-
1.发明申请公开(公告)号:US20120030468A1
公开(公告)日:2012-02-02
申请号:US13194702
申请日:2011-07-29
IPC分类号: H04L9/32
CPC分类号: H04L9/3073 , H04L9/3026 , H04L9/3236 , H04L2209/26 , H04L2209/38
摘要: A system and method for cryptographically checking the correctness of outsourced set operations performed by an untrusted server over a dynamic collection of sets that are owned (and updated) by a trusted source is disclosed. The system and method provides new authentication mechanisms that allow any entity to publicly verify a proof attesting the correctness of primitive set operations such as intersection, union, subset and set difference. Based on a novel extension of the security properties of bilinear-map accumulators as well as on a primitive called accumulation tree, the system and method achieves optimal verification and proof complexity, as well as optimal update complexity, while incurring no extra asymptotic space overhead. The method provides an efficient proof construction, adding a logarithmic overhead to the computation of the answer of a set-operation query. Applications of interest include efficient verification of keyword search and database queries.
摘要翻译: 公开了一种用于密码地检查由不受信任的服务器对由可信源所拥有(并更新)的集合的动态集合执行的外包集合操作的正确性的系统和方法。 系统和方法提供了新的认证机制,允许任何实体公开验证证明原始集合操作的正确性的证明,例如交集,联合,子集和设置差异。 基于双线性映射累加器的安全属性的新颖扩展以及原始称为累积树的原型,系统和方法实现了最优验证和验证复杂度,以及最优的更新复杂度,同时不产生额外的渐近空间开销。 该方法提供了一种有效的证明结构,为设置操作查询的答案的计算增加了对数开销。 感兴趣的应用程序包括关键字搜索和数据库查询的有效验证。
-
2.发明授权公开(公告)号:US08572385B2
公开(公告)日:2013-10-29
申请号:US13194702
申请日:2011-07-29
IPC分类号: H04L9/32
CPC分类号: H04L9/3073 , H04L9/3026 , H04L9/3236 , H04L2209/26 , H04L2209/38
摘要: A system and method for cryptographically checking the correctness of outsourced set operations performed by an untrusted server over a dynamic collection of sets that are owned (and updated) by a trusted source is disclosed. The system and method provides new authentication mechanisms that allow any entity to publicly verify a proof attesting the correctness of primitive set operations such as intersection, union, subset and set difference. Based on a novel extension of the security properties of bilinear-map accumulators as well as on a primitive called accumulation tree, the system and method achieves optimal verification and proof complexity, as well as optimal update complexity, while incurring no extra asymptotic space overhead. The method provides an efficient proof construction, adding a logarithmic overhead to the computation of the answer of a set-operation query. Applications of interest include efficient verification of keyword search and database queries.
摘要翻译: 公开了一种用于密码地检查由不受信任的服务器对由可信源所拥有(并更新)的集合的动态集合执行的外包集合操作的正确性的系统和方法。 系统和方法提供了新的认证机制,允许任何实体公开验证证明原始集合操作的正确性的证明,例如交集,联合,子集和设置差异。 基于双线性映射累加器的安全属性的新颖扩展以及原始称为累积树的原型,系统和方法实现了最优验证和验证复杂度,以及最优的更新复杂度,同时不产生额外的渐近空间开销。 该方法提供了一种有效的证明结构,为设置操作查询的答案的计算增加了对数开销。 感兴趣的应用程序包括关键字搜索和数据库查询的有效验证。
-
公开(公告)号:US08726034B2
公开(公告)日:2014-05-13
申请号:US12737887
申请日:2009-08-28
IPC分类号: G06F21/00
CPC分类号: G06F21/64 , G06F17/30327 , G06F21/00 , H04L12/28
摘要: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.
摘要翻译: 在一个示例性实施例中,一种装置包括存储数据的存储器和执行操作的处理器。 该设备为存储的数据生成或维护累积树 - 具有根节点,叶节点和内部节点的有序树结构。 每个叶节点对应于数据的一部分。 树的深度保持不变。 每个内部节点的度数的限制是根据内部节点的子树的叶节点数量的函数。 树的每个节点都有累积值。 根和内部节点的累积值通过在位于所讨论的节点下方一级的节点的累积值上分级地采用累加器来确定。 根节点的累积值是树的摘要。
-
4.发明申请公开(公告)号:US20110225429A1
公开(公告)日:2011-09-15
申请号:US12737887
申请日:2009-08-28
IPC分类号: G06F21/00
CPC分类号: G06F21/64 , G06F17/30327 , G06F21/00 , H04L12/28
摘要: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.
摘要翻译: 在一个示例性实施例中,一种装置包括存储数据的存储器和执行操作的处理器。 该设备为存储的数据生成或维护累积树 - 具有根节点,叶节点和内部节点的有序树结构。 每个叶节点对应于数据的一部分。 树的深度保持不变。 每个内部节点的度数的限制是根据内部节点的子树的叶节点数量的函数。 树的每个节点都有累积值。 根和内部节点的累积值通过在位于所讨论的节点下方一级的节点的累积值上分级地采用累加器来确定。 根节点的累积值是树的摘要。
-
5.发明申请APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS PROVIDING DYNAMIC PROVABLE DATA POSSESSION 有权提供动态可用数据位置的装置,方法和计算机程序产品公开(公告)号:US20130198854A1
公开(公告)日:2013-08-01
申请号:US12737583
申请日:2009-07-24
IPC分类号: G06F21/60
CPC分类号: G06F21/60 , H04L9/008 , H04L9/3218 , H04L9/3236 , H04L2209/30
摘要: In one exemplary embodiment, a method includes: storing data for a file, organized as blocks, each having a portion of the file; and maintaining a skip list for the data. The skip list is an ordered tree structure having a root node, internal nodes and leaf nodes. Each leaf node corresponds to a block. Each node has a rank value corresponding to size of a subtree rooted at the node. The skip list employs a hashing scheme. The hash value of the root node and internal nodes is computed from a level of the node, the rank value and an interval between the node and another linked node to the right of or below the node. The hash value of the leaf nodes is computed from a level of the node, the rank value and an interval associated with the node.
摘要翻译: 在一个示例性实施例中,一种方法包括:存储用于文件的数据,其被组织为块,每个具有文件的一部分; 并维护数据的跳过列表。 跳过列表是具有根节点,内部节点和叶节点的有序树结构。 每个叶节点对应一个块。 每个节点具有对应于根节点的子树的大小的等级值。 跳过列表使用散列方案。 根节点和内部节点的哈希值是从节点的级别,等级值以及节点与节点右侧或下方的另一个链接节点之间的间隔计算出来的。 从节点的级别,等级值和与节点相关联的间隔计算叶节点的哈希值。
-
6.发明授权Apparatus, methods, and computer program products providing dynamic provable data possession 有权提供动态可证明的数据拥有的装置,方法和计算机程序产品公开(公告)号:US08978155B2
公开(公告)日:2015-03-10
申请号:US12737583
申请日:2009-07-24
CPC分类号: G06F21/60 , H04L9/008 , H04L9/3218 , H04L9/3236 , H04L2209/30
摘要: In one exemplary embodiment, a method includes: storing data for a file, organized as blocks, each having a portion of the file; and maintaining a skip list for the data. The skip list is an ordered tree structure having a root node, internal nodes and leaf nodes. Each leaf node corresponds to a block. Each node has a rank value corresponding to size of a subtree rooted at the node. The skip list employs a hashing scheme. The hash value of the root node and internal nodes is computed from a level of the node, the rank value and an interval between the node and another linked node to the right of or below the node. The hash value of the leaf nodes is computed from a level of the node, the rank value and an interval associated with the node.
摘要翻译: 在一个示例性实施例中,一种方法包括:存储用于文件的数据,其被组织为块,每个具有文件的一部分; 并维护数据的跳过列表。 跳过列表是具有根节点,内部节点和叶节点的有序树结构。 每个叶节点对应一个块。 每个节点具有对应于根节点的子树的大小的等级值。 跳过列表使用散列方案。 根节点和内部节点的哈希值是从节点的级别,等级值以及节点与节点右侧或下方的另一个链接节点之间的间隔计算出来的。 从节点的级别,等级值和与节点相关联的间隔计算叶节点的哈希值。
-
公开(公告)号:US07974221B2
公开(公告)日:2011-07-05
申请号:US12223224
申请日:2007-01-24
IPC分类号: H04L12/28
CPC分类号: H04L67/104 , H04L63/12 , H04L63/126 , H04L67/1065 , H04L67/1089
摘要: In one exemplary embodiment, a method includes: providing an abstract tree structure having a root node, tree nodes, and leaf nodes, each leaf node corresponds to a portion of data; mapping first network nodes of a distributed network to the tree nodes; mapping second network nodes to the leaf nodes; assigning unique identifiers to the root node, tree nodes, and leaf nodes; storing, at each first network node, the unique identifier of the corresponding tree node, the unique identifier of a parent, and the unique identifiers of children; storing, at each second network node, the portion of data and path information; providing a distributed hash tree wherein the DHT includes a hash value for each node of the ATS signing the top hash value for the root node; and storing, at each second network node, the corresponding hash value of the tree node and the hash values of children.
摘要翻译: 在一个示例性实施例中,一种方法包括:提供具有根节点,树节点和叶节点的抽象树结构,每个叶节点对应于一部分数据; 将分布式网络的第一个网络节点映射到树节点; 将第二个网络节点映射到叶节点; 为根节点,树节点和叶节点分配唯一标识符; 在每个第一网络节点处存储相应树节点的唯一标识符,父节点的唯一标识符和子节点的唯一标识符; 在每个第二网络节点处存储数据和路径信息的一部分; 提供分布式散列树,其中所述DHT包括为所述根节点签名所述顶部哈希值的所述ATS的每个节点的哈希值; 并且在每个第二网络节点处存储所述树节点的对应散列值和所述子节点的哈希值。
-
公开(公告)号:US20100110935A1
公开(公告)日:2010-05-06
申请号:US12223224
申请日:2007-01-24
CPC分类号: H04L67/104 , H04L63/12 , H04L63/126 , H04L67/1065 , H04L67/1089
摘要: A method and distributed network are provided. The method includes: providing an abstract tree structure having a root node, a plurality of tree nodes, and a plurality of leaf nodes, wherein each leaf node corresponds to at least a portion of data (box 601); mapping, in accordance with a first mapping function, a plurality of first network nodes of a distributed network to the plurality of tree nodes of the abstract tree structure (box 602); mapping, in accordance with a second mapping function, a plurality of second network nodes of the distributed network to the plurality of leaf nodes of the abstract tree structure (box 603); assigning a unique identifier to the root node, each tree node, and each leaf node (box 604); storing, at each first network node, the unique identifier of the corresponding tree node, the unique identifier of a parent of that tree node, and the unique identifiers of children of that tree node (box 605); storing, at each second network node, the corresponding at least a portion of data and path information having a path of nodes from the corresponding leaf node to the root node (box 606); providing a distributed hash tree corresponding to the abstract tree structure, wherein the distributed hash tree includes a corresponding hash value for each node of the abstract tree structure, wherein the corresponding hash value for the root node is atop hash value (box 607); signing the top hash value of the distributed hash tree (box 608); and storing, at each second network node, the corresponding hash value of the corresponding tree node and the corresponding hash values of children of that tree node (box 609).
摘要翻译: 提供了一种方法和分布式网络。 该方法包括:提供具有根节点,多个树节点和多个叶节点的抽象树结构,其中每个叶节点对应于数据的至少一部分(框601); 根据第一映射函数将分布式网络的多个第一网络节点映射到抽象树结构的多个树节点(框602); 根据第二映射函数将分布式网络的多个第二网络节点映射到抽象树结构的多个叶节点(框603); 向根节点,每个树节点和每个叶节点分配唯一标识符(框604); 在每个第一网络节点处存储相应树节点的唯一标识符,该树节点的父节点的唯一标识符以及该树节点的子节点的唯一标识符(框605); 在每个第二网络节点处存储对应的至少一部分数据和路径信息,所述数据和路径信息具有从相应叶节点到根节点的节点路径(框606); 提供对应于抽象树结构的分布式散列树,其中分布式散列树包括抽象树结构的每个节点的对应散列值,其中根节点的对应散列值是顶部散列值(框607); 签署分布式散列树的顶部哈希值(框608); 并且在每个第二网络节点处存储相应树节点的对应散列值和该树节点的子节点的相应哈希值(框609)。
-
9.发明授权公开(公告)号:US07257711B2
公开(公告)日:2007-08-14
申请号:US10416015
申请日:2001-11-08
CPC分类号: H04L9/3268 , H04L9/3236 , H04L2209/30 , H04L2209/38 , Y10S707/99932
摘要: An efficient and practical method for dynamically maintaining an authenticated dictionary uses a skip list data structure and communicative hash functions to provide a dictionary database (201) that stores information objects so that any individual object can be authenticated as belonging or not belonging to the dictionary. The authentication consists of a short sequence of vales that begin with an element and a sequence of values that, when hashed in order using a cryptographic associative hash function, create the same value as the hashed digest of the entire dictionary. Rather than hashing up a dynamic 2-3 tree, hashes are created in a skip list. Validation of the result of the authenticating step is provided if the hash of the short sequence matches a signed hash of the entire skip list.
摘要翻译: 用于动态维护认证字典的有效和实用的方法使用跳过列表数据结构和通信散列函数来提供存储信息对象的字典数据库(201),使得可以将任何单独的对象认证为属于或不归属于该字典。 身份验证包括一个从一个元素开始的值序列,一系列值,当使用加密关联散列函数进行散列时,创建与整个字典的散列摘要相同的值。 而不是放入一个动态的2-3树,而是在一个跳过列表中创建散列。 如果短序列的散列与整个跳过列表的签名散列匹配,则提供验证步骤的结果的验证。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.02 秒)
