WO2018201730A1 - Lattice-based cloud storage data security audit method supporting uploading of data via proxy - Google Patents
Lattice-based cloud storage data security audit method supporting uploading of data via proxy Download PDFInfo
- Publication number
- WO2018201730A1 WO2018201730A1 PCT/CN2017/116287 CN2017116287W WO2018201730A1 WO 2018201730 A1 WO2018201730 A1 WO 2018201730A1 CN 2017116287 W CN2017116287 W CN 2017116287W WO 2018201730 A1 WO2018201730 A1 WO 2018201730A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- proxy
- signer
- data
- signature
- cloud server
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Definitions
- the invention belongs to the technical field of information security, and in particular relates to a security auditing method for a grid-based cloud storage data supporting data agent uploading.
- the cloud storage data auditing solution can effectively solve the problem of remote data integrity verification, which not only relieves the pressure of end user management data, but also avoids the end user's concern about the tampering of remote data stored on the cloud server.
- data owners have limited access to public cloud servers. For example, data owners (managers) may be questioned and investigated because of economic disputes or complaints about commercial fraud. To prevent conspiracy to deceive, the data owner is temporarily disqualified from processing the company's relevant data, but the legal owner of the data owner (manager) needs to continue processing during this time.
- agents such as secretaries
- the structure is relatively simple, and hardware and software are easy to implement in the system.
- the cryptographer Ajta has pioneered the equivalence of some difficult problems in an average case and the difficulty of NP-hard problems. This conclusion greatly promotes the development of the lattice cipher algorithm.
- there are rich and difficult problem hypotheses including the shortest vector problem, the nearest vector problem, the approximate shortest vector problem, the approximate nearest vector problem, etc.
- the object of the present invention is to provide a method for security auditing of a grid-based cloud storage data supporting data agent uploading. It should be noted that in the method of the present invention, the original data owner is required not only to authorize an agent to assist him or her. Generate data signatures and upload digital signatures to the cloud server, and require the data owner to specify a dedicated trusted auditor to help them audit the data integrity stored on the cloud server; in addition, to avoid complex certificate management, the audit of the present invention The method needs to be designed on the basis of identity-based cryptography.
- q poly(n): q is a polynomial for a positive integer n; ⁇ 0, 1 ⁇ * : a random length bit string;
- q mode given matrix Where q is a prime number, m, n are positive integers, and the q-module is defined as follows:
- Trapdoor generation algorithm (TrapGen): Let positive integers q ⁇ 2 and m ⁇ 5n log q, existence probability polynomial time algorithm TrapGen(q,n) outputs a matrix in polynomial time And a short base Make A statistically close to uniform distribution Short base Satisfying
- O(n log q), where O(n log q) represents the polynomial computational complexity with respect to n log q.
- SamplePre input matrix grid Short base Gaussian safety parameter s 2 , for any given vector
- a grid security data storage auditing method supporting data agent uploading characterized in that it comprises the following steps:
- the system first performs block processing on the data file, sets the security parameters of the required cryptographic algorithm and the secure hash function at this stage;
- the key generation center KGC Key Generation Center
- the key generation center KGC calls the lattice-based proxy algorithm to generate the original signer and agent respectively.
- the original signer uses the original image sampling algorithm to derive the legal signature based on the proxy authorization letter;
- the authorization letter has explicit execution rights information about the original signer and the proxy signer. Describe the verifier as part of the verification information; the proxy signer verifies the validity of the signature of the authorization letter, and accordingly generates a proxy signature private key using the grid-based proxy algorithm;
- the proxy signer uses the proxy signature private key obtained in step S2 to generate the proxy signature of the original signer's data file by using the grid-based identity-based linear homomorphic proxy signature algorithm, and the proxy signer will use these data files, file names, and data files.
- the set of proxy signatures is uploaded to the public cloud server and the data is deleted at the client;
- the trusted auditor generates the audit challenge information to the cloud server, and the cloud server calculates the aggregated data file and the aggregated signature according to the audit challenge information, and selects the random vector as the blind seed information, and generates the digital signature of the random vector according to the original image sampling algorithm.
- the aggregated data file is blinded and the audit proof response information is sent to the trusted auditor.
- the trusted auditor verifies the validity of the audit proof response information according to the verification step of the identity-based linear homomorphic proxy signature algorithm. .
- step S1 is:
- the system first performs block processing on the data file, and sets security parameters and a secure hash function of the required cryptographic algorithm at this stage:
- the system divides the preprocessed file F into Data block, ie among them Represents the ith data block in F, where
- NewBasisDel the original image sampling algorithm Sample Pre can run correctly, and the system sets two respectively.
- the key generation center KGC invokes the lattice-based proxy algorithm to generate the public-private key pair of the original signer, the proxy signer, and the cloud server, respectively:
- Key Generation Center KGC Runs Glyph Proxy Algorithm Generate a grid Random lattice As the private key corresponding to ID o , then the key generation center KGC sends To the original signer; in a similar way, enter the proxy signer's identity ID p to get the proxy signer's private key Enter the cloud server's identity ID c to get the cloud server private key.
- the original method of using the original image sampling algorithm to derive the legal signature based on the proxy authorization letter is:
- the original signer ID o generates an authorization letter of appointment m ⁇ according to the proxy signature request
- the authorization letter of appointment m ⁇ includes the explicit proxy signature right and the original signer's information, ie the proxy signer ID p cannot process or upload the original signer ID o Data, unless the authority of the proxy signer ID p satisfies the content of the authorization letter of appointment m ⁇ ;
- the original signer ID o selects a random vector And use the hash function H 2 to calculate: vector Then run the original image sampling algorithm Generate m-dimensional vectors
- the signature information of the authorization letter is (m ⁇ , v ⁇ , ⁇ ⁇ ), and the original signer ID o sends the signature information (m ⁇ , v ⁇ , ⁇ ⁇ ) of the authorization letter to the proxy signer ID p ; here, Each person is able to verify the validity of the signature information of the authorization letter m ⁇ .
- the proxy signer verifies the validity of the signature of the authorization letter, and accordingly, the specific method for generating the proxy signature private key by using the grid-based proxy algorithm is:
- the proxy signer ID p verifies the equation And inequalities Whether it is established, if both are established, the authorization letter m ⁇ signature is valid, and the proxy signer ID p is calculated using the hash function H 3 Running the lattice algorithm Generating the proxy signature private key of the proxy signer ID p If not, the verification is unsuccessful, the proxy signer ID p rejects, and the original signer ID o is notified.
- step S3 is:
- the proxy signer ID p When the proxy signer ID p satisfies the proxy rights scope of the authorization appointment m ⁇ , the proxy signer ID p will help the original signer ID o to generate a signature and upload the data to the cloud server; Proxy signer ID p generates data files
- the signature steps are as follows:
- N i represents the file name of the i-th data block F i
- the cloud server first verifies whether the proxy signer ID p satisfies the right scope of the authorization appointment m ⁇ ; if not, the cloud server refuses to provide the storage service; if satisfied, the cloud server further verifies the signature information of the authorization appointment m ⁇ ( m ⁇ , v ⁇ , ⁇ ⁇ ), ie the verification equation And inequalities It is established; If they are set up, the cloud server determines m ⁇ is effective, the cloud server receives and stores the relevant data; otherwise, the cloud storage server refused to provide the service, and notifies the original signer ID o again authorized agent to upload data.
- the trusted auditor generates the audit challenge information to the cloud server, and the cloud server calculates the aggregated data file and the aggregated signature according to the audit challenge information, and selects the random vector as the blind seed information according to the original image sampling algorithm.
- the specific method for generating the digital signature of the random vector, blinding the aggregated data file, and sending the audit certification response information to the trusted auditor is:
- step S4 the specific method for the trusted auditor to verify the validity of the audit certification response information according to the verification step of the identity-based linear homomorphic proxy signature algorithm is:
- the present invention provides a packet-based identity-based cloud storage data security auditing method with privacy protection and data agent uploading.
- the auditing method helps the data owner to authorize the proxy signer to generate the proxy signature of the data and upload it to the cloud server, which helps the trusted auditor to perform integrity auditing on the cloud storage data.
- the auditing method is based on the difficulty of solving non-homogeneous small integers on the grid, which can effectively prevent the malicious cloud server from generating fake auditing certificate response information to deceive the trusted auditor through the audit verification process.
- the audit method uses the original image sampling function technology to realize the construction of the random mask code, which can effectively prevent the trusted auditor from recovering the original data block information of the original signer from the data file.
- a trusted auditor In the process of performing integrity verification of cloud storage data, a trusted auditor only needs a linear combination with a limited amount of computation, and does not need to calculate a more expensive bilinear pairwise and modular exponential operation, so the auditing method is in terms of computational efficiency. Very beneficial to credible auditors.
- the method of the invention is designed based on an identity cryptosystem, which effectively avoids the complex management of the public key certificate by the public key infrastructure, and can effectively resist the attack of the quantum computer, and has an important cloud computing environment in the post-quantum communication security. Value.
- the invention has the beneficial effects that the invention solves the problem of remote cloud storage data integrity verification; the method of the invention helps the data owner to authorize the proxy signer to generate the proxy signature of the data and upload it to the cloud server, and at the same time A trusted auditor performs an integrity audit of cloud storage data.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention pertains to the field of information security technologies, and in particular relates to a lattice-based cloud storage data security audit method supporting uploading of data via a proxy. The audit method of the present invention assists a data owner to authorize a proxy signer to generate a proxy signature for data and to upload the data to a cloud server, helping a trusted auditor to perform an integrity audit on cloud storage data. In the audit method of the present invention, a random masking code is constructed by using a lattice preimage sampling algorithm, effectively preventing the trusted auditor from recovering original data block information of an original signer from the data file. In a process of performing integrity verification on the cloud storage data, the trusted auditor only needs to compute a limited quantity of linear combinations, instead of computing costlier bilinear pairwise and modular exponential operations. Thereby, the audit method is highly beneficial to trusted auditors in terms of computational efficiency. Moreover, the method of the present invention can effectively resist attacks by quantum computers and will have important application value in security of cloud computing environments in the coming quantum communications era.
Description
本发明属于信息安全技术领域,具体的说是涉及支持数据代理上传的格基云存储数据安全审计方法。The invention belongs to the technical field of information security, and in particular relates to a security auditing method for a grid-based cloud storage data supporting data agent uploading.
随着云计算技术的快速发展,特别是在大数据时代,将会有越来越多的用户将海量数据存储在云服务器上。这将势必造成用户对存储在远程云服务器的数据隐私安全的担忧,由于用户失去了对数据的实际掌控,存储在云服务器上的数据是否被篡改,即数据完整性是用户最关心的。With the rapid development of cloud computing technology, especially in the era of big data, more and more users will store massive amounts of data on cloud servers. This will inevitably cause users to worry about the privacy of data stored in the remote cloud server. Since the user loses the actual control of the data, whether the data stored on the cloud server has been tampered with, that is, data integrity is the most concerned by the user.
云存储数据审计方案能够有效解决远程数据完整性验证的问题,这不仅能够释放终端用户管理数据的压力,也避免了终端用户对存储在云服务器上的远程数据遭到篡改的担忧。在一些特殊的应用环境中,数据拥有者访问公共云服务器的权利受限,如数据拥有者(经理)可能因为经济纠纷问题,或者被投诉其具有商业欺骗的行为而遭到质疑和调查,为了防止合谋欺骗,数据拥有者暂时被取消处理公司的相关数据的权利,但是这段时间内这位数据拥有者(经理)的合法事物还需要继续处理。当他所在的公司每日产生海量的数据,为了不让公司遭受损失,他将指定代理者(如秘书)帮助其及时处理公司的数据。目前已经出现很多具有数据完整性验证功能的云存储数据安全审计方案,而真正具有支持数据代理上传的云存储数据安全审计方案还非常少,仅有一个具有这种功能的构造方案,但此方案不能抵抗量子计算机的攻击能力。这是因为此云存储数据安全审计方案是基于需要计算开销更高的双线性对运算设计的,其安全性是基于离散对数的密码学困难问题,这在量子计算的环境下是很容易被攻破的。而格密码被认为是抗量子计算的密码,即后量子密码中最有前景的一类密码。因为格在代数结构上实质上是一个加法交换群,在几何上是空间的一些排列整齐的离散点集合,结构比较简单,在***中硬件和软件都容易实现。而且密码学者Ajta开创性地证明了某类格中一些平均情况下的困难问题和NP困难问题的难度等价,这一结论极大地促进了格密码算法的发展。另外,格上具有丰富的困难问题假设,包括最短向量问题、最近向量问题、近似最短向量问题、近似最近向量问题等,这些困难性问题之间都有现成的可证明安全归约技术,极大地增强了人们对格公钥密码算法安全性的信心。The cloud storage data auditing solution can effectively solve the problem of remote data integrity verification, which not only relieves the pressure of end user management data, but also avoids the end user's concern about the tampering of remote data stored on the cloud server. In some special application environments, data owners have limited access to public cloud servers. For example, data owners (managers) may be questioned and investigated because of economic disputes or complaints about commercial fraud. To prevent conspiracy to deceive, the data owner is temporarily disqualified from processing the company's relevant data, but the legal owner of the data owner (manager) needs to continue processing during this time. When his company produces massive amounts of data every day, in order not to let the company suffer losses, he will assign agents (such as secretaries) to help them process the company's data in a timely manner. At present, there are many cloud storage data security auditing schemes with data integrity verification functions. However, there are very few cloud storage data security auditing schemes that support data agent uploading. There is only one configuration scheme with this function, but this scheme Can not resist the attack power of quantum computers. This is because this cloud storage data security auditing scheme is based on the design of bilinear pairing operations that require more computational overhead. The security is based on the cryptographic difficulty of discrete logarithm, which is very easy in the quantum computing environment. Being broken. The lattice password is considered to be an anti-quantum computing password, the most promising type of password in the post-quantum cryptosystem. Because the lattice is essentially an additive exchange group in the algebraic structure, it is geometrically a set of neatly arranged discrete points in space. The structure is relatively simple, and hardware and software are easy to implement in the system. Moreover, the cryptographer Ajta has pioneered the equivalence of some difficult problems in an average case and the difficulty of NP-hard problems. This conclusion greatly promotes the development of the lattice cipher algorithm. In addition, there are rich and difficult problem hypotheses, including the shortest vector problem, the nearest vector problem, the approximate shortest vector problem, the approximate nearest vector problem, etc. These difficult problems have ready-to-proven secure reduction techniques, greatly Increased confidence in the security of the public key cryptography algorithm.
因此,考虑到大数据将会在量子时代长期存在,研究支持数据代理上传的基于格困难问题假设的云存储数据安全审计方法具有重要的应用价值。Therefore, considering that big data will exist for a long time in the quantum age, it is of great practical value to study the cloud storage data security audit method based on the assumption of grid difficulty uploaded by data agent.
发明内容Summary of the invention
本发明的目的在于,针对上述目的,提出一种支持数据代理上传的格基云存储数据安全审计方法,需要说明的是,在本发明的方法中要求原始数据拥有者不仅需要授权代理者帮助其产生数据的签名和上传数字签名到云服务器,而且需要数据拥有者指定一个专门的可信审计者帮助其审计存储在云服务器上的数据完整性;此外为了避免复杂的证书管理,本发明的审计方法需要在基于身份的密码学的基础上设计。The object of the present invention is to provide a method for security auditing of a grid-based cloud storage data supporting data agent uploading. It should be noted that in the method of the present invention, the original data owner is required not only to authorize an agent to assist him or her. Generate data signatures and upload digital signatures to the cloud server, and require the data owner to specify a dedicated trusted auditor to help them audit the data integrity stored on the cloud server; in addition, to avoid complex certificate management, the audit of the present invention The method needs to be designed on the basis of identity-based cryptography.
为了便于理解本发明的技术方案,在详细描述本发明的技术方案之前,先集中描述本发明采用的符号的定义和介绍本发明采用的基础算法:In order to facilitate the understanding of the technical solutions of the present invention, before describing the technical solutions of the present invention in detail, the definitions of the symbols used in the present invention are collectively described and the basic algorithms adopted by the present invention are introduced:
符号定义:Symbol definition:
q=poly(n):q是关于正整数n的多项式;{0,1}
*:随机长度比特串;
q=poly(n): q is a polynomial for a positive integer n; {0, 1} * : a random length bit string;
模q上的n维向量;
模q上的m维向量;
An n-dimensional vector on the modulo q; The m-dimensional vector on the modulo q;
模q上的n×m维矩阵;
模q上的m×m维矩阵;
An n × m dimensional matrix on the modulo q; m×m-dimensional matrix on the modulo q;
f=<η,λ>:f为η与λ的内直积;||T||:表示矩阵
的欧式范数;
f=<η,λ>:f is the inner direct product of η and λ; ||T||: represents the matrix European norm
q模格:给定矩阵
其中q是素数,m,n为正整数,定义q模格如下:
q mode: given matrix Where q is a prime number, m, n are positive integers, and the q-module is defined as follows:
基于低范数m×m维可逆矩阵的离散噪声分布;
Discrete noise distribution based on a low norm m×m dimensional invertible matrix;
基础算法:Basic algorithm:
陷门生成算法(TrapGen):令正整数q≥2和m≥5n log q,存在概率多项式时间算法TrapGen(q,n)在多项式时间内输出一个矩阵
和格
的一个短基
使得A在统计上接近均匀分布
并且短基
满足||T
A||=O(n log q),其中O(n log q)表示关 于n log q的多项式计算复杂度。
Trapdoor generation algorithm (TrapGen): Let positive integers q≥2 and m≥5n log q, existence probability polynomial time algorithm TrapGen(q,n) outputs a matrix in polynomial time And a short base Make A statistically close to uniform distribution Short base Satisfying ||T A ||=O(n log q), where O(n log q) represents the polynomial computational complexity with respect to n log q.
格基代理算法(NewBasisDel):令q≥2,
以及可逆矩阵
取自分布
令
是格
的短基,存在概率多项式时间算法NewBasisDel(A,R,T
A,s
1),在多项式时间内输出格
的短基
Geki proxy algorithm (NewBasisDel): let q ≥ 2, Reversible matrix Taken from distribution make Yes Short base, existence probability polynomial time algorithm NewBasisDel(A,R,T A ,s 1 ), output lattice in polynomial time Short base
原像抽样算法(SamplePre):输入矩阵
格
的短基
高斯安全参数s
2,对任意给定的向量
SamplePre(A,T
A,ξ,s
2)算法输出为从统计接近于离散高斯分布χ中抽取的一个向量
其满足Ae=ξmod q。
Original image sampling algorithm (SamplePre): input matrix grid Short base Gaussian safety parameter s 2 , for any given vector The SamplePre(A,T A ,ξ,s 2 ) algorithm outputs a vector extracted from a statistically close to the discrete Gaussian distribution χ It satisfies Ae=ξmod q.
本发明的技术方案是:The technical solution of the present invention is:
支持数据代理上传的格基云存储数据安全审计方法,其特征在于,包括以下步骤:A grid security data storage auditing method supporting data agent uploading, characterized in that it comprises the following steps:
S1、***初始化:S1, system initialization:
***首先对数据文件进行分块处理,设置此阶段所需格密码算法的安全参数以及安全的哈希函数;密钥产生中心KGC(Key Generation Center)调用格基代理算法分别产生原始签名者、代理签名者以及云服务器的公私钥对;The system first performs block processing on the data file, sets the security parameters of the required cryptographic algorithm and the secure hash function at this stage; the key generation center KGC (Key Generation Center) calls the lattice-based proxy algorithm to generate the original signer and agent respectively. The public and private key pair of the signer and the cloud server;
S2、代理签名私钥产生阶段:S2, proxy signature private key generation phase:
原始签名者为了授权代理签名权利给代理签名者,利用原像抽样算法导出基于代理授权委任书的合法签名;所述的授权委任书中有明确的关于原始签名者和代理签名者的执行权利信息描述,验证者将其作为验证信息的组成部分;代理签名者验证授权委任书签名的有效性,并据此利用格基代理算法产生代理签名私钥;In order to authorize the agent to sign the right to the proxy signer, the original signer uses the original image sampling algorithm to derive the legal signature based on the proxy authorization letter; the authorization letter has explicit execution rights information about the original signer and the proxy signer. Describe the verifier as part of the verification information; the proxy signer verifies the validity of the signature of the authorization letter, and accordingly generates a proxy signature private key using the grid-based proxy algorithm;
S3、数据代理签名产生与上传阶段:S3, data agent signature generation and upload phase:
代理签名者利用步骤S2中获得的代理签名私钥,采用格上基于身份的线性同态代理签名算法产生原始签名者的数据文件的代理签名,代理签名者将这些数据文件、文件名称以及数据文件的代理签名的集合上传到公共云服务器,并且在客户端将这些数据删除;The proxy signer uses the proxy signature private key obtained in step S2 to generate the proxy signature of the original signer's data file by using the grid-based identity-based linear homomorphic proxy signature algorithm, and the proxy signer will use these data files, file names, and data files. The set of proxy signatures is uploaded to the public cloud server and the data is deleted at the client;
S4、审计证明产生与验证阶段:S4, the audit certification generation and verification phase:
可信审计者产生审计挑战信息给云服务器,云服务器根据审计挑战信息,计算聚合数据文件以及聚合签名,并选取随机向量作为盲化种子信息,根据原像抽样算法产生此随机向量 的数字签名,将聚合数据文件盲化,并发送审计证明响应信息给可信审计者;最后,可信审计者按照格上基于身份的线性同态代理签名算法的验证步骤来验证此审计证明响应信息的有效性。The trusted auditor generates the audit challenge information to the cloud server, and the cloud server calculates the aggregated data file and the aggregated signature according to the audit challenge information, and selects the random vector as the blind seed information, and generates the digital signature of the random vector according to the original image sampling algorithm. The aggregated data file is blinded and the audit proof response information is sent to the trusted auditor. Finally, the trusted auditor verifies the validity of the audit proof response information according to the verification step of the identity-based linear homomorphic proxy signature algorithm. .
进一步的,所述步骤S1的具体方法为:Further, the specific method of the step S1 is:
S11、***首先对数据文件进行分块处理,设置此阶段所需格密码算法的安全参数以及安全的哈希函数:S11. The system first performs block processing on the data file, and sets security parameters and a secure hash function of the required cryptographic algorithm at this stage:
***将预处理文件F分为
个数据块,即
其中
代表F中的第i个数据块,其中
对于安全参数n,设置素数q=poly(n),整数m≥2n log q,设置χ为离散高斯噪声分布;为了格基代理算法NewBasisDel,原像抽样算法Sample Pre能够正确运行,***分别设置两个安全的高斯参数s
1,s
2;
The system divides the preprocessed file F into Data block, ie among them Represents the ith data block in F, where For the security parameter n, set the prime number q=poly(n), the integer m≥2n log q, set χ to the discrete Gaussian noise distribution; for the lattice-based proxy algorithm NewBasisDel, the original image sampling algorithm Sample Pre can run correctly, and the system sets two respectively. a safe Gaussian parameter s 1 , s 2 ;
***运行陷门产生函数产生密钥产生中心KGC的主公钥A,主私钥T
A;设置抗碰撞的安全哈希函数
哈希函数
其中,H
1和H
3的输出值在
分布中;则***输出公共参数为Σ={A,H
1,H
2,H
3,H
4,H
5};
The system runs the trapdoor generation function to generate the master public key A of the key generation center KGC, the master private key T A ; and sets the anti-collision secure hash function Hash function Where the output values of H 1 and H 3 are In the distribution; the system outputs the public parameters as Σ={A, H 1 , H 2 , H 3 , H 4 , H 5 };
S12、密钥产生中心KGC调用格基代理算法分别产生原始签名者、代理签名者以及云服务器的公私钥对:S12. The key generation center KGC invokes the lattice-based proxy algorithm to generate the public-private key pair of the original signer, the proxy signer, and the cloud server, respectively:
输入步骤S11中设定的***公共参数Σ={A,H
1,H
2,H
3,H
4,H
5},主私钥T
A,原始签名者身份ID
o,密钥产生中心KGC计算原始签名者ID
o的私钥如下:
Enter the system common parameters 步骤={A, H 1 , H 2 , H 3 , H 4 , H 5 } set in step S11, the primary private key T A , the original signer ID 0 , and the key generation center KGC calculation The private key of the original signer ID o is as follows:
密钥产生中心KGC运行格基代理算法
产生格
上随机格基
作为ID
o对应的私钥,然后,密钥产生中心KGC发送
给原始签名者;以类似方法,输入代理签名者的身份ID
p,得到代理签名者的私钥
输入云服务器的身 份ID
c,得到云服务器私钥
Key Generation Center KGC Runs Glyph Proxy Algorithm Generate a grid Random lattice As the private key corresponding to ID o , then the key generation center KGC sends To the original signer; in a similar way, enter the proxy signer's identity ID p to get the proxy signer's private key Enter the cloud server's identity ID c to get the cloud server private key.
进一步的,所述步骤S2中原始签名者为了授权代理签名权利给代理签名者,利用原像抽样算法导出基于代理授权委任书的合法签名的具体方法为:Further, in the step S2, in order to authorize the proxy to sign the right to the proxy signer, the original method of using the original image sampling algorithm to derive the legal signature based on the proxy authorization letter is:
原始签名者ID
o根据代理签名要求产生授权委任书m
ω,该授权委任书m
ω包括明确的代理签名权利和原始签名者的信息,即代理签名者ID
p不能处理或上传原始签名者ID
o的数据,除非代理签名者ID
p的权限满足授权委任书m
ω的内容;
The original signer ID o generates an authorization letter of appointment m ω according to the proxy signature request, the authorization letter of appointment m ω includes the explicit proxy signature right and the original signer's information, ie the proxy signer ID p cannot process or upload the original signer ID o Data, unless the authority of the proxy signer ID p satisfies the content of the authorization letter of appointment m ω ;
原始签名者ID
o选择一个随机的向量
并利用哈希函数H
2计算:向量
然后运行原像抽样算法
产生m维向量
获得授权委任书的签名信息为(m
ω,v
ω,θ
ω),原始签名者ID
o发送授权委任书的签名信息(m
ω,v
ω,θ
ω)给代理签名者ID
p;这里,每一个人都能够验证授权委任书m
ω的签名信息的有效性。
The original signer ID o selects a random vector And use the hash function H 2 to calculate: vector Then run the original image sampling algorithm Generate m-dimensional vectors The signature information of the authorization letter is (m ω , v ω , θ ω ), and the original signer ID o sends the signature information (m ω , v ω , θ ω ) of the authorization letter to the proxy signer ID p ; here, Each person is able to verify the validity of the signature information of the authorization letter m ω .
进一步的,所述步骤S2中代理签名者验证授权委任书签名的有效性,并据此利用格基代理算法产生代理签名私钥的具体方法为:Further, in the step S2, the proxy signer verifies the validity of the signature of the authorization letter, and accordingly, the specific method for generating the proxy signature private key by using the grid-based proxy algorithm is:
代理签名者一旦接收到来自原始签名者ID
o的授权委任书m
ω的签名消息(m
ω,v
ω,θ
ω),代理签名者ID
p验证方程
和不等式
是否成立,如果二者都成立,则授权委任书m
ω签名是有效的,同时代理签名者ID
p利用哈希函数H
3计算
运行格基代理算法
产生代理签名者ID
p的代理签名私钥
如果不成立,则验证不成功,代理签名者ID
p拒绝,并通知原始签名者ID
o。
Once the proxy signer receives the signature message (m ω , v ω , θ ω ) of the authorization letter m ω from the original signer ID o , the proxy signer ID p verifies the equation And inequalities Whether it is established, if both are established, the authorization letter m ω signature is valid, and the proxy signer ID p is calculated using the hash function H 3 Running the lattice algorithm Generating the proxy signature private key of the proxy signer ID p If not, the verification is unsuccessful, the proxy signer ID p rejects, and the original signer ID o is notified.
进一步的,所述步骤S3的具体方法为:Further, the specific method of the step S3 is:
当代理签名者ID
p满足授权委任书m
ω的代理权利范围,代理签名者ID
p将帮助原始签名者ID
o产生签名并上传数据到云服务器;利用代理签名私钥
代理签名者ID
p产生 数据文件
签名步骤如下:
When the proxy signer ID p satisfies the proxy rights scope of the authorization appointment m ω , the proxy signer ID p will help the original signer ID o to generate a signature and upload the data to the cloud server; Proxy signer ID p generates data files The signature steps are as follows:
利用哈希函数H
4计算关于数据块
的线性数据块
其中,N
i代表第i个数据块F
i的文件名称,
是云服务器的公钥,运行原像抽样算法
产生
Calculate the data block using the hash function H 4 Linear data block Where N i represents the file name of the i-th data block F i , Is the public key of the cloud server, running the original image sampling algorithm produce
S32、对于每一个数据块F
i,计算n维向量
以及内直积ρ
i,j=<η
i,λ
j>∈Z
q,1≤j≤n,
其中向量
设置
最后,代理签名者ID
p运行原像抽样算法SamplePre(Q
pro,T
pro,ρ
i,s
2)产生向量
定义签名集合
代理签名者ID
p得到所有的数据为
并上传这些数据到公共云服务器;
S32. Calculate an n-dimensional vector for each data block F i And the inner direct product ρ i,j =<η i ,λ j >∈Z q ,1≤j≤n, Where vector Setting Finally, the proxy signer ID p runs the original image sampling algorithm SamplePre(Q pro , T pro , ρ i , s 2 ) to generate the vector. Defining signature collection The proxy signer ID p gets all the data as And upload the data to the public cloud server;
S33、云服务器首先验证代理签名者ID
p是否满足授权委任书m
ω的权利范围;如果不满足,云服务器拒绝提供存储服务;如果满足,云服务器再进一步验证授权委任书m
ω的签名信息(m
ω,v
ω,θ
ω),即验证方程
和不等式
是否成立;如果二者成立,云服务器确定m
ω是有效的,云服务器接收并存储相关数据;否则,云服务器拒绝提供此次存储服务,并通知原始签名者ID
o再次授权代理上传数据。
S33. The cloud server first verifies whether the proxy signer ID p satisfies the right scope of the authorization appointment m ω ; if not, the cloud server refuses to provide the storage service; if satisfied, the cloud server further verifies the signature information of the authorization appointment m ω ( m ω , v ω , θ ω ), ie the verification equation And inequalities It is established; If they are set up, the cloud server determines m ω is effective, the cloud server receives and stores the relevant data; otherwise, the cloud storage server refused to provide the service, and notifies the original signer ID o again authorized agent to upload data.
进一步的,所述步骤S4中可信审计者产生审计挑战信息给云服务器,云服务器根据审计挑战信息,计算聚合数据文件以及聚合签名,并选取随机向量作为盲化种子信息,根据原像抽样算法产生此随机向量的数字签名,将聚合数据文件盲化,并发送审计证明响应信息给可信审计者的具体方法为:Further, in the step S4, the trusted auditor generates the audit challenge information to the cloud server, and the cloud server calculates the aggregated data file and the aggregated signature according to the audit challenge information, and selects the random vector as the blind seed information according to the original image sampling algorithm. The specific method for generating the digital signature of the random vector, blinding the aggregated data file, and sending the audit certification response information to the trusted auditor is:
S41、假设原始签名者ID
o授权远程数据完整性验证任务给可信的第三方审计者TPA;为了验证数据文件
真实存在于云服务器,可信审计者TPA从集合
中随机选取含有c个元素的子集Ω={l
1,…,l
c};相应地,可信审计者TPA选取随机比特串
最后可信审计者TPA发送审计挑战信息chal={i,β
i}
i∈Ω给云服务器,挑战信息定位了需要被验证的数据块;
S41. Suppose the original signer ID o authorizes the remote data integrity verification task to the trusted third party auditor TPA; in order to verify the data file Really exists in the cloud server, trusted auditor TPA from the collection A subset of c elements Ω={l 1 ,...,l c } is randomly selected; correspondingly, the trusted auditor TPA selects a random bit string Finally, the trusted auditor TPA sends the audit challenge information chal={i, β i } i∈Ω to the cloud server, and the challenge information locates the data block that needs to be verified;
S42、云服务器接收来自可信审计者TPA的审计挑战信息chal={i,β
i}
i∈Ω,云服务器计算聚合数据块
聚合签名
为了进一步盲化聚合数据块f′,云服务器随机选取向量
并运行原像抽样算法
产生向量ξ的签名
最后,云服务器利用哈希函数H
6计算盲化后的聚合数据块
然后发送审计证明响应信息proof=(f,e,ξ)给可信审计者TPA作为审计证明响应信息。
S42. The cloud server receives the audit challenge information from the trusted auditor TPA, chal={i, β i } i∈Ω , and the cloud server calculates the aggregated data block. Aggregate signature In order to further blindly aggregate the data block f', the cloud server randomly selects the vector And run the original image sampling algorithm Generate a signature of the vector Finally, the cloud server uses the hash function H 6 to calculate the blinded aggregated data block. Then send the audit certificate response information proof=(f,e,ξ) to the trusted auditor TPA as the audit certificate response information.
进一步的,所述步骤S4中可信审计者按照格上基于身份的线性同态代理签名算法的验证步骤来验证此审计证明响应信息的有效性的具体方法为:Further, in the step S4, the specific method for the trusted auditor to verify the validity of the audit certification response information according to the verification step of the identity-based linear homomorphic proxy signature algorithm is:
接收到审计证明响应信息后proof=(f,e,ξ),可信审计者TPA验证其有效性步骤包括:After receiving the audit certificate response information proof=(f,e,ξ), the trusted auditor TPA verifies its validity steps including:
S43、计算n维向量
利用哈希函数H
5计算向量
S43, calculating an n-dimensional vector Calculate the vector using the hash function H 5
S44、利用η
i和λ
j计算内直积ρ
i,j=<η
i,λ
j>∈Z
q,其中
1≤j≤n,设置向量
设置矩阵
并计算向量
S44. Calculate the inner direct product ρ i,j =<η i ,λ j >∈Z q by using η i and λ j . 1 ≤ j ≤ n, setting vector Setting matrix And calculate the vector
S45、可信审计者TPA通过验证方程Q
proe=μmod q和不等式
是否成立,若成立,则判断审计证明响应信息有效;若不成立,则则判断审计证明响应信息无效。
S45, the trusted auditor TPA passes the verification equation Q pro e=μmod q and the inequality Whether it is established, if it is established, it judges that the audit certificate response information is valid; if it is not established, it judges that the audit certificate response information is invalid.
根据上述的技术方案可知:本发明提供的是具有隐私保护的支持数据代理上传的格上基于身份的云存储数据安全审计方法。该审计方法有助于数据拥有者授权给代理签名者产生数据的代理签名并上传到云服务器,有助于可信的审计者对云存储数据进行完整性审计。在安全性方面,该审计方法基于格上非齐次小整数解困难性问题,能够有效防止恶意云服务器产生伪造的审计证明响应信息欺骗可信审计者通过审计验证过程。同时,该审计方法利用格上 原像抽样函数技术实现随机掩饰码的构造,可有效防止可信审计者从数据文件中恢复出原始签名者的原始数据块信息。可信审计者在执行云存储数据的完整性验证过程中,仅需要计算量有限的线性组合,而不需要计算代价更高的双线性对和模指数运算,因此在计算效率方面该审计方法非常有利于可信的审计者。此外,本发明方法是基于身份密码***设计的,有效地避免了公钥基础设施对公钥证书的复杂管理,同时能有效抵抗量子计算机的攻击,在后量子通信安全的云计算环境具有重要的应用价值。According to the above technical solution, the present invention provides a packet-based identity-based cloud storage data security auditing method with privacy protection and data agent uploading. The auditing method helps the data owner to authorize the proxy signer to generate the proxy signature of the data and upload it to the cloud server, which helps the trusted auditor to perform integrity auditing on the cloud storage data. In terms of security, the auditing method is based on the difficulty of solving non-homogeneous small integers on the grid, which can effectively prevent the malicious cloud server from generating fake auditing certificate response information to deceive the trusted auditor through the audit verification process. At the same time, the audit method uses the original image sampling function technology to realize the construction of the random mask code, which can effectively prevent the trusted auditor from recovering the original data block information of the original signer from the data file. In the process of performing integrity verification of cloud storage data, a trusted auditor only needs a linear combination with a limited amount of computation, and does not need to calculate a more expensive bilinear pairwise and modular exponential operation, so the auditing method is in terms of computational efficiency. Very beneficial to credible auditors. In addition, the method of the invention is designed based on an identity cryptosystem, which effectively avoids the complex management of the public key certificate by the public key infrastructure, and can effectively resist the attack of the quantum computer, and has an important cloud computing environment in the post-quantum communication security. Value.
本发明的有益效果为,本发明解决了远程云存储数据完整性验证的问题;本发明方法有助于数据拥有者授权给代理签名者产生数据的代理签名并上传到云服务器,同时有助于可信的审计者对云存储数据进行完整性审计。The invention has the beneficial effects that the invention solves the problem of remote cloud storage data integrity verification; the method of the invention helps the data owner to authorize the proxy signer to generate the proxy signature of the data and upload it to the cloud server, and at the same time A trusted auditor performs an integrity audit of cloud storage data.
在发明内容部分已经对本发明的技术方案进行了详尽的描述,在此不再重描述。The technical solutions of the present invention have been described in detail in the Summary of the Invention and will not be described again.
需要补充的是:What needs to be added is:
最后可信审计者TPA验证方程Q
proe=μmod q和不等式
是否成立,其验证方程正确性推导过程如下:
Finally, the trusted auditor TPA verifies the equation Q pro e=μmod q and inequality Whether it is established or not, the process of verifying the correctness of the equation is as follows:
Claims (7)
- 支持数据代理上传的格基云存储数据安全审计方法,其特征在于,包括以下步骤:A grid security data storage auditing method supporting data agent uploading, characterized in that it comprises the following steps:S1、***初始化:S1, system initialization:***首先对数据文件进行分块处理,设置此阶段所需格密码算法的安全参数以及安全的哈希函数;密钥产生中心KGC调用格基代理算法分别产生原始签名者、代理签名者以及云服务器的公私钥对;The system first performs block processing on the data file, sets the security parameters of the required cryptographic algorithm and the secure hash function at this stage; the key generation center KGC calls the lattice-based proxy algorithm to generate the original signer, the proxy signer, and the cloud server respectively. Public-private key pair;S2、代理签名私钥产生阶段:S2, proxy signature private key generation phase:原始签名者为了授权代理签名权利给代理签名者,利用原像抽样算法导出基于代理授权委任书的合法签名;所述的授权委任书中有明确的关于原始签名者和代理签名者的执行权利信息描述,验证者将其作为验证信息的组成部分;代理签名者验证授权委任书签名的有效性,并据此利用格基代理算法产生代理签名私钥;In order to authorize the agent to sign the right to the proxy signer, the original signer uses the original image sampling algorithm to derive the legal signature based on the proxy authorization letter; the authorization letter has explicit execution rights information about the original signer and the proxy signer. Describe the verifier as part of the verification information; the proxy signer verifies the validity of the signature of the authorization letter, and accordingly generates a proxy signature private key using the grid-based proxy algorithm;S3、数据代理签名产生与上传阶段:S3, data agent signature generation and upload phase:代理签名者利用步骤S2中获得的代理签名私钥,采用格上基于身份的线性同态代理签名算法产生原始签名者的数据文件的代理签名,代理签名者将这些数据文件、文件名称以及数据文件的代理签名的集合上传到公共云服务器,并且在客户端将这些数据删除;The proxy signer uses the proxy signature private key obtained in step S2 to generate the proxy signature of the original signer's data file by using the grid-based identity-based linear homomorphic proxy signature algorithm, and the proxy signer will use these data files, file names, and data files. The set of proxy signatures is uploaded to the public cloud server and the data is deleted at the client;S4、审计证明产生与验证阶段:S4, the audit certification generation and verification phase:可信审计者产生审计挑战信息给云服务器,云服务器根据审计挑战信息,计算聚合数据文件以及聚合签名,并选取随机向量作为盲化种子信息,根据原像抽样算法产生此随机向量的数字签名,将聚合数据文件盲化,并发送审计证明响应信息给可信审计者;最后,可信审计者按照格上基于身份的线性同态代理签名算法的验证步骤来验证此审计证明响应信息的有效性。The trusted auditor generates the audit challenge information to the cloud server, and the cloud server calculates the aggregated data file and the aggregated signature according to the audit challenge information, and selects the random vector as the blind seed information, and generates the digital signature of the random vector according to the original image sampling algorithm. The aggregated data file is blinded and the audit proof response information is sent to the trusted auditor. Finally, the trusted auditor verifies the validity of the audit proof response information according to the verification step of the identity-based linear homomorphic proxy signature algorithm. .
- 根据权利要求1所述的支持数据代理上传的格基云存储数据安全审计方法,其特征在于,所述步骤S1的具体方法为:The method for verifying the security of the data storage by the data base agent according to claim 1, wherein the specific method of the step S1 is:S11、***首先对数据文件进行分块处理,设置此阶段所需格密码算法的安全参数以及安 全的哈希函数:S11. The system first performs block processing on the data file, and sets the security parameters of the required cryptographic algorithm and the secure hash function at this stage:***将预处理文件F分为 个数据块,即 其中 代表F中的第i个数据块,其中 对于安全参数n,设置素数q=poly(n),整数m≥2n log q,设置χ为离散高斯噪声分布;为了格基代理算法NewBasisDel,原像抽样算法Sample Pre能够正确运行,***分别设置两个安全的高斯参数σ 1,σ 2; The system divides the preprocessed file F into Data block, ie among them Represents the ith data block in F, where For the security parameter n, set the prime number q=poly(n), the integer m≥2n log q, set χ to the discrete Gaussian noise distribution; for the lattice-based proxy algorithm NewBasisDel, the original image sampling algorithm Sample Pre can run correctly, and the system sets two respectively. a safe Gaussian parameter σ 1 , σ 2 ;***运行陷门产生函数产生密钥产生中心KGC的主公钥A,主私钥T A;设置抗碰撞的安全哈希函数 哈希函数 其中,H 1和H 3的输出值在 分布中;则***输出公共参数为Σ={A,H 1,H 2,H 3,H 4,H 5}; The system runs the trapdoor generation function to generate the master public key A of the key generation center KGC, the master private key T A ; and sets the anti-collision secure hash function Hash function Where the output values of H 1 and H 3 are In the distribution; the system outputs the public parameters as Σ={A, H 1 , H 2 , H 3 , H 4 , H 5 };S12、密钥产生中心KGC调用格基代理算法分别产生原始签名者、代理签名者以及云服务器的公私钥对:S12. The key generation center KGC invokes the lattice-based proxy algorithm to generate the public-private key pair of the original signer, the proxy signer, and the cloud server, respectively:输入步骤S11中设定的***公共参数Σ={A,H 1,H 2,H 3,H 4,H 5},主私钥T A,原始签名者身份ID o,密钥产生中心KGC计算原始签名者ID o的私钥如下: Enter the system common parameters 步骤={A, H 1 , H 2 , H 3 , H 4 , H 5 } set in step S11, the primary private key T A , the original signer ID 0 , and the key generation center KGC calculation The private key of the original signer ID o is as follows:密钥产生中心KGC运行格基代理算法 产生格 上随机格基 作为ID o对应的私钥,然后,密钥产生中心KGC发送 给原始签名者;以类似方法,输入代理签名者的身份ID p,得到代理签名者的私钥 输入云服务器的身份ID c,得到云服务器私钥 Key Generation Center KGC Runs Glyph Proxy Algorithm Generate a grid Random lattice As the private key corresponding to ID o , then the key generation center KGC sends To the original signer; in a similar way, enter the proxy signer's identity ID p to get the proxy signer's private key Enter the cloud server's identity ID c to get the cloud server private key.
- 根据权利要求2所述的支持数据代理上传的格基云存储数据安全审计方法,其特征在于,所述步骤S2中原始签名者为了授权代理签名权利给代理签名者,利用原像抽样算法导出基于代理授权委任书的合法签名的具体方法为:The method for verifying data security of a grid-based cloud storage data according to claim 2, wherein in step S2, the original signer uses the original image sampling algorithm to derive an authorization based on the original image signature algorithm for authorizing the proxy signature right to the proxy signer. The specific method for legal signature of the proxy authorization letter is:原始签名者ID o根据代理签名要求产生授权委任书m ω,该授权委任书m ω包括明确的代理签名权利和原始签名者的信息,即代理签名者ID p不能处理或上传原始签名者ID o的数据,除非代理签名者ID p的权限满足授权委任书m ω的内容; The original signer ID o generates an authorization letter of appointment m ω according to the proxy signature request, the authorization letter of appointment m ω includes the explicit proxy signature right and the original signer's information, ie the proxy signer ID p cannot process or upload the original signer ID o Data, unless the authority of the proxy signer ID p satisfies the content of the authorization letter of appointment m ω ;原始签名者ID o选择一个随机的向量 并利用哈希函数H 2计算:向量 然后运行原像抽样算法 产生m维向量 获得授权委任书的签名信息为(m ω,v ω,θ ω),原始签名者ID o发送授权委任书的签名信息(m ω,v ω,θ ω)给代理签名者ID p;这里,每一个人都能够验证授权委任书m ω的签名信息的有效性。 The original signer ID o selects a random vector And use the hash function H 2 to calculate: vector Then run the original image sampling algorithm Generate m-dimensional vectors The signature information of the authorization letter is (m ω , v ω , θ ω ), and the original signer ID o sends the signature information (m ω , v ω , θ ω ) of the authorization letter to the proxy signer ID p ; here, Each person is able to verify the validity of the signature information of the authorization letter m ω .
- 根据权利要求3所述的支持数据代理上传的格基云存储数据安全审计方法,其特征在于,所述步骤S2中代理签名者验证授权委任书签名的有效性,并据此利用格基代理算法产生代理签名私钥的具体方法为:The method for verifying data security of a grid-based cloud storage data according to claim 3, wherein in step S2, the proxy signer verifies the validity of the signature of the authorization letter, and uses the grid-based proxy algorithm accordingly. The specific method for generating the proxy signature private key is:代理签名者一旦接收到来自原始签名者ID o的授权委任书m ω的签名消息(m ω,v ω,θ ω),代理签名者ID p验证方程 和不等式 是否成立,如果二者都成立,则授权委任书m ω签名是有效的,同时代理签名者ID p利用哈希函数H 3计算 运行格基代理算法 产生代理签名者ID p的代理签名私钥 如果不成立,则验证不成功,代理签名者ID p拒绝,并通知原始签名者ID o。 Once the proxy signer receives the signature message (m ω , v ω , θ ω ) of the authorization letter m ω from the original signer ID o , the proxy signer ID p verifies the equation And inequalities Whether it is established, if both are established, the authorization letter m ω signature is valid, and the proxy signer ID p is calculated using the hash function H 3 Running the lattice algorithm Generating the proxy signature private key of the proxy signer ID p If not, the verification is unsuccessful, the proxy signer ID p rejects, and the original signer ID o is notified.
- 根据权利要求4所述的支持数据代理上传的格基云存储数据安全审计方法,其特征在于,所述步骤S3的具体方法为:The method for verifying the security of the data storage by the data base agent according to claim 4, wherein the specific method of the step S3 is:当代理签名者ID p满足授权委任书m ω的代理权利范围,代理签名者ID p将帮助原始签名者ID o产生签名并上传数据到云服务器;利用代理签名私钥 代理签名者ID p产生数据文件 签名步骤如下: When the proxy signer ID p satisfies the proxy rights scope of the authorization appointment m ω , the proxy signer ID p will help the original signer ID o to generate a signature and upload the data to the cloud server; Proxy signer ID p generates data files The signature steps are as follows:利用哈希函数H 4计算关于数据块 的线性数据块 其中,N i代表第i个数据块F i的文件名称, 是云服务器的公钥,运行原像抽样算法 产生 Calculate the data block using the hash function H 4 Linear data block Where N i represents the file name of the i-th data block F i , Is the public key of the cloud server, running the original image sampling algorithm produceS32、对于每一个数据块F i,计算n维向量 以及内直积ρ i,j=<η i,λ j>∈Z q,1≤j≤n, 其中向量 设置 最后,代理签名者ID p运行原像抽样算法SamplePre(Q pro,T pro,ρ i,σ 2)产生向量 定义签名集合 代理签名者ID p得到所有的数据为 并上传这些数据到公共云服务器; S32. Calculate an n-dimensional vector for each data block F i And the inner direct product ρ i,j =<η i ,λ j >∈Z q ,1≤j≤n, Where vector Setting Finally, the proxy signer ID p runs the original image sampling algorithm SamplePre(Q pro , T pro , ρ i , σ 2 ) to generate the vector. Defining signature collection The proxy signer ID p gets all the data as And upload the data to the public cloud server;S33、云服务器首先验证代理签名者ID p是否满足授权委任书m ω的权利范围;如果不满足,云服务器拒绝提供存储服务;如果满足,云服务器再进一步验证授权委任书m ω的签名信息(m ω,v ω,θ ω),即验证方程 和不等式 是否成立;如果二者成立,云服务器确定m ω是有效的,云服务器接收并存储相关数据;否则,云服务器拒绝提供此次存储服务,并通知原始签名者ID o再次授权代理上传数据。 S33. The cloud server first verifies whether the proxy signer ID p satisfies the right scope of the authorization appointment m ω ; if not, the cloud server refuses to provide the storage service; if satisfied, the cloud server further verifies the signature information of the authorization appointment m ω ( m ω , v ω , θ ω ), ie the verification equation And inequalities It is established; If they are set up, the cloud server determines m ω is effective, the cloud server receives and stores the relevant data; otherwise, the cloud storage server refused to provide the service, and notifies the original signer ID o again authorized agent to upload data.
- 根据权利要求5所述的支持数据代理上传的格基云存储数据安全审计方法,其特征在于,所述步骤S4中可信审计者产生审计挑战信息给云服务器,云服务器根据审计挑战信息,计算聚合数据文件以及聚合签名,并选取随机向量作为盲化种子信息,根据原像抽样算法产生此随机向量的数字签名,将聚合数据文件盲化,并发送审计证明响应信息给可信审计者的具体方法为:The method for verifying the security of the data storage by the data base agent according to claim 5, wherein the trusted auditor generates the audit challenge information to the cloud server in step S4, and the cloud server calculates the audit challenge information according to the audit challenge information. Aggregate the data file and the aggregate signature, and select the random vector as the blind seed information, generate the digital signature of the random vector according to the original image sampling algorithm, blind the aggregated data file, and send the audit proof response information to the trusted auditor. The method is:S41、假设原始签名者ID o授权远程数据完整性验证任务给可信的第三方审计者TPA;为了验证数据文件 真实存在于云服务器,可信审计者TPA从集合 中随机选取含有c个元素的子集Ω={l 1,…,l c};相应地,可信审计者TPA选取随机比特串 最后可信审计者TPA发送审计挑战信息chal={i,β i} i∈Ω给云服务器,挑战信息定位了需要被验证的数据块; S41. Suppose the original signer ID o authorizes the remote data integrity verification task to the trusted third party auditor TPA; in order to verify the data file Really exists in the cloud server, trusted auditor TPA from the collection A subset of c elements Ω={l 1 ,...,l c } is randomly selected; correspondingly, the trusted auditor TPA selects a random bit string Finally, the trusted auditor TPA sends the audit challenge information chal={i, β i } i∈Ω to the cloud server, and the challenge information locates the data block that needs to be verified;S42、云服务器接收来自可信审计者TPA的审计挑战信息chal={i,β i} i∈Ω,云服务器计算聚合数据块 聚合签名 为了进一步盲化聚合数据块f′,云服务器随机选取向量 并运行原像抽样算法 产生向量ξ的签名 最后,云服务器利用哈希函数H 6计算盲化后的聚合数据块 然后发送审计证明响应信息proof=(f,e,ξ)给可信审计者TPA作为审计证明响应信息。 S42. The cloud server receives the audit challenge information from the trusted auditor TPA, chal={i, β i } i∈Ω , and the cloud server calculates the aggregated data block. Aggregate signature In order to further blindly aggregate the data block f', the cloud server randomly selects the vector And run the original image sampling algorithm Generate a signature of the vector Finally, the cloud server uses the hash function H 6 to calculate the blinded aggregated data block. Then send the audit certificate response information proof=(f,e,ξ) to the trusted auditor TPA as the audit certificate response information.
- 根据权利要求6所述的支持数据代理上传的云存储数据安全审计方法,其特征在于,所述步骤S4中可信审计者按照格上基于身份的线性同态代理签名算法的验证步骤来验证此审计证明响应信息的有效性的具体方法为:The cloud storage data security auditing method for supporting data agent uploading according to claim 6, wherein in step S4, the trusted auditor verifies the according to the verification step of the identity-based linear homomorphic proxy signature algorithm. The specific method by which the audit proves the validity of the response information is:接收到审计证明响应信息后proof=(f,e,ξ),可信审计者TPA验证其有效性步骤包括:After receiving the audit certificate response information proof=(f,e,ξ), the trusted auditor TPA verifies its validity steps including:S43、计算n维向量 利用哈希函数H 5计算向量 S43, calculating an n-dimensional vector Calculate the vector using the hash function H 5S44、利用η i和λ j计算内直积ρ i,j=<η i,λ j>∈Z q,其中 1≤j≤n,设置向量 设置矩阵 并计算向量 S44. Calculate the inner direct product ρ i,j =<η i ,λ j >∈Z q by using η i and λ j . 1 ≤ j ≤ n, setting vector Setting matrix And calculate the vectorS45、可信审计者TPA通过验证方程Q proe=μ mod q和不等式 是否成立,若成立,则判断审计证明响应信息有效;若不成立,则则判断审计证明响应信息无效。 S45, the trusted auditor TPA passes the verification equation Q pro e=μ mod q and the inequality Whether it is established, if it is established, it judges that the audit certificate response information is valid; if it is not established, it judges that the audit certificate response information is invalid.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710299757.9 | 2017-05-02 | ||
CN201710299757.9A CN107124272A (en) | 2017-05-02 | 2017-05-02 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018201730A1 true WO2018201730A1 (en) | 2018-11-08 |
Family
ID=59725066
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/116287 WO2018201730A1 (en) | 2017-05-02 | 2017-12-14 | Lattice-based cloud storage data security audit method supporting uploading of data via proxy |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107124272A (en) |
WO (1) | WO2018201730A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111586036A (en) * | 2020-05-06 | 2020-08-25 | 陕西师范大学 | Decentralized multi-cloud self-auditing method and system |
CN113079024A (en) * | 2021-03-31 | 2021-07-06 | 西安邮电大学 | Certificateless proxy signcryption method on lattice |
US12026269B2 (en) | 2021-09-23 | 2024-07-02 | At&T Intellectual Property I, L.P. | Image processing device security |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107124272A (en) * | 2017-05-02 | 2017-09-01 | 西南石油大学 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
CN107592203A (en) * | 2017-09-25 | 2018-01-16 | 深圳技术大学筹备办公室 | A kind of aggregate signature method and its system based on lattice |
CN108712259B (en) * | 2018-05-02 | 2020-12-22 | 西南石油大学 | Identity-based cloud storage efficient auditing method capable of uploading data by proxy |
CN109687969B (en) * | 2018-12-03 | 2021-10-15 | 上海扈民区块链科技有限公司 | Lattice-based digital signature method based on key consensus |
US10630478B1 (en) | 2018-12-28 | 2020-04-21 | University Of South Florida | Sender optimal, breach-resilient, and post-quantum secure cryptographic methods and systems for digital auditing |
CN109902483B (en) * | 2019-01-10 | 2023-01-10 | 如般量子科技有限公司 | Anti-quantum computing proxy digital signature method and system based on multiple key pools |
CN109784094B (en) * | 2019-01-21 | 2023-05-30 | 桂林电子科技大学 | Batch outsourcing data integrity auditing method and system supporting preprocessing |
CN110351097B (en) * | 2019-07-01 | 2020-08-14 | 中国科学院数学与***科学研究院 | Digital signature method based on lattice |
CN110266490B (en) * | 2019-07-25 | 2023-04-21 | 西南石油大学 | Keyword ciphertext generation method and device of cloud storage data |
CN112152779B (en) * | 2020-09-29 | 2022-05-06 | 黑龙江大学 | Lattice-based homomorphic proxy re-encryption method for resisting strong collusion attack |
CN113098691B (en) * | 2021-03-25 | 2021-11-23 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
WO2023020429A1 (en) * | 2021-08-20 | 2023-02-23 | 清华大学 | Data auditing method and apparatus, and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051901A (en) * | 2006-06-15 | 2007-10-10 | 上海交通大学 | Method and system for agent signature |
CN103986576A (en) * | 2014-04-18 | 2014-08-13 | 深圳大学 | Proxy signature method and system based on lattice |
CN104994110A (en) * | 2015-07-16 | 2015-10-21 | 电子科技大学 | Method for assigning verifier for auditing cloud storage data |
CN105791321A (en) * | 2016-05-03 | 2016-07-20 | 西南石油大学 | Cloud storage data common auditing method possessing secret key leakage resistance characteristic |
CN106301789A (en) * | 2016-08-16 | 2017-01-04 | 电子科技大学 | Apply the dynamic verification method of the cloud storage data that linear homomorphism based on lattice signs |
CN107124272A (en) * | 2017-05-02 | 2017-09-01 | 西南石油大学 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103501352B (en) * | 2013-10-22 | 2016-08-17 | 北京航空航天大学 | A kind of cloud storage data method for auditing safely allowing group user identity to cancel |
CN104717217B (en) * | 2015-03-18 | 2018-04-06 | 电子科技大学 | The provable security data property held verification method based on section entitlement in a kind of cloud storage |
-
2017
- 2017-05-02 CN CN201710299757.9A patent/CN107124272A/en active Pending
- 2017-12-14 WO PCT/CN2017/116287 patent/WO2018201730A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051901A (en) * | 2006-06-15 | 2007-10-10 | 上海交通大学 | Method and system for agent signature |
CN103986576A (en) * | 2014-04-18 | 2014-08-13 | 深圳大学 | Proxy signature method and system based on lattice |
CN104994110A (en) * | 2015-07-16 | 2015-10-21 | 电子科技大学 | Method for assigning verifier for auditing cloud storage data |
CN105791321A (en) * | 2016-05-03 | 2016-07-20 | 西南石油大学 | Cloud storage data common auditing method possessing secret key leakage resistance characteristic |
CN106301789A (en) * | 2016-08-16 | 2017-01-04 | 电子科技大学 | Apply the dynamic verification method of the cloud storage data that linear homomorphism based on lattice signs |
CN107124272A (en) * | 2017-05-02 | 2017-09-01 | 西南石油大学 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111586036A (en) * | 2020-05-06 | 2020-08-25 | 陕西师范大学 | Decentralized multi-cloud self-auditing method and system |
CN111586036B (en) * | 2020-05-06 | 2022-11-29 | 北京城建智控科技股份有限公司 | Decentralized multi-cloud self-auditing method and system |
CN113079024A (en) * | 2021-03-31 | 2021-07-06 | 西安邮电大学 | Certificateless proxy signcryption method on lattice |
US12026269B2 (en) | 2021-09-23 | 2024-07-02 | At&T Intellectual Property I, L.P. | Image processing device security |
Also Published As
Publication number | Publication date |
---|---|
CN107124272A (en) | 2017-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018201730A1 (en) | Lattice-based cloud storage data security audit method supporting uploading of data via proxy | |
JP5201136B2 (en) | Anonymous authentication system and anonymous authentication method | |
US8930704B2 (en) | Digital signature method and system | |
JP2008532389A (en) | Digital signature using a small public key for authentication | |
CN108712259B (en) | Identity-based cloud storage efficient auditing method capable of uploading data by proxy | |
Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
CN106487786B (en) | Cloud data integrity verification method and system based on biological characteristics | |
US20150333905A1 (en) | Methods and devices for securing keys when key-management processes are subverted by an adversary | |
CN112417489B (en) | Digital signature generation method and device and server | |
Malina et al. | Efficient security solution for privacy-preserving cloud services | |
Singh et al. | Public integrity auditing for shared dynamic cloud data | |
CN106850584B (en) | Anonymous authentication method facing client/server network | |
CN115473623A (en) | Method for safely aggregating multidimensional user data in smart power grid | |
Sengupta et al. | Distritrust: Distributed and low-latency access validation in zero-trust architecture | |
Huszti et al. | A simple authentication scheme for clouds | |
Tian et al. | DIVRS: Data integrity verification based on ring signature in cloud storage | |
CN111669275B (en) | Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment | |
CN110740034B (en) | Method and system for generating QKD network authentication key based on alliance chain | |
CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool | |
Saadatmandan et al. | Digital Certificate of Public Key for User Authentication and Session Key Establishment for Secure Network Communications | |
CN111539031B (en) | Data integrity detection method and system for privacy protection of cloud storage tag | |
Kaur et al. | Fortification of transport layer security protocol by using password and fingerprint as identity authentication parameters | |
CN111934880A (en) | Safe and effective cloud data integrity verification scheme with privacy protection function | |
Surya et al. | Single sign on mechanism using attribute based encryption in distributed computer networks | |
Gudeme et al. | Public integrity auditing for shared data with efficient and secure user revocation in cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17908321 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17908321 Country of ref document: EP Kind code of ref document: A1 |