CN105939191A - Client secure deduplication method of ciphertext data in cloud storage - Google Patents

Client secure deduplication method of ciphertext data in cloud storage Download PDF

Info

Publication number
CN105939191A
CN105939191A CN201610539947.9A CN201610539947A CN105939191A CN 105939191 A CN105939191 A CN 105939191A CN 201610539947 A CN201610539947 A CN 201610539947A CN 105939191 A CN105939191 A CN 105939191A
Authority
CN
China
Prior art keywords
user
block
csp
key
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610539947.9A
Other languages
Chinese (zh)
Other versions
CN105939191B (en
Inventor
付安民
宋建业
苏铓
朱明�
朱一明
丁纬佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Science and Technology
Original Assignee
Nanjing University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Science and Technology filed Critical Nanjing University of Science and Technology
Priority to CN201610539947.9A priority Critical patent/CN105939191B/en
Publication of CN105939191A publication Critical patent/CN105939191A/en
Application granted granted Critical
Publication of CN105939191B publication Critical patent/CN105939191B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a client secure deduplication method of ciphertext data in cloud storage. The method comprises the following steps of: (1) key generation; (2) file initialization; (3) data block initialization; (4) data block verification; (5) file storage; (6) challenge generation; (7) proof generation; (8) proof verification; and (9) file decryption. According to the method of the invention, a secure key generation protocol is constructed based on blind signature, and therefore, secondary encryption of convergence keys is realized, and the security of the keys can be ensured; and a signature-based ownership proving method is put forward based on the above encryption, and with the method adopted, it can be ensured that a user can prove his or her ownership of a certain file in the could storage to a could server in a safer and more efficient way, and file-level and block-level deduplication of a ciphertext file can be realized.

Description

The client secure De-weight method of ciphertext data in a kind of cloud storage
Technical field
The present invention relates to cloud storage and field of information security technology, the client of ciphertext data in a kind of cloud storage Safe De-weight method.
Background technology
Along with being widely used of cloud storage service, their data message is contracted out to cloud by increasing enterprises and individuals Service provider (Cloud Service Provider, CSP), this will produce substantial amounts of redundant data beyond the clouds.So, cloud Face stern challenge is how to manage the data continued to increase efficiently by service provider.
To this end, research worker proposes the data deduplication technology of a kind of client, it makes CSP only store same file Once, all users having this document can only uniquely be copied by that part and access file.For more specifically, it is simply that CSP, only receiving first user's upload request when, performs the storage of data file;To upload request later, Simply distribute the link of a base data replicas.The most both save memory space, also save transmission bandwidth.But, visitor There is a safety problem the biggest in the data deduplication of family end: assailant may just can be from cloud by single file hash value End obtains the download permission of corresponding document.The basic reason of this kind of attack is that a file hash value the shortest just can represent whole Individual file, once assailant obtains this hash value, it is possible to obtain whole file.In order to solve this problem, an ownership Prove that the method for (Proof of Ownership, PoW) is suggested.PoW is exactly a friendship between certifier and verifier Mutual agreement.By performing this agreement, it was demonstrated that person makes verifier believe, he/her is strictly the literary composition of authenticatee's storage The owner of part.Therefore, for the safe duplicate removal of data of client, PoW is considerable.
Additionally, Cloud Server is honest and curiosity, it may steal the data-privacy of user.Therefore, user is by number Before being uploaded to Cloud Server, need data are encrypted realize data-privacy protection.But, when different user utilizes When identical file is encrypted by respective private key, it will produce different ciphertexts, it is unfavorable for that Cloud Server is to same file Carry out duplicate removal.The technology of a kind of convergent encryption is suggested, and it utilizes hash value the adding as data that data itself produce Decryption key, the most identical data file will produce identical ciphertext, it is simple to Cloud Server carries out duplicate removal process.But, receive Holding back encryption and there are the biggest security breaches, such as dictionary attack: for predictable file, it is close that assailant is easy to derive convergence Key, and detect whether file is present in Cloud Server.It addition, convergent encryption can produce a lot of convergence keys, this gives user Management to oneself key causes the biggest difficulty.
Summary of the invention
It is an object of the invention to provide the client secure removing repeat of ciphertext data in a kind of safe and efficient cloud storage Method, to realize the secondary encryption to convergence key, it is ensured that the privacy of data, pre-anti-violence dictionary attack.
The technical solution realizing the object of the invention is: the client secure removing repeat of ciphertext data in a kind of cloud storage Method, for the client duplicate removal model of encryption data, the entity that duplicate removal process relates to is as follows: user Users, and cloud service provides Business CSP and key server KS, specifically comprises the following steps that
Step 1, key generates:
User is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the sum of data block;
Step 2, file initializes:
User is each data block miComputing block ciphertext Ci, generate the label T=(T of file simultaneously1,T2), wherein T1With In data integrity validation, T2Checking for block signature;
Step 3, data block initializes:
When high in the clouds does not exist file label T, user is each data block miComputing block label τiWith block signature sigmai, its Middle τiFor the index of block, σiThe proof existed for block;Meanwhile, user encrypts each block key with the private key sk of oneself and obtains Ciphertext C to keykey
Step 4, data block checking:
When high in the clouds exists data block label τiTime, perform block duplicate removal;The data block signature sigma that CSP checking user uploadsiWhether Correctly, thus judge whether user and CSP have identical data block, and the result is returned to user;
Step 5, file stores:
When high in the clouds does not exist data block label τiTime, request user uploads data block signature sigmai, block ciphertext CiClose with key Literary composition CkeyTo CSP, CSP checking block label and block ciphertext whether from same file, and verify block signature sigmaiCorrectness;? Eventually, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And distribute corresponding authority to user;
Step 6, generates and challenges:
When high in the clouds exists file label T, perform file duplicate removal;CSP generates challenge information chal={i, vi}i∈I, then will This challenge information returns to user, and wherein I is the random subset of [1, n], random number vi∈Zq, wherein ZqIt is q rank prime field;
Step 7, generation evidence:
After user receives challenge information, generate response evidence P according to selected blockV, and return to CSP;
Step 8, experimental evidence:
CSP auth response evidence PVCorrectness, thus judge whether user and CSP have identical file, and will test Card result returns to user;
Step 9, file decryption:
When user needs to download file from CSP, CSP first verifies that the legitimacy of user identity, and by the ciphertext of key CkeyWith block ciphertext CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;Then, then Utilize kiDecipher each block ciphertext CiObtain block m in plain texti
Further, key described in step 1 generates: user is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the sum of data block, specific as follows:
