CN105939191A - Client secure deduplication method of ciphertext data in cloud storage - Google Patents
Client secure deduplication method of ciphertext data in cloud storage Download PDFInfo
- Publication number
- CN105939191A CN105939191A CN201610539947.9A CN201610539947A CN105939191A CN 105939191 A CN105939191 A CN 105939191A CN 201610539947 A CN201610539947 A CN 201610539947A CN 105939191 A CN105939191 A CN 105939191A
- Authority
- CN
- China
- Prior art keywords
- user
- block
- csp
- key
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a client secure deduplication method of ciphertext data in cloud storage. The method comprises the following steps of: (1) key generation; (2) file initialization; (3) data block initialization; (4) data block verification; (5) file storage; (6) challenge generation; (7) proof generation; (8) proof verification; and (9) file decryption. According to the method of the invention, a secure key generation protocol is constructed based on blind signature, and therefore, secondary encryption of convergence keys is realized, and the security of the keys can be ensured; and a signature-based ownership proving method is put forward based on the above encryption, and with the method adopted, it can be ensured that a user can prove his or her ownership of a certain file in the could storage to a could server in a safer and more efficient way, and file-level and block-level deduplication of a ciphertext file can be realized.
Description
Technical field
The present invention relates to cloud storage and field of information security technology, the client of ciphertext data in a kind of cloud storage
Safe De-weight method.
Background technology
Along with being widely used of cloud storage service, their data message is contracted out to cloud by increasing enterprises and individuals
Service provider (Cloud Service Provider, CSP), this will produce substantial amounts of redundant data beyond the clouds.So, cloud
Face stern challenge is how to manage the data continued to increase efficiently by service provider.
To this end, research worker proposes the data deduplication technology of a kind of client, it makes CSP only store same file
Once, all users having this document can only uniquely be copied by that part and access file.For more specifically, it is simply that
CSP, only receiving first user's upload request when, performs the storage of data file;To upload request later,
Simply distribute the link of a base data replicas.The most both save memory space, also save transmission bandwidth.But, visitor
There is a safety problem the biggest in the data deduplication of family end: assailant may just can be from cloud by single file hash value
End obtains the download permission of corresponding document.The basic reason of this kind of attack is that a file hash value the shortest just can represent whole
Individual file, once assailant obtains this hash value, it is possible to obtain whole file.In order to solve this problem, an ownership
Prove that the method for (Proof of Ownership, PoW) is suggested.PoW is exactly a friendship between certifier and verifier
Mutual agreement.By performing this agreement, it was demonstrated that person makes verifier believe, he/her is strictly the literary composition of authenticatee's storage
The owner of part.Therefore, for the safe duplicate removal of data of client, PoW is considerable.
Additionally, Cloud Server is honest and curiosity, it may steal the data-privacy of user.Therefore, user is by number
Before being uploaded to Cloud Server, need data are encrypted realize data-privacy protection.But, when different user utilizes
When identical file is encrypted by respective private key, it will produce different ciphertexts, it is unfavorable for that Cloud Server is to same file
Carry out duplicate removal.The technology of a kind of convergent encryption is suggested, and it utilizes hash value the adding as data that data itself produce
Decryption key, the most identical data file will produce identical ciphertext, it is simple to Cloud Server carries out duplicate removal process.But, receive
Holding back encryption and there are the biggest security breaches, such as dictionary attack: for predictable file, it is close that assailant is easy to derive convergence
Key, and detect whether file is present in Cloud Server.It addition, convergent encryption can produce a lot of convergence keys, this gives user
Management to oneself key causes the biggest difficulty.
Summary of the invention
It is an object of the invention to provide the client secure removing repeat of ciphertext data in a kind of safe and efficient cloud storage
Method, to realize the secondary encryption to convergence key, it is ensured that the privacy of data, pre-anti-violence dictionary attack.
The technical solution realizing the object of the invention is: the client secure removing repeat of ciphertext data in a kind of cloud storage
Method, for the client duplicate removal model of encryption data, the entity that duplicate removal process relates to is as follows: user Users, and cloud service provides
Business CSP and key server KS, specifically comprises the following steps that
Step 1, key generates:
User is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the sum of data block;
Step 2, file initializes:
User is each data block miComputing block ciphertext Ci, generate the label T=(T of file simultaneously1,T2), wherein T1With
In data integrity validation, T2Checking for block signature;
Step 3, data block initializes:
When high in the clouds does not exist file label T, user is each data block miComputing block label τiWith block signature sigmai, its
Middle τiFor the index of block, σiThe proof existed for block;Meanwhile, user encrypts each block key with the private key sk of oneself and obtains
Ciphertext C to keykey;
Step 4, data block checking:
When high in the clouds exists data block label τiTime, perform block duplicate removal;The data block signature sigma that CSP checking user uploadsiWhether
Correctly, thus judge whether user and CSP have identical data block, and the result is returned to user;
Step 5, file stores:
When high in the clouds does not exist data block label τiTime, request user uploads data block signature sigmai, block ciphertext CiClose with key
Literary composition CkeyTo CSP, CSP checking block label and block ciphertext whether from same file, and verify block signature sigmaiCorrectness;?
Eventually, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And distribute corresponding authority to user;
Step 6, generates and challenges:
When high in the clouds exists file label T, perform file duplicate removal;CSP generates challenge information chal={i, vi}i∈I, then will
This challenge information returns to user, and wherein I is the random subset of [1, n], random number vi∈Zq, wherein ZqIt is q rank prime field;
Step 7, generation evidence:
After user receives challenge information, generate response evidence P according to selected blockV, and return to CSP;
Step 8, experimental evidence:
CSP auth response evidence PVCorrectness, thus judge whether user and CSP have identical file, and will test
Card result returns to user;
Step 9, file decryption:
When user needs to download file from CSP, CSP first verifies that the legitimacy of user identity, and by the ciphertext of key
CkeyWith block ciphertext CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;Then, then
Utilize kiDecipher each block ciphertext CiObtain block m in plain texti。
Further, key described in step 1 generates: user is each data block miCalculate corresponding encryption key ki,
1≤i≤n, n are the sum of data block, specific as follows:
(1.1) KS randomly chooses the prime number q of a k-bit and creates the elliptic curve equation G on two q rank1, G2With q rank
Prime field Zq;P, Q are G1Two different generations unit, and produce a linear pairing e:G1×G1→G2;KS randomly chooses one
Individual integer x ∈ ZqAs private key, and calculate PKI Ppub=x P;KS open systematic parameter { q, G1,G2,e,P,Q,Ppub, keep
X is privately owned;
(1.2) file M is divided into n block, i.e. M=m by user1||m2||…||mn, user is each data block miCalculate
Convergence key hi=h (mi), wherein hash function h (): { 0,1}*→G1;Then, user randomly chooses r ∈ ZqAs blind because of
Son, then calculate hiValue a after blindingi=hi+ r P, and by aiUpload to KS;
(1.3) KS calculates aiValue b after encryptioni=aiX, and by biReturn to user;
(1.4) user calculates biGo value d after blindingi=bi-r·Ppub, user verifies d simultaneouslyiCorrectness: e (di,
P)=e (h (mi),Ppub);Finally, user makes ki=diAs each block miEncryption key.
Further, file described in step 2 initializes: user is each data block miComputing block ciphertext Ci, generate simultaneously
Label T=(the T of file1,T2), wherein T1For data integrity validation, T2The checking signed for block, specific as follows:
(2.1) user uses each block m that method is file M of symmetric cryptographyi(1≤i≤n), computing block ciphertext Ci=
Enc(ki,mi), Ci∈Zq;
(2.2) user calculates: T1=H1(C1||C2||…||Cn), T2=H2(M) P, wherein hash function H1(): Zq
→{0,1}*, H2(): { 0,1}*→Zq;Finally, user generates the label of file M: T=(T1,T2), and upload T to CSP.
Further, data block described in step 3 initializes: when high in the clouds does not exist file label T, user is each number
According to block miComputing block label τiWith block signature sigmai, wherein τiFor the index of block, σiThe proof existed for block;Meanwhile, Yong Huyong
The private key sk of oneself encrypts each block key and obtains ciphertext C of keykey, specific as follows:
(3.1) in the presence of user detects that high in the clouds file label T is not, user is each blocks of files miComputing block label
τi=H2(M)·h(mi);
(3.2) user's computing block signature: σi=H2(M)·(ki+Ci·Q);
(3.3) user randomly chooses the private key sk of oneself, and to block key kiIt is encrypted, ciphertext C of computation keykey
=Enc (sk, k1||k2||…||kn)。
Further, data block checking described in step 4: when high in the clouds exists data block label τiTime, perform block duplicate removal;CSP
The data block signature sigma that checking user uploadsiThe most correct, thus judge whether user and CSP have identical data block, and will
The result returns to user, specific as follows:
When receiving the block label τ from useriWith block signature sigmai, CSP detects block label τiExist and then perform block duplicate removal;
Then CSP verifies block signature sigmaiCorrectness, i.e. CSP verifies σi=σi' whether set up, wherein σi' be CSP storage data block
Signature;If setting up, illustrating that user and CSP have identical data block, this data block is present in CSP, CSP and is only required to be this number
Identity ID of user is added according to blockuser;Otherwise, a request failure message is returned to user.
Further, file storage described in step 5: when high in the clouds does not exist data block label τiTime, request user uploads number
According to block signature sigmai, block ciphertext CiCiphertext C with keykeyTo CSP, CSP checking block label and block ciphertext whether from same file,
And verify block signature sigmaiCorrectness;Finally, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And
Distributing corresponding authority to user, detailed process is as follows:
(5.1) once CSP receives all of piece of ciphertext Ci, CSP starts to verify T1=H1(C1||C2||…||Cn) whether become
Vertical, if setting up, illustrate that the ciphertext that user uploads is consistent with label;Otherwise, illustrate that user uploads inconsistent with label
Ciphertext, returns a request failure message to user;
(5.2) each data block signature sigma that CSP checking user uploadsiThe most correct, by checkingWhether setting up, if setting up, the data block signature sigma that user uploads being describediBeing correct, CSP deposits
Storage T, τi、σi、CiAnd Ckey, and add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all gathering around
There is the set of the user identity of file M;Otherwise, CSP returns the failed information of request to user.
Further, generate challenge described in step 6: when high in the clouds exists file label T, perform file duplicate removal;CSP generates
Challenge information chal={i, vi}i∈I, then this challenge information is returned to user, wherein I is the random subset of [1, n], random number
vi∈Zq;Specific as follows:
In the presence of CSP detects file label T, CSP is according to the total block data n of file M, and from 1~n, stochastic generation c is individual
Number, forms I={s1,s2,…,sc, and forsiAnd sjIt is separate;ForRandom raw
Become number vi∈Zq, form challenge information chal={i, vi}i∈I, then chal is sent to user by CSP.
Further, evidence P is responded described in step 7VComputing formula as follows:
Further, experimental evidence described in step 8: CSP auth response evidence PVCorrectness, thus judge user and
Whether CSP has identical file, and the result returns to user, and detailed process is as follows:
CSP verifiesWhether set up: if setting up, illustrate that user and CSP have identical file, this document
Being present in CSP, user need not upload files to CSP, and user only need to upload Ckey、IDuserC is stored to CSP, CSPkey,
And add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all user's bodies having file M
The set of part;Otherwise, CSP returns the failed information of request to user.
