the path of R1.

此時,算術Merkle樹僅有一個根節點為節點R1,故用戶端裝置僅會儲存算術Merkle樹之節點R1的資料D(R1),並清除其他所有的資料。服務端裝置會計算與儲存算術Merkle樹之節點K2’的D(K2’)與節點R1’的資料D(R1’),其中D(K2’)=w’ 33D(L3’)+w’ 44D(L4’),D(R1’)= w’ 12D(K1’)+w’ 34D(K2’),其中w’ 33與w’ 44為節點L3’、L4’到節點K2’之路徑上的原始權重e’ 33、e' 44(第一種可驗證串流方法)或經過加密後的權重E[e’ 33]、E[e’ 44](第二種可驗證串流方法),以及w’ 12與w’ 34為節點K1’、K2’到節點R1’之路徑上的原始權重e’ 12、e' 34(第一種可驗證串流方法)或經過加密後的權重E[e’ 12]、E[e’ 34](第二種可驗證串流方法)。換言之,資料D(K2’)與D(R1’)可以是E[e’ 33D(L3)+e’ 44D(L4)]與E[e’ 12(e’ 11D(L1)+e’ 22D(L2))+ e’ 34(e’ 33D(L3)+e’ 44D(L4))](不管是第一種或第二種可驗證串流方法,其結果相同)。在此請注意,在不失一般性的情況下,上述權重e xy與e’ xy彼此相同,其中x與y為整數。 At this time, the arithmetic Merkle tree has only one root node as the node R1, so the client device only stores the data D (R1) of the node R1 of the arithmetic Merkle tree, and clears all other data. The server device calculates and stores D(K2') of the node K2' of the arithmetic Merkle tree and the data D(R1') of the node R1', where D(K2')=w' 33 D(L3')+w' 44 D(L4'), D(R1')= w' 12 D(K1')+w' 34 D(K2'), where w' 33 and w' 44 are nodes L3', L4' to node K2' The original weights e' 33 , e ' 44 (the first verifiable streaming method) or the encrypted weights E[e' 33 ], E[e' 44 ] (the second verifiable stream) Method), and w' 12 and w' 34 are the original weights e' 12 , e ' 34 (the first verifiable streaming method) or encrypted after the path of the node K1 ', K2 ' to the node R1 ' Weights E[e' 12 ], E[e' 34 ] (second verifiable streaming method). In other words, the data D(K2') and D(R1') may be E[e' 33 D(L3)+e' 44 D(L4)] and E[e' 12 (e' 11 D(L1)+e ' 22 D(L2)) + e' 34 (e' 33 D(L3)+e' 44 D(L4))] (Whether it is the first or second verifiable streaming method, the result is the same). Note here that, without loss of generality, the above-mentioned weights e xy and e' xy are identical to each other, where x and y are integers.

請繼續參照第3D圖,當用戶端裝置要查詢其取得的第2筆資料時,服務端裝置會回傳節點L2’的資料D(L2’)以及由節點L2’往根節點R1’之路徑上的所有兄弟節點L1’、K2’的資料D(L1’)與D(K2’)。透過資料D(L2’),用戶端裝置便可以知悉其取得的第2筆資料為何。例如,第一種可驗證資料串流方法中的資料D(L2’)為資料D(L2)加密後的資料E[D(L2’)],故只要資料D(L2’)進行解密,即可以得知資料D(L2)。第二種可驗證資料串流方法中的資料D(L2’)即為資料D(L2),故可以由資料D(L2’)直接得知資料D(L2)。接著,用戶端裝置所儲存的資料為D(R1),因此,可以透過資料D(R1)、D(L1’)與D(K2’)來驗證資料D(L2’)的真偽。Please continue to refer to the 3D figure. When the client device wants to query the second data obtained by the client device, the server device returns the data D (L2') of the node L2' and the path from the node L2' to the root node R1'. The data D (L1') and D (K2') of all the sibling nodes L1', K2'. Through the data D (L2'), the client device can know what the second data it has obtained. For example, the data D(L2') in the first verifiable data stream method is the data E(D(L2')] encrypted by the data D (L2), so as long as the data D (L2') is decrypted, The data D (L2) can be known. The data D (L2') in the second verifiable data stream method is the data D (L2), so the data D (L2) can be directly known from the data D (L2'). Then, the data stored by the client device is D (R1), so that the authenticity of the data D (L2') can be verified by the data D (R1), D (L1') and D (K2').

在此請注意,考量到第二種可驗證資料串流方法的目的在於讓不具有加解密能力的用戶端裝置可以適用,上述例子中,服務端裝置所回傳的資料D(K2’)可以改成回傳D(K2’)經解密後的資料D(K2),且用戶端裝置透過資料D(R1)、D(L1’)與D(K2)來驗證資料D(L2’)的真偽。Please note that the purpose of the second verifiable data stream method is to make the client device without encryption and decryption capability applicable. In the above example, the data D (K2') returned by the server device can be Changed to return D (K2') decrypted data D (K2), and the client device verifies the trueness of the data D (L2') through the data D (R1), D (L1') and D (K2). Pseudo.