(1.1) KS randomly chooses the prime number q of a k-bit and creates the elliptic curve equation G on two q rank1, G2With q rank Prime field Zq;P, Q are G1Two different generations unit, and produce a linear pairing e:G1×G1→G2;KS randomly chooses one Individual integer x ∈ ZqAs private key, and calculate PKI Ppub=x P;KS open systematic parameter { q, G1,G2,e,P,Q,Ppub, keep X is privately owned;
(1.2) file M is divided into n block, i.e. M=m by user1||m2||…||mn, user is each data block miCalculate Convergence key hi=h (mi), wherein hash function h (): { 0,1}*→G1;Then, user randomly chooses r ∈ ZqAs blind because of Son, then calculate hiValue a after blindingi=hi+ r P, and by aiUpload to KS;
(1.3) KS calculates aiValue b after encryptioni=aiX, and by biReturn to user;
(1.4) user calculates biGo value d after blindingi=bi-r·Ppub, user verifies d simultaneouslyiCorrectness: e (di, P)=e (h (mi),Ppub);Finally, user makes ki=diAs each block miEncryption key.
Further, file described in step 2 initializes: user is each data block miComputing block ciphertext Ci, generate simultaneously Label T=(the T of file1,T2), wherein T1For data integrity validation, T2The checking signed for block, specific as follows:
(2.1) user uses each block m that method is file M of symmetric cryptographyi(1≤i≤n), computing block ciphertext Ci= Enc(ki,mi), Ci∈Zq
(2.2) user calculates: T1=H1(C1||C2||…||Cn), T2=H2(M) P, wherein hash function H1(): Zq →{0,1}*, H2(): { 0,1}*→Zq;Finally, user generates the label of file M: T=(T1,T2), and upload T to CSP.
Further, data block described in step 3 initializes: when high in the clouds does not exist file label T, user is each number According to block miComputing block label τiWith block signature sigmai, wherein τiFor the index of block, σiThe proof existed for block;Meanwhile, Yong Huyong The private key sk of oneself encrypts each block key and obtains ciphertext C of keykey, specific as follows:
(3.1) in the presence of user detects that high in the clouds file label T is not, user is each blocks of files miComputing block label τi=H2(M)·h(mi);
(3.2) user's computing block signature: σi=H2(M)·(ki+Ci·Q);
(3.3) user randomly chooses the private key sk of oneself, and to block key kiIt is encrypted, ciphertext C of computation keykey =Enc (sk, k1||k2||…||kn)。
Further, data block checking described in step 4: when high in the clouds exists data block label τiTime, perform block duplicate removal;CSP The data block signature sigma that checking user uploadsiThe most correct, thus judge whether user and CSP have identical data block, and will The result returns to user, specific as follows:
When receiving the block label τ from useriWith block signature sigmai, CSP detects block label τiExist and then perform block duplicate removal; Then CSP verifies block signature sigmaiCorrectness, i.e. CSP verifies σii' whether set up, wherein σi' be CSP storage data block Signature;If setting up, illustrating that user and CSP have identical data block, this data block is present in CSP, CSP and is only required to be this number Identity ID of user is added according to blockuser;Otherwise, a request failure message is returned to user.
Further, file storage described in step 5: when high in the clouds does not exist data block label τiTime, request user uploads number According to block signature sigmai, block ciphertext CiCiphertext C with keykeyTo CSP, CSP checking block label and block ciphertext whether from same file, And verify block signature sigmaiCorrectness;Finally, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And Distributing corresponding authority to user, detailed process is as follows:
(5.1) once CSP receives all of piece of ciphertext Ci, CSP starts to verify T1=H1(C1||C2||…||Cn) whether become Vertical, if setting up, illustrate that the ciphertext that user uploads is consistent with label;Otherwise, illustrate that user uploads inconsistent with label Ciphertext, returns a request failure message to user;
(5.2) each data block signature sigma that CSP checking user uploadsiThe most correct, by checkingWhether setting up, if setting up, the data block signature sigma that user uploads being describediBeing correct, CSP deposits Storage T, τi、σi、CiAnd Ckey, and add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all gathering around There is the set of the user identity of file M;Otherwise, CSP returns the failed information of request to user.
Further, generate challenge described in step 6: when high in the clouds exists file label T, perform file duplicate removal;CSP generates Challenge information chal={i, vi}i∈I, then this challenge information is returned to user, wherein I is the random subset of [1, n], random number vi∈Zq;Specific as follows:
In the presence of CSP detects file label T, CSP is according to the total block data n of file M, and from 1~n, stochastic generation c is individual Number, forms I={s1,s2,…,sc, and forsiAnd sjIt is separate;ForRandom raw Become number vi∈Zq, form challenge information chal={i, vi}i∈I, then chal is sent to user by CSP.
Further, evidence P is responded described in step 7VComputing formula as follows:
P V = Σ i ∈ I ( ( k i + C i · Q ) · H 2 ( M ) · v i )
Further, experimental evidence described in step 8: CSP auth response evidence PVCorrectness, thus judge user and Whether CSP has identical file, and the result returns to user, and detailed process is as follows:
CSP verifiesWhether set up: if setting up, illustrate that user and CSP have identical file, this document Being present in CSP, user need not upload files to CSP, and user only need to upload Ckey、IDuserC is stored to CSP, CSPkey, And add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all user's bodies having file M The set of part;Otherwise, CSP returns the failed information of request to user.
Further, file decryption described in step 9: when user needs to download file from CSP, CSP first verifies that user The legitimacy of identity, and by ciphertext CkeyAnd CiReturn to user;User obtains each first with the private key sk deciphering of oneself Block key ki;Then, recycling kiDecipher each block ciphertext CiObtain block m in plain texti, specific as follows:
(9.1) first, user sends label T and identity ID of oneself of file MuserTo CSP;
(9.2) CSP receives identity ID of file label T and useruserAfter, verify file label T and user identity IDuser The most correct, if correctly, by ciphertext C of the key of its correspondencekeyWith block ciphertext CiSend user to;Otherwise returning one please Ask failure information to user;
(9.3) user receives ciphertext C of keykeyWith block ciphertext CiAfter, first verify that T1=H1(C1||C2||…||Cn) be No correctly, if incorrect, illustrate that CSP is returned to the incorrect cryptograph files of user;Otherwise, user is first with the private key of oneself Sk, deciphers each block key: k1||k2||…||kn=Dec (sk, Ckey), then user deciphers each data block: mi= Dec(ki,Ci)。
Compared with prior art, its remarkable advantage is the present invention:
(1) convergence key safety: method based on Proxy Signature, user first select a random number r as blind because of Son, has carried out blinding process to convergence key, and the convergence key after blinding is encrypted by KS again.In whole transmitting procedure, Convergence key blinds all the time, and assailant (even KS), even if some information obtained in interaction, can not push away Derive convergence key;
(2) data confidentiality: owing to the encryption key of data block only generates at user side, and contain in this encryption key The convergence key of data block and the private key of KS, convergence key safety is effectively protected, so assailant is not in addition May obtain and crack this key, data confidentiality is effectively protected;
(3) data integrity: ciphertext based on file produces the label T of file1, when user uploads file label T1Often One block ciphertext CiAfter, Cloud Server utilizes the file label and cryptogram validation: T received1=H1(C1||C2||…||Cn) whether Set up, thus judge whether user uploads the ciphertext consistent with label.Secondly, after the ciphertext that user downloads, also need checking: T1 =H1(C1||C2||…||Cn) whether set up, thus judge whether CSP gives the cryptograph files that user is correct;
(4) prevention dictionary attack: the encryption key of data block carries out secondary encryption by KS to convergence key and obtains, Assailant is impossible to derive convergence key and the encryption key of data block;Owing to the encryption key of data block comprising KS Private key, and the private key of KS is a random value, so the ciphertext that encryption produces exists bigger onrelevant, such assailant During ciphertext is initiated dictionary attack, unless they know the encryption key of data block, otherwise they are difficult to conjecture In plain text, thus prevent dictionary attack.
Accompanying drawing explanation
Fig. 1 is the system model figure of the present invention.
Fig. 2 be the present invention cloud storage in the basic flow sheet of client secure De-weight method of ciphertext data.
Fig. 3 is the Key generation protocol schematic diagram based on Proxy Signature of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings and implement example the present invention is described in further detail.Following example are with skill of the present invention Implement under premised on art scheme, give detailed embodiment and process, but under protection scope of the present invention is not limited to The embodiment stated.
The present invention provides the client secure De-weight method of ciphertext data in a kind of cloud storage, and the system model of the method is such as Shown in Fig. 1, comprise three class entities: cloud service provider (Cloud Service Provider, CSP), key server (KeyServer, KS), user (Users).Wherein, CSP is made up of master server and storage server, and it has enough storages Space and computing capability, provide the user data storage and the duplicate removal service for checking credentials.KS interacts with user, to the convergence blinded Key re-encrypts.Users includes multiple domestic consumer, and they are before uploading files to CSP, checks file to be uploaded Whether it is present in CSP, if existing, it is not necessary to upload files to CSP;Otherwise, CSP is uploaded files to.
In cloud storage of the present invention, the client secure De-weight method of ciphertext data is capable of adding the secondary of convergence key Close, it is ensured that the privacy of data, prevent violence dictionary attack;Simultaneously user can in this locality with one safely and effectively mode to Cloud Server proves that it has certain file in high in the clouds really, had both saved memory space, and had also saved uploading bandwidth.
In order to be more fully understood that the method that the present embodiment proposes, choose under a cloud storage environment user to it on CSP The data safe duplicate removal event of file of storage, basic procedure as in figure 2 it is shown, the present embodiment to be embodied as step as follows:
Step 101: key generates: user is each data block miIt is relative that (a total of n block, 1≤i≤n) calculates it The encryption key k answeredi, its Key generation protocol such as Fig. 3, detailed process is as follows:
(1.1) first, for generation and the proof of duplicate removal of key, some systematic parameters are initialized.KS randomly chooses one The prime number q of individual k-bit also creates the elliptic curve equation G on two q rank1, G2Prime field Z with q rankq.P, Q are G1Two not Same generation unit, and produce an acceptable linear pairing e:G1×G1→G2.Random one of KS selects integer x ∈ Zq, and count Calculate Ppub=x P.KS open systematic parameter { q, G1,G2,e,P,Q,Ppub, keep x privately owned.
(1.2) first file M is divided into n block: M=m by user1||m2||…||mn.User is each data block miMeter Calculate convergence key hi=h (mi), wherein hash function h (): { 0,1}*→G1;Then, user randomly chooses r ∈ ZqAs blinding The factor, then calculate hiValue a after blindingi=hi+ r P, and by aiUpload to KS.
(1.3) KS calculates aiValue b after encryptioni=aiX, and by biReturn to user.
(1.4) user calculates biGo value d after blindingi=bi-r·Ppub, user is able to verify that d simultaneouslyiCorrectness: e(di, P) and=e (h (mi),Ppub).Finally, user makes ki=diAs each block miThe encryption key of (1≤i≤n).
Step 102: file initializes: the information of initialization files M, user is each data block miComputing block ciphertext Ci, Generate the label T=(T of file simultaneously1,T2), wherein T1For data integrity validation, T2For the checking of block signature, specifically Process is as follows:
(2.1) user uses each block m that method is file M of symmetric cryptographyi(1≤i≤n), computing block ciphertext Ci= Enc(ki,mi), Ci∈Zq