Further, file decryption described in step 9: when user needs to download file from CSP, CSP first verifies that user
The legitimacy of identity, and by ciphertext CkeyAnd CiReturn to user;User obtains each first with the private key sk deciphering of oneself
Block key ki;Then, recycling kiDecipher each block ciphertext CiObtain block m in plain texti, specific as follows:
(9.1) first, user sends label T and identity ID of oneself of file MuserTo CSP;
(9.2) CSP receives identity ID of file label T and useruserAfter, verify file label T and user identity IDuser
The most correct, if correctly, by ciphertext C of the key of its correspondencekeyWith block ciphertext CiSend user to;Otherwise returning one please
Ask failure information to user;
(9.3) user receives ciphertext C of keykeyWith block ciphertext CiAfter, first verify that T1=H1(C1||C2||…||Cn) be
No correctly, if incorrect, illustrate that CSP is returned to the incorrect cryptograph files of user;Otherwise, user is first with the private key of oneself
Sk, deciphers each block key: k1||k2||…||kn=Dec (sk, Ckey), then user deciphers each data block: mi=
Dec(ki,Ci)。
Compared with prior art, its remarkable advantage is the present invention:
(1) convergence key safety: method based on Proxy Signature, user first select a random number r as blind because of
Son, has carried out blinding process to convergence key, and the convergence key after blinding is encrypted by KS again.In whole transmitting procedure,
Convergence key blinds all the time, and assailant (even KS), even if some information obtained in interaction, can not push away
Derive convergence key;
(2) data confidentiality: owing to the encryption key of data block only generates at user side, and contain in this encryption key
The convergence key of data block and the private key of KS, convergence key safety is effectively protected, so assailant is not in addition
May obtain and crack this key, data confidentiality is effectively protected;
(3) data integrity: ciphertext based on file produces the label T of file1, when user uploads file label T1Often
One block ciphertext CiAfter, Cloud Server utilizes the file label and cryptogram validation: T received1=H1(C1||C2||…||Cn) whether
Set up, thus judge whether user uploads the ciphertext consistent with label.Secondly, after the ciphertext that user downloads, also need checking: T1
=H1(C1||C2||…||Cn) whether set up, thus judge whether CSP gives the cryptograph files that user is correct;
(4) prevention dictionary attack: the encryption key of data block carries out secondary encryption by KS to convergence key and obtains,
Assailant is impossible to derive convergence key and the encryption key of data block;Owing to the encryption key of data block comprising KS
Private key, and the private key of KS is a random value, so the ciphertext that encryption produces exists bigger onrelevant, such assailant
During ciphertext is initiated dictionary attack, unless they know the encryption key of data block, otherwise they are difficult to conjecture
In plain text, thus prevent dictionary attack.
Accompanying drawing explanation
Fig. 1 is the system model figure of the present invention.
Fig. 2 be the present invention cloud storage in the basic flow sheet of client secure De-weight method of ciphertext data.
Fig. 3 is the Key generation protocol schematic diagram based on Proxy Signature of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings and implement example the present invention is described in further detail.Following example are with skill of the present invention
Implement under premised on art scheme, give detailed embodiment and process, but under protection scope of the present invention is not limited to
The embodiment stated.
The present invention provides the client secure De-weight method of ciphertext data in a kind of cloud storage, and the system model of the method is such as
Shown in Fig. 1, comprise three class entities: cloud service provider (Cloud Service Provider, CSP), key server
(KeyServer, KS), user (Users).Wherein, CSP is made up of master server and storage server, and it has enough storages
Space and computing capability, provide the user data storage and the duplicate removal service for checking credentials.KS interacts with user, to the convergence blinded
Key re-encrypts.Users includes multiple domestic consumer, and they are before uploading files to CSP, checks file to be uploaded
Whether it is present in CSP, if existing, it is not necessary to upload files to CSP;Otherwise, CSP is uploaded files to.
In cloud storage of the present invention, the client secure De-weight method of ciphertext data is capable of adding the secondary of convergence key
Close, it is ensured that the privacy of data, prevent violence dictionary attack;Simultaneously user can in this locality with one safely and effectively mode to
Cloud Server proves that it has certain file in high in the clouds really, had both saved memory space, and had also saved uploading bandwidth.
In order to be more fully understood that the method that the present embodiment proposes, choose under a cloud storage environment user to it on CSP
The data safe duplicate removal event of file of storage, basic procedure as in figure 2 it is shown, the present embodiment to be embodied as step as follows:
Step 101: key generates: user is each data block miIt is relative that (a total of n block, 1≤i≤n) calculates it
The encryption key k answeredi, its Key generation protocol such as Fig. 3, detailed process is as follows:
(1.1) first, for generation and the proof of duplicate removal of key, some systematic parameters are initialized.KS randomly chooses one
The prime number q of individual k-bit also creates the elliptic curve equation G on two q rank1, G2Prime field Z with q rankq.P, Q are G1Two not
Same generation unit, and produce an acceptable linear pairing e:G1×G1→G2.Random one of KS selects integer x ∈ Zq, and count
Calculate Ppub=x P.KS open systematic parameter { q, G1,G2,e,P,Q,Ppub, keep x privately owned.
(1.2) first file M is divided into n block: M=m by user1||m2||…||mn.User is each data block miMeter
Calculate convergence key hi=h (mi), wherein hash function h (): { 0,1}*→G1;Then, user randomly chooses r ∈ ZqAs blinding
The factor, then calculate hiValue a after blindingi=hi+ r P, and by aiUpload to KS.
(1.3) KS calculates aiValue b after encryptioni=aiX, and by biReturn to user.
(1.4) user calculates biGo value d after blindingi=bi-r·Ppub, user is able to verify that d simultaneouslyiCorrectness:
e(di, P) and=e (h (mi),Ppub).Finally, user makes ki=diAs each block miThe encryption key of (1≤i≤n).
Step 102: file initializes: the information of initialization files M, user is each data block miComputing block ciphertext Ci,
Generate the label T=(T of file simultaneously1,T2), wherein T1For data integrity validation, T2For the checking of block signature, specifically
Process is as follows:
(2.1) user uses each block m that method is file M of symmetric cryptographyi(1≤i≤n), computing block ciphertext Ci=
Enc(ki,mi), Ci∈Zq。
(2.2) user calculates: T1=H1(C1||C2||…||Cn), T2=H2(M) P, wherein hash function H1(): Zq
→{0,1}*, H2(): { 0,1}*→Zq.Finally, user generates the label of file M: T=(T1,T2), and upload T to CSP.
Step 103: data block initializes: initialization data block message.When user detects that high in the clouds file label T does not exists
Time, user is each data block miComputing block label τiWith block signature sigmai, wherein τiFor the index of block, σiExist for block
Prove;Meanwhile, user encrypts each block key with the private key sk of oneself and obtains ciphertext C of keykey, detailed process is as follows:
(3.1) user is each blocks of files mi(1≤i≤n), computing block label: τi=H2(M)·h(mi)。
(3.2) user's computing block signature: σi=H2(M)·(ki+Ci·Q)。
(3.3) user randomly chooses the private key sk of oneself, and to block key ki(1≤i≤n) is encrypted, computation key
Ciphertext Ckey=Enc (sk, k1||k2||…||kn)。
Step 104: data block is verified: when receiving the block label τ from useriWith block signature sigmai.CSP detects block label
τiExist, perform block duplicate removal;The data block signature sigma that CSP checking user uploadsiWhether correct, thus judge whether are user and CSP
Having identical data block, and the result returns to user, detailed process is as follows:
When receiving the block label τ from useriWith block signature sigmai, CSP detects block label τiExist and then perform block duplicate removal;
Then CSP verifies block signature sigmaiCorrectness, i.e. CSP verify: σi=σi' whether set up, wherein σi' be CSP storage data block
Signature.If setting up, illustrating that user and CSP have identical data block, this data block is present in CSP, CSP and is only required to be this number
Identity ID of user is added according to blockuser;Otherwise, a request failure message is returned to user.
Step 105: file stores: when receiving the block label τ from useriWith block signature sigmai, there is not data block mark in high in the clouds
Sign τiTime, request user uploads data block signature sigmai, block ciphertext CiCiphertext C with keykeyTo CSP, CSP checking block label and block
Whether ciphertext is from same file, and verifies block signature sigmaiCorrectness;Finally, CSP stores each block label, block label
Name, block ciphertext, the ciphertext of key;And distribute corresponding authority to user, detailed process is as follows:
(5.1) once CSP receives all of piece of ciphertext Ci(1≤i≤n), CSP starts checking: T1=H1(C1||C2||…||
Cn) whether set up.If setting up, illustrate that the ciphertext that user uploads is consistent with label;Otherwise, illustrate that user uploads and label
Inconsistent ciphertext, returns a request failure message to user.
(5.2) secondly, CSP is able to verify that each data block signature sigma that user uploadsiThe most correct, by checkingWhether set up.If setting up, illustrating that the data block signature that user uploads is correct, CSP stores
T、τi、σi、CiAnd Ckey, and add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all having
The set of the user identity of file M;Otherwise, CSP returns the failed information of request to user.
Step 106: generate challenge: when high in the clouds exists file label T, performs file duplicate removal;CSP generates challenge information
Chal={i, vi}i∈I, then this challenge information is returned to user, wherein I is the random subset of [1, n], random number vi∈Zq;Tool
Body process is as follows:
In the presence of CSP detects file label T, CSP is according to the total block data n of file M, and from 1~n, stochastic generation c is individual
Number, forms I={s1,s2,…,sc, and forsiAnd sjIt is separate;ForRandom raw
Become number vi∈Zq, form challenge information chal={i, vi}i∈I, then chal is sent to user by CSP.
Step 107: generating evidence: user receives after the challenge information chal of CSP transmission, challenge-response calculates and rings
Evidence is answered to return to CSP.Detailed process is as follows:
User calculates response evidence:By PVIt is sent to CSP.
Step 108: experimental evidence: CSP receives after the response evidence of user, CSP auth response evidence PVCorrect
Property, thus judge whether user and CSP have identical file, and the result is returned to user, detailed process is as follows:
CSP verifies:Whether set up.If setting up, illustrate that user and CSP have identical file, this document
Being present in CSP, user need not upload files to CSP.User only need to upload Ckey, IDuserTo CSP;CSP stores Ckey,
And add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all user's bodies having file M
The set of part.Otherwise, CSP returns the failed information of request to user.
Step 109: file decryption: when user needs to download file from CSP, CSP first verifies that the legal of user identity
Property, and by ciphertext CkeyAnd CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;So
After, recycle kiDecipher each block ciphertext CiObtain block m in plain texti, detailed process is as follows:
(9.1) first, user sends label T and identity ID of oneself of file MuserTo CSP.
(9.2) CSP receives identity ID of file label T and useruserAfter, verify file label T and user identity IDuser
The most correct, if correctly, by the C of its correspondencekeyAnd Ci(1≤i≤n) sends user to;Otherwise return one to ask unsuccessfully to believe
Breath is to user.
(9.3) user receives CkeyAnd CiAfter (1≤i≤n), first verify that T1=H1(C1||C2||…||Cn) the most correct,
If incorrect, illustrate that CSP is returned to the incorrect cryptograph files of user;Otherwise, user is first with the private key sk of oneself, deciphering
Each block key: k1||k2||…||kn=Dec (sk, Ckey).Then, user deciphers each data block: mi=Dec (ki,
Ci)(1≤i≤n)。
In sum, the present invention utilizes the method construct of Proxy Signature one Key generation protocol more safely and efficiently,
By introducing a key server, it is achieved that the secondary encryption to convergence key so that data encryption is safer, effectively
Prevent violence dictionary attack.Meanwhile, a new ownership method of proof based on signature, user are proposed on this basis
And between Cloud Server, have to carry out a challenge/response agreement, just can determine that whether user has the file identical with high in the clouds,
It prevents assailant to obtain whole file by single cryptographic Hash effectively, and the solution of the present invention can be the most real
Now file-level and the block level duplicate removal to ciphertext data.
Claims (10)
1. the client secure De-weight method of ciphertext data in a cloud storage, it is characterised in that for the client of encryption data
End duplicate removal model, the entity that duplicate removal process relates to is as follows: user Users, cloud service provider CSP and key server KS,
Specifically comprise the following steps that
Step 1, key generates:
User is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the sum of data block;
Step 2, file initializes:
User is each data block miComputing block ciphertext Ci, generate the label T=(T of file simultaneously1,T2), wherein T1For counting
According to integrity verification, T2Checking for block signature;
Step 3, data block initializes:
When high in the clouds does not exist file label T, user is each data block miComputing block label τiWith block signature sigmai, wherein τiWith
In the index of block, σiThe proof existed for block;Meanwhile, user encrypts each block key with the private key sk of oneself and obtains key
Ciphertext Ckey;
Step 4, data block checking:
When high in the clouds exists data block label τiTime, perform block duplicate removal;The data block signature sigma that CSP checking user uploadsiIt is the most correct,
Thus judge whether user and CSP have identical data block, and the result is returned to user;
Step 5, file stores:
When high in the clouds does not exist data block label τiTime, request user uploads data block signature sigmai, block ciphertext CiCiphertext with key
CkeyTo CSP, CSP checking block label and block ciphertext whether from same file, and verify block signature sigmaiCorrectness;Finally,
CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And distribute corresponding authority to user;
Step 6, generates and challenges:
When high in the clouds exists file label T, perform file duplicate removal;CSP generates challenge information chal={i, vi}i∈I, then this is chosen
War information returns to user, and wherein I is the random subset of [1, n], random number vi∈Zq, wherein ZqIt is q rank prime field;
Step 7, generation evidence:
After user receives challenge information, generate response evidence P according to selected blockV, and return to CSP;
Step 8, experimental evidence:
CSP auth response evidence PVCorrectness, thus judge whether user and CSP have identical file, and by the result
Return to user;
Step 9, file decryption:
When user needs to download file from CSP, CSP first verifies that the legitimacy of user identity, and by ciphertext C of keykeyWith
Block ciphertext CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;Then, recycling
kiDecipher each block ciphertext CiObtain block m in plain texti。
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
Key described in 1 generates: user is each data block miCalculate corresponding encryption key ki, 1≤i≤n, n are the total of data block
Number, specific as follows:
(1.1) KS randomly chooses the prime number q of a k-bit and creates the elliptic curve equation G on two q rank1, G2Prime number with q rank
Territory Zq;P, Q are G1Two different generations unit, and produce a linear pairing e:G1×G1→G2;KS randomly choose one whole
Number x ∈ ZqAs private key, and calculate PKI Ppub=x P;KS open systematic parameter { q, G1,G2,e,P,Q,Ppub, keep x private
Have;
(1.2) file M is divided into n block, i.e. M=m by user1||m2||…||mn, user is each data block miCalculate convergence
Key hi=h (mi), wherein hash function h (): { 0,1}*→G1;Then, user randomly chooses r ∈ ZqAs blinding factor,
Calculate again hiValue a after blindingi=hi+ r P, and by aiUpload to KS;
(1.3) KS calculates aiValue b after encryptioni=aiX, and by biReturn to user;
(1.4) user calculates biGo value d after blindingi=bi-r·Ppub, user verifies d simultaneouslyiCorrectness: e (di, P)=
e(h(mi),Ppub);Finally, user makes ki=diAs each block miEncryption key.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
File described in 2 initializes: user is each data block miComputing block ciphertext Ci, generate the label T=(T of file simultaneously1,T2),
Wherein T1For data integrity validation, T2The checking signed for block, specific as follows:
(2.1) user uses each block m that method is file M of symmetric cryptographyi(1≤i≤n), computing block ciphertext Ci=Enc
(ki,mi), Ci∈Zq;
(2.2) user calculates: T1=H1(C1||C2||…||Cn), T2=H2(M) P, wherein hash function H1(): Zq→{0,
1}*, H2(): { 0,1}*→Zq;Finally, user generates the label of file M: T=(T1,T2), and upload T to CSP.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
Data block described in 3 initializes: when high in the clouds does not exist file label T, user is each data block miComputing block label τiAnd block
Signature sigmai, wherein τiFor the index of block, σiThe proof existed for block;Meanwhile, user encrypts each with the private key sk of oneself
Block key obtains ciphertext C of keykey, specific as follows:
(3.1) in the presence of user detects that high in the clouds file label T is not, user is each blocks of files miComputing block label τi=
H2(M)·h(mi);
(3.2) user's computing block signature: σi=H2(M)·(ki+Ci·Q);
(3.3) user randomly chooses the private key sk of oneself, and to block key kiIt is encrypted, ciphertext C of computation keykey=Enc
(sk,k1||k2||…||kn)。
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
Data block checking described in 4: when high in the clouds exists data block label τiTime, perform block duplicate removal;The data block label that CSP checking user uploads
Name σiThe most correct, thus judge whether user and CSP have identical data block, and the result is returned to user, tool
Body is as follows:
When receiving the block label τ from useriWith block signature sigmai, CSP detects block label τiExist and then perform block duplicate removal;Then
CSP verifies block signature sigmaiCorrectness, i.e. CSP verifies σi=σi' whether set up, wherein σi' it is the label of data block of CSP storage
Name;If setting up, illustrating that user and CSP have identical data block, this data block is present in CSP, CSP and is only required to be this data block
Add identity ID of useruser;Otherwise, a request failure message is returned to user.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
File storage described in 5: when high in the clouds does not exist data block label τiTime, request user uploads data block signature sigmai, block ciphertext CiWith close
Ciphertext C of keykeyTo CSP, CSP checking block label and block ciphertext whether from same file, and verify block signature sigmaiCorrect
Property;Finally, CSP stores each block label, block signature, block ciphertext, the ciphertext of key;And distribute corresponding authority to user,
Detailed process is as follows:
(5.1) once CSP receives all of piece of ciphertext Ci, CSP starts to verify T1=H1(C1||C2||…||Cn) whether set up, if
Set up, illustrate that the ciphertext that user uploads is consistent with label;Otherwise, illustrate that user uploads the ciphertext inconsistent with label,
Return a request failure message to user;
(5.2) each data block signature sigma that CSP checking user uploadsiThe most correct, by checkingWhether setting up, if setting up, the data block signature sigma that user uploads being describediBeing correct, CSP deposits
Storage T, τi、σi、CiAnd Ckey, and add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent all gathering around
There is the set of the user identity of file M;Otherwise, CSP returns the failed information of request to user.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
Generate challenge described in 6: when high in the clouds exists file label T, perform file duplicate removal;CSP generates challenge information chal={i,
vi}i∈I, then this challenge information is returned to user, wherein I is the random subset of [1, n], random number vi∈Zq;Specific as follows:
In the presence of CSP detects file label T, CSP according to the total block data n of file M, stochastic generation c number, group from 1~n
Become I={s1,s2,…,sc, and forsj∈ I (i ≠ j), siAnd sjIt is separate;ForStochastic generation one
Number vi∈Zq, form challenge information chal={i, vi}i∈I, then chal is sent to user by CSP.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
Evidence P is responded described in 7VComputing formula as follows:
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
Experimental evidence described in 8: CSP auth response evidence PVCorrectness, thus judge whether user and CSP have identical file,
And the result is returned to user, detailed process is as follows:
CSP verifiesWhether set up: if setting up, illustrating that user and CSP have identical file, this document exists
In CSP, user need not upload files to CSP, and user only need to upload Ckey、IDuserC is stored to CSP, CSPkey, and add
Add identity ID of useruserTo IDM, then IDM=IDM∪IDuser, wherein IDMRepresent the collection of all user identity having file M
Close;Otherwise, CSP returns the failed information of request to user.
The client secure De-weight method of ciphertext data in cloud storage the most according to claim 1, it is characterised in that: step
File decryption described in rapid 9: when user needs to download file from CSP, CSP first verifies that the legitimacy of user identity, and by close
Literary composition CkeyAnd CiReturn to user;User obtains each block key k first with the private key sk deciphering of oneselfi;Then, recycling
kiDecipher each block ciphertext CiObtain block m in plain texti, specific as follows:
(9.1) first, user sends label T and identity ID of oneself of file MuserTo CSP;
(9.2) CSP receives identity ID of file label T and useruserAfter, verify file label T and user identity IDuserWhether
Correctly, if correctly, by ciphertext C of the key of its correspondencekeyWith block ciphertext CiSend user to;Otherwise return a request to lose
The information that loses is to user;
(9.3) user receives ciphertext C of keykeyWith block ciphertext CiAfter, first verify that T1=H1(C1||C2||…||Cn) the most just
Really, if incorrect, illustrate that CSP is returned to the incorrect cryptograph files of user;Otherwise, user first with the private key sk of oneself,
Decipher each block key: k1||k2||…||kn=Dec (sk, Ckey), then user deciphers each data block: mi=Dec
(ki,Ci)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610539947.9A CN105939191B (en) | 2016-07-08 | 2016-07-08 | The client secure De-weight method of ciphertext data in a kind of cloud storage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610539947.9A CN105939191B (en) | 2016-07-08 | 2016-07-08 | The client secure De-weight method of ciphertext data in a kind of cloud storage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105939191A true CN105939191A (en) | 2016-09-14 |
CN105939191B CN105939191B (en) | 2019-04-16 |
Family
ID=56872248
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610539947.9A Active CN105939191B (en) | 2016-07-08 | 2016-07-08 | The client secure De-weight method of ciphertext data in a kind of cloud storage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105939191B (en) |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106533699A (en) * | 2017-01-05 | 2017-03-22 | 河南理工大学 | Identity-based blind signature method on lower lattice of standard model |
CN106603561A (en) * | 2016-12-30 | 2017-04-26 | 电子科技大学 | Block level encryption method in cloud storage and multi-granularity deduplication method |
CN106650503A (en) * | 2016-12-09 | 2017-05-10 | 南京理工大学 | Cloud side data integrity verification and restoration method based on IDA |
CN106961431A (en) * | 2017-03-17 | 2017-07-18 | 福建师范大学 | The method and system of role's symmetric cryptography proof of ownership |
CN107295002A (en) * | 2017-07-12 | 2017-10-24 | 联动优势科技有限公司 | The method and server of a kind of high in the clouds data storage |
CN107800688A (en) * | 2017-09-28 | 2018-03-13 | 南京理工大学 | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption |
CN108200172A (en) * | 2018-01-03 | 2018-06-22 | 西安电子科技大学 | A kind of cloud storage system and method supported secure data duplicate removal and deleted |
CN108337220A (en) * | 2017-11-27 | 2018-07-27 | 中国电子科技集团公司电子科学研究院 | Data processing method, system and key server |
CN108400970A (en) * | 2018-01-20 | 2018-08-14 | 西安电子科技大学 | Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment |
CN108600160A (en) * | 2018-03-09 | 2018-09-28 | 黄飞飞 | Communication protocol safety management system in a kind of Industry Control |
CN108600263A (en) * | 2018-05-09 | 2018-09-28 | 电子科技大学 | A kind of safely and effectively client duplicate removal agreement proved based on possessing property |
CN108776758A (en) * | 2018-04-13 | 2018-11-09 | 西安电子科技大学 | The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist |
CN109088720A (en) * | 2018-08-14 | 2018-12-25 | 广东工业大学 | A kind of encryption file De-weight method and device based on mixing cloud storage |
CN110109617A (en) * | 2019-04-22 | 2019-08-09 | 电子科技大学 | A kind of Metadata Management method in encryption data deduplication system |
US10528751B2 (en) | 2017-04-13 | 2020-01-07 | Nec Corporation | Secure and efficient cloud storage with retrievability guarantees |
CN110933149A (en) * | 2019-11-18 | 2020-03-27 | 湖南警察学院 | Cloud storage safety duplicate removal method and system |
CN111277572A (en) * | 2020-01-13 | 2020-06-12 | 深圳市赛为智能股份有限公司 | Cloud storage safety duplicate removal method and device, computer equipment and storage medium |
CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
CN111385092A (en) * | 2018-12-28 | 2020-07-07 | 新唐科技股份有限公司 | Cipher device using information blinding and cipher processing method thereof |
CN112887281A (en) * | 2021-01-13 | 2021-06-01 | 西安电子科技大学 | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
CN112954033A (en) * | 2021-02-02 | 2021-06-11 | 广东工业大学 | Cross-user cloud storage system repeated data deleting method |
CN113037732A (en) * | 2021-02-26 | 2021-06-25 | 南京大学 | Multi-user security encryption de-duplication method based on wide area network scene |
CN114499843A (en) * | 2022-01-10 | 2022-05-13 | 河北大学 | Cloud data deduplication method based on edge cloud cooperation |
CN115225409A (en) * | 2022-08-31 | 2022-10-21 | 成都泛联智存科技有限公司 | Cloud data safety deduplication method based on multi-backup joint verification |
CN115442162A (en) * | 2022-11-08 | 2022-12-06 | 四川公众项目咨询管理有限公司 | Cloud security deduplication method based on convergence encryption technology |
CN116599650A (en) * | 2023-07-14 | 2023-08-15 | 民航成都电子技术有限责任公司 | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780607A (en) * | 2014-01-13 | 2014-05-07 | 西安电子科技大学 | Repeating-data deleting method based on different permissions and system thereof |
CN104902010A (en) * | 2015-04-30 | 2015-09-09 | 浙江工商大学 | Cloud storage method and system for file |
CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
WO2016095152A1 (en) * | 2014-12-18 | 2016-06-23 | Nokia Technologies Oy | De-duplication of encrypted data |
CN105721158A (en) * | 2016-01-20 | 2016-06-29 | 青岛一帆风顺软件有限公司 | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system |
-
2016
- 2016-07-08 CN CN201610539947.9A patent/CN105939191B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780607A (en) * | 2014-01-13 | 2014-05-07 | 西安电子科技大学 | Repeating-data deleting method based on different permissions and system thereof |
WO2016095152A1 (en) * | 2014-12-18 | 2016-06-23 | Nokia Technologies Oy | De-duplication of encrypted data |
CN104902010A (en) * | 2015-04-30 | 2015-09-09 | 浙江工商大学 | Cloud storage method and system for file |
CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
CN105721158A (en) * | 2016-01-20 | 2016-06-29 | 青岛一帆风顺软件有限公司 | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system |
Non-Patent Citations (3)
Title |
---|
XU JIA等: ""Weak leakage-resilient client-side deduplication of encrypted data in cloud storage"", 《ACM SIGSAC SYMPOSIUM ON INFORMATION》 * |
杨超,张俊伟等: ""云存储加密数据去重删除所有权证明方法"", 《计算机研究与发展》 * |
陈越,李超零等: ""基于确定/概率性文件拥有证明的机密数据安全去重方案"", 《通信学报》 * |
Cited By (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106650503A (en) * | 2016-12-09 | 2017-05-10 | 南京理工大学 | Cloud side data integrity verification and restoration method based on IDA |
CN106650503B (en) * | 2016-12-09 | 2019-10-18 | 南京理工大学 | Cloud data integrity validation and restoration methods based on IDA |
CN106603561B (en) * | 2016-12-30 | 2019-05-17 | 电子科技大学 | Block level encryption method and more granularity deduplication methods in a kind of cloud storage |
CN106603561A (en) * | 2016-12-30 | 2017-04-26 | 电子科技大学 | Block level encryption method in cloud storage and multi-granularity deduplication method |
CN106533699A (en) * | 2017-01-05 | 2017-03-22 | 河南理工大学 | Identity-based blind signature method on lower lattice of standard model |
CN106533699B (en) * | 2017-01-05 | 2019-12-17 | 河南理工大学 | Identity-based blind signature method on lower lattice of standard model |
CN106961431A (en) * | 2017-03-17 | 2017-07-18 | 福建师范大学 | The method and system of role's symmetric cryptography proof of ownership |
CN106961431B (en) * | 2017-03-17 | 2019-11-08 | 福建师范大学 | The method and system of role's symmetric cryptography proof of ownership |
US10528751B2 (en) | 2017-04-13 | 2020-01-07 | Nec Corporation | Secure and efficient cloud storage with retrievability guarantees |
CN107295002B (en) * | 2017-07-12 | 2020-06-19 | 联动优势科技有限公司 | Cloud data storage method and server |
CN107295002A (en) * | 2017-07-12 | 2017-10-24 | 联动优势科技有限公司 | The method and server of a kind of high in the clouds data storage |
CN107800688A (en) * | 2017-09-28 | 2018-03-13 | 南京理工大学 | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption |
CN108337220A (en) * | 2017-11-27 | 2018-07-27 | 中国电子科技集团公司电子科学研究院 | Data processing method, system and key server |
CN108200172A (en) * | 2018-01-03 | 2018-06-22 | 西安电子科技大学 | A kind of cloud storage system and method supported secure data duplicate removal and deleted |
CN108200172B (en) * | 2018-01-03 | 2020-12-08 | 西安电子科技大学 | Cloud storage system and method supporting safe data deduplication and deletion |
CN108400970A (en) * | 2018-01-20 | 2018-08-14 | 西安电子科技大学 | Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment |
CN108400970B (en) * | 2018-01-20 | 2020-10-02 | 西安电子科技大学 | Similar data message locking, encrypting and de-duplicating method in cloud environment and cloud storage system |
CN108600160A (en) * | 2018-03-09 | 2018-09-28 | 黄飞飞 | Communication protocol safety management system in a kind of Industry Control |
CN108776758B (en) * | 2018-04-13 | 2021-08-17 | 西安电子科技大学 | Block-level data deduplication method supporting dynamic ownership management in fog storage |
CN108776758A (en) * | 2018-04-13 | 2018-11-09 | 西安电子科技大学 | The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist |
CN108600263A (en) * | 2018-05-09 | 2018-09-28 | 电子科技大学 | A kind of safely and effectively client duplicate removal agreement proved based on possessing property |
CN108600263B (en) * | 2018-05-09 | 2020-09-25 | 电子科技大学 | Safe and effective client duplicate removal method based on possession certification |
CN109088720A (en) * | 2018-08-14 | 2018-12-25 | 广东工业大学 | A kind of encryption file De-weight method and device based on mixing cloud storage |
CN111385092B (en) * | 2018-12-28 | 2023-09-19 | 新唐科技股份有限公司 | Cipher device using information blinding and its cipher processing method |
CN111385092A (en) * | 2018-12-28 | 2020-07-07 | 新唐科技股份有限公司 | Cipher device using information blinding and cipher processing method thereof |
CN110109617A (en) * | 2019-04-22 | 2019-08-09 | 电子科技大学 | A kind of Metadata Management method in encryption data deduplication system |
CN110933149A (en) * | 2019-11-18 | 2020-03-27 | 湖南警察学院 | Cloud storage safety duplicate removal method and system |
CN111277572A (en) * | 2020-01-13 | 2020-06-12 | 深圳市赛为智能股份有限公司 | Cloud storage safety duplicate removal method and device, computer equipment and storage medium |
CN111355705B (en) * | 2020-02-08 | 2021-10-15 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
CN112887281A (en) * | 2021-01-13 | 2021-06-01 | 西安电子科技大学 | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
CN112887281B (en) * | 2021-01-13 | 2022-04-29 | 西安电子科技大学 | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
CN112954033A (en) * | 2021-02-02 | 2021-06-11 | 广东工业大学 | Cross-user cloud storage system repeated data deleting method |
CN113037732A (en) * | 2021-02-26 | 2021-06-25 | 南京大学 | Multi-user security encryption de-duplication method based on wide area network scene |
CN113037732B (en) * | 2021-02-26 | 2022-09-23 | 南京大学 | Multi-user security encryption de-duplication method based on wide area network scene |
CN114499843B (en) * | 2022-01-10 | 2023-07-14 | 河北大学 | Cloud data deduplication method based on edge cloud cooperation |
CN114499843A (en) * | 2022-01-10 | 2022-05-13 | 河北大学 | Cloud data deduplication method based on edge cloud cooperation |
CN115225409B (en) * | 2022-08-31 | 2022-12-06 | 成都泛联智存科技有限公司 | Cloud data safety duplicate removal method based on multi-backup joint verification |
CN115225409A (en) * | 2022-08-31 | 2022-10-21 | 成都泛联智存科技有限公司 | Cloud data safety deduplication method based on multi-backup joint verification |
CN115442162A (en) * | 2022-11-08 | 2022-12-06 | 四川公众项目咨询管理有限公司 | Cloud security deduplication method based on convergence encryption technology |
CN116599650A (en) * | 2023-07-14 | 2023-08-15 | 民航成都电子技术有限责任公司 | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium |
CN116599650B (en) * | 2023-07-14 | 2023-10-13 | 民航成都电子技术有限责任公司 | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105939191B (en) | 2019-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105939191B (en) | The client secure De-weight method of ciphertext data in a kind of cloud storage | |
Han et al. | Improving privacy and security in decentralized ciphertext-policy attribute-based encryption | |
EP3375129B1 (en) | Method for re-keying an encrypted data file | |
CN106254324B (en) | A kind of encryption method and device of storage file | |
US20180367298A1 (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
Yu et al. | Improved security of a dynamic remote data possession checking protocol for cloud storage | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
Shao et al. | Anonymous proxy re‐encryption | |
CN102420691B (en) | Certificate-based forward security signature method and system thereof | |
CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
CN107800688A (en) | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption | |
CN103095453A (en) | Public-key Encrypted Bloom Filters With Applications To Private Set Intersection | |
CN108347404B (en) | Identity authentication method and device | |
CN105721158A (en) | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system | |
CN103731261A (en) | Secret key distribution method under encrypted repeating data deleted scene | |
CN104468615A (en) | Data sharing based file access and permission change control method | |
CA2693133A1 (en) | Method and system for generating implicit certificates and applications to identity-based encryption (ibe) | |
Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
CN103780607A (en) | Repeating-data deleting method based on different permissions and system thereof | |
CN110336673B (en) | Block chain design method based on privacy protection | |
CN104993931A (en) | Multi-user encrypted search method in cloud storage | |
CN104219047A (en) | A signature verification method and apparatus | |
CN112382376A (en) | Medical instrument management tracing system based on block chain | |
Mukundan et al. | Replicated Data Integrity Verification in Cloud. | |
CN106453253A (en) | Efficient identity-based concealed signcryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |