近年來糾刪碼Erasure code (將數據分為k 個碎片, 編碼為n 個,其中任意k 個編碼後數據可用來恢復原始數據) 因為有較佳的傳輸效率
而被大量使用在多點傳送(multicast) 網路資料傳輸應用上，但是如
果在傳輸過程中，或是發送者蓄意傳輸錯誤的資料，則接收端必須
要等到累積足夠資料要解回原始資料時才能發現有接收到錯誤資
料。這篇論文想利用秘密分享(secret sharing scheme) 的編碼特性，加以改良，使得資料傳輸時加上驗證機制，讓接收端在接收到部份資料時就能馬上驗證其正確性，若發現該資料無法過驗證則馬上捨
棄，直接接收下一份資料。這個方法的驗證安全性是基於橢圓曲線
離散對數問題(ECDLP) 的困難性上，透過利用橢圓曲線運算，可以
降低運算量又可達到公開金鑰的訴求。另外，我將提供一種分配資
料的演算法，透過線性規劃與可存取結構(access structure) 的圖形化重組，可達到自動化地在多項式時間複雜度內決定分配策略，並配合本篇論文提出的編碼方法解決目前網路傳輸應用的更一般化的資
料分配傳輸問題。

In recent years, many multicast applications, such as audio, videoconferencing, one-to-many file transfer and Pay-TV, are emerging and provide us convenient daily life. Comparing with unicast, multicast can simultaneously transfer data to multiple receivers using fewer bandwidth. However, reliable multicast transmission should be guaranteed so that the data can be correctly and reliably transferred to multiple receivers. The factors of unreliability include, buffer overflow in the routers, user heterogeneity, user mobility, and other potential equipment malfunction, and etc. Although retransmission strategy by using ack-based protocols can be utilized to reach the goal of reliability in unicast communication, it does not scale well in multicast applications, where heterogeneous receivers may have different lost data blocks.

To meet the requirement of reliability for multicast applications, a new class of Forward Error Correction (FEC), called Erasure codes, has been extensively studied and applied to multicast transmission. Erasure code allows
the receiver to correct erasure without retransmission and is especially useful for those circumstances, where retransmission is impossible, such as multicast networks, wireless networks, and satellite communication, and etc. Recently, erasure code has been extensively applied to multicast net work transmission due to its higher transmission efficiency. However, many open issues are still needed to be addressed. Using conventional erasure code, the receivers are unable to verify the correctness of the receiving data packets on-the-fly, unless all data packets have been received and decoded by the receiver. In this thesis, we proposed a new erasure code to provide reliable multicast data distribution. The proposed codes
satisfy all requirements of erasure codes, and are inspired by secret sharing technology and Elliptic Curve Discrete Logarithm Problem (ECDLP). More importantly, the receivers can verify its receiving data on-the-fly by using the codes. The analysis also shows the security and feasibility of the proposed scheme.

[1] L. Rizzo, “Effective erasure codes for reliable computer communication protocols,”ACM SIGCOMM Computer Communication Review, vol. 27, no. 2, pp. 24--36, Apr. 1997.
[2] E. Oswald, “Introduction to elliptic curve cryptography,” Online at: http://www. iaik.tu-graz. ac. at/aboutus/people/oswald, pp. 1--20, 2005.
[3] M. Castro, P. Druschel, A. Kermarrec, and A,“SplitStream: high-bandwidth multicast in cooperative environments,” ACM SIGOPS Operating Systems Review, vol. 37, pp.298--313, 2003.
[4] W. W. Lin, S. Shieh, and J.-C. Lin, “A Pollution Attack Resistant Multicast Authentication Scheme Tolerant to Packet Loss,” 2008 Second International Conference on Secure System Integration and Reliability Improvement, pp. 8--15, Jul. 2008.
[5] H.-M. Sun, S.-Y. Chang, and H.-T. Chiao, “Polynomial Interpolation codes for reliable multicast data distribution,” TENCON 2009 - 2009 IEEE Region 10 Conference, pp.1--6, Nov. 2009.
[6] Z. Liu, X. Li, and Z. Dong, “Direct Fingerprinting on Multicasting Compressed Video,”Electrical Engineering, 2005.
[7] J. Byers, J. Considine, M. Mitzenmacher, and S. Rost, “Informed content delivery across adaptive overlay networks,” IEEE/ACM Transactions on, pp. 767--780, 2004.
[8] S. Parikh, “On the Use of Erasure Codes in Unreliable Data Networks,”Ph.D. dissertation, 2001.
[9] S. Agrawal and D. Boneh, “Homomorphic MACs: MAC-Based Integrity for Network Coding,” Network, pp. 292--305, 2009.
[10] Y. Fan, Y. Jiang, H. Zhu, and X. Shen, “An Efficient Privacy-Preserving Scheme against Traffic Analysis Attacks in Network Coding,” IEEE INFOCOM 2009 - The 28th Conference
on Computer Communications, pp. 2213--2221, Apr. 2009.
[11] A. H. Chuang, D. Xu, M. Atallah, B. Bhargava, and John, “Verifying Data Integrity in Peer-to-Peer Media Streaming,”in In Proc. of the 12th Annual Multimedia Computing and Networking (MMCN) '05, 2005, pp. 1--12.
[12] E. Blouin, “Fault-tolerant Distributed Computing Scheme based on Erasure Codes,”Distributed Computing, pp. 1--6.
[13] J. M. Park, E. K. P. Chong, and H. J. Siegel, “Efficient multicast stream authentication using erasure codes,” ACM Transactions on Information and System Security, vol. 6, no. 2, pp. 258--285, May 2003.
[14] J. Hartline, R. Libeskind-Hadas, K. Dresner, E. Drucker, and K. Ray, “Optimal Virtual Topologies for One-To-Many Communication in WDM Paths and Rings,” IEEE/ACM
Transactions on Networking, vol. 12, no. 2, pp. 375--383, Apr. 2004.
[15] W. Zeng, S. Lei, and S. Member, “Efficient frequency domain selective scrambling of digital video,” IEEE Transactions on Multimedia, vol. 5, no. 1, pp. 118--129, Mar. 2003.
[16] W. T. Zhu, “A Cost-Efficient Secure Multimedia Proxy System,” IEEE Transactions on Multimedia, vol. 10, no. 6, pp. 1214--1220, Oct. 2008.
[17] S. Paul, Multicasting On The Internet And Its Applications. Kluwer Academic Publishers, 1998.
[18] M. Amin and A. Spielmans, “Practical Loss-Resilient Codes,” Science, pp. 150--159, 1997.
[19] J. Byers, M. Luby, and M. Mitzenmacher, “Accessing multiple mirror sites in parallel: using Tornado codes tospeed up downloads,”in IEEE INFOCOM'99. Eighteenth
Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings, vol. 1, 1999.
[20] I. Reed and G. Solomon, “Polynomial codes over certain finite fields,” Journal of the Society for Industrial and Applied Mathematics, vol. vol8, no. 10, pp. 300--304, 1960.
[21] S. Wicker and V. Bhargava, “An introduction to Reed-Solomon codes,” Reed-Solomon codes and their applications, p. 1, 1999.
[22] M. Luby, “LT codes,” The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings., pp. 271--280, 2009.
[23] A. Shokrollahi, “Raptor codes,” IEEE Transactions on Information Theory, vol. 52, no. 6, pp. 2551--2567, 2006.
[24] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An Efficient Signature-Based Scheme for Securing Network Coding Against Pollution Attacks,” 2008 IEEE INFOCOM - The 27th Conference on Computer Communications, pp. 1409--1417, Apr. 2008.
[25] D. MacKay, “Fountain codes,” IEE Proceedings Communications, vol. 152, no. 6, pp.1062--1068, 2005.
[26] M. Krohn, M. Freedman, and D. Mazieres, “On-the-fly verification of rateless erasure codes for efficient content distribution,”IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, pp. 226--240, 2004.
[27] Y.-J. Lin, S. Shieh, and W. W. Lin, “Lightweight, pollution-attack resistant multicast authentication scheme,” Proceedings of the 2006 ACM Symposium on Information, computer and communications security - ASIACCS '06, p. 148, 2006.
[28] M. K. R. James Hendricks, Gregory R. Ganger, “Verifying Distributed Erasure-Coded Data,”in Proceedings of the Twenty-Sixth Annual ACM SIGACT-SIGOPS Symposium on
Principles of Distributed Computing (PODC 2007), 2007.
[29] C. Cachin and S. Tessaro, “Optimal Resilience for Erasure-Coded Byzantine Distributed Storage,” International Conference on Dependable Systems and Networks (DSN'06), pp.115--124, 2005.
[30] V. Shoup, “Practical threshold signatures,” Advances in Cryptology—EUROCRYPT 2000, pp. 207--220, 2000.
[31] J. Martin, L. Alvisi, and M. Dahlin, “Minimal byzantine storage,” Distributed Computing, pp. 1--19, 2002.
[32] G. Goodson, J. Wylie, G. Ganger, and M. Reiter, “Efficient Byzantine-tolerant erasurecoded storage,” in International Conference on Dependable Systems and Networks,
vol. 63, no. June. Citeseer, 2004, pp. 1--10.
[33] B. Blakley, G. Blakley, A. Chan, and J. Massey, “Threshold schemes with disenrollment,”Advances in Cryptology—CRYPTO39;92, pp. 540--548.
[34] M. Ito, A. Saito, and T. Nishizeki, “Secret sharing scheme realizing general access structure,” Electronics and Communications in Japan (Part III: Fundamental Electronic Science), vol. 72, no. 9, pp. 56--64, 1989.
[35] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp.612--613, 1979.
[36] G. Blakley, “Safeguarding cryptographic keys,” Monval, NJ, USA, pp. 313--317, 1979.
[37] R. J. McEliece and D. V. Sarwate,“On sharing secrets and Reed-Solomon codes,”Communications of the ACM, vol. 24, no. 9, pp. 583--584, Sep. 1981.
[38] J. Yuan and C. Ding, “Secret sharing schemes from three classes of linear codes,” IEEE Transactions on Information Theory, vol. 52, no. 1, pp. 206--212, Jan. 2006.
[39] R. Poovendran, “Disenrollment with perfect forward secrecy in threshold schemes,”IEEE Transactions on Information Theory, vol. 52, no. 4, pp. 1676--1682, Apr. 2006.
[40] R. Steinfeld and J. Pieprzyk, “Lattice-Based Threshold Changeability for Standard Shamir Secret-Sharing Schemes,” IEEE Transactions on Information Theory, vol. 53,
no. 7, pp. 2542--2559, Jul. 2007.
[41] W. A. Jackson, K. M. Martin, and C. M. O'Keefe, “On sharing many secrets,”in Advances in Cryptology —ASIACRYPT'94. Springer Berlin / Heidelberg, 1994.
[42] T.-Y. Chang, M.-S. Hwang, and W.-P. Yang, “A new multi-stage secret sharing scheme using one-way function,” ACM SIGOPS Operating Systems Review, vol. 39, no. 1, pp.
48--55, Jan. 2005.
[43] K. Wang, X. Zou, and Y. Sui, “A Multiple Secret Sharing Scheme based on Matrix Projection,” 2009 33rd Annual IEEE International Computer Software and Applications
Conference, pp. 400--405, 2009.
[44] H.-Y. Lin and Y.-S. Yeh, “Dynamic Multi-Secret Sharing Scheme,” Performance Evaluation, vol. 3, no. 1, pp. 37--42, 2008.
[45] C. Blundo and B. Masucci,“Randomness in Multi Secret Sharing Schemes,”Computer, 1999.
[46] W. Yan, Z. Xiaoyan, D. Weifeng, and G. Yan, “Threshold Multi-Secret Sharing Scheme for Cheat-Proof among Weighted Participants,” ISECS, p. 3, 2009.
[47] C. Tartary, J. Pieprzyk, and H. Wang, “Verifiable Multi-secret Sharing Schemes for Multiple Threshold Access Structures,”in Information Security and Cryptology. Springer, 2007, pp. 167--181.
[48] C. Peng and X. Li, “Threshold signcryption scheme based on elliptic curve cryptosystem and verifiable secret sharing,” Proceedings. 2005 International Conference on Wireless Communications, Networking and Mobile Computing, 2005., pp. 1136--1139, 2005.
[49] S.-J. Wang, Y.-R. Tsai, and J.-J. Shen,“Dynamic Threshold Multi-secret Sharing Scheme Using Elliptic Curve and Bilinear Maps,” 2008 Second International Conference on
Future Generation Communication and Networking, pp. 405--410, Dec. 2008.
[50] D. Liu, D. Huang, P. Luo, and Y. Dai, “New schemes for sharing points on an elliptic curve,” Computers Mathematics with Applications, vol. 56, no. 6, pp. 1556--1561, Sep. 2008.
[51] H. Sun, X. Zheng, and Y. Yu, “A Proactive Secret Sharing Scheme Based on Elliptic Curve Cryptography,” 2009 First International Workshop on Education Technology and
Computer Science, pp. 666--669, Mar. 2009.
[52] S.-J. Wang, Y.-R. Tsai, and C.-C. Shen, “Verifiable Threshold Scheme in Multi-Secret Sharing Distributions upon Extensions of ECC,” Wireless Personal Communications,
Dec. 2009.
[53] C. Wei, L. Xiang, B. Yuebin, and G. Xiaopeng, “A New Dynamic Threshold Secret Sharing Scheme from Bilinear Maps,”2007 International Conference on Parallel Processing
Workshops (ICPPW 2007), no. Icppw, pp. 19--19, Sep. 2007.
[54] R. Shi, H. Zhong, and L. Huang, “A (t, n)-threshold verified multi-secret sharing scheme based on ECDLP,”in Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007. SNPD 2007. Eighth ACIS International Conference on, vol. 2, no. 070412051, 2007, pp. 9--13.
[55] N. Koblitz, “Elliptic curve cryptosystems,”Mathematics of computation, vol. 48, no. 177, pp. 203--209, 1987.
[56] D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital signature algorithm (ECDSA),” International Journal of Information, vol. 1, no. 1, pp. 36--63, 2001.
[57] R. Lercier and F. Morain, “Counting the number of points on elliptic curves over finite fields: strategies and performances,”in Advances in Cryptology—EUROCRYPT’95,
no. 0044193. Springer, 1995, pp. 79--94.
[58] J. H.Silverman, The Arithmetic of Elliptic Curves. New York: Springer-Verlag, 1992.
[59] H. Stark, “Counting Points on CM Elliptic Curves,” Rocky Mountain Journal of Mathematics, vol. 26, no. 3, pp. 1115--1138, Sep. 1996.
[60] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “Aggregate and verifiably encrypted signatures from bilinear maps,” Advances in Cryptology—EUROCRYPT 2003, pp. 641--641, 2003.
[61] J. Furukawa, “An Efficient Group Signature Scheme from Bilinear Maps,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E89-A, no. 5, pp. 1328--1338, May 2006.
[62] D. Boneh, I. Mironov, and V. Shoup, “A secure signature scheme from bilinear maps,”Topics in Cryptology—CT-RSA 2003, pp. 98--110, 2003.
[63] M. Gagne, “Applications of bilinear maps in cryptography,” Master's thesis, University of Waterloo, 2002.
[64] P. Kirschenhofer and H. Prodinger, “A result in order statistics related to probabilistic counting,” Computing, vol. 27, pp. 15--27, 1993.
[65] H. C. Ku, “Decomposition Construction for Secret Sharing Schemes in Polynomial Time,”Master Thesis, National Tsing Hua Univisity, Hsinchu, Taiwan, 2004.
[66] M. Dijk, “On the information rate of perfect secret sharing schemes,” Designs, Codes and Cryptography, vol. 6, no. 2, pp. 143--169, Sep. 1995.
[67] C. Blundo, a. Santis, D. Stinson, and U. Vaccaro, “Graph decompositions and secret sharing schemes,” Journal of Cryptology, vol. 8, no. 1, pp. 39--64, 1995.
[68] D. R. Stinson, “Decomposition constructions for secret sharing schemes,” IEEE Trans. Inform. Theory IT-40, pp. 118--125, 1994.
[69] L. Khachiyan, “A Polynomial algorithm in linear programming,” Soviet Math. Dokl., vol. 20, pp. 191--194, 1979.
[70] N. Karmarkar, “A new polynomial-time algorithm for linear programming,” Combinatorica, vol. 244, no. S, pp. 159--395, 1984.
[71] P. M. Vaidya, “An algorithm for linear programming which requires O(((m+n)n 2+(m+n)1.5 n)L) arithmetic operations,”pp. 175--201, May 1990.
[72] M. Li, R. Poovendran, and C. Berenstein, “Design of secure multicast key management schemes withcommunication budget constraint,” IEEE Communications Letters, vol. 6,
no. 3, pp. 108--110, 2002.
[73] F. Mah, “Group Key Management in Multicast Security,”” Helsinki University of Technology.
[74] P. S. Kruus and J. P. Macker, “Techniques and Issues in Multicast Security,” October, pp. 1--15, 1998.
[75] R. Buyya, C. Yeo, S. Venugopal, J. Broberg, and I, “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Generation Computer, 2009.
[76] S. Ahead, “Cloud Computing: Silver Lining or Storm Ahead?” iac.dtic.mil, vol. 13, no. 2, 2010.
[77] D. Catteddu and G. Hogben, “Cloud Computing: benefits, risks and recommendations for information security,””2009.
[78] X. Zhang, J. Schiffman, S. Gibbs, A. Kunjithapatham, and S. Jeong, “Securing elastic applications on mobile devices for cloud computing,”in Proceedings of the 2009 ACM
workshop on Cloud computing security - CCSW '09. New York, New York, USA: ACM Press, 2009, pp. 127--134.
[79] A. Yun and Y. Kim, “On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage,”in Work, 2009, pp. 67--75.
[80] J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, “Managing security of virtual machine images in a cloud environment,”in Proceedings of the 2009 ACM workshop on
Cloud computing security - CCSW '09, no. Vm. New York, New York, USA: ACM Press, 2009, pp. 91--96.
[81] W. Wang, Z. Li, R. Owens, and B. Bhargava, “Secure and efficient access to outsourced data,”in Proceedings of the 2009 ACM workshop on Cloud computing security - CCSW
'09. New York, New York, USA: ACM Press, 2009, pp. 55--65.
[82] R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina,“Controlling Data in the Cloud : Outsourcing Computation without Outsourcing Control,”
in Security, 2009, pp. 85--90.
[83] P. S. C. S. I. Feresten, “Storage Multi-Tenancy for Cloud Computing,””2010.
[84] A. Dimakis, V. Prabhakaran, and K. Ramchandran, “Decentralized erasure codes for distributed networked storage,” IEEE/ACM Transactions on Networking (TON), vol. 14, no. SI, p. 2816, 2006.