(2.2) user calculates: T1=H1(C1||C2||…||Cn), T2=H2(M) P, wherein hash function H1(): Zq →{0,1}*, H2(): { 0,1}*→Zq.Finally, user generates the label of file M: T=(T1,T2), and upload T to CSP.
Step 103: data block initializes: initialization data block message.When user detects that high in the clouds file label T does not exists Time, user is each data block miComputing block label τiWith block signature sigmai, wherein τiFor the index of block, σiExist for block Prove;Meanwhile, user encrypts each block key with the private key sk of oneself and obtains ciphertext C of keykey, detailed process is as follows:
(3.1) user is each blocks of files mi(1≤i≤n), computing block label: τi=H2(M)·h(mi)。
(3.2) user's computing block signature: σi=H2(M)·(ki+Ci·Q)。
(3.3) user randomly chooses the private key sk of oneself, and to block key ki(1≤i≤n) is encrypted, computation key Ciphertext Ckey=Enc (sk, k1||k2||…||kn)。
Step 104: data block is verified: when receiving the block label τ from useriWith block signature sigmai.CSP detects block label τiExist, perform block duplicate removal;The data block signature sigma that CSP checking user uploadsiWhether correct, thus judge whether are user and CSP Having identical data block, and the result returns to user, detailed process is as follows:
When receiving the block label τ from useriWith block signature sigmai, CSP detects block label τiExist and then perform block duplicate removal; Then CSP verifies block signature sigmaiCorrectness, i.e. CSP verify: σii' whether set up, wherein σi' be CSP storage data block Signature.If setting up, illustrating that user and CSP have identical data block, this data block is present in CSP, CSP and is only required to be this number Identity ID of user is added according to blockuser;Otherwise, a request failure message is returned to user.
Step 105: file stores: when receiving the block label τ from useriWith block signature sigmai, there is not data block mark in high in the clouds Sign τiTime, request user uploads data block signature sigmai, block ciphertext CiCiphertext C with keykeyTo CSP, CSP checking block label and block Whether ciphertext is from same file, and verifies block signature sigmaiCorrectness;Finally, CSP stores each block label, block label Name, block ciphertext, the ciphertext of key;And distribute corresponding authority to user, detailed process is as follows:
(5.1) once CSP receives all of piece of ciphertext Ci(1≤i≤n), CSP starts checking: T1=H1(C1||C2||…|| Cn) whether set up.If setting up, illustrate that the ciphertext that user uploads is consistent with label;Otherwise, illustrate that user uploads and label Inconsistent ciphertext, returns a request failure message to user.
(5.2) secondly, CSP is able to verify that each data block signature sigma that user uploadsiThe most correct, by checkingWhether set up.If setting up, illustrating that the data block signature that user uploads is correct, CSP stores T、τi、σi、CiAnd Ckey, and add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all having The set of the user identity of file M;Otherwise, CSP returns the failed information of request to user.
Step 106: generate challenge: when high in the clouds exists file label T, performs file duplicate removal;CSP generates challenge information Chal={i, vi}i∈I, then this challenge information is returned to user, wherein I is the random subset of [1, n], random number vi∈Zq;Tool Body process is as follows:
In the presence of CSP detects file label T, CSP is according to the total block data n of file M, and from 1~n, stochastic generation c is individual Number, forms I={s1,s2,…,sc, and forsiAnd sjIt is separate;ForRandom raw Become number vi∈Zq, form challenge information chal={i, vi}i∈I, then chal is sent to user by CSP.
Step 107: generating evidence: user receives after the challenge information chal of CSP transmission, challenge-response calculates and rings Evidence is answered to return to CSP.Detailed process is as follows:
User calculates response evidence:By PVIt is sent to CSP.
Step 108: experimental evidence: CSP receives after the response evidence of user, CSP auth response evidence PVCorrect Property, thus judge whether user and CSP have identical file, and the result is returned to user, detailed process is as follows:
CSP verifies:Whether set up.If setting up, illustrate that user and CSP have identical file, this document Being present in CSP, user need not upload files to CSP.User only need to upload Ckey, IDuserTo CSP;CSP stores Ckey, And add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all user's bodies having file M The set of part.Otherwise, CSP returns the failed information of request to user.
Step 109: file decryption: when user needs to download file from CSP, CSP first verifies that the legal of user identity Property, and by ciphertext CkeyAnd CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;So After, recycle kiDecipher each block ciphertext CiObtain block m in plain texti, detailed process is as follows:
(9.1) first, user sends label T and identity ID of oneself of file MuserTo CSP.
(9.2) CSP receives identity ID of file label T and useruserAfter, verify file label T and user identity IDuser The most correct, if correctly, by the C of its correspondencekeyAnd Ci(1≤i≤n) sends user to;Otherwise return one to ask unsuccessfully to believe Breath is to user.
(9.3) user receives CkeyAnd CiAfter (1≤i≤n), first verify that T1=H1(C1||C2||…||Cn) the most correct, If incorrect, illustrate that CSP is returned to the incorrect cryptograph files of user;Otherwise, user is first with the private key sk of oneself, deciphering Each block key: k1||k2||…||kn=Dec (sk, Ckey).Then, user deciphers each data block: mi=Dec (ki, Ci)(1≤i≤n)。
In sum, the present invention utilizes the method construct of Proxy Signature one Key generation protocol more safely and efficiently, By introducing a key server, it is achieved that the secondary encryption to convergence key so that data encryption is safer, effectively Prevent violence dictionary attack.Meanwhile, a new ownership method of proof based on signature, user are proposed on this basis And between Cloud Server, have to carry out a challenge/response agreement, just can determine that whether user has the file identical with high in the clouds, It prevents assailant to obtain whole file by single cryptographic Hash effectively, and the solution of the present invention can be the most real Now file-level and the block level duplicate removal to ciphertext data.

Claims (10)

1. the client secure De-weight method of ciphertext data in a cloud storage, it is characterised in that for the client of encryption data End duplicate removal model, the entity that duplicate removal process relates to is as follows: user Users, cloud service provider CSP and key server KS, Specifically comprise the following steps that
Step 1, key generates:
User is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the sum of data block;
Step 2, file initializes:
User is each data block miComputing block ciphertext Ci, generate the label T=(T of file simultaneously1,T2), wherein T1For counting According to integrity verification, T2Checking for block signature;
Step 3, data block initializes:
When high in the clouds does not exist file label T, user is each data block miComputing block label τiWith block signature sigmai, wherein τiWith In the index of block, σiThe proof existed for block;Meanwhile, user encrypts each block key with the private key sk of oneself and obtains key Ciphertext Ckey
Step 4, data block checking:
When high in the clouds exists data block label τiTime, perform block duplicate removal;The data block signature sigma that CSP checking user uploadsiIt is the most correct, Thus judge whether user and CSP have identical data block, and the result is returned to user;
Step 5, file stores:
When high in the clouds does not exist data block label τiTime, request user uploads data block signature sigmai, block ciphertext CiCiphertext with key CkeyTo CSP, CSP checking block label and block ciphertext whether from same file, and verify block signature sigmaiCorrectness;Finally, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And distribute corresponding authority to user;
Step 6, generates and challenges:
When high in the clouds exists file label T, perform file duplicate removal;CSP generates challenge information chal={i, vi}i∈I, then this is chosen War information returns to user, and wherein I is the random subset of [1, n], random number vi∈Zq, wherein ZqIt is q rank prime field;
Step 7, generation evidence:
After user receives challenge information, generate response evidence P according to selected blockV, and return to CSP;
Step 8, experimental evidence:
CSP auth response evidence PVCorrectness, thus judge whether user and CSP have identical file, and by the result Return to user;
Step 9, file decryption:
When user needs to download file from CSP, CSP first verifies that the legitimacy of user identity, and by ciphertext C of keykeyWith Block ciphertext CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;Then, recycling kiDecipher each block ciphertext CiObtain block m in plain texti
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step Key described in 1 generates: user is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the total of data block Number, specific as follows:
(1.1) KS randomly chooses the prime number q of a k-bit and creates the elliptic curve equation G on two q rank1, G2Prime number with q rank Territory Zq;P, Q are G1Two different generations unit, and produce a linear pairing e:G1×G1→G2;KS randomly choose one whole Number x ∈ ZqAs private key, and calculate PKI Ppub=x P;KS open systematic parameter { q, G1,G2,e,P,Q,Ppub, keep x private Have;
(1.2) file M is divided into n block, i.e. M=m by user1||m2||…||mn, user is each data block miCalculate convergence Key hi=h (mi), wherein hash function h (): { 0,1}*→G1;Then, user randomly chooses r ∈ ZqAs blinding factor, Calculate again hiValue a after blindingi=hi+ r P, and by aiUpload to KS;
(1.3) KS calculates aiValue b after encryptioni=aiX, and by biReturn to user;
(1.4) user calculates biGo value d after blindingi=bi-r·Ppub, user verifies d simultaneouslyiCorrectness: e (di, P)= e(h(mi),Ppub);Finally, user makes ki=diAs each block miEncryption key.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step File described in 2 initializes: user is each data block miComputing block ciphertext Ci, generate the label T=(T of file simultaneously1,T2), Wherein T1For data integrity validation, T2The checking signed for block, specific as follows:
(2.1) user uses each block m that method is file M of symmetric cryptographyi(1≤i≤n), computing block ciphertext Ci=Enc (ki,mi), Ci∈Zq
(2.2) user calculates: T1=H1(C1||C2||…||Cn), T2=H2(M) P, wherein hash function H1(): Zq→{0, 1}*, H2(): { 0,1}*→Zq;Finally, user generates the label of file M: T=(T1,T2), and upload T to CSP.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step Data block described in 3 initializes: when high in the clouds does not exist file label T, user is each data block miComputing block label τiAnd block Signature sigmai, wherein τiFor the index of block, σiThe proof existed for block;Meanwhile, user encrypts each with the private key sk of oneself Block key obtains ciphertext C of keykey, specific as follows:
(3.1) in the presence of user detects that high in the clouds file label T is not, user is each blocks of files miComputing block label τi= H2(M)·h(mi);
(3.2) user's computing block signature: σi=H2(M)·(ki+Ci·Q);
(3.3) user randomly chooses the private key sk of oneself, and to block key kiIt is encrypted, ciphertext C of computation keykey=Enc (sk,k1||k2||…||kn)。
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step Data block checking described in 4: when high in the clouds exists data block label τiTime, perform block duplicate removal;The data block label that CSP checking user uploads Name σiThe most correct, thus judge whether user and CSP have identical data block, and the result is returned to user, tool Body is as follows:
When receiving the block label τ from useriWith block signature sigmai, CSP detects block label τiExist and then perform block duplicate removal;Then CSP verifies block signature sigmaiCorrectness, i.e. CSP verifies σii' whether set up, wherein σi' it is the label of data block of CSP storage Name;If setting up, illustrating that user and CSP have identical data block, this data block is present in CSP, CSP and is only required to be this data block Add identity ID of useruser;Otherwise, a request failure message is returned to user.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step File storage described in 5: when high in the clouds does not exist data block label τiTime, request user uploads data block signature sigmai, block ciphertext CiWith close Ciphertext C of keykeyTo CSP, CSP checking block label and block ciphertext whether from same file, and verify block signature sigmaiCorrect Property;Finally, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And distribute corresponding authority to user, Detailed process is as follows:
(5.1) once CSP receives all of piece of ciphertext Ci, CSP starts to verify T1=H1(C1||C2||…||Cn) whether set up, if Set up, illustrate that the ciphertext that user uploads is consistent with label;Otherwise, illustrate that user uploads the ciphertext inconsistent with label, Return a request failure message to user;
(5.2) each data block signature sigma that CSP checking user uploadsiThe most correct, by checkingWhether setting up, if setting up, the data block signature sigma that user uploads being describediBeing correct, CSP deposits Storage T, τi、σi、CiAnd Ckey, and add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all gathering around There is the set of the user identity of file M;Otherwise, CSP returns the failed information of request to user.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step Generate challenge described in 6: when high in the clouds exists file label T, perform file duplicate removal;CSP generates challenge information chal={i, vi}i∈I, then this challenge information is returned to user, wherein I is the random subset of [1, n], random number vi∈Zq;Specific as follows:
In the presence of CSP detects file label T, CSP according to the total block data n of file M, stochastic generation c number, group from 1~n Become I={s1,s2,…,sc, and forsj∈ I (i ≠ j), siAnd sjIt is separate;ForStochastic generation one Number vi∈Zq, form challenge information chal={i, vi}i∈I, then chal is sent to user by CSP.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step Evidence P is responded described in 7VComputing formula as follows:
P V = Σ i ∈ I ( ( k i + C i · Q ) · H 2 ( M ) · v i ) .
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step Experimental evidence described in 8: CSP auth response evidence PVCorrectness, thus judge whether user and CSP have identical file, And the result is returned to user, detailed process is as follows:
CSP verifiesWhether set up: if setting up, illustrating that user and CSP have identical file, this document exists In CSP, user need not upload files to CSP, and user only need to upload Ckey、IDuserC is stored to CSP, CSPkey, and add Add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent the collection of all user identity having file M Close;Otherwise, CSP returns the failed information of request to user.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step File decryption described in rapid 9: when user needs to download file from CSP, CSP first verifies that the legitimacy of user identity, and by close Literary composition CkeyAnd CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;Then, recycling kiDecipher each block ciphertext CiObtain block m in plain texti, specific as follows:
(9.1) first, user sends label T and identity ID of oneself of file MuserTo CSP;
(9.2) CSP receives identity ID of file label T and useruserAfter, verify file label T and user identity IDuserWhether Correctly, if correctly, by ciphertext C of the key of its correspondencekeyWith block ciphertext CiSend user to;Otherwise return a request to lose The information that loses is to user;
(9.3) user receives ciphertext C of keykeyWith block ciphertext CiAfter, first verify that T1=H1(C1||C2||…||Cn) the most just Really, if incorrect, illustrate that CSP is returned to the incorrect cryptograph files of user;Otherwise, user first with the private key sk of oneself, Decipher each block key: k1||k2||…||kn=Dec (sk, Ckey), then user deciphers each data block: mi=Dec (ki,Ci)。
CN201610539947.9A 2016-07-08 2016-07-08 The client secure De-weight method of ciphertext data in a kind of cloud storage Active CN105939191B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610539947.9A CN105939191B (en) 2016-07-08 2016-07-08 The client secure De-weight method of ciphertext data in a kind of cloud storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610539947.9A CN105939191B (en) 2016-07-08 2016-07-08 The client secure De-weight method of ciphertext data in a kind of cloud storage

Publications (2)

Publication Number Publication Date
CN105939191A true CN105939191A (en) 2016-09-14
CN105939191B CN105939191B (en) 2019-04-16

Family

ID=56872248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610539947.9A Active CN105939191B (en) 2016-07-08 2016-07-08 The client secure De-weight method of ciphertext data in a kind of cloud storage

Country Status (1)

Country Link
CN (1) CN105939191B (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533699A (en) * 2017-01-05 2017-03-22 河南理工大学 Identity-based blind signature method on lower lattice of standard model
CN106603561A (en) * 2016-12-30 2017-04-26 电子科技大学 Block level encryption method in cloud storage and multi-granularity deduplication method
CN106650503A (en) * 2016-12-09 2017-05-10 南京理工大学 Cloud side data integrity verification and restoration method based on IDA
CN106961431A (en) * 2017-03-17 2017-07-18 福建师范大学 The method and system of role's symmetric cryptography proof of ownership
CN107295002A (en) * 2017-07-12 2017-10-24 联动优势科技有限公司 The method and server of a kind of high in the clouds data storage
CN107800688A (en) * 2017-09-28 2018-03-13 南京理工大学 A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN108200172A (en) * 2018-01-03 2018-06-22 西安电子科技大学 A kind of cloud storage system and method supported secure data duplicate removal and deleted
CN108337220A (en) * 2017-11-27 2018-07-27 中国电子科技集团公司电子科学研究院 Data processing method, system and key server
CN108400970A (en) * 2018-01-20 2018-08-14 西安电子科技大学 Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN108600160A (en) * 2018-03-09 2018-09-28 黄飞飞 Communication protocol safety management system in a kind of Industry Control
CN108600263A (en) * 2018-05-09 2018-09-28 电子科技大学 A kind of safely and effectively client duplicate removal agreement proved based on possessing property
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN109088720A (en) * 2018-08-14 2018-12-25 广东工业大学 A kind of encryption file De-weight method and device based on mixing cloud storage
CN110109617A (en) * 2019-04-22 2019-08-09 电子科技大学 A kind of Metadata Management method in encryption data deduplication system
US10528751B2 (en) 2017-04-13 2020-01-07 Nec Corporation Secure and efficient cloud storage with retrievability guarantees
CN110933149A (en) * 2019-11-18 2020-03-27 湖南警察学院 Cloud storage safety duplicate removal method and system
CN111277572A (en) * 2020-01-13 2020-06-12 深圳市赛为智能股份有限公司 Cloud storage safety duplicate removal method and device, computer equipment and storage medium
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN111385092A (en) * 2018-12-28 2020-07-07 新唐科技股份有限公司 Cipher device using information blinding and cipher processing method thereof
CN112887281A (en) * 2021-01-13 2021-06-01 西安电子科技大学 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
CN112954033A (en) * 2021-02-02 2021-06-11 广东工业大学 Cross-user cloud storage system repeated data deleting method
CN113037732A (en) * 2021-02-26 2021-06-25 南京大学 Multi-user security encryption de-duplication method based on wide area network scene
CN114499843A (en) * 2022-01-10 2022-05-13 河北大学 Cloud data deduplication method based on edge cloud cooperation
CN115225409A (en) * 2022-08-31 2022-10-21 成都泛联智存科技有限公司 Cloud data safety deduplication method based on multi-backup joint verification
CN115442162A (en) * 2022-11-08 2022-12-06 四川公众项目咨询管理有限公司 Cloud security deduplication method based on convergence encryption technology
CN116599650A (en) * 2023-07-14 2023-08-15 民航成都电子技术有限责任公司 Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103780607A (en) * 2014-01-13 2014-05-07 西安电子科技大学 Repeating-data deleting method based on different permissions and system thereof
CN104902010A (en) * 2015-04-30 2015-09-09 浙江工商大学 Cloud storage method and system for file
CN105141602A (en) * 2015-08-18 2015-12-09 西安电子科技大学 File ownership proof method based on convergence encryption
WO2016095152A1 (en) * 2014-12-18 2016-06-23 Nokia Technologies Oy De-duplication of encrypted data
CN105721158A (en) * 2016-01-20 2016-06-29 青岛一帆风顺软件有限公司 Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103780607A (en) * 2014-01-13 2014-05-07 西安电子科技大学 Repeating-data deleting method based on different permissions and system thereof
WO2016095152A1 (en) * 2014-12-18 2016-06-23 Nokia Technologies Oy De-duplication of encrypted data
CN104902010A (en) * 2015-04-30 2015-09-09 浙江工商大学 Cloud storage method and system for file
CN105141602A (en) * 2015-08-18 2015-12-09 西安电子科技大学 File ownership proof method based on convergence encryption
CN105721158A (en) * 2016-01-20 2016-06-29 青岛一帆风顺软件有限公司 Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
XU JIA等: ""Weak leakage-resilient client-side deduplication of encrypted data in cloud storage"", 《ACM SIGSAC SYMPOSIUM ON INFORMATION》 *
杨超,张俊伟等: ""云存储加密数据去重删除所有权证明方法"", 《计算机研究与发展》 *
陈越,李超零等: ""基于确定/概率性文件拥有证明的机密数据安全去重方案"", 《通信学报》 *

Cited By (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106650503A (en) * 2016-12-09 2017-05-10 南京理工大学 Cloud side data integrity verification and restoration method based on IDA
CN106650503B (en) * 2016-12-09 2019-10-18 南京理工大学 Cloud data integrity validation and restoration methods based on IDA
CN106603561B (en) * 2016-12-30 2019-05-17 电子科技大学 Block level encryption method and more granularity deduplication methods in a kind of cloud storage
CN106603561A (en) * 2016-12-30 2017-04-26 电子科技大学 Block level encryption method in cloud storage and multi-granularity deduplication method
CN106533699A (en) * 2017-01-05 2017-03-22 河南理工大学 Identity-based blind signature method on lower lattice of standard model
CN106533699B (en) * 2017-01-05 2019-12-17 河南理工大学 Identity-based blind signature method on lower lattice of standard model
CN106961431A (en) * 2017-03-17 2017-07-18 福建师范大学 The method and system of role's symmetric cryptography proof of ownership
CN106961431B (en) * 2017-03-17 2019-11-08 福建师范大学 The method and system of role's symmetric cryptography proof of ownership
US10528751B2 (en) 2017-04-13 2020-01-07 Nec Corporation Secure and efficient cloud storage with retrievability guarantees
CN107295002B (en) * 2017-07-12 2020-06-19 联动优势科技有限公司 Cloud data storage method and server
CN107295002A (en) * 2017-07-12 2017-10-24 联动优势科技有限公司 The method and server of a kind of high in the clouds data storage
CN107800688A (en) * 2017-09-28 2018-03-13 南京理工大学 A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN108337220A (en) * 2017-11-27 2018-07-27 中国电子科技集团公司电子科学研究院 Data processing method, system and key server
CN108200172A (en) * 2018-01-03 2018-06-22 西安电子科技大学 A kind of cloud storage system and method supported secure data duplicate removal and deleted
CN108200172B (en) * 2018-01-03 2020-12-08 西安电子科技大学 Cloud storage system and method supporting safe data deduplication and deletion
CN108400970A (en) * 2018-01-20 2018-08-14 西安电子科技大学 Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN108400970B (en) * 2018-01-20 2020-10-02 西安电子科技大学 Similar data message locking, encrypting and de-duplicating method in cloud environment and cloud storage system
CN108600160A (en) * 2018-03-09 2018-09-28 黄飞飞 Communication protocol safety management system in a kind of Industry Control
CN108776758B (en) * 2018-04-13 2021-08-17 西安电子科技大学 Block-level data deduplication method supporting dynamic ownership management in fog storage
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN108600263A (en) * 2018-05-09 2018-09-28 电子科技大学 A kind of safely and effectively client duplicate removal agreement proved based on possessing property
CN108600263B (en) * 2018-05-09 2020-09-25 电子科技大学 Safe and effective client duplicate removal method based on possession certification
CN109088720A (en) * 2018-08-14 2018-12-25 广东工业大学 A kind of encryption file De-weight method and device based on mixing cloud storage
CN111385092B (en) * 2018-12-28 2023-09-19 新唐科技股份有限公司 Cipher device using information blinding and its cipher processing method
CN111385092A (en) * 2018-12-28 2020-07-07 新唐科技股份有限公司 Cipher device using information blinding and cipher processing method thereof
CN110109617A (en) * 2019-04-22 2019-08-09 电子科技大学 A kind of Metadata Management method in encryption data deduplication system
CN110933149A (en) * 2019-11-18 2020-03-27 湖南警察学院 Cloud storage safety duplicate removal method and system
CN111277572A (en) * 2020-01-13 2020-06-12 深圳市赛为智能股份有限公司 Cloud storage safety duplicate removal method and device, computer equipment and storage medium
CN111355705B (en) * 2020-02-08 2021-10-15 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN112887281A (en) * 2021-01-13 2021-06-01 西安电子科技大学 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
CN112887281B (en) * 2021-01-13 2022-04-29 西安电子科技大学 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
CN112954033A (en) * 2021-02-02 2021-06-11 广东工业大学 Cross-user cloud storage system repeated data deleting method
CN113037732A (en) * 2021-02-26 2021-06-25 南京大学 Multi-user security encryption de-duplication method based on wide area network scene
CN113037732B (en) * 2021-02-26 2022-09-23 南京大学 Multi-user security encryption de-duplication method based on wide area network scene
CN114499843B (en) * 2022-01-10 2023-07-14 河北大学 Cloud data deduplication method based on edge cloud cooperation
CN114499843A (en) * 2022-01-10 2022-05-13 河北大学 Cloud data deduplication method based on edge cloud cooperation
CN115225409B (en) * 2022-08-31 2022-12-06 成都泛联智存科技有限公司 Cloud data safety duplicate removal method based on multi-backup joint verification
CN115225409A (en) * 2022-08-31 2022-10-21 成都泛联智存科技有限公司 Cloud data safety deduplication method based on multi-backup joint verification
CN115442162A (en) * 2022-11-08 2022-12-06 四川公众项目咨询管理有限公司 Cloud security deduplication method based on convergence encryption technology
CN116599650A (en) * 2023-07-14 2023-08-15 民航成都电子技术有限责任公司 Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium
CN116599650B (en) * 2023-07-14 2023-10-13 民航成都电子技术有限责任公司 Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium

Also Published As

Publication number Publication date
CN105939191B (en) 2019-04-16

Similar Documents

Publication Publication Date Title
CN105939191B (en) The client secure De-weight method of ciphertext data in a kind of cloud storage
Han et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption
EP3375129B1 (en) Method for re-keying an encrypted data file
CN106254324B (en) A kind of encryption method and device of storage file
US20180367298A1 (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
Yu et al. Improved security of a dynamic remote data possession checking protocol for cloud storage
CN104363215B (en) A kind of encryption method and system based on attribute
Shao et al. Anonymous proxy re‐encryption
CN102420691B (en) Certificate-based forward security signature method and system thereof
CN110213042A (en) A kind of cloud data duplicate removal method based on no certification agency re-encryption
CN107800688A (en) A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN103095453A (en) Public-key Encrypted Bloom Filters With Applications To Private Set Intersection
CN108347404B (en) Identity authentication method and device
CN105721158A (en) Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system
CN103731261A (en) Secret key distribution method under encrypted repeating data deleted scene
CN104468615A (en) Data sharing based file access and permission change control method
CA2693133A1 (en) Method and system for generating implicit certificates and applications to identity-based encryption (ibe)
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
CN103780607A (en) Repeating-data deleting method based on different permissions and system thereof
CN110336673B (en) Block chain design method based on privacy protection
CN104993931A (en) Multi-user encrypted search method in cloud storage
CN104219047A (en) A signature verification method and apparatus
CN112382376A (en) Medical instrument management tracing system based on block chain
Mukundan et al. Replicated Data Integrity Verification in Cloud.
CN106453253A (en) Efficient identity-based concealed signcryption method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant