CN104994110B - A kind of method audited for designated-verifier to cloud storage data - Google Patents

A kind of method audited for designated-verifier to cloud storage data Download PDF

Info

Publication number
CN104994110B
CN104994110B CN201510419271.5A CN201510419271A CN104994110B CN 104994110 B CN104994110 B CN 104994110B CN 201510419271 A CN201510419271 A CN 201510419271A CN 104994110 B CN104994110 B CN 104994110B
Authority
CN
China
Prior art keywords
verifier
designated
cloud
signature
lattice
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510419271.5A
Other languages
Chinese (zh)
Other versions
CN104994110A (en
Inventor
许春香
张晓均
张源
金春花
徐辰福
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201510419271.5A priority Critical patent/CN104994110B/en
Publication of CN104994110A publication Critical patent/CN104994110A/en
Application granted granted Critical
Publication of CN104994110B publication Critical patent/CN104994110B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to field of communication technology, particularly relates to a kind of method audited for designated-verifier to cloud storage data.The present invention method be mainly:System carries out piecemeal processing to data file first, produces the public private key pair of cloud user and Cloud Server respectively, and cloud user produces the signature and data file label of data block, the signature set, data file and its label of data block are sent to Cloud Server;Then cloud user calls lattice agent algorithms to calculate its public private key pair according to the identity of designated-verifier, and is safely sent to designated-verifier;Last designated-verifier produces audit challenge information to Cloud Server, and Cloud Server is according to audit challenge information, and audit response proves and is sent to designated-verifier for acquisition, and designated-verifier verifies that this audit response proves according to lattice signature verification method.

Description

A kind of method audited for designated-verifier to cloud storage data
Technical field
The invention belongs to field of communication technology, particularly relate to it is a kind of be used for designated-verifier to cloud storage data into The method of row audit.
Background technology
With the development of network technology and continuing to increase for storage demand amount, cloud storage is being used as memory module of new generation Progressively occur and rise.Although cloud storage brings many facilities to user, in terms of it is also proposed some security privacies at the same time Challenge.Although cloud service provider is capable of providing the storage device of security higher, the data of magnanimity are stored in cloud clothes It is engaged on device so that data are easier the active attack by attacker.For cloud service provider, due to some interests reasons, They may not truly react the storage condition to user data.Such as:Cloud service provider may be because interests reason Delete the data that some users seldom access, or cloud service provider has concealed the loss of the user data caused by him to tie up Protect his reputation.It can therefore be seen that although cloud storage can bring many advantages and facility, it does not ensure that user deposits Store up the authenticity and integrity of data.
In order to solve the safety problem of cloud storage data above-mentioned, it would be desirable to which the data being stored on cloud are carried out Audit, this scheme that can be audited to the data stored on cloud we be known as cloud storage Data Audit agreement.Work as user After storing data into Cloud Server, user just loses the control to data.Auditable cloud storage data be user or The trusted third party of user's commission carries out regular audit to the data of cloud storage.By audit, user being capable of real-time confirmation He is stored in the authenticity and integrity of the data on Cloud Server.Even if there is such cloud storage Data Audit service, to For family, the executor for selecting audit task is also problem needed to be considered.Such as in public audit program, as long as holding Effective certificate parameter, anyone can verify the data integrity of user.So, the private data of user or secret Confidential information may be obtained than unauthorized parties.So user needs to specify a special identifier come the task of auditing, with Ensure the privacy of data.
Cloud storage Data Audit method is all based on classical cryptosystem at present, and such issues that be all quantum computer It can easily crack, be unsafe under quantum environment.It will be designed in view of big data in quantum epoch long-term existence The Designated-Verifier Data Audit scheme that quantum attack can be resisted just has great importance..
The content of the invention
It is to be solved by this invention, aiming at the above problem, propose a kind of being tested for specifying based on lattice difficult problem The method that witness audits cloud storage data, the method can be effective against the attack of quantum computer.
To achieve the above object, the present invention adopts the following technical scheme that:
A kind of method audited for designated-verifier to cloud storage data, it is characterised in that comprise the following steps:
A. system initialization, specifically includes:
A1. piecemeal processing is carried out to data file, the security parameter of lattice cryptographic algorithm and the hash function of safety is set;
A2. the public private key pair of cloud user and Cloud Server is produced respectively by lattice threshold generation algorithm, cloud user is secret Select signature key;
A3. cloud user produces the signature set of data block by the linear homomorphism signature algorithm on lattice, and is calculated by signing Method obtains data file label, and the signature set of data block, data file and data file label are sent to Cloud Server;
B. audit devolution, specifically include:
B1. cloud user designated-verifier, and call lattice agent algorithms to calculate specified test according to the identity of designated-verifier The public private key pair of the designated-verifier of acquisition, is sent to the identifier specified by the public private key pair of witness;
B2. cloud user is by user identity, and the identity of designated-verifier and the public key of designated-verifier are on Cloud Server Registration;
C. audit challenge response, specifically include:
C1. designated-verifier produces audit challenge information and is sent to Cloud Server;
C2. Cloud Server is calculated according to audit challenge information using preimage sampling algorithm on lattice and noise learning method Audit response proves to be sent to designated-verifier;
C3. designated-verifier verification audit response proves whether correctly.
Further, the specific method of the step a1 is:
A11. data file F is divided into l data block F={ m1,m2,…,ml, wherein1≤i≤l;
A12., the line number n of safe Gaussian parameter σ, δ and matrix is set, common parameter set is setWherein q=poly (n) is the prime number on the polynomial complexity of matrix line number n, m >= 2nlogq is matrix column number,For the upper bound of matrix norm in scheme, For the distribution of digital signature in scheme, χ is Gaussian noise distribution;Wherein e is digital signature,It is the m dimensional vectors on mould q, O It is the complexity on matrix line number n.
A13., first secure hash function is setSecond secure hash function3rd secure hash function4th secure hash functionThe Five secure hash functionsWherein, the 3rd hash function H3Value export in Dm×mIn distribution,It is N × m dimension matrixes on mould q,It is the n-dimensional vector on mould q, Zm×mIt is the low norm matrix of dimension of m m, ZqIt is mould q residual class rings, Subscript m is matrix columns, and subscript n is matrix line number, and subscript q is prime number, Dm×mIt is low norm m × m only matrix distributions.
Further, the specific method of the step a2 is:
A21. cloud user produces public private key pair using lattice threshold generation algorithm, is specially:
Pass through lattice threshold generation algorithm TrapGen (1n,1m, q) and produce homogeneous matrixTo pass's Base TASo thatThe public private key pair for obtaining cloud user is (A, TA), cloud user select signature public private key pair for (spk, ssk);
A22. Cloud Server produces public private key pair using lattice threshold generation algorithm, is specially:
Pass through lattice threshold generation algorithm TrapGen (1n,1m, q) and produce uniform matrixTo passBase TcloudSo thatThe public private key pair for obtaining Cloud Server is (B, Tcloud)。
Further, the specific method of the step a3 is:
Assuming that data file F={ m1,m2,…,mlIdentity id ∈ { 0,1 }*, for each data blockUsing public private key pair (A, the T of cloud userA) and Cloud Server public key B, for each data block produce signature, Specific method is:
A31. formula is passed through(wherein 1≤j≤n) obtains n vector β12,…βn
A32. for each data block mi, 1≤i≤l, passes through formulaObtain μi, adopt Use μiAnd βjDirect product h in acquisitioni,j=<μij>, 1≤j≤n, 1≤i≤l, are set
A33. preimage sampling algorithm SamplePre (A, T on lattice is passed through for each i ∈ { 1 ..., l }, cloud userA,hi, σ) produce signature θi
A44. it is Ψ={ θ to define signature seti}1≤i≤l, while cloud user passes through formula τ=id ‖ SSigssk(id) obtain The label τ of data file F, wherein SSigssk(id) be identity id signature, finally, cloud user send { F, τ, Ψ } give cloud User.
Further, the specific method of the step b1 is:
Cloud User ID sends audit request information and gives designated-verifier TPA, utilizes the identity ID of designated-verifierTPA, Yun Yong Family ID passes through formulaObtainPass through formulaObtain specific authentication The public key of peopleAnd by lattice agent algorithms NewBasisDel (A,TA, δ) and produce corresponding private keyIts InIt is the short base of latticeThe public private key pair for obtaining designated-verifier TPA is
Further, the specific method of the step c1 is:
C11. cloud user sends audit request information and is believed to designated-verifier TPA, designated-verifier TPA according to audit request Breath fetches the label τ of corresponding data file F, and designated-verifier TPA utilizes open signature verification public key spk verification signatures SSigssk (id) whether effectively, if so, c12 is then entered step, if it is not, then exiting;
C12. the designated-verifier TPA subsets of random selection containing c element from set { 1,2 ..., l }
C13. designated-verifier TPA produces Bit String uniformly at randomForm audit challenge Information chal is
Further, the specific method of the step c2 is:
C21. cloud server to audit challenge informationAfterwards, corresponding specify is searched for test The public private key pair of witness TPAIDTPA), while obtain aggregate signatureIn order to blind group Information ν is closed, cloud user selects random vectorThen preimage sampling algorithm SamplePre (B, T on lattice is passed throughcloud,w, σ) produce random vectorSignature γ;
C22. calculate on combined informationBlind value ν '=γ+H4(w)ν;
C23. new vector is randomly choosedAnd calculate
C24. according to Gaussian noise distribution χ, noise vector is selectedAnd calculate e=θ+H5(ν ' ‖ ξ '),Obtaining proves that response message P={ ν ', w, e, ξ } gives designated-verifier TPA.
Further, the specific method of the step c3 is:
C31. formula is passed through(wherein 1≤j≤n) obtains n vector β12,…βn
C32. formula is passed throughObtain λ;
C33. β is usedjWith direct product in λ acquisitionsWherein 1≤j≤n, is set
C34. decisive equationAnd inequalityWhether set up, if so, then judging Audit response is justified, if it is not, then judging that audit response proves mistake;Wherein, θ=e-H5(ν ' ‖ ξ ') is above-mentioned Aggregate signature, ξ ' be mould q on n tie up random vector, for participating in the ciphering process on θ.
Beneficial effects of the present invention are, it can be ensured that except designated-verifier TPA, either party is not able to verify that and is stored in Data integrity on Cloud Server.
Embodiment
Technical scheme is described below in detail:
The invention mainly includes steps:
A. system initialization, specifically includes:
A1. piecemeal processing is carried out to data file, the security parameter of lattice cryptographic algorithm and the hash function of safety is set;
A2. the public private key pair of cloud user and Cloud Server is produced respectively by lattice threshold generation algorithm, cloud user is secret Select signature key;
A3. cloud user produces the signature set of data block by the linear homomorphism signature algorithm on lattice, and is calculated by signing Method obtains data file label, and the signature set of data block, data file and data file label are sent to Cloud Server;
B. audit devolution, specifically include:
B1. cloud user designated-verifier, and call lattice agent algorithms to calculate specified test according to the identity of designated-verifier The public private key pair of the designated-verifier of acquisition, is sent to the identifier specified by the public private key pair of witness;
B2. cloud user is by user identity, and the identity of designated-verifier and the public key of designated-verifier are on Cloud Server Registration;
C. audit challenge response, specifically include:
C1. designated-verifier produces audit challenge information and is sent to Cloud Server;
C2. Cloud Server is calculated according to audit challenge information using preimage sampling algorithm on lattice and noise learning method Audit response proves to be sent to designated-verifier;
C3. designated-verifier verification audit response proves whether correctly.
Further, the specific method of the step a1 is:
A11. data file F is divided into l data block F={ m1,m2,…,ml, wherein1≤i≤l;
A12. it is n matrix to set safe Gaussian parameter σ, δ and line number, sets common parameter setWherein q=poly (n) is the prime number on the polynomial complexity of matrix line number n, m >= 2nlogq is matrix column number,For the upper bound of matrix norm in scheme, For the distribution of digital signature in scheme, χ is Gaussian noise distribution;Wherein e is digital signature,It is the m dimensional vectors on mould q, O It is the complexity on matrix line number n.
A13., first secure hash function is setSecond secure hash function3rd secure hash function4th secure hash functionThe Five secure hash functionsWherein, the 3rd hash function H3Value export in Dm×mIn distribution,It is N × m dimension matrixes on mould q,It is the n-dimensional vector on mould q, Zm×mIt is the low norm matrix of dimension of m m, ZqIt is mould q residual class rings, Subscript m is matrix columns, and subscript n is matrix line number, and subscript q is prime number, Dm×mIt is low norm m × m only matrix distributions.
Further, the specific method of the step a2 is:
A21. cloud user produces public private key pair using lattice threshold generation algorithm, is specially:
Pass through lattice threshold generation algorithm TrapGen (1n,1m, q) and produce homogeneous matrixTo pass's Base TASo thatThe public private key pair for obtaining cloud user is (A, TA), cloud user select signature public private key pair for (spk, ssk);
A22. Cloud Server produces public private key pair using lattice threshold generation algorithm, is specially:
Pass through lattice threshold generation algorithm TrapGen (1n,1m, q) and produce uniform matrixTo passBase TcloudSo thatThe public private key pair for obtaining Cloud Server is (B, Tcloud)。
Further, the specific method of the step a3 is:
Assuming that data file F={ m1,m2,…,mlIdentity id ∈ { 0,1 }*, for each data blockUsing public private key pair (A, the T of cloud userA) and Cloud Server public key B, for each data block produce signature, Specific method is:
A31. formula is passed through(wherein 1≤j≤n) obtains n vector β12,…βn
A32. for each data block mi, 1≤i≤l, passes through formulaObtain μi, adopt Use μiAnd βjDirect product h in acquisitioni,j=<μij>, 1≤j≤n, 1≤i≤l, are set
A33. preimage sampling algorithm SamplePre (A, T on lattice is passed through for each i ∈ { 1 ..., l }, cloud userA,hi, σ) produce signature θi
A44. it is Ψ={ θ to define signature seti}1≤i≤l, while cloud user passes through formula τ=id ‖ SSigssk(id) obtain The label τ of data file F, wherein SSigssk(id) be identity id signature, finally, cloud user send { F, τ, Ψ } give cloud User.
Further, the specific method of the step b1 is:
Cloud User ID sends audit request information and gives designated-verifier TPA, utilizes the identity ID of designated-verifierTPA, Yun Yong Family ID passes through formulaObtainPass through formulaObtain specific authentication The public key of peopleAnd by lattice agent algorithms NewBasisDel (A,TA, δ) and produce corresponding private keyIts InIt is the short base of latticeThe public private key pair for obtaining designated-verifier TPA is
Further, the specific method of the step c1 is:
C11. cloud user sends audit request information and is believed to designated-verifier TPA, designated-verifier TPA according to audit request Breath fetches the label τ of corresponding data file F, and designated-verifier TPA utilizes open signature verification public key spk verification signatures SSigssk (id) whether effectively, if so, c12 is then entered step, if it is not, then exiting;
C12. the designated-verifier TPA subsets of random selection containing c element from set { 1,2 ..., l }
C13. designated-verifier TPA produces Bit String uniformly at randomForm audit challenge Information chal is
Further, the specific method of the step c2 is:
C21. cloud server to audit challenge informationAfterwards, corresponding specify is searched for test Witness TPA public private key pair (IDTPA), while obtain aggregate signatureIn order to blind group Information ν is closed, cloud user selects random vectorThen preimage sampling algorithm SamplePre (B, T on lattice is passed throughcloud,w, σ) produce random vectorSignature γ;
C22. calculate on combined informationBlind value ν '=γ+H4(w)ν;
C23. new vector is randomly choosedAnd calculate
C24. according to Gaussian noise distribution χ, noise vector is selectedAnd calculate e=θ+H5(ν ' ‖ ξ '),Obtaining proves that response message P={ ν ', w, e, ξ } gives designated-verifier TPA.
Further, the specific method of the step c3 is:
C31. formula is passed through(wherein 1≤j≤n) obtains n vector β12,…βn
C32. formula is passed throughObtain λ;
C33. β is usedjWith direct product in λ acquisitionsWherein 1≤j≤n, is set
C34. decisive equationAnd inequalityWhether set up, if so, then judging Audit response is justified, if it is not, then judging that audit response proves mistake;Wherein, θ=e-H5(ν ' ‖ ξ ') is above-mentioned Aggregate signature, ξ ' be mould q on n tie up random vector, for participating in the ciphering process on θ.
This auditing method is able to ensure that, except specified TPA, either party is not able to verify that and is stored on Cloud Server Data integrity.And based on non-difficult sex chromosome mosaicism of secondly small integer solution (ISIS) on lattice, it was demonstrated that malice Cloud Server cannot Produce the signature forged so that produce the audit certification response message of forgery and cannot cheat the TPA specified and pass through auditing verification Process.This method realizes the random construction for covering up code using preimage sampling function technology on lattice, so that it is guaranteed that curious TPA, it It is that calculating is infeasible to want the initial data block message that cloud user is recovered from data file.In addition, the method for the present invention is not The module exponent computing and Bilinear map computing that cost is larger are needed, for specified TPA, it only need to calculate limited line for this Property equation just can good authentication be stored in data integrity on Cloud Server.Therefore the solution of the present invention in terms of calculation amount more Be conducive to the TPA specified, there is very big application value in rear quantum communications environment.

Claims (1)

  1. A kind of 1. method audited for designated-verifier to cloud storage data, it is characterised in that comprise the following steps:
    A. system initialization, specifically includes:
    A1. piecemeal processing is carried out to data file, the security parameter of lattice cryptographic algorithm and the hash function of safety is set;Specific side Method is:
    A11. data file F is divided into l data block, i.e. F={ m1,m2,…,ml, wherein1≤i≤l;
    A12., the matrix of safe Gaussian parameter σ, δ and line number for n is set, common parameter set is setWherein q=poly (n) is the prime number on the polynomial complexity of matrix line number n, and m is square The columns and m >=2nlogq of battle array,For the upper bound of matrix norm,For The distribution of digital signature, χ are Gaussian noise distributions, and e is digital signature,It is the m dimensional vectors on mould q, O is on matrix line number The complexity of n;
    A13., first secure hash function H is set1:Second secure hash function H2:The Three secure hash function H3:{0,1}*→Zm×m, the 4th secure hash function H4:5th secure hash function H5:Wherein, { 0,1 }*For the Bit String of random length, the 3rd hash function H3Value export in Dm×mIn distribution,It is n × m dimension matrixes on mould q,It is the n-dimensional vector on mould q, Zm×mIt is the low norm matrix of dimension of m m, ZqIt is mould q residues Class ring, subscript m are matrix columns, and subscript n is matrix line number, and subscript q is prime number, Dm×mIt is low norm m × m only matrix distributions;
    A2. the public private key pair of cloud user and Cloud Server, the secret selection of cloud user are produced respectively by lattice threshold generation algorithm Signature key;Specific method is:
    A21. cloud user produces public private key pair using lattice threshold generation algorithm, is specially:
    Pass through lattice threshold generation algorithm TrapGen (1n,1m, q) and produce homogeneous matrixTo passBase TA So thatThe public private key pair for obtaining cloud user is (A, TA), wherein A be cloud user public key, TAFor the private key of cloud user,It is lattice TANorm;Cloud user selects signature key to being open signature verification public key for (spk, ssk), wherein spk, Ssk is the signature private key of secrecy;
    A22. Cloud Server produces public private key pair using lattice threshold generation algorithm, is specially:
    Pass through lattice threshold generation algorithm TrapGen (1n,1m, q) and produce uniform matrixTo passBase TcloudSo thatThe public private key pair for obtaining Cloud Server is (B, Tcloud), wherein B is the public key of Cloud Server, TcloudFor the private key of Cloud Server,It is lattice TcloudNorm;
    A3. cloud user produces the signature set of data block by the linear homomorphism signature algorithm on lattice, and is obtained by signature algorithm Data file label is obtained, the signature set of data block, data file and data file label are sent to Cloud Server;Specific side Method is:
    Assuming that data file F={ m1,m2,…,mlIdentity id ∈ { 0,1 }*, for each data blockAdopt With public private key pair (A, the T of cloud userA) and Cloud Server public key B, for each data block produce signature, specific method For:
    A31. formula is passed through(wherein 1≤j≤n) obtains n vector β12,…βn
    A32. for each data block mi, 1≤i≤l, passes through formulaObtain μi, using μiWith βjDirect product h in acquisitioni,j=<μij>, 1≤j≤n, 1≤i≤l, are set
    A33. preimage sampling algorithm SamplePre (A, T on lattice is passed through for each i ∈ { 1 ..., l }, cloud userA,hi, σ) and production Raw signature θi
    A44. it is Ψ={ θ to define signature seti}1≤i≤l, while cloud user passes through formula τ=id ‖ SSigssk(id) data are obtained The label τ of file F, wherein SSigssk(id) be identity id signature, finally, cloud user send { F, τ, Ψ } give cloud service Device;
    B. audit devolution, specifically include:
    B1. cloud user designated-verifier, and call lattice agent algorithms to calculate designated-verifier according to the identity of designated-verifier Public private key pair, the public private key pair of the designated-verifier of acquisition is sent to the identifier specified;Specific method is:
    Cloud User ID sends audit request information and gives designated-verifier TPA, utilizes the identity ID of designated-verifierTPA, cloud User ID Pass through formulaObtainIt is the hash function value on the identity of audit person TPA, Pass through formulaObtain the public key of designated-verifierAnd pass through lattice agent algorithmsProduce corresponding private keyWhereinIt is the short base of latticeReferred to The public private key pair for determining identifier TPA is
    B2. cloud user registers user identity, the identity of designated-verifier and the public key of designated-verifier on Cloud Server Registration;
    C. audit challenge response, specifically include:
    C1. designated-verifier produces audit challenge information and is sent to Cloud Server;Specific method is:
    C11. cloud user sends audit request information and is taken to designated-verifier TPA, designated-verifier TPA according to audit request information The label τ of corresponding data file F is returned, designated-verifier TPA utilizes open signature verification public key spk verification signatures SSigssk(id) Whether effectively, if so, c12 is then entered step, if it is not, then exiting;
    C12. the designated-verifier TPA subsets of random selection containing c element from set { 1,2 ..., l }
    C13. designated-verifier TPA produces Bit String uniformly at randomForm audit challenge information Chal is
    C2. Cloud Server calculates audit according to audit challenge information using preimage sampling algorithm on lattice and noise learning method Response proof is sent to designated-verifier;Specific method is:
    C21. cloud server to audit challenge informationAfterwards, corresponding designated-verifier is searched for The public private key pair of TPAObtain aggregate signature at the same timeCombined informationIn order to blind Combined information ν, cloud user select random vectorThen preimage sampling algorithm SamplePre (B, T on lattice is passed throughcloud, W, σ) produce random vectorSignature γ;
    C22. calculate on combined informationBlind value ν '=γ+H4(w)ν;
    C23. new vector is randomly choosedAnd calculate
    C24. according to Gaussian noise distribution χ, noise vector is selectedAnd calculate e=θ+H5(ν ' ‖ ξ '),Vectorial ξ is the cyphertext vector of vectorial ξ ';Obtaining proves that response message P={ ν ', w, e, ξ } gives specific authentication People TPA;
    C3. designated-verifier verification audit response proves whether that correctly, specific method is:
    C31. formula is passed through1≤j≤n, obtains n vector β12,…βn;βjFor on A | | id | | the hash function value of j;
    C32. formula is passed throughObtain n-dimensional vector λ;
    C33. β is usedjWith direct product in λ acquisitionsWherein 1≤j≤n, sets n-dimensional vector
    C34. decisive equationAnd inequalityWhether set up, if so, then judging audit Response is justified, if it is not, then judging that audit response proves mistake;Wherein, θ=e-H5(ν ' ‖ ξ ') is aggregate signature, and ξ ' is mould N dimension random vectors on q.
CN201510419271.5A 2015-07-16 2015-07-16 A kind of method audited for designated-verifier to cloud storage data Expired - Fee Related CN104994110B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510419271.5A CN104994110B (en) 2015-07-16 2015-07-16 A kind of method audited for designated-verifier to cloud storage data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510419271.5A CN104994110B (en) 2015-07-16 2015-07-16 A kind of method audited for designated-verifier to cloud storage data

Publications (2)

Publication Number Publication Date
CN104994110A CN104994110A (en) 2015-10-21
CN104994110B true CN104994110B (en) 2018-04-13

Family

ID=54305862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510419271.5A Expired - Fee Related CN104994110B (en) 2015-07-16 2015-07-16 A kind of method audited for designated-verifier to cloud storage data

Country Status (1)

Country Link
CN (1) CN104994110B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105787390B (en) * 2016-03-02 2018-11-27 深圳大学 A kind of verification method and its system of data integrity
CN105791321A (en) * 2016-05-03 2016-07-20 西南石油大学 Cloud storage data common auditing method possessing secret key leakage resistance characteristic
CN105978695A (en) * 2016-05-03 2016-09-28 西南石油大学 Batch self-auditing method for cloud storage data
CN106789044B (en) * 2017-02-20 2019-12-27 西南石油大学 Searchable encryption method for cipher text data public key stored in cloud on grid under standard model
CN107124272A (en) * 2017-05-02 2017-09-01 西南石油大学 The lattice cloud storage data safety auditing method for supporting agent data to upload
CN107332665B (en) * 2017-07-06 2020-06-26 河南理工大学 Partial blind signature method based on identity on lattice
CN108259180B (en) * 2017-09-20 2021-01-01 北京工业大学 Method for quantum specifying verifier signature
CN108965258B (en) * 2018-06-21 2021-07-16 河南科技大学 Cloud environment data integrity verification method based on fully homomorphic encryption
CN109525403B (en) * 2018-12-29 2021-11-02 广州市溢信科技股份有限公司 Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user
CN110049054B (en) * 2019-04-24 2021-07-06 电子科技大学 Plaintext shared data auditing method and system supporting privacy information hiding
CN110266490B (en) * 2019-07-25 2023-04-21 西南石油大学 Keyword ciphertext generation method and device of cloud storage data
CN112217629B (en) * 2020-10-13 2022-07-22 安徽大学 Cloud storage public auditing method
CN112564911A (en) * 2020-11-23 2021-03-26 重庆大学 Identity-based cloud server computing correctness verification method
CN112632604B (en) * 2020-12-21 2024-01-23 贵州航天计量测试技术研究所 Cloud data auditing method, system and device based on multi-authority auditors
CN113746836B (en) * 2021-09-03 2022-08-23 南京南瑞信息通信科技有限公司 Data holding verification method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"An Efficient Method for Checking the Integrity of Data in the Cloud";TAN Shuang等;《IEEE》;20141124;第68-81页 *
"Ef&#64257;cient Identity-based Public Auditing Scheme for Cloud Storage from Lattice Assumption";Xiaojun Zhang等;《IEEE》;20141221;第1819-1826页第III节 *

Also Published As

Publication number Publication date
CN104994110A (en) 2015-10-21

Similar Documents

Publication Publication Date Title
CN104994110B (en) A kind of method audited for designated-verifier to cloud storage data
CN105791321A (en) Cloud storage data common auditing method possessing secret key leakage resistance characteristic
CN106357401B (en) A kind of storage of private key and application method
CN107124268A (en) A kind of privacy set common factor computational methods for resisting malicious attack
CN106506158B (en) A kind of encryption method and system based on whitepack
KR20120007509A (en) Method for authenticating identity and generating share key
CN105978695A (en) Batch self-auditing method for cloud storage data
CN107124272A (en) The lattice cloud storage data safety auditing method for supporting agent data to upload
CN109379176B (en) Password leakage resistant authentication and key agreement method
CN111241514A (en) Safety face verification method based on face verification system
CN111859446A (en) Agricultural product traceability information sharing-privacy protection method and system
CN106953723A (en) Prevent fractionation and merging method that DFA is attacked
CN105187382A (en) Multi-factor identity authentication method for preventing library collision attacks
CN109981290A (en) The communication system and method close based on no certificate label under a kind of intelligent medical environment
Kaleem et al. New Efficient Cryptographic Techniques For Cloud Computing Security
CN106549756A (en) A kind of method and device of encryption
Goel et al. LEOBAT: Lightweight encryption and OTP based authentication technique for securing IoT networks
Li et al. Recoverable private key scheme for consortium blockchain based on verifiable secret sharing
Wang et al. Dynamic threshold changeable multi‐policy secret sharing scheme
Abiega-L’Eglisse et al. A new fuzzy vault based biometric system robust to brute-force attack
CN104468535B (en) It is adapted to ciphertext storage and connection query system and the method for cloud environment
CN109714148B (en) Method for remote multi-party authentication of user identity
CN111541538B (en) Data transmission method and device, server, computer equipment and storage medium
Kumar et al. Secured electronic transactions using visual encryption: An E-commerce instance
CN110336659A (en) A kind of multi-party quantum key machinery of consultation, terminal and storage device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180413

Termination date: 20210716

CF01 Termination of patent right due to non-payment of annual fee