請繼續參照第3D圖,當用戶端裝置要更新其傳送的第2筆資料為加密後的資料E[K]或資料K時,服務端裝置會回傳節點L2’的資料D(L2’)以及由節點L2’往根節點R1’之路徑上的所有兄弟節點L1’、K2’的資料D(L1’)與D(K2’)(或資料D(K2’)經解密後的資料D(K2))。此時,用戶端裝置所儲存的資料為D(R1),因此,可以透過資料D(R1)、D(L1’)與D(K2’)(或資料D(K2))來驗證資料D(L2’)的真偽。接著,用戶端裝置傳送加密後的資料E[K]或資料K給服務端裝置,以將服務端裝置之節點L2’的資料更新為E[K]或K。然後,用戶端裝置計算資料K與原始資料D(L2)的差異量K-D(L2),並且將節點L2上的根節點R1的資料更新為D(R1)=D(R1)+w 22w 12(K-D(L2))。接著,用戶端裝置傳送差異量K-D(L2)給服務端裝置,服務端裝置計算加密的差異量E[K-D(L2)],並將節點L2’上的節點K1’與R1’之資料更新為D(K1’)= D(K1’)+ w’ 22E[K-D(L2)]與D(R1’)= D(R1’) +w’ 22w’ 12E[K-D(L2)]。 Please continue to refer to the 3D figure. When the client device wants to update the second data transmitted by the client device to the encrypted data E[K] or the data K, the server device returns the data D (L2' of the node L2'. And the data D (L1') and D (K2') of all the sibling nodes L1', K2' on the path from the node L2' to the root node R1' (or the data D (K2') after decryption of the data D ( K2)). At this time, the data stored by the client device is D(R1), so the data D can be verified through the data D(R1), D(L1') and D(K2') (or the data D(K2)) ( The authenticity of L2'). Next, the client device transmits the encrypted data E[K] or the data K to the server device to update the data of the node L2' of the server device to E[K] or K. Then, the client computing device and the original data information K D (L2) of the amount of difference KD (L2), and R1 is the root node information is updated at the node L2 is D (R1) = D (R1 ) + w 22 w 12 (KD(L2)). Next, the client device transmits the difference amount KD (L2) to the server device, the server device calculates the encrypted difference amount E[KD(L2)], and updates the data of the nodes K1' and R1' on the node L2' to D(K1')= D(K1')+ w' 22 E[KD(L2)] and D(R1')= D(R1') +w' 22 w' 12 E[KD(L2)].

請繼續參照第3D圖,於第二種可驗證資料串流方法中,服務端裝置並不知用戶端裝置之權重e xy,因此,在不考量通訊成本(communication cost)的情況下,用戶端裝置可以將所有權重e xy傳送給服務端裝置,以使服務端裝置產生加密後的權重E[e xy]。然而,在考量到通訊成本的情況下,用戶端裝置係傳送m個加密亂數E[x 1]~E[x m],其中x 1~x m為根據權重e xy產生的亂數,而m表示算術Merkle樹的層數。接著,服務端裝置可以根據計算出相應權重e xy的m個位元b 1~b m,並且根據m個位元b 1~b m與m個加密亂數E[x 1]~E[x m]計算出加密後的權重E[e xy]=E[b 1]E[x 1]+E[b 2]E[x 2]+…+E[b m]E[x m]。如此一來,服務端裝置可以自行地產生加密後的權重,而無須從用戶端裝置獲得所有權重e xy,以減少通訊成本。 Please continue to refer to FIG. 3D. In the second verifiable data stream method, the server device does not know the weight e xy of the client device. Therefore, the client device does not consider the communication cost. The ownership weight e xy may be transmitted to the server device to cause the server device to generate the encrypted weight E[e xy ]. However, in consideration of the communication cost, the client device transmits m encrypted random numbers E[x 1 ] to E[x m ], where x 1 to x m are random numbers generated according to the weight e xy , and m represents the number of layers of the arithmetic Merkle tree. Then, the server device can calculate m bits b 1 to b m corresponding to the weight e xy , and according to m bits b 1 ~ b m and m encryption chaotic numbers E[x 1 ]~E[x m ] Calculate the encrypted weight E[e xy ]=E[b 1 ]E[x 1 ]+E[b 2 ]E[x 2 ]+...+E[b m ]E[x m ]. In this way, the server device can generate the encrypted weights by itself without obtaining the ownership weight e xy from the client device to reduce the communication cost.

接著,根據上面的實施例,用戶端裝置執行可驗證串流方法以傳送資料與儲存資料的流程經整理後說明如下。請參照第4圖,第4圖是本發明實施例之用戶端裝置執行可驗證串流方法以傳送資料與儲存資料的流程圖。首先,在步驟S41中,用戶端裝置取得第i筆資料D(i)。然後,在步驟S42中,用戶端裝置傳送加密後的第i筆資料E[D(i)]或未加密的第i筆資料D(i)給服務端裝置。之後,在步驟S43中,更新用戶端裝置的算術Merkle樹,並僅儲存所有根節點的資料,其中第i筆資料D(i)填入算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為該兩節點之資料的未加密路徑權重加總,其中未加密路徑權重為節點至其父節點之路徑權重。之後,在步驟S44中,將變數i遞增1,亦即i=i+1。Then, according to the above embodiment, the flow of the client device performing the verifiable streaming method to transmit the data and the stored data is organized as follows. Referring to FIG. 4, FIG. 4 is a flowchart of a method for a client device to perform a verifiable streaming method for transmitting data and storing data according to an embodiment of the present invention. First, in step S41, the client device acquires the i-th data D(i). Then, in step S42, the client device transmits the encrypted ith data E[D(i)] or the unencrypted ith data D(i) to the server device. Thereafter, in step S43, the arithmetic Merkle tree of the client device is updated, and only the data of all the root nodes is stored, wherein the i-th data D(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the two nodes are The data of the parent node is the sum of the unencrypted path weights of the data of the two nodes, wherein the unencrypted path weight is the path weight of the node to its parent node. Thereafter, in step S44, the variable i is incremented by 1, that is, i=i+1.

接著,根據上面的實施例,服務端裝置執行可驗證串流方法以儲存資料的流程經整理後說明如下。第5圖是本發明實施例之服務端裝置執行可驗證串流方法以儲存資料的流程圖。在步驟S51中,服務端裝置接收來自於用戶端裝置的第i筆資料R(i),其中來自於用戶端裝置第i筆資料R(i)為用戶端裝置取得之第i筆資料D[i]經加密者E[D(i)]或未加密者D[i]。然後,在步驟S52中,更新算術Merkle樹,並儲存所有節點的資料,其中資料R(i)填入算術Merkle樹底層的第i個節點,且兩節點之父節點之資料由該兩節點之資料計算得到。之後,在步驟S53中,將變數i遞增1,亦即i=i+1。Then, according to the above embodiment, the flow of the server device performing the verifiable streaming method to store the data is organized as follows. FIG. 5 is a flowchart of a server device performing a verifiable streaming method to store data according to an embodiment of the present invention. In step S51, the server device receives the i-th data R(i) from the client device, wherein the i-th data R(i) from the client device is the i-th data D obtained by the user device [ i] Encrypted E[D(i)] or unencrypted D[i]. Then, in step S52, the arithmetic Merkle tree is updated, and the data of all nodes is stored, wherein the data R(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the data of the parent nodes of the two nodes is composed of the two nodes. The data is calculated. Thereafter, in step S53, the variable i is incremented by 1, that is, i=i+1.

在此請注意,於步驟S52中,算術Merkle樹底層的兩相鄰節點之父節點的資料係為算術Merkle樹底層的兩相鄰節點之資料的未加密路徑權重加總,或者為算術Merkle樹底層的兩相鄰節點之資料經加密後的密路徑權重加總,其中加密路徑權重為節點至其父節點之路徑權重經加密後的權重。另外,其他父節點(非屬於算術Merkle樹底層的兩相鄰節點之父節點)之資料則是其兩個子節點之資料的未加密路徑權重加總或加密路徑權重加總。Please note that in step S52, the data of the parent nodes of the two adjacent nodes at the bottom of the arithmetic Merkle tree is the sum of the unencrypted path weights of the data of the two adjacent nodes at the bottom of the arithmetic Merkle tree, or an arithmetic Merkle tree. The data of the two adjacent nodes of the bottom layer is added by the encrypted secret path weight, wherein the encrypted path weight is the encrypted weight of the path weight of the node to its parent node. In addition, the data of other parent nodes (parent nodes of two adjacent nodes that are not under the arithmetic Merkle tree) is the unencrypted path weight plus or the encrypted path weights of the data of the two child nodes.

根據上面的實施例,用戶端裝置與服務端裝置執行可驗證串流方法以進行資料查詢的流程經整理後說明如下。第6圖是本發明實施例之用戶端裝置與服務端裝置執行可驗證串流方法以進行資料查詢的流程圖。在步驟S61中,用戶端裝置傳送用戶端裝置傳送資料查詢指令Q(i),以查詢其取得之第i筆資料。在步驟S62中,服務端裝置根據算術Merkle樹,回傳算術Merkle樹底層第i個節點的資料R(i)與算術Merkle樹底層第i個節點往根節點之路徑上的所有兄弟節點之資料(或解密後的資料)給用戶端裝置。之後,在步驟S63中,用戶端裝置根據服務端裝置回傳的資料R(i)知悉其取得之第i筆資料,並根據其儲存的根節點資料與前述兄弟節點之資料(或解密後的資料)驗證資料R(i)的真偽。According to the above embodiment, the flow of the client device and the server device performing the verifiable streaming method for data query is organized as follows. FIG. 6 is a flowchart of a method for performing a verifiable streaming method by a client device and a server device according to an embodiment of the present invention to perform data query. In step S61, the client device transmits the client device to transmit the data query command Q(i) to query the ith data obtained by the client device. In step S62, the server device returns the data of the i-th node of the bottom layer of the arithmetic Merkle tree and the data of all the sibling nodes on the path of the i-th node of the arithmetic Merkle tree to the root node according to the arithmetic Merkle tree. (or the decrypted data) to the client device. Then, in step S63, the client device knows the ith data obtained by the client device according to the data R(i) returned by the server device, and according to the stored root node data and the data of the aforementioned sibling node (or the decrypted data) Data) Verification of the authenticity of the data R(i).

根據上面的實施例,用戶端裝置與服務端裝置執行可驗證串流方法以進行資料更新的流程經整理後說明如下。第7圖是本發明實施例之用戶端裝置與服務端裝置執行可驗證串流方法以進行資料更新的流程圖。在步驟S71中,用戶端裝置傳送更新其傳送之第i筆資料為加密的資料E[K](或未加密的資料K)的資料更新指令A(i,K)。在步驟S72中,服務端裝置根據算術Merkle樹,回傳算術Merkle樹底層第i個節點的資料R(i)與算術Merkle樹底層第i個節點往根節點之路徑上的所有兄弟節點之資料(或解密後的資料)給用戶端裝置。之後,在步驟S73中,用戶端裝置根據服務端裝置回傳的資料R(i)知悉其取得之第i筆資料,並根據其儲存的根節點資料與前述兄弟節點之資料(或解密後的資料)驗證資料R(i)的真偽。According to the above embodiment, the flow of the client device and the server device performing the verifiable streaming method for data update is organized as follows. FIG. 7 is a flowchart of a method for performing a verifiable streaming method by a client device and a server device to perform data update according to an embodiment of the present invention. In step S71, the client device transmits a data update command A(i, K) that updates the transmitted ith data to the encrypted material E[K] (or unencrypted material K). In step S72, the server device returns the data of the i-th node of the bottom layer of the arithmetic Merkle tree and the data of all the sibling nodes on the path of the i-th node of the arithmetic Merkle tree to the root node according to the arithmetic Merkle tree. (or the decrypted data) to the client device. Then, in step S73, the client device knows the ith data obtained by the client device according to the data R(i) returned by the server device, and according to the stored root node data and the data of the aforementioned sibling node (or the decrypted Data) Verification of the authenticity of the data R(i).

接著,在步驟S74中,服務端裝置將算術Merkle樹底層第i個節點的資料R(i)更新為加密的資料E[K](或資料K)。接著,在步驟S75中,用戶端裝置計算資料K與資料R(i)解密後(或資料R(i))的差異量,並據此更新算術Merkle樹底層第i個節點上之根節點的資料,其中Merkle樹底層第i個節點上之根節點的資料被更新為其原始資料加上各路徑權重與差異量的乘積。之後,在步驟S76中,服務端裝置根據加密的差異量更新其算術Merkle樹底層之第i個節點往根節點之路徑上的所有節點的資料,其中算術Merkle樹底層之第i個節點往根節點之路徑上的所有節點的資料被更新為其原始資料加上各路徑權重(或加密路徑權重)與差異量的乘積。Next, in step S74, the server device updates the data R(i) of the i-th node at the bottom of the arithmetic Merkle tree to the encrypted material E[K] (or material K). Next, in step S75, the client device calculates the difference between the data K and the data R(i) after decryption (or the data R(i)), and updates the root node on the i-th node of the bottom layer of the arithmetic Merkle tree accordingly. Data, in which the data of the root node on the i-th node of the bottom layer of the Merkle tree is updated to its original data plus the product of each path weight and the difference amount. Then, in step S76, the server device updates the data of all the nodes on the path of the i-th node of the arithmetic Merkle tree to the root node according to the encrypted difference amount, wherein the i-th node of the bottom layer of the arithmetic Merkle tree goes to the root The data of all nodes on the path of the node is updated to the original data plus the product of each path weight (or encrypted path weight) and the difference amount.

根據以上所述,本發明實施例提供的可驗證串流資料方法與系統可以減少用戶端裝置所需要儲存的資料量,且可以支援基礎的資料附加、資料查詢與資料更新指令。另外,在進行資料更新時,可以依據差異量來更新算術Merkle樹中對應節點的資料,而不用全部重新建置算術Merkle樹,故減少了許多的運算量。另外一方面,其中一種可驗證串流方法更可以支援不具有加密解密能力的用戶端裝置,故特別適用於物聯網系統中。According to the above, the method and system for verifying streaming data provided by the embodiments of the present invention can reduce the amount of data that the user equipment needs to store, and can support basic data attachment, data query, and data update instructions. In addition, when the data is updated, the data of the corresponding node in the arithmetic Merkle tree can be updated according to the amount of difference, instead of re-establishing the arithmetic Merkle tree, the number of operations is reduced. On the other hand, one of the verifiable streaming methods can support the client device without encryption and decryption capability, so it is especially suitable for the Internet of Things system.

上述實施例的內容係本發明的眾多實施方式的至少其中之一,本發明所屬技術領域具有通常知識者在閱讀上述內容後,自當可以理解本發明的發明核心概念,並且視其需求對上述實施例進行修改。換言之,上述實施例的內容並非用以限制本發明,且本發明所保護的範圍以下述發明申請專利範圍的文字來界定。The content of the above embodiments is at least one of the numerous embodiments of the present invention, and those skilled in the art having the above-mentioned contents can understand the core concept of the invention and understand the above-mentioned contents. The embodiment is modified. In other words, the above-described embodiments are not intended to limit the invention, and the scope of the invention is defined by the text of the following claims.

1‧‧‧可驗證資料串流系統
11‧‧‧用戶端裝置
12‧‧‧服務端裝置
L1~L8、K1~K4、R1、R2、RR、L1’~L4’、K1’、K2’、R1’‧‧‧節點
S41~S76‧‧‧步驟
w11、w12、w22、w33、w34、w44‧‧‧權重
1‧‧‧ Verifiable data streaming system
11‧‧‧Customer device
12‧‧‧ server device
L1 to L8, K1 to K4, R1, R2, RR, L1' to L4', K1', K2', R1'‧‧‧ nodes
S41~S76‧‧‧Steps
w 11 , w 12 , w 22 , w 33 , w 34 , w 44 ‧ ‧ weights

第1圖是本發明實施例之可驗證串流系統的方塊圖。Figure 1 is a block diagram of a verifiable streaming system in accordance with an embodiment of the present invention.

第2圖是本發明實施例之算術Merkle樹的示意圖。Figure 2 is a schematic diagram of an arithmetic Merkle tree in accordance with an embodiment of the present invention.

第3A圖至第3D圖是用以表示本發明實施例之用戶端裝置與服務端裝置在不同時間點所儲存之資料的示意圖。3A to 3D are diagrams showing data stored at different time points by the client device and the server device according to the embodiment of the present invention.

第4圖是本發明實施例之用戶端裝置執行可驗證串流方法以傳送資料與儲存資料的流程圖。FIG. 4 is a flowchart of a method for a client device to perform a verifiable streaming method for transmitting data and storing data according to an embodiment of the present invention.

第5圖是本發明實施例之服務端裝置執行可驗證串流方法以儲存資料的流程圖。FIG. 5 is a flowchart of a server device performing a verifiable streaming method to store data according to an embodiment of the present invention.

第6圖是本發明實施例之用戶端裝置與服務端裝置執行可驗證串流方法以進行資料查詢的流程圖。FIG. 6 is a flowchart of a method for performing a verifiable streaming method by a client device and a server device according to an embodiment of the present invention to perform data query.

第7圖是本發明實施例之用戶端裝置與服務端裝置執行可驗證串流方法以進行資料更新的流程圖。FIG. 7 is a flowchart of a method for performing a verifiable streaming method by a client device and a server device to perform data update according to an embodiment of the present invention.

Claims (10)

一種可驗證資料串流方法,包括: 於一用戶端裝置: 取得一第i筆資料D(i),其中i為大於等於1的整數; 傳送加密後的該第i筆資料E[D(i)]給一服務端裝置;以及 更新其算術Merkle樹,並僅儲存所有根節點的資料,其中該第i筆資料D(i)填入該算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為該兩節點之資料的路徑權重加總;以及 於該服務端裝置: 接收來自於該用戶端裝置傳送的加密後的該第i筆資料E[D(i)];以及 更新其算術Merkle樹,並儲存所有節點的資料,其中加密後的該第i筆資料E[D(i)]填入該算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為該兩節點之資料的路徑權重加總。A method for verifying data stream, comprising: a user equipment: obtaining an ith data D(i), wherein i is an integer greater than or equal to 1; transmitting the encrypted ith data E[D(i) a] to a server device; and update its arithmetic Merkle tree, and store only the data of all the root nodes, wherein the i-th data D(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and two nodes The data of the parent node is the sum of the path weights of the data of the two nodes; and the server device: receiving the encrypted ith data E[D(i)] transmitted from the client device; Update its arithmetic Merkle tree and store the data of all nodes, wherein the encrypted i-th data E[D(i)] is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the data of the parent nodes of the two nodes The path weights for the data of the two nodes are summed. 如申請專利範圍第1項所述之可驗證資料串流方法,其中採用Paillier’s同形加密。A verifiable data stream method as described in claim 1 wherein Paillier's homomorphic encryption is employed. 如申請專利範圍第1項所述之可驗證資料串流方法,更包括: 該用戶端裝置傳送一資料查詢指令給該服務端裝置以查詢其取得的該第i筆資料D(i); 該服務端裝置回傳其算術Merkle樹底層之第i個節點的資料E[D(i)]以及其算術Merkle樹底層之第i個節點至一根節點的兄弟節點之資料;以及 該用戶端裝置對回傳的該資料E[D(i)]解密,以知悉其取得的該第i筆資料D(i),以及該用戶端裝置根據其儲存的資料與該服務端裝置之算術Merkle樹底層之第i個節點至該根節點的兄弟節點之資料驗證回傳的該資料E[D(i)]之真偽。The provable data stream method of claim 1, further comprising: the client device transmitting a data query command to the server device to query the ith data D(i) obtained by the client device; The server device returns the data E[D(i)] of the i-th node of the bottom layer of the arithmetic Merkle tree and the data of the i-th node of the bottom layer of the arithmetic Merkle tree to the sibling node of one node; and the client device Decoding the returned data E[D(i)] to know the ith data D(i) obtained by the user, and the data of the client device according to the stored data and the arithmetic Merkle tree bottom layer of the server device The data from the i-th node to the sibling node of the root node verifies the authenticity of the returned data E[D(i)]. 如申請專利範圍第1項所述之可驗證資料串流方法,更包括: 該用戶端裝置傳送一資料更新指令給該服務端裝置以更新其傳送的加密後之該第i筆資料E[D(i)]為E[K],其中資料K經加密後為加密後的資料E[K]; 該服務端裝置回傳其算術Merkle樹底層之第i個節點的資料E[D(i)]以及其算術Merkle樹底層之第i個節點至一根節點的兄弟節點之資料; 該用戶端裝置對回傳的該資料E[D(i)]解密,以知悉其取得的該第i筆資料D(i),以及該用戶端裝置根據其儲存的資料與該服務端裝置之算術Merkle樹底層之第i個節點至一根節點的兄弟節點之資料驗證回傳的該資料E[D(i)]之真偽; 該服務端裝置將其算術Merkle樹底層之第i個節點的資料E[D(i)]更新為加密後的資料E[K]; 該用戶端裝置計算該資料K與該資料D(i)的差異量,並且將其算術Merkle樹底層之第i個節點上的根節點之資料更新為其原始資料加上該差異量與各對應路徑權重的乘積;以及 該用戶端裝置傳送該差異量給該服務端裝置,且該服務端裝置將其將其算術Merkle樹底層之第i個節點上的節點之資料進行更新,其中其算術Merkle樹底層之第i個節點上的節點之資料被更新其原始資料加上加密後的差異量與各對應路徑權重的乘積。The method for verifying the data stream as described in claim 1, further comprising: the client device transmitting a data update command to the server device to update the encrypted ith data E [D] (i)] is E[K], where the data K is encrypted and encrypted as the data E[K]; the server device returns the data E[D(i) of the i-th node of the bottom layer of the arithmetic Merkle tree. And the data of the i-th node of the bottom layer of the arithmetic Merkle tree to the sibling node of a node; the client device decrypts the returned data E[D(i)] to know the i-th pen obtained Data D(i), and the client device verifies the backed up data E[D() according to the data stored by it and the i-th node of the bottom layer of the arithmetic Merkle tree of the server device to the brother node of a node. i)] authenticity; the server device updates the data E[D(i)] of the i-th node of the bottom layer of the arithmetic Merkle tree to the encrypted data E[K]; the client device calculates the data K Update the amount of difference from the data D(i) and update the data of the root node on the i-th node of the bottom layer of the arithmetic Merkle tree to its original data. And adding the product of the difference amount to each corresponding path weight; and the client device transmits the difference amount to the server device, and the server device will perform the node on the i-th node of the bottom layer of the arithmetic Merkle tree The data is updated, wherein the data of the node on the i-th node of the bottom layer of the arithmetic Merkle tree is updated with the original data plus the product of the encrypted difference and the weight of each corresponding path. 一種可驗證資料串流方法,包括: 於一用戶端裝置: 取得一第i筆資料D(i),其中i為大於等於1的整數; 傳送加密後的該第i筆資料D(i)給一服務端裝置;以及 更新其算術Merkle樹,並僅儲存所有根節點的資料,其中該第i筆資料D(i)填入該算術Merkle樹底層的第i個節點,且兩節點之父節點之資料為該兩節點之資料的路徑權重加總;以及 於該服務端裝置: 接收來自於該用戶端裝置傳送的該第i筆資料D(i);以及 更新其算術Merkle樹,並儲存所有節點的資料,其中加密後的該第i筆資料D(i)填入該算術Merkle樹底層的第i個節點,該算術Merkle樹底層的兩節點之父節點之資料為該兩節點之加密後的資料的加密路徑權重加總,以及非底層之兩節點之父節點之資料為該兩節點之資料的加密路徑權重加總。A verifiable data stream method, comprising: at a client device: obtaining an ith data D(i), wherein i is an integer greater than or equal to 1; transmitting the encrypted ith data D(i) to a server device; and updating its arithmetic Merkle tree, and storing only the data of all the root nodes, wherein the i-th data D(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the parent node of the two nodes The data is a total of the path weights of the data of the two nodes; and the server device: receives the i-th data D(i) transmitted from the user device; and updates its arithmetic Merkle tree, and stores all The data of the node, wherein the encrypted i-th data D(i) is filled in the i-th node of the bottom layer of the arithmetic Merkle tree, and the data of the parent node of the two nodes at the bottom of the arithmetic Merkle tree is the encrypted of the two nodes. The encrypted path weights of the data are summed, and the data of the parent nodes of the non-bottom nodes is the sum of the encrypted path weights of the data of the two nodes. 如申請專利範圍第5項所述之可驗證資料串流方法,其中採用全同形加密。The verifiable data stream method as described in claim 5, wherein the isomorphic encryption is used. 如申請專利範圍第5項所述之可驗證資料串流方法,更包括: 該用戶端裝置傳送一資料查詢指令給該服務端裝置以查詢其取得的該第i筆資料D(i); 該服務端裝置回傳其算術Merkle樹底層之第i個節點的資料 [D(i)]以及其算術Merkle樹底層之第i個節點至一根節點的兄弟節點之解密後的資料;以及 該用戶端裝置根據回傳的該資料 D(i),以知悉其取得的該第i筆資料D(i),以及該用戶端裝置根據其儲存的資料與該服務端裝置之算術Merkle樹底層之第i個節點至該根節點的兄弟節點之解密的資料驗證回傳的該資料D(i)之真偽。The method for verifying the data stream as described in claim 5, further comprising: the client device transmitting a data query command to the server device to query the ith data D(i) obtained by the client device; The server device returns the data [D(i)] of the i-th node of the bottom layer of the arithmetic Merkle tree and the decrypted data of the i-th node of the bottom layer of the arithmetic Merkle tree to the sibling node of one node; and the user The end device knows the acquired data ith data D(i) according to the returned data D(i), and the data of the client device according to the stored data and the bottom layer of the arithmetic Merkle tree of the server device The decrypted data from the i nodes to the sibling nodes of the root node verifies the authenticity of the returned data D(i). 如申請專利範圍第5項所述之可驗證資料串流方法,更包括: 該用戶端裝置傳送一資料更新指令給該服務端裝置以更新其傳送的加密後之該第i筆資料D(i)為資料K; 該服務端裝置回傳其算術Merkle樹底層之第i個節點的資料D(i)以及其算術Merkle樹底層之第i個節點至一根節點的兄弟節點之解密資料; 該用戶端裝置根據其儲存的資料與該服務端裝置之算術Merkle樹底層之第i個節點至一根節點的兄弟節點之解密資料驗證回傳的該資料D(i)之真偽; 該服務端裝置將其算術Merkle樹底層之第i個節點的資料D(i)更新為資料K; 該用戶端裝置計算該資料K與該資料D(i)的差異量,並且將其算術Merkle樹底層之第i個節點上的根節點之資料更新為其原始資料加上該差異量與各對應路徑權重的乘積;以及 該用戶端裝置傳送該差異量給該服務端裝置,且該服務端裝置將其將其算術Merkle樹底層之第i個節點上的節點之資料進行更新,其中其算術Merkle樹底層之第i個節點上的節點之資料被更新其原始資料加上加密後的差異量與各對應加密路徑權重的乘積。The method for verifying the data stream as described in claim 5, further comprising: the client device transmitting a data update command to the server device to update the encrypted ith data D (i) Is the data K; the server device returns the data D(i) of the i-th node of the bottom layer of the arithmetic Merkle tree and the decrypted data of the i-th node of the bottom layer of the arithmetic Merkle tree to the sibling node of one node; The client device verifies the authenticity of the returned data D(i) according to the stored data and the decrypted data of the i-th node of the bottom layer of the arithmetic Merkle tree of the server device to the node of the node; the server The device updates the data D(i) of the i-th node of the bottom layer of the arithmetic Merkle tree to the material K; the client device calculates the difference between the data K and the data D(i), and computes the bottom of the arithmetic Merkle tree The data of the root node on the i-th node is updated with its original data plus the product of the difference amount and each corresponding path weight; and the client device transmits the difference amount to the server device, and the server device Arithmetic Merkle tree The data of the node on the i-th node of the layer is updated, wherein the data of the node on the i-th node of the bottom layer of the arithmetic Merkle tree is updated with the original data plus the product of the encrypted difference and the weight of each corresponding encryption path. . 如申請專利範圍第5項所述之可驗證資料串流方法,更包括: 該用戶端裝置係傳送m個加密亂數E[x 1]~E[x m]給該服務端裝置,其中x 1~x m為根據各路徑權重產生的亂數,m表示該用戶端裝置與該服務端裝置之算術Merkle樹的層數;以及 該服務端裝置根據計算出相應各路徑權重的m個位元b 1~b m,並且根據該m個位元b 1~b m與該m個加密亂數E[x 1]~E[x m]計算出與該服務端裝置之算術Merkle樹的加密後的各路徑權重E[e xy]=E[b 1]E[x 1]+E[b 2]E[x 2]+…+E[b m]E[x m]。 The method for verifying the data stream as described in claim 5, further comprising: the client device transmitting m encrypted random numbers E[x 1 ] to E[x m ] to the server device, wherein x 1 to x m are random numbers generated according to weights of each path, m represents the number of layers of the arithmetic Merkle tree of the client device and the server device; and the server device calculates m bits according to the corresponding path weights b 1 to b m , and calculating the encryption of the arithmetic Merkle tree with the server device based on the m bits b 1 to b m and the m encrypted random numbers E[x 1 ] to E[x m ] Each path weight E[e xy ]=E[b 1 ]E[x 1 ]+E[b 2 ]E[x 2 ]+...+E[b m ]E[x m ]. 一種可驗證資料串流系統,用以執行如申請專利範圍第1~9項其中之一的可驗證資料串流方法,包括: 該用戶端裝置;以及 該服務端裝置,連結該用戶端裝置。A verifiable data stream system for performing a verifiable data stream method according to any one of claims 1-9, comprising: the client device; and the server device, connecting the client device.
TW106114613A 2017-05-03 2017-05-03 Method and system of verifiable data streaming TWI625957B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106114613A TWI625957B (en) 2017-05-03 2017-05-03 Method and system of verifiable data streaming

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106114613A TWI625957B (en) 2017-05-03 2017-05-03 Method and system of verifiable data streaming

Publications (2)

Publication Number Publication Date
TWI625957B true TWI625957B (en) 2018-06-01
TW201843986A TW201843986A (en) 2018-12-16

Family

ID=63255975

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106114613A TWI625957B (en) 2017-05-03 2017-05-03 Method and system of verifiable data streaming

Country Status (1)

Country Link
TW (1) TWI625957B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050108240A1 (en) * 2001-03-21 2005-05-19 Microsoft Corporation On-disk file format for a serverless distributed file system
US20060095763A1 (en) * 2004-10-29 2006-05-04 International Business Machines Corporation Systems and methods for efficiently authenticating multiple objects based on access patterns
US20070036353A1 (en) * 2005-05-31 2007-02-15 Interdigital Technology Corporation Authentication and encryption methods using shared secret randomness in a joint channel
TWI472935B (en) * 2010-07-29 2015-02-11 Ind Tech Res Inst Scalable segment-based data de-duplication system and method for incremental backups
CN104796290A (en) * 2015-04-24 2015-07-22 广东电网有限责任公司信息中心 Data security control method and data security control platform

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050108240A1 (en) * 2001-03-21 2005-05-19 Microsoft Corporation On-disk file format for a serverless distributed file system
US20060095763A1 (en) * 2004-10-29 2006-05-04 International Business Machines Corporation Systems and methods for efficiently authenticating multiple objects based on access patterns
US20070036353A1 (en) * 2005-05-31 2007-02-15 Interdigital Technology Corporation Authentication and encryption methods using shared secret randomness in a joint channel
TWI472935B (en) * 2010-07-29 2015-02-11 Ind Tech Res Inst Scalable segment-based data de-duplication system and method for incremental backups
CN104796290A (en) * 2015-04-24 2015-07-22 广东电网有限责任公司信息中心 Data security control method and data security control platform

Also Published As

Publication number Publication date
TW201843986A (en) 2018-12-16

Similar Documents

Publication Publication Date Title
JP7033120B2 (en) Methods and systems for quantum key distribution based on trusted computing
Wu et al. Privacy-preserving shortest path computation
KR20190005878A (en) Method and system for secure data transmission
US10374797B2 (en) Public-key encryption system
US9847981B1 (en) Encrypted augmentation storage
US20170272244A1 (en) Public-key encryption system
CN113868708B (en) Double-chain architecture-based method and equipment for safely sharing monitorable data
JP2022522287A (en) Multi-source entropy randomness aggregation and distribution network
US11258588B2 (en) Key exchange method and key exchange system
KR101825838B1 (en) Method of partially encrypting data, method of decrypting a partially-encrpted data, storage medium for a program decrypting a partially-encrpted data
CN111147508B (en) Searchable attribute-based encryption method for resisting keyword guessing attack
CN109039611B (en) Decruption key segmentation and decryption method, device, medium based on SM9 algorithm
US20140052985A1 (en) Methods for providing requested data from a storage device to a data consumer and storage devices
US20220172180A1 (en) Method for Storing Transaction that Represents Asset Transfer to Distributed Network and Program for Same
CN111192050B (en) Digital asset private key storage and extraction method and device
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN108604984A (en) For the encrypted method and system of interest in content center network
US11233707B2 (en) Metadata-based information provenance
CN109257176A (en) Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
JP5269984B2 (en) Encryption key generator
JP2019215391A (en) Decryption device, encryption device and encryption system
WO2020255207A1 (en) Content use system, acceptance terminal, browsing terminal, distribution terminal and content use program
JP6700797B2 (en) Key generation device, intermediate encryption device, entrusted encryption device, decryption device and their programs, and personal information protection system
TWI625957B (en) Method and system of verifiable data streaming
CN108141462B (en) Method and system for database query

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees