CN111931204A - Encryption and de-duplication storage method and terminal equipment for distributed system - Google Patents

Encryption and de-duplication storage method and terminal equipment for distributed system Download PDF

Info

Publication number
CN111931204A
CN111931204A CN202010679659.XA CN202010679659A CN111931204A CN 111931204 A CN111931204 A CN 111931204A CN 202010679659 A CN202010679659 A CN 202010679659A CN 111931204 A CN111931204 A CN 111931204A
Authority
CN
China
Prior art keywords
digest
terminal
public key
key pair
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010679659.XA
Other languages
Chinese (zh)
Inventor
周纯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo Fuwan Information Technology Co ltd
Original Assignee
Ningbo Fuwan Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo Fuwan Information Technology Co ltd filed Critical Ningbo Fuwan Information Technology Co ltd
Priority to CN202010679659.XA priority Critical patent/CN111931204A/en
Publication of CN111931204A publication Critical patent/CN111931204A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the disclosure discloses an encryption and de-duplication storage method and terminal equipment for a distributed system. One embodiment of the method comprises: receiving a target file to be stored sent by a target user; generating a digest value of the target file; encrypting the target file by using the abstract value to generate an encrypted file; sending the target file to a first terminal; receiving a public key pair sent back by the first terminal; generating a obfuscated digest based on the public key pair and the digest value; generating a signature obfuscation digest based on the obfuscation digest and the public key pair; and sending the encrypted file and the signature confusion digest to the second terminal. The method automatically generates the digest value of the target file, encrypts the target file by using the digest value, and improves the security of distributed storage. The signature confusion abstract is generated based on the public key pair generated by the first terminal, and the deduplication processing of the distributed storage file is realized based on the signature confusion abstract, so that the efficiency of distributed storage can be improved, and the storage space can be saved.

Description

Encryption and de-duplication storage method and terminal equipment for distributed system
Technical Field
The embodiment of the disclosure relates to the field of distributed systems and storage, in particular to a data encryption storage method for a distributed system.
Background
With the development of big data and cloud computing technology, more and more data can be stored, calculated and shared at the cloud end, and the distributed storage technology develops rapidly. The data encryption effectively ensures the confidentiality of the stored data. In the distributed storage encryption service, the security management of the key used for encryption is particularly important, and the security of the stored ciphertext is directly influenced. In the process of distributed storage, repeated and redundant data generated in the backup process are deleted in time, which is also very important for saving storage resources and network bandwidth.
Disclosure of Invention
The embodiment of the disclosure provides an encryption deduplication storage method for a distributed system.
In a first aspect, an embodiment of the present disclosure provides an encryption deduplication storage method for a distributed system, where the method includes: receiving a target file to be stored sent by a target user; generating a digest value of the target file; encrypting the target file by using the abstract value to generate an encrypted file; sending the target file to a first terminal, wherein the first terminal generates a public key pair based on the target file; receiving a public key pair sent back by the first terminal; generating a obfuscated digest based on the public key pair and the digest value; generating a signature obfuscation digest based on the obfuscation digest and the public key pair; and sending the encrypted file and the signature obfuscation digest to the second terminal, wherein the second terminal stores the encrypted file and the signature obfuscation digest.
In some embodiments, generating a digest value for the target file comprises: filling a target file to generate process data; randomly generating an initial value set, wherein the initial value set comprises a first number of initial values; and generating a digest value of the target file by using a hash function based on the initial value set and the process data.
In some embodiments, the first terminal generates a public key pair based on the target file, including: the first terminal calculates modulo N using: n ═ p × q, where p and q are randomly generated prime numbers and p and q are not equal; a first terminal determines a terminal identifier; inputting the terminal identification and the target file into a pseudorandom algorithm, and determining the obtained output as a public key; the combination of the public key and the modulus is determined as a public key pair.
In some embodiments, generating the obfuscated digest based on the public key pair and the digest value includes: randomly determining a generator, wherein the generator satisfies gcd (r, N) ═ 1, and r is shown in a tableRepresenting a generator, wherein a public key pair is represented as (e, N), e is a public key in the public key pair, N is a module in the public key pair, gcd () represents a relatively prime process, and gcd (r, N) ═ 1 represents that r and N are relatively prime; the obfuscated summary is generated using the following equation: x is h x remod N, where x represents the obfuscated digest, h represents the digest value, r represents the generator, the public key pair is represented as (e, N), e is the public key in the public key pair, N is the modulus in the public key pair, mod represents the modulo process, r is the modulus in the public key paireRepresenting the e-th power of r.
In some embodiments, generating the signature obfuscation digest based on the obfuscation digest and the private key includes: generating a private key based on a public key pair, wherein the private key satisfies e × d ═ 1(modN), d represents the private key, e is a public key in the public key pair, N is a modulus in the public key pair, mod is modulo processing, and the product of e and d satisfies a constraint of modulo N and 1; a signature obfuscated digest is generated using the following equation: y is xdmodN, where d represents the private key, x represents the obfuscated digest, and xdRepresenting the obfuscated digest to the power of d, N being the modulus of the public key pair, mod being the modulo process, y representing the signature obfuscated digest.
In some embodiments, the second terminal stores the encrypted file and the signature obfuscation digest, including: the second terminal searches for the encrypted file based on the signature obfuscation abstract; the second terminal responds to the searched encrypted file and stores the signature confusion summary; the second terminal stores the encrypted file and the signature obfuscation digest in response to not finding the encrypted file.
In some embodiments, the second terminal, in response to finding the encrypted file, stores the signature obfuscation digest, including: the second terminal determines the storage unit corresponding to the searched encrypted file as a target storage unit; the second terminal finds a second number of storage units adjacent to the target storage unit and generates a candidate storage unit set; for each candidate storage unit in the set of candidate storage units, the second terminal generates an association metric for that candidate storage unit using the following equation: wi=di+tiWhere W represents a degree of association value, i is a count of candidate memory cells in the set of candidate memory cells, represented as the ith candidate memory cell, WiRepresenting the association procedure of the candidate memory cellValue of d denotes the distance between the memory cellsiRepresents the distance between the candidate memory cell and the target memory cell, t represents the memory response speed of the memory cell, tiIndicating a storage response speed of the candidate storage unit; and the second terminal stores the signature confusion summary in the candidate storage unit with the maximum association degree value in the candidate storage unit set.
In a second aspect, an embodiment of the present disclosure provides a terminal device, where the terminal device includes: one or more processors; a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method as described in any implementation manner of the first aspect.
In a third aspect, the disclosed embodiments provide a computer readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method as described in any implementation manner of the first aspect.
The embodiment of the disclosure provides an encryption and de-duplication storage method and terminal equipment for a distributed system. One embodiment of the method comprises: receiving a target file to be stored sent by a target user; generating a digest value of the target file; encrypting the target file by using the abstract value to generate an encrypted file; sending the target file to a first terminal; receiving a public key pair sent back by the first terminal; generating a obfuscated digest based on the public key pair and the digest value; generating a signature obfuscation digest based on the obfuscation digest and the public key pair; and sending the encrypted file and the signature confusion digest to the second terminal.
One of the above-described various embodiments of the present disclosure has the following advantageous effects: and encrypting the target file by using the digest value of the target file to generate an encrypted file. The key used in the encryption process is the digest value generated by the target file, so that the requirement on key management is reduced, and the security of the stored ciphertext is ensured. The public key pair generated by the first terminal is used for generating the signature confusion abstract, and the signature confusion abstract and the encrypted file are simultaneously sent to the second terminal for storage, so that the problem of duplicate removal and storage can be solved. The embodiment of the disclosure automatically generates the digest value of the target file, encrypts the target file by using the digest value, and improves the security of distributed storage. The signature confusion abstract is generated based on the public key pair generated by the first terminal, and the deduplication processing of the distributed storage file is realized based on the signature confusion abstract, so that the efficiency of distributed storage can be improved, and the storage space can be saved.
Drawings
Other features, objects and advantages of the disclosure will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an architectural diagram of an exemplary system in which some embodiments of the present disclosure may be applied;
FIG. 2 is a flow diagram of some embodiments of an encryption deduplication storage method for a distributed system according to the present disclosure;
FIG. 3 is a schematic diagram of one application scenario of an encryption deduplication storage method for a distributed system, according to some embodiments of the present disclosure;
FIG. 4 is a schematic block diagram of a computer system suitable for use as a server for implementing some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the disclosed encryption deduplication storage method for distributed systems may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as a data storage application, a text analysis application, a natural language processing application, and the like.
The terminal apparatuses 101, 102, and 103 may be hardware or software. When the terminal devices 101, 102, 103 are hardware, they may be various terminal devices having a display screen, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like. When the terminal apparatuses 101, 102, 103 are software, they can be installed in the above-listed terminal apparatuses. It may be implemented as multiple software or software modules (e.g., to provide target file input, etc.), or as a single software or software module. And is not particularly limited herein.
The server 105 may be a server that provides various services, such as a server that stores target data input by the terminal apparatuses 101, 102, 103, and the like. The server may perform processing such as encoding and storing on the received target data, and feed back a processing result (e.g., encrypted data) to the terminal device.
It should be noted that the encryption storage method for the distributed system provided by the embodiment of the present disclosure may be executed by the server 105, or may be executed by the terminal device.
It should be noted that the local area of the server 105 may also directly store data, and the server 105 may directly extract the local data and obtain encrypted data through encryption processing, in this case, the exemplary system architecture 100 may not include the terminal devices 101, 102, 103 and the network 104.
It should be noted that the terminal apparatuses 101, 102, and 103 may also have a data storage application installed therein, and in this case, the encryption processing method may also be executed by the terminal apparatuses 101, 102, and 103. At this point, the exemplary system architecture 100 may also not include the server 105 and the network 104.
The server 105 may be hardware or software. When the server 105 is hardware, it may be implemented as a distributed server cluster composed of a plurality of servers, or may be implemented as a single server. When the server is software, it may be implemented as a plurality of software or software modules (for example, for providing storage services), or as a single software or software module. And is not particularly limited herein.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow 200 of some embodiments of an encryption deduplication storage method for a distributed system in accordance with the present disclosure is shown. The encryption and de-duplication storage method for the distributed system comprises the following steps:
step 201, receiving a target file to be stored sent by a target user.
In some embodiments, an executing body (e.g., the terminal device shown in fig. 1) of the encryption deduplication storage method for a distributed system may directly obtain a target file to be stored sent by a target user. Optionally, the target user refers to a user who provides a target file to be stored.
Step 202, generating a digest value of the target file.
In some embodiments, the execution agent generates a digest value of the target file. Optionally, the target file is filled to generate process data. Specifically, the input target file is filled so that the file length satisfies a multiple of 512 bits. First, add a "1" after the last bit of the target file, and then complement a "0" until the length satisfies 448 which is the result of modulo 512. Next, the length value of the target file is padded as the next 64 bits. Specifically, the length of the target file after the completion of the filling is a multiple of 512 bits. And taking the filled file as process data.
Optionally, an initial value set is randomly generated, wherein the initial value set includes a first number of initial values. Specifically, the first number may be 5. The initial set of values may be { A, B, C, D, E }. Where, a is "0 x 67452301", B is "0 xefclab 89", C is "0 x98 BADCFE", D is "0 x 10325476", and E is "0 xC3D2E1F 0".
Optionally, a hash function is used to generate the digest value of the target file based on the initial value set and the process data. In particular, the hash function may be a random function. And (3) dividing the process data into data blocks with the length of 512 bits, inputting each data block and an initial value in a randomly selected initial value set into a random function, generating a sub-abstract value of the data block, and obtaining the abstract value of the target file.
And step 203, encrypting the target file by using the digest value to generate an encrypted file.
In some embodiments, the executing entity uses the generated digest value as a key, and encrypts the target file using the key to obtain an encrypted file. The key used in the encryption process is the digest value generated by the target file, so that the requirement on key management is reduced, and the security of the stored ciphertext is ensured.
And step 204, sending the target file to the first terminal.
In some embodiments, the executing entity sends the target file to the first terminal. The first terminal generates a public key pair based on the target file. Optionally, the first terminal calculates modulo N using the following equation:
N=p×q,
wherein p and q are randomly generated prime numbers, and p and q are not equal. The first terminal determines a terminal identity, which is determined by the first terminal, for characterizing that the terminal generating the public key pair is the first terminal. Different terminals have different identities. Specifically, the terminal identifier may be "terminal name + random number". The identity of the first terminal may be "first terminal 0xE xC3D 476". The first terminal inputs the terminal identification and the target file into a pseudo-random algorithm, and determines the obtained output as a public key. The combination of the public key and modulo N is determined as a public key pair.
Step 205, the public key pair sent back by the first terminal is received.
In some embodiments, the executing entity receives the public key pair sent back by the first terminal.
At step 206, an obfuscated digest is generated based on the public key pair and the digest value.
In some embodiments, the executing entity generates the obfuscated digest based on the public key pair and the digest value. Optionally, the generator is randomly determined. The generator satisfies gcd (r, N) ═ 1. Where r denotes the generator and the public key pair is denoted (e, N). e is the public key in the public key pair, N is the modulus in the public key pair, gcd () represents the coprime, and gcd (r, N) ═ 1 represents coprime of r and N.
Optionally, the obfuscated summary is generated using the following equation:
x=h×remodN,
where x represents the obfuscated digest, h represents the digest value, and r represents the generator. The public key pair is denoted as (e, N), e being the public key of the public key pair, and N being the modulus of the public key pair. mod denotes the modulo process, reRepresenting the e-th power of r.
Step 207 generates a signature obfuscation digest based on the obfuscation digest and the public key pair.
In some embodiments, the execution agent generates the signature obfuscation digest based on the obfuscation digest and the private key. Optionally, the private key is generated based on a public key pair. The private key satisfies e × d ═ 1(modN), d represents the private key, and e is the public key in the public key pair. N is the modulus of the public key pair, mod is the modulo processing, and the product of e and d satisfies the constraint of modulo N by 1.
Optionally, the signature obfuscated digest is generated using the following equation:
y=xdmodN,
where d represents the private key, x represents the obfuscated digest, xdRepresenting the obfuscated digest raised to the power of d. N is the modulus in the public key pair, mod is the modulo process, and y represents the signature obfuscation digest.
And step 208, sending the encrypted file and the signature confusion digest to the second terminal.
In some embodiments, the executing entity sends the encrypted file and the signature obfuscation digest to the second terminal. The second terminal looks for the encrypted file based on the signature obfuscation digest. The second terminal stores the signature obfuscation summary in response to finding the encrypted file. Optionally, the second terminal determines the storage unit corresponding to the searched encrypted file as the target storage unit. The second terminal finds a second number of storage units adjacent to the target storage unit and generates a candidate storage unit set. For each candidate storage unit in the set of candidate storage units, the second terminal generates an association metric for that candidate storage unit using the following equation:
Wi=di+ti
wherein W represents the degree of association value, i is the count of the candidate memory unit in the candidate memory unit set, and the candidate memory unit is represented as the ith candidate memory unit. WiRepresenting the degree of association value of the candidate memory cells, d representing the distance between the memory cells, diRepresenting the distance between the candidate memory location and the target memory location. t represents the memory response speed of the memory cell, tiIndicating the memory response speed of the candidate memory cell. And the second terminal stores the signature confusion summary in the candidate storage unit with the maximum association degree value in the candidate storage unit set.
Optionally, the second terminal stores the encrypted file and the signature obfuscation digest in response to not finding the encrypted file.
The signature confusion abstract and the encrypted file are simultaneously sent to the second terminal for storage, so that the problem of duplicate removal and storage can be solved. The second terminal indicates that the second terminal has stored the target file in response to finding the encrypted file. The second terminal stores the signature confusion summary, does not store the encrypted file, saves the storage space and improves the storage efficiency. And the second terminal responds to the situation that the encrypted file is not found, and indicates that the second terminal does not store the target file. The second terminal stores the signature obfuscation abstract and the target file, and distributed storage of the target file is achieved.
One embodiment presented in fig. 2 has the following beneficial effects: and encrypting the target file by using the digest value of the target file to generate an encrypted file. The key used in the encryption process is the digest value generated by the target file, so that the requirement on key management is reduced, and the security of the stored ciphertext is ensured. The public key pair generated by the first terminal is used for generating the signature confusion abstract, and the signature confusion abstract and the encrypted file are simultaneously sent to the second terminal for storage, so that the problem of duplicate removal and storage can be solved. The embodiment of the disclosure automatically generates the digest value of the target file, encrypts the target file by using the digest value, and improves the security of distributed storage. The signature confusion abstract is generated based on the public key pair generated by the first terminal, and the deduplication processing of the distributed storage file is realized based on the signature confusion abstract, so that the efficiency of distributed storage can be improved, and the storage space can be saved.
With continued reference to FIG. 3, a schematic diagram of one application scenario of an encryption deduplication storage method for a distributed system in accordance with the present disclosure is shown.
In the application scenario of fig. 3, the user sends a target file 301 to be stored to the server. After the server receives the target file, it generates a digest value 302 based on the target file. The server encrypts the target file with the digest value to generate an encrypted file 303. The server sends the target file to the first terminal 304. The public key pair 305 sent back by the first terminal is received. The server generates a signature obfuscation digest 306 based on the public key pair and the digest value. The server sends the encrypted file and the signature obfuscation digest to the second terminal 307. The second terminal stores the encrypted file and the signature obfuscation digest 308.
According to the encryption deduplication storage method for the distributed system, the received target file is used for generating the digest value, encryption processing is completed through the digest value, and the encrypted file is obtained. And sending the target file to be stored to the first terminal, generating a public key pair by the first terminal according to the target file, and sending the public key pair back to the server. And the server encrypts the digest value by using the public key pair and the digest value to generate a signature confusion digest. And sending the encrypted file and the signature confusion abstract to a second terminal for storage. The signature obfuscation digest is used for searching and comparing for deduplication storage. The second terminal realizes the duplicate removal processing of the distributed storage file based on the signature confusion summary, the efficiency of distributed storage can be improved, and the utilization rate of the storage space of the second terminal is improved.
Referring now to FIG. 4, a block diagram of a computer system 400 suitable for use in implementing a server of an embodiment of the present disclosure is shown. The server shown in fig. 4 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present disclosure.
As shown in fig. 4, the computer system 400 includes a Central Processing Unit (CPU)401 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the system 400 are also stored. The CPU 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An Input/Output (I/O) interface 405 is also connected to the bus 404.
The following components are connected to the I/O interface 405: a storage section 406 including a hard disk and the like; and a communication section 407 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 407 performs communication processing via a network such as the internet. A drive 408 is also connected to the I/O interface 405 as needed. A removable medium 409 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted as necessary on the drive 408, so that a computer program read out therefrom is mounted as necessary in the storage section 406.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 407 and/or installed from the removable medium 409. The above-described functions defined in the method of the present disclosure are performed when the computer program is executed by a Central Processing Unit (CPU) 401. It should be noted that the computer readable medium in the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the C language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept as defined above. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.

Claims (9)

1. An encryption deduplication storage method for a distributed system, comprising:
receiving a target file to be stored sent by a target user;
generating a digest value of the target file;
encrypting the target file by using the abstract value to generate an encrypted file;
sending the target file to a first terminal, wherein the first terminal generates a public key pair based on the target file;
receiving the public key pair sent back by the first terminal;
generating an obfuscated digest based on the public key pair and the digest value;
generating a signature obfuscation digest based on the obfuscation digest and the public key pair;
and sending the encrypted file and the signature obfuscation digest to a second terminal, wherein the second terminal stores the encrypted file and the signature obfuscation digest.
2. The method of claim 1, wherein the generating the digest value of the target file comprises:
filling the target file to generate process data;
randomly generating an initial value set, wherein the initial value set comprises a first number of initial values;
and generating a digest value of the target file by using a hash function based on the initial value set and the process data.
3. The method of claim 2, wherein the first terminal generating a public key pair based on the target file comprises:
the first terminal calculates modulo N using: n ═ p × q, where p and q are randomly generated prime numbers, p and q are not equal, and N denotes the modulus;
the first terminal determines a terminal identifier;
inputting the terminal identification and the target file into a pseudo-random algorithm, and determining the obtained output as a public key;
determining a combination of the public key and the modulus as the public key pair.
4. The method of claim 3, wherein the generating an obfuscated digest based on the public key pair and the digest value comprises:
randomly determining a generator, wherein the generator satisfies gcd (r, N) ═ 1, where r represents the generator, the public key pair is represented by (e, N), e is a public key in the public key pair, N is a modulus of the public key pair, gcd () represents a co-prime process, and gcd (r, N) ═ 1 represents r and N co-prime;
the obfuscated summary is generated using the following equation: x is h x remod N, where x represents the obfuscated digest, h represents the digest value, r represents the generator, the public key pair is represented as (e, N), e is the public key in the public key pair, N is the modulus of the public key pair, mod represents the modulus process, r iseRepresenting the e-th power of r.
5. The method of claim 4, wherein the generating a signature obfuscation digest based on the obfuscation digest and the private key comprises:
generating a private key based on the public key pair, wherein the private key satisfies e × d ═ 1(mod N), d represents the private key, e is a public key in the public key pair, N is a modulus in the public key pair, mod is modulo processing, and the product of e and d satisfies a constraint of modulo N and 1;
generating the signature obfuscated digest using: y is xdmod N, where d represents the private key, x represents the obfuscated digest, and xdRepresenting the obfuscated digest to the power of d, N being the modulus of the public key pair, mod being the modulo process, y representing the signature obfuscated digest.
6. The method of claim 5, wherein the second terminal storing the encrypted file and the signature obfuscation digest comprises:
the second terminal searches the encrypted file based on the signature confusion abstract;
the second terminal responds to the searched encrypted file and stores the signature confusion summary;
and the second terminal responds to the situation that the encrypted file is not found, and stores the encrypted file and the signature confusion summary.
7. The method of claim 6, wherein the second terminal storing the signature obfuscation digest in response to finding the encrypted file comprises:
the second terminal determines the storage unit corresponding to the searched encrypted file as a target storage unit;
the second terminal finds a second number of storage units adjacent to the target storage unit and generates a candidate storage unit set;
for each candidate storage unit in the set of candidate storage units, the second terminal generates an association degree value of the candidate storage unit by using the following formula: wi=di+tiWherein W represents the degree of association value, i is the count of the candidate memory unit in the candidate memory unit set, which is represented as the ith candidate memory unit, WiRepresenting the degree of association value of the candidate memory cells, d representing the distance between the memory cells, diRepresents the distance between the candidate memory cell and the target memory cell, t represents the memory response speed of the memory cell, tiIndicating the storage of the candidate memory cellThe response speed;
and the second terminal stores the signature confusion summary in the candidate storage unit with the maximum association degree value in the candidate storage unit set.
8. A first terminal device comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
9. A computer-readable storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-7.
CN202010679659.XA 2020-07-15 2020-07-15 Encryption and de-duplication storage method and terminal equipment for distributed system Withdrawn CN111931204A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010679659.XA CN111931204A (en) 2020-07-15 2020-07-15 Encryption and de-duplication storage method and terminal equipment for distributed system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010679659.XA CN111931204A (en) 2020-07-15 2020-07-15 Encryption and de-duplication storage method and terminal equipment for distributed system

Publications (1)

Publication Number Publication Date
CN111931204A true CN111931204A (en) 2020-11-13

Family

ID=73313445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010679659.XA Withdrawn CN111931204A (en) 2020-07-15 2020-07-15 Encryption and de-duplication storage method and terminal equipment for distributed system

Country Status (1)

Country Link
CN (1) CN111931204A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449330A (en) * 2021-08-31 2021-09-28 北京华云安信息技术有限公司 Method for transmitting Javascript encrypted file
CN116910711A (en) * 2023-07-13 2023-10-20 北京领创医谷科技发展有限责任公司 MCU firmware confusion method, system, server and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449330A (en) * 2021-08-31 2021-09-28 北京华云安信息技术有限公司 Method for transmitting Javascript encrypted file
CN116910711A (en) * 2023-07-13 2023-10-20 北京领创医谷科技发展有限责任公司 MCU firmware confusion method, system, server and storage medium
CN116910711B (en) * 2023-07-13 2024-06-11 北京领创医谷科技发展有限责任公司 MCU firmware confusion method, system, server and storage medium

Similar Documents

Publication Publication Date Title
CN111950030A (en) Data sharing storage method based on block chain, terminal equipment and storage medium
CN108777685B (en) Method and apparatus for processing information
CN111611621A (en) Block chain based distributed data encryption storage method and electronic equipment
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN112182109A (en) Distributed data coding storage method based on block chain and electronic equipment
CN111629063A (en) Block chain based distributed file downloading method and electronic equipment
CN111404892B (en) Data supervision method and device and server
WO2022076038A1 (en) Updatable private set intersection
CN111931204A (en) Encryption and de-duplication storage method and terminal equipment for distributed system
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
US20150023498A1 (en) Byzantine fault tolerance and threshold coin tossing
CN112287366A (en) Data encryption method and device, computer equipment and storage medium
CN111339206A (en) Data sharing method and device based on block chain
CN115603907A (en) Method, device, equipment and storage medium for encrypting storage data
CN112019328B (en) Encryption method, device, equipment and storage medium of IP address
US20190026502A1 (en) Searchable symmetric encryption with enhanced locality via balanced allocations
CN111798236A (en) Transaction data encryption and decryption method, device and equipment
CN111984615A (en) Method, device and system for sharing files
CN108768994B (en) Data matching method and device and computer readable storage medium
CN115567263A (en) Data transmission management method, data processing method and device
CN115883212A (en) Information processing method, device, electronic equipment and storage medium
CN111931202A (en) Encrypted storage method, terminal device and storage medium for distributed system
CN113761585B (en) Data processing method, device and system
CN111950031A (en) Block chain-based distributed data management method, terminal device and storage medium
CN112181308A (en) Block chain based distributed data storage method and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201113