CN106301789B - Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice - Google Patents
Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice Download PDFInfo
- Publication number
- CN106301789B CN106301789B CN201610674249.XA CN201610674249A CN106301789B CN 106301789 B CN106301789 B CN 106301789B CN 201610674249 A CN201610674249 A CN 201610674249A CN 106301789 B CN106301789 B CN 106301789B
- Authority
- CN
- China
- Prior art keywords
- signature
- data
- cloud server
- data block
- root node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a kind of dynamic verification methods for the cloud storage data that application is signed based on the linear homomorphism of lattice, including data integrity validation: generating the public key and private key of the linear homomorphism signature algorithm on lattice;Multiple data blocks are splitted the file into, are signed to each data block, the value that Merkel's Hash tree finds out root node is then based on, and sign to the value of root node, the signature of data block, the signature of data block and root node is sent to cloud server;The identifier of public key and file is supplied to auditing by third party, auditing by third party initiates challenge to cloud server and verifies whether the data block changes;Cloud server provides corresponding prove according to the challenge that auditing by third party is initiated;Whether auditing by third party according to the proof that cloud server provides judges data block complete, and verification result is fed back to user.The present invention can resist the quantum attack that the following quantum computer is initiated, and dynamic operation verifying in cloud is supported while guaranteeing user's private information.
Description
Technical field
The present invention relates to encryption technology field, the cloud storage signed more particularly to a kind of application based on the linear homomorphism of lattice
The dynamic verification method of data.
Background technique
Cloud storage is an infrastructure service of cloud computing, and cloud storage provider provides a large amount of memory space for user, is used
Family can access cloud data whenever and wherever possible, while providing convenient for user, also bring new security risk.User
It after local data is uploaded to cloud server, loses and data is directly controlled, malice cloud service provider may go out
In curious or other lost purposes snooping or the data for distorting user, therefore, the integrality of cloud data and available
Property become urgent problem to be solved.Difficulty of the general specification of cloud indentification protocol based on conventional cipher scheme to some difficult problem
Xie Xing, for example, the indentification protocol based on RSA signature algorithm, the bilinear map based on Diffie-Hellman difficult problem
Indentification protocol.Along with the development of science and technology, make it possible the appearance of quantum computer.Quantum computer can be more
Above-mentioned difficulties are solved the problems, such as in the item formula time, so that the data verification agreement based on conventional cipher scheme will be no longer safe.
According to current result of study, difficult problem there are no effective cracking trajectory, ask by the difficulty based on lattice on plaid matching
The cryptography scheme for inscribing construction, is an important directions of current password system research, according to the definition of lattice in document, based on lattice
Indentification protocol has the advantage that lattice are an addition abelian group on algebra, and lattice cryptography scheme mostly uses integer lattice, on lattice
Linear operation compared with exponent arithmetic efficiency improve a lot;Difficult problem based on lattice has ready-made specification to prove, guarantees
The safety of lattice password.The signature scheme of Gentry, Peikert and Vaikuntanathan design (is once referred to as GPV label
Name) it is used as standard digital signature scheme, become the basic tool of many lattice public key algorithms.F.Wang uses GPV signature structure
The linear homomorphism signature scheme (LHS) on two element field based on lattice is built, H.Liu has also been proposed cloud storage public affairs on the basis of LHS
There is proof scheme.However, this scheme does not support data dynamic authentication, in cloud storage verifying, due to having file or number often
According to insertion, modification or deletion, data dynamic authentication just shows increasingly important.
Summary of the invention
It is signed it is an object of the invention to overcome the deficiencies of the prior art and provide a kind of application based on the linear homomorphism of lattice
The dynamic verification method of cloud storage data uses linear homomorphism signature, Merkel's Hash tree and random oracle mould based on lattice
Safe impact resistant hash function under type constructs new cloud storage data dynamic verification method.
The purpose of the present invention is achieved through the following technical solutions: the cloud of linear homomorphism signature of the application based on lattice is deposited
The dynamic verification method of data is stored up, including data integrity validation, the data integrity validation include:
Key generates: public key and the private of the linear homomorphism signature algorithm on lattice are generated using the trapdoor base generating algorithm on lattice
Key;
Data block signature: multiple data blocks are divided documents into, using the linear homomorphism signature algorithm on lattice to each data
Block is signed, and the value that Merkel's Hash tree finds out root node is then based on, and sign to the value of root node, finally by data
The signature of block, the signature of data block and root node is sent to cloud server;
Third party's challenge: being supplied to auditing by third party for the identifier of public key and file, and auditing by third party is to cloud service
Whether the data block that device is initiated in challenge verifying cloud server changes;
Server proves: cloud server provides corresponding prove according to the challenge that auditing by third party is initiated;
Third-party authentication: auditing by third party judges the number in cloud server according to the proof that the cloud server provides
It is whether complete according to block, and verification result is fed back into user.
The mode that the key generates is as follows:
(pk,sk)←TrapGen(1n)
In formula, TrqpGen (1n) be lattice on trapdoor base generating algorithm, pk is public key, and sk is private key,For q system
M*m INTEGER MATRICES constitute group.
The data block is signed
File F is divided into l data block, F={ u1,u2,…,ul, wherein For the column vector structure of m dimension
At group;
Design factor1≤j≤n, wherein id is the identifier of file F, and j is indicated j-th
Data block,It is the impact resistant secure hash function under random oracle model, n indicates that system is joined safely
Number;
By factor alphajInner product is sought with each data blockEnable inner product vector Vi=(Vi1,
Vi2,…,Vin)T, 1≤i≤l, 1≤j≤n;
Call Sample Pre (A, T, σ, Vi) generate data block signature ei, 1≤i≤l enables signature set Φ={ e1,
e2,…,el,
Merkel's Hash tree is constructed according to signature set Φ, the leaf node of Merkel's Hash tree is by the e that signsiAccording to default
Sequence arranges;The value of non-leaf nodes uses impact resistant hash function by its child nodeIt obtains,
And calculate the value h of root nodeR;To the value h of root nodeRUsing Sample Pre (A, T, σ, hR) algorithm signs to it, obtain root
Signature Sig (the h of the value of nodeR);
User is by { F, Φ, id, Sig (hR) it is sent to cloud server CSP, and by file F, signature set Φ and signature
Sig(hR) from local deletion.
The data block signature further includes being signed using Sample Pre (A, T, σ, id) to the identifier id of file F
Name.
The third party challenges
Audit request AuditQuest=(Sig (id) | | id) is sent to auditing by third party by user, wherein Sig (id) table
Show the signature to identifier id;
After auditing by third party receives audit request AuditQuest=(Sig (id) | | id), signature Sig (id) is carried out
Verifying, if the signature Sig (id) is set up, auditing by third party arbitrarily chooses subsetAs wait sample
The indexed set of data, wherein [l]={ 1,2 ..., l }, S1≤S2≤…≤Sθ;Definition challenge chal={ id, ci,i}i∈I, ci
∈Ζq, wherein ciFor the random coefficient that auditing by third party is arbitrarily chosen, and chal={ id, c will be challengedi,i}i∈IIt is sent to cloud
Server.
The server proves
Cloud server receives challenge chal={ id, the c that auditing by third party is senti,i}i∈IAfterwards, matrix B=(α is taken1,
α2,…,αn), αj=H2(id | | j), 1≤j≤n;Define BCT=0 (modq), cloud server is calculatedCloud
End server randomly selectsCalculate ui'=CTpi+ui, 1≤i≤l;
Cloud server is according to chal={ id, ci,i}i∈ICalculate the data after the polymerization of data from the sample survey block:
Cloud server will demonstrate thatIt is sent to auditing by third party,
Middle ΩiIt is the auxiliary information that the brotgher of node of i-th of leaf node to root node is constituted.
The third-party authentication includes:
Auditing by third party receives the proof from cloud server
Afterwards, according toAcquire the value h ' of root nodeR, judge ASig (hR)=h 'RWithWhