隐私保护的高效可验证数据流协议

Efficient Verifiable Data Streaming Protocol with Privacy Protection

可验证数据流(verifiable data streaming,VDS)协议使得资源有限、计算能力不足的用户将爆炸式增长的数据外包到不完全可信的云服务器上,任意用户可以检索特定位置的数据并公开验证结果的正确性,不仅可以防止云端服务器篡改数据内容和对应位置,还允许数据拥有者有效更新已经外包的数据.然而,已有的可验证数据流协议没有考虑外包数据的隐私性,且用户添加新数据的复杂度与已存储数据的规模成对数关系,难以满足一些应用场景中对低延时和隐私保护的需求.本文构造了一个基于对称加密体制的新型变色龙认证树,对数据流先加密再存储,以此来保证数据的隐私性;依据通用的构造范式提出了新的支持隐私保护的高效可验证数据流协议,使得添加数据的计算开销达到了常量级,与已外包存储数据的规模无关.安全性和性能分析表明,所提出可验证数据流协议在标准模型下满足相应的安全性定义,且在隐私保护和计算开销方面具有优势.

The primitive of verifiable data streaming(VDS)enables users with limited resources and weak computing power to outsource explosive and growing data streams to untrusted cloud servers.Anyone should be able to retrieve data at a particular location and publicly verify the correctness of the results,so that the cloud server cannot tamper with the data content and location.At the same time,the data owner can efficiently update data elements in the outsourced data.However,the privacy of outsourced data is not considered in the existing verifiable data streaming protocols,and the complexity of adding new data by users is logarithmic with the scale of stored data.Therefore,it is difficult to meet the needs of low latency and privacy protection in some application scenarios.This paper proposes a chameleon authentication tree based on symmetric encryption primitive,which encrypts data streaming and then outsources to ensure the privacy of data.Furthermore,according to the general construction paradigm,a new verifiable data streaming protocol with privacy protection is proposed.This new verifiable data streaming protocol makes the computational complexity of adding data a constant,regardless of the size of stored data.The security analysis shows that the proposed verifiable data streaming protocol meets the corresponding security definition under the standard model,and has advantages in terms of privacy protection and computational overhead.