CN116015630A - Lightweight and deduplicatable ciphertext integrity auditing method and system - Google Patents
Lightweight and deduplicatable ciphertext integrity auditing method and system Download PDFInfo
- Publication number
- CN116015630A CN116015630A CN202211569337.5A CN202211569337A CN116015630A CN 116015630 A CN116015630 A CN 116015630A CN 202211569337 A CN202211569337 A CN 202211569337A CN 116015630 A CN116015630 A CN 116015630A
- Authority
- CN
- China
- Prior art keywords
- key
- audit
- user
- integrity
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012550 audit Methods 0.000 claims abstract description 122
- 238000003860 storage Methods 0.000 claims abstract description 64
- 238000006243 chemical reaction Methods 0.000 claims description 41
- 238000012545 processing Methods 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 5
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000003672 processing method Methods 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 2
- 238000005520 cutting process Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000002372 labelling Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000001172 regenerating effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a lightweight and deduplicatable ciphertext integrity auditing method and system, wherein the method comprises the following steps: selecting a user key and an audit private key, and obtaining an audit public key based on the audit private key; calculating a duplicate removal key, encrypting the original file based on the duplicate removal key to obtain the encrypted file data, encrypting the duplicate removal key based on the user key to obtain the encrypted duplicate removal key, and uploading the encrypted file data and the encrypted duplicate removal key to a server; judging whether the server has the confidential file data, if not, performing operation to obtain a block tag, an auxiliary variable and an audit material, uploading the block tag, the auxiliary variable and the audit material to a storage server, and if so, performing operation to obtain a user tag to convert the auxiliary material and the audit material, and uploading the auxiliary tag and the audit material to the storage server; and sending the audit target file name and the total data block to a storage server, generating an integrity certification by the storage server based on the audit target file name, the total data block and the encrypted file data, and checking the integrity certification based on the audit public key and the audit material.
Description
Technical Field
The application relates to the technical field of network space security, in particular to a lightweight and deduplication ciphertext integrity auditing method and system.
Background
Because of the progress of cloud computing technology, big data has been integrated into people's daily lives, and user data has grown rapidly.
On the one hand, in order to reduce the operation and maintenance costs, individuals or enterprises tend to outsource data to be stored on the cloud storage service provider's platform and often do not continue to retain the original data, which also means that the data owner loses control of the original data once the original data is deleted. Such a scenario constitutes a great threat to the data integrity of the user, as cloud storage service providers have a strong incentive to break the integrity of the user data (e.g. by compressing pictures or videos of the user stored on the cloud for the purpose of saving real storage space to obtain additional profits). Message authentication codes and digital signatures are effective means for solving data integrity in the past cryptography, however, these two conventional schemes cannot be directly used in the context of massive data. Both schemes require users to have all original data, and the single-disk data throughput (throughput is the sum of read-write speeds) of the cloud server for archiving and storing is 30-40 MB/s, and even if the single-disk read speed is 40MB/s in an ideal condition, the performance consumption cost is extremely high because the single-disk read speed takes about 7 hours to read 1TB file. In 2007, juels and Ateniese propose PoR and PDP schemes, and under the assistance of erasure codes, a probability algorithm in a random sampling form is utilized to avoid the problem that data to be checked needs to be read in full text, and the problem of large file data integrity audit is primarily solved. Then, a plurality of researchers at home and abroad iterate the scheme on the basis of their ideas, and safety reinforcement, efficiency optimization, expansion of a safety model and the like are realized.
On the other hand, cloud storage service providers find that files uploaded by users have similarity, a large number of repeated files exist, and a large data platform for repeating data deletion of unencrypted files already has mature technology and related practice. However, in recent years, related laws and regulations in China increase the protection force on confidentiality of user data, and enterprises are required to encrypt and store the user data, so that the conventional plaintext data deduplication technology has long been difficult to adapt to the development of the internet, and the confidential data deduplication technology is gradually applied to commercial application. The basic idea of ciphertext deduplication is to generate a key for deduplication encryption by file data, and then encrypt the file data using the key, which may encrypt the same file to obtain the same ciphertext file, thereby achieving deduplication.
Along with the deep research of integrity audit and ciphertext deduplication, a system supporting ciphertext deduplication and integrity audit is considered by more and more students, and a direct method for supporting two functions simultaneously is to simply superimpose and use a deduplication and audit scheme, but a set of labels are needed to be recalculated for a file every time a user uploads the file even if the file can be deduplicated, and the calculation time of the labels is in a linear relation with the size of the file, so that the efficiency is extremely low; in recent years, it has been proposed by students to generate an audit private key with a deduplication key, that is, the generation of an integrity label is directly related to the deduplication key, when there is duplication of a file, the label is not required to be recalculated, because the integrity label of the same file is identical, and this method improves the efficiency of uploading the file, but the management of the audit public key is difficult due to the adoption of a engraved label generation mode, more specifically, because the audit key is derived according to the content of the file, and the audit public key of each file is different. If a user owns 100 files, the user would need to manage 100 audit public keys, which is impractical. In addition, creating personalized labels for duplicate files between users also represents the ownership of the files by the users.
Disclosure of Invention
The application provides a lightweight and deduplication ciphertext integrity auditing method and system, which are suitable for various ciphertext deduplication systems, and under the condition that repeated data exists, a group of user personalized integrity labels for regenerating the file only need constant-level calculation cost and communication cost to be reduced to constant level, and a storage service provider only needs to store constant-level label auxiliary variables, rather than a group of user labels like a traditional scheme, so that repeated label deletion is approximately realized.
To achieve the above object, the present application provides the following solutions:
a lightweight and deduplicatable ciphertext integrity auditing method comprises the following steps:
selecting a user key and an audit private key, and calculating to obtain an audit public key based on the audit private key;
calculating a duplicate removal key, performing first encryption processing on an original file based on the duplicate removal key to obtain a secret file data, performing second encryption processing on the duplicate removal key based on the user key to obtain a secret duplicate removal key, and uploading the secret file data and the secret duplicate removal key to a server;
judging whether the encrypted file data exist in the server, if not, performing a first operation to obtain a block label, an auxiliary variable and an audit material, uploading the block label, the auxiliary variable and the audit material to a storage server, and if so, performing a second operation to obtain a user label conversion auxiliary material and the audit material, and uploading the user label conversion auxiliary material and the audit material to the storage server;
and sending the audit target file name and the total data block to a storage server, wherein the storage server generates an integrity certification based on the audit target file name, the total data block and the secret file data, and verifies the integrity certification based on the audit public key and the audit material to obtain an integrity verification result.
Preferably, the method for calculating the audit public key comprises the following steps: randomly selecting a number x as the audit private key from a cyclic multiplication group
Middle selectionSelecting generator g and calculating g x As the audit public key.
Preferably, the method for calculating the duplicate removal key comprises the following steps: and calculating a hash value of a message plaintext as the deduplication key.
Preferably, the method for the first encryption processing includes: encrypting, dicing, and encoding the original file based on the deduplication key.
Preferably, the first operation includes:
calculating the block tag based on the block data in the encrypted file data;
generating a file abstract, and calculating the user tag conversion auxiliary variable based on the audit private key and the file abstract;
and encrypting the key parameters and the auxiliary variables based on the user tag conversion auxiliary variables to obtain the auxiliary variables.
Preferably, the second operation includes:
decrypting the encrypted variable in the auxiliary variable based on the duplicate removal key to obtain the user tag conversion auxiliary variable;
and calculating the user tag conversion auxiliary material based on the user tag conversion auxiliary variable.
Preferably, the method for generating the integrity certification comprises the following steps:
generating a set of block indices and a set of random numbers based on the total data blocks;
the integrity manifest is generated based on the set of block indices, the set of random numbers, and the secret document data.
The application also provides a lightweight deduplication ciphertext integrity audit system, comprising: the device comprises a key generation module, an encryption module, a judgment module and a verification module;
the key generation module is used for selecting a user key and an audit private key, and calculating to obtain an audit public key based on the audit private key;
the encryption module is used for calculating a duplicate-removal key, carrying out first encryption processing on an original file based on the duplicate-removal key to obtain encrypted file data, carrying out second encryption processing on the duplicate-removal key based on the user key to obtain an encrypted duplicate-removal key, and uploading the encrypted file data and the encrypted duplicate-removal key to a server;
the judging module is used for judging whether the encrypted file data exist in the server, if not, performing a first operation to obtain a block label, an auxiliary variable and an audit material, uploading the block label, the auxiliary variable and the audit material to a storage server, and if so, performing a second operation to obtain a user label conversion auxiliary material and the audit material, and uploading the user label conversion auxiliary material and the audit material to the storage server;
the checking module is used for sending the audit target file name and the total data block to the storage server, the storage server generates an integrity certification based on the audit target file name, the total data block and the secret file data, and the integrity certification is checked based on the audit public key and the audit material to obtain an integrity checking result.
The beneficial effects of this application are:
(1) The public key for auditing is determined according to the number of the files instead of the number of the files as in the previous scheme, and each user file is provided with an own personalized integrity tag, so that the method has extremely high flexibility, and the problems of more public keys and difficult management of the user auditing under the condition of more files are solved;
(2) Under the condition that repeated files exist, a user does not need to calculate a group of user personalized integrity labels from the beginning, but can realize label conversion by calculating a constant level, so that the time consumption of a file uploading stage is greatly reduced, and the communication cost is also reduced;
(3) The system is decoupled from the specific scheme of the ciphertext deduplication technology, and can be applied to most ciphertext deduplication schemes.
Drawings
For a clearer description of the technical solutions of the present application, the drawings that are required to be used in the embodiments are briefly described below, it being evident that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method according to a first embodiment of the present application;
FIG. 2 is a flow chart of a file upload stage according to a second embodiment of the present application;
FIG. 3 is a flowchart of an audit phase according to a second embodiment of the present application;
fig. 4 is a schematic system configuration diagram of a third embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings.
First, definitions of some letters and formulas related to the present invention will be described:
g: one generator of the multiplicative group G is a public security parameter shared by the whole system.
x, y: secret parameters, respectively as audit private keys of users A, B, are selected from Z p 。
pk A ,pk B ,sk A ,sk B : respectively, a public for integrity auditingA key and a private key, wherein pk A G is g x ,sk A Is x, pk B G is g y ,sk B And is y.
h (.): is an arbitrary hash function that functions to map data m onto a cluster of deduplication keys.
k dedup : a key used in de-encrypting a file.
ku: user key as encryption user deduplication key k dedup The key of the encryption algorithm used at that time, the optional value range of which is related to the encryption algorithm used.
C data : and carrying out deduplication encryption on the file content to obtain the encrypted data.
C key : the used key ku uses an encryption algorithm to pair k dedup Ciphertext obtained after encryption.
dir, filename, ma respectively represent: the file stores a directory, a file name, a digest of the file.
σ i : integrity tag of i-th block data in file.
ω, ω', W: respectively denoted as H 2 (x||ma)、H 2 (y||ma), ω' - ω, where H 2 The function of (-) is to map arbitrary data to Z p 。
H 1 (. Cndot.): the function is to map arbitrary data to
r, r': a temporary secret parameter, a random number, selected from Z p 。
v、v’、h、h’、h 1 、h 1 ', V: u respectively r 、u r′ 、g ω 、g ω′ 、g xω 、g yω′ Abbreviations for v'.
trans:
The user tag conversion auxiliary variable has two functions, firstly, the user can utilize other usersThe variable derives a tag conversion auxiliary variable of the user; second, the server can use this variable to translate the integrity criteria of a particular user into an integrity tag for the variable producer. (e.g., user B generated user B's user tag conversion auxiliary variable via user a's user tag conversion auxiliary variable, then the storage service provider can calculate user B's integrity tag by means of user a's integrity tag and user B's user tag conversion auxiliary variable, i.e., user a is considered to be a particular user herein).
trans’:
C trans :
And converting the auxiliary variable by the user tag after encrypting part of the secret parameters.
TAM, TAM': respectively (ma is n is h) 1 )、(ma||n||h′||h 1 '), audited material of auditors.
v i : an ith random number in the challenge generated for the auditor.
Example 1
In the first embodiment, the method includes three roles of a user, an auditor and a storage server, wherein the storage server selects a storage service provider, as shown in fig. 1, and the method for auditing the integrity of the lightweight and deduplicatable ciphertext includes the following steps:
s1, selecting a user key and an audit private key, and calculating based on the audit private key to obtain an audit public key.
In this embodiment, the user randomly selects the number ku as the user key, the user randomly selects the number x as the audit private key, and the user randomly multiplies the group from the loop
Selecting generator g and calculating g x As an audit public key. />
S2, calculating a duplicate removal key, performing first encryption processing on the original file based on the duplicate removal key to obtain the encrypted file data, performing second encryption processing on the duplicate removal key based on the user key to obtain the encrypted duplicate removal key, and uploading the encrypted file data and the encrypted duplicate removal key to a server.
The computing method of the duplicate key comprises the following steps: calculating a hash value of a message plaintext as a deduplication key; the first encryption processing method comprises the following steps: the original file is encrypted, diced and encoded based on the deduplication key.
In this embodiment, the hash value h (m) of the plaintext of the message is calculated as k for the deduplication key dedup The method comprises the steps of carrying out a first treatment on the surface of the Using the deduplication key k dedup After encrypting, cutting and encoding the original file data, obtaining the encrypted file data C data . The user key ku is used as an encryption key pair duplicate removal key k dedup Encryption is carried out to obtain a secret state duplicate removal key C key The method comprises the steps of carrying out a first treatment on the surface of the Uploading file directory dir, file name filename and encrypted file data C data And a secret key C key Creating file catalogue according to dir, and setting C to server key Stored in the corresponding directory and named filename.
S3, judging whether the server has the confidential file data, if not, performing a first operation to obtain a block label, an auxiliary variable and an audit material, uploading the block label, the auxiliary variable and the audit material to a storage server, and if so, performing a second operation to obtain a user label conversion auxiliary material and the audit material, and uploading the user label conversion auxiliary material and the audit material to the storage server.
Wherein the first operation comprises: calculating a block tag based on block data in the encrypted file data; generating a file abstract, and calculating a user tag conversion auxiliary variable based on an audit private key and the file abstract; and encrypting the key parameters and the auxiliary variables based on the user tag conversion auxiliary variables to obtain the auxiliary variables. The second operation includes: decrypting the encrypted variable in the auxiliary variable based on the duplicate removal key to obtain a user tag conversion auxiliary variable; and calculating based on the user tag conversion auxiliary variable to obtain the user tag conversion auxiliary material.
In the present embodiment, if the confidential document data C does not exist in the server data Informing the user that the file does not have repetition, and after the user receives the notification that the file does not have repetition, obtaining the file as C data Sequentially calculating the label sigma from the block data in (a) i Generating a file digest ma, calculating a user tag conversion auxiliary variable trans by using an audit private key x and the file digest ma, and then labeling all blocks sigma i Auxiliary variable C after encrypting key parameter r trans And sending the audited material TAM of the auditor to a storage service provider; if the file data in the encrypted state exists, informing the user that the file can be de-duplicated and returning to C trans To the user, the user passes through the rekey k dedup Decrypted C trans The encrypted variable in (2) is obtained by trans, the user tag conversion auxiliary material trans ' is calculated through trans, and then the user tag conversion auxiliary material trans ' and audit material TAM ' of the auditor are sent to a storage service provider.
S4, sending the audit target file name and the total data block to a storage server, generating an integrity certification by the storage server based on the audit target file name, the total data block and the confidential file data, and checking the integrity certification based on the audit public key and the audit material to obtain an integrity checking result.
The method for generating the integrity certification comprises the following steps: generating a set of block indices and a set of random numbers based on the total data block; an integrity manifest is generated based on the set of block indices, the set of random numbers, and the encrypted file data.
In this embodiment, when the auditor wants to audit data, the auditor needs to inform the storage service provider of the file name filename of the audited target file and the total number n of data blocks responded by the storage service provider, and uses the block subscript set and the random number set q= { i, v randomly generated by the total number of data blocks i } i∈[1,n] The method comprises the steps of carrying out a first treatment on the surface of the Storage service provider rootData block subscript set and random number set Q and stored corresponding user secret file data C data Generating data integrity certification
The auditor's audit material TAM is then checked against integrity +.>
And returning to the user. Finally, auditor uses audit public key g x And checking the integrity certification with the audit material TAM, wherein if the integrity certification passes, the checking indicates that the data subjected to spot check is complete, otherwise, the checking indicates that the data subjected to spot check is damaged.
Example two
In the second embodiment, taking the user a and the user B as examples, a specific workflow of the present application is described:
the uploading stage, as shown in fig. 2: user a owns file m, which has no duplicate data in the server, and first the data owner performs a hash calculation on file m to obtain h (m), and in addition, generates a digest ma of file m. Let de-duplication key k dedup For h (m), use is made of the deduplication key k dedup Encrypting file m to obtain C data The method comprises the steps of carrying out a first treatment on the surface of the Selecting the user key ku, wherein the specific value is determined according to the specific encryption algorithm used, and encrypting the duplicate removal key k by using the user key ku dedup Obtaining a cryptographic deduplication key C key The method comprises the steps of carrying out a first treatment on the surface of the Storing file storage directory dir, file name filename and confidential file data C data Secret deduplication key C key Together with the storage service provider if the storage service provider finds that there is no duplicate data C data Will then store the encrypted file data C data Secret deduplication key C key And respectively naming the file name by file name, storing the file name under a directory dir, informing a user A that the file m does not contain repeated files, and recording a file path in a database.
After receiving the notice of no repeated file, user A will make the data C of the file in the secret state data Block data of (a) is encoded into group Z p Integrity tag for up and further computing block data
Calculating the transformation auxiliary variable trans of the user tag to obtain an auxiliary variable C trans The method comprises the steps of carrying out a first treatment on the surface of the Finally, { σ ] is sent to the storage service provider 1 ,...,σ n } auxiliary variable C trans Audit material TAM.
The process of uploading the file which can be subjected to the de-duplication encryption by the user B to the storage service provider is the same as the process of uploading the file which can be subjected to the de-duplication encryption by the user A to the storage service provider, but when the storage service provider detects that the file is duplicated, the storage C named by filename is stored in the directory dir only key And recording the actual storage path dir '/filename ' data of the repeated file in the database, and redirecting to dir '/filename ' data when dir/filename ' data is searched next time.
User tag conversion auxiliary material C is returned to user A together with storage service provider informing user B of the presence of duplicate files trans . When user B obtains user tag conversion auxiliary material C trans When using the deduplication key k dedup And analyzing and decrypting omega, trans and V, calculating Trans ' =omega ' ||trans ' |V, and finally, sending audit materials TAM ' and Trans ' to a storage service provider together, wherein the storage service provider stores the TAM ' and the Trans '.
In the auditing stage, as shown in fig. 3, firstly, an auditor sends a file name filename to be audited to a storage service provider, the storage service provider returns the block number n of the file according to the file name filename, and the auditor generates a challenge according to n
Where c is the total number of data blocks challenged, and then challenge Q, filename, is sent to the storage service provider.
The storage service provider then retrieves the encrypted file data C from the filename data Corresponding data blocks are indexed according to the index set in the challenge Q, and at this time, there are two cases: the first case is auditor assistanceUser a (i.e., the first storage of the file) audits, then a proof is calculated
The second case is that the auditor helps user B audit, then calculate proof +.>
Finally will->
And auditing materials TAM or TAM' of the user label are audited and returned to the auditor.
Finally, if the auditor receives that the audit material is TAM, the auditor uses the corresponding audit public key to verify whether the following formula is true or not:
if the challenge is established, the challenge passes, if the challenge is not established, the challenge fails, and the integrity of the file is destroyed. If the received audit material is TAM', verifying whether the following holds:
example III
In a third embodiment, as shown in fig. 4, a lightweight deduplication ciphertext integrity audit system includes: the device comprises a key generation module, an encryption module, a judgment module and a verification module.
The key generation module is used for selecting a user key and an audit private key, and obtaining an audit public key based on calculation of the audit private key; in this embodiment, the user randomly selects the number ku as the user key, the user randomly selects the number x as the audit private key, and the user randomly multiplies the group from the loop
Selecting generator g and calculating g x As an audit public key.
The encryption module is used for calculating a duplicate-removal key, carrying out first encryption processing on the original file based on the duplicate-removal key to obtain the encrypted file data, carrying out second encryption processing on the duplicate-removal key based on the user key to obtain the encrypted duplicate-removal key, and uploading the encrypted file data and the encrypted duplicate-removal key to the server; in this embodiment, the hash value h (m) of the plaintext of the message is calculated as k for the deduplication key dedup The method comprises the steps of carrying out a first treatment on the surface of the Using the deduplication key k dedup After encrypting, cutting and encoding the original file data, obtaining the encrypted file data C data . The user key ku is used as an encryption key pair duplicate removal key k dedup Encryption is carried out to obtain a secret state duplicate removal key C key The method comprises the steps of carrying out a first treatment on the surface of the Uploading file directory dir, file name filename and encrypted file data C data And a secret key C key Creating file catalogue according to dir, and setting C to server key Stored in the corresponding directory and named filename.
The judging module is used for judging whether the server has the confidential file data or not, if not, performing a first operation to obtain a block label, an auxiliary variable and an audit material, uploading the block label, the auxiliary variable and the audit material to the storage server, and if so, performing a second operation to obtain a user label conversion auxiliary material and the audit material, and uploading the user label conversion auxiliary material and the audit material to the storage server; in the present embodiment, if the confidential document data C does not exist in the server data Informing the user that the file does not have repetition, and after the user receives the notification that the file does not have repetition, obtaining the file as C data Sequentially calculating the label sigma from the block data in (a) i Generating a file digest ma, calculating a user tag conversion auxiliary variable trans by using an audit private key x and the file digest ma, and then labeling all blocks sigma i Auxiliary variable C after encrypting key parameter r trans And sending the audited material TAM of the auditor to a storage service provider; if the file data in the encrypted state exists, informing the user that the file can be de-duplicated and returning to C trans To the user, the user passes through the rekey k dedup Decrypted C trans The encrypted variable in (2) is obtained to be trans, the trans' of the user tag conversion auxiliary material is calculated through trans, and then the user tag conversion auxiliary material is sentMaterial trans 'and auditor audit material TAM' to the storage service provider.
The checking module is used for sending the audit target file name and the total data block to the storage server, the storage server generates an integrity certification based on the audit target file name, the total data block and the confidential file data, and the integrity certification is checked based on the audit public key and the audit material to obtain an integrity check result; in this embodiment, when the auditor wants to audit data, the auditor needs to inform the storage service provider of the file name filename of the audited target file and the total number n of data blocks responded by the storage service provider, and uses the block subscript set and the random number set q= { i, v randomly generated by the total number of data blocks i } i∈[1,n] The method comprises the steps of carrying out a first treatment on the surface of the The storage service provider stores the corresponding user secret file data C according to the block subscript set, the random number set Q and the stored user secret file data C data Generating data integrity certification
The auditor's audit material TAM is then checked against integrity +.>
And returning to the user. Finally, auditor uses audit public key g x And checking the integrity certification with the audit material TAM, wherein if the integrity certification passes, the checking indicates that the data subjected to spot check is complete, otherwise, the checking indicates that the data subjected to spot check is damaged.
The foregoing embodiments are merely illustrative of the preferred embodiments of the present application and are not intended to limit the scope of the present application, and various modifications and improvements made by those skilled in the art to the technical solutions of the present application should fall within the protection scope defined by the claims of the present application.
Claims (8)
1. A lightweight and deduplicatable ciphertext integrity auditing method is characterized by comprising the following steps:
selecting a user key and an audit private key, and calculating to obtain an audit public key based on the audit private key;
calculating a duplicate removal key, performing first encryption processing on an original file based on the duplicate removal key to obtain a secret file data, performing second encryption processing on the duplicate removal key based on the user key to obtain a secret duplicate removal key, and uploading the secret file data and the secret duplicate removal key to a server;
judging whether the encrypted file data exist in the server, if not, performing a first operation to obtain a block label, an auxiliary variable and an audit material, uploading the block label, the auxiliary variable and the audit material to a storage server, and if so, performing a second operation to obtain a user label conversion auxiliary material and the audit material, and uploading the user label conversion auxiliary material and the audit material to the storage server;
and sending the audit target file name and the total data block to a storage server, wherein the storage server generates an integrity certification based on the audit target file name, the total data block and the secret file data, and verifies the integrity certification based on the audit public key and the audit material to obtain an integrity verification result.
2. The method for auditing the integrity of a lightweight deduplication ciphertext according to claim 1, wherein the method for computing the audit public key comprises: randomly selecting a number x as the audit private key from a cyclic multiplication group
Selecting generator g and calculating g x As the audit public key.
3. The method for auditing the integrity of a lightweight deduplication ciphertext according to claim 1, wherein the method for computing the deduplication key comprises: and calculating a hash value of a message plaintext as the deduplication key.
4. The method of claim 1, wherein the first encryption processing method comprises: encrypting, dicing, and encoding the original file based on the deduplication key.
5. The lightweight deduplication ciphertext integrity auditing method of claim 1, wherein the first operation comprises:
calculating the block tag based on the block data in the encrypted file data;
generating a file abstract, and calculating the user tag conversion auxiliary variable based on the audit private key and the file abstract;
and encrypting the key parameters and the auxiliary variables based on the user tag conversion auxiliary variables to obtain the auxiliary variables.
6. The lightweight deduplication ciphertext integrity auditing method of claim 5, wherein the second operation comprises:
decrypting the encrypted variable in the auxiliary variable based on the duplicate removal key to obtain the user tag conversion auxiliary variable;
and calculating the user tag conversion auxiliary material based on the user tag conversion auxiliary variable.
7. The method for auditing the integrity of a lightweight deduplication ciphertext according to claim 1, wherein the method for generating the integrity certification comprises:
generating a set of block indices and a set of random numbers based on the total data blocks;
the integrity manifest is generated based on the set of block indices, the set of random numbers, and the secret document data.
8. A lightweight deduplicatable ciphertext integrity auditing system, comprising: the device comprises a key generation module, an encryption module, a judgment module and a verification module;
the key generation module is used for selecting a user key and an audit private key, and calculating to obtain an audit public key based on the audit private key;
the encryption module is used for calculating a duplicate-removal key, carrying out first encryption processing on an original file based on the duplicate-removal key to obtain encrypted file data, carrying out second encryption processing on the duplicate-removal key based on the user key to obtain an encrypted duplicate-removal key, and uploading the encrypted file data and the encrypted duplicate-removal key to a server;
the judging module is used for judging whether the encrypted file data exist in the server, if not, performing a first operation to obtain a block label, an auxiliary variable and an audit material, uploading the block label, the auxiliary variable and the audit material to a storage server, and if so, performing a second operation to obtain a user label conversion auxiliary material and the audit material, and uploading the user label conversion auxiliary material and the audit material to the storage server;
the checking module is used for sending the audit target file name and the total data block to the storage server, the storage server generates an integrity certification based on the audit target file name, the total data block and the secret file data, and the integrity certification is checked based on the audit public key and the audit material to obtain an integrity checking result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211569337.5A CN116015630B (en) | 2022-12-08 | 2022-12-08 | Lightweight and deduplicatable ciphertext integrity auditing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211569337.5A CN116015630B (en) | 2022-12-08 | 2022-12-08 | Lightweight and deduplicatable ciphertext integrity auditing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116015630A true CN116015630A (en) | 2023-04-25 |
| CN116015630B CN116015630B (en) | 2023-11-24 |
Family
ID=86025679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211569337.5A Active CN116015630B (en) | 2022-12-08 | 2022-12-08 | Lightweight and deduplicatable ciphertext integrity auditing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015630B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116938452A (en) * | 2023-09-15 | 2023-10-24 | 天津太极风控网络科技有限公司 | Cloud audit method for encrypted backup account set |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483585A (en) * | 2017-08-18 | 2017-12-15 | 西安电子科技大学 | The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment |
| WO2018188074A1 (en) * | 2017-04-14 | 2018-10-18 | Nokia Technologies Oy | Secure encrypted data deduplication with efficient ownership proof and user revocation |
| CN109286490A (en) * | 2018-08-27 | 2019-01-29 | 西安电子科技大学 | Support close state data deduplication and integrity verification method and system |
| CN110677487A (en) * | 2019-09-30 | 2020-01-10 | 陕西师范大学 | Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection |
| CN113507367A (en) * | 2021-05-24 | 2021-10-15 | 暨南大学 | Online/offline integrity auditing method for outsourced data in cloud environment |
| CN114003587A (en) * | 2020-12-24 | 2022-02-01 | 国际关系学院 | Cloud data integrity verification tag duplication removing method and device |
-
2022
- 2022-12-08 CN CN202211569337.5A patent/CN116015630B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018188074A1 (en) * | 2017-04-14 | 2018-10-18 | Nokia Technologies Oy | Secure encrypted data deduplication with efficient ownership proof and user revocation |
| CN107483585A (en) * | 2017-08-18 | 2017-12-15 | 西安电子科技大学 | The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment |
| CN109286490A (en) * | 2018-08-27 | 2019-01-29 | 西安电子科技大学 | Support close state data deduplication and integrity verification method and system |
| CN110677487A (en) * | 2019-09-30 | 2020-01-10 | 陕西师范大学 | Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection |
| CN114003587A (en) * | 2020-12-24 | 2022-02-01 | 国际关系学院 | Cloud data integrity verification tag duplication removing method and device |
| CN113507367A (en) * | 2021-05-24 | 2021-10-15 | 暨南大学 | Online/offline integrity auditing method for outsourced data in cloud environment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116938452A (en) * | 2023-09-15 | 2023-10-24 | 天津太极风控网络科技有限公司 | Cloud audit method for encrypted backup account set |
| CN116938452B (en) * | 2023-09-15 | 2023-12-08 | 天津太极风控网络科技有限公司 | Cloud audit method for encrypted backup account set |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116015630B (en) | 2023-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | BL-MLE: Block-level message-locked encryption for secure large file deduplication | |
| CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
| Li et al. | Secure distributed deduplication systems with improved reliability | |
| Huang et al. | Achieving big data privacy via hybrid cloud | |
| CN108182367B (en) | A kind of encrypted data chunk client De-weight method for supporting data to update | |
| CN106101257A (en) | A kind of cloud storage data managing method based on Bloom filter and device | |
| CN105320896A (en) | Cloud storage encryption and ciphertext retrieval methods and systems | |
| CN109284426B (en) | Multi-data document classification system based on permission level | |
| Tang et al. | Enabling ciphertext deduplication for secure cloud storage and access control | |
| CN116015630B (en) | Lightweight and deduplicatable ciphertext integrity auditing method and system | |
| CN114244498A (en) | Dynamic searchable public key encryption method with forward security | |
| CN114640458B (en) | Fine granularity multi-user security searchable encryption method in cloud-edge cooperative environment | |
| Du et al. | Proofs of ownership and retrievability in cloud storage | |
| CN110851848B (en) | Privacy protection method for symmetric searchable encryption | |
| CN109088850B (en) | Lot cloud auditing method for positioning error files based on Lucas sequence | |
| CN109104449B (en) | Multi-backup data possession proving method in cloud storage environment | |
| CN113259317A (en) | Cloud storage data deduplication method based on identity agent re-encryption | |
| CN108920968B (en) | File searchable encryption method based on connection keywords | |
| Sun et al. | Research of data security model in cloud computing platform for SMEs | |
| CN109672525A (en) | It is a kind of to can search for public key encryption method and system with efficient forward index | |
| Yang et al. | Effective error-tolerant keyword search for secure cloud computing | |
| CN111585756A (en) | Certificateless cloud auditing method suitable for multi-copy-multi-cloud condition | |
| Aishwarya et al. | Solving data de-duplication issues on cloud using hashing and md5 techniques | |
| CN107147615A (en) | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene | |
| Bhavya et al. | Distributed Deduplication System with Improved Reliability and Access Efficiency |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yang Anjia Inventor after: Guo Zifan Inventor after: Weng Jian Inventor after: Pei Qingfu Inventor after: Li Tao Inventor after: Liu Jianan Inventor after: Chen Xiaohu Inventor after: Li Ming Inventor before: Yang Anjia Inventor before: Li Tao Inventor before: Weng Jian Inventor before: Liu Jianan Inventor before: Chen Xiaohu Inventor before: Li Ming Inventor before: Wen Jinghang |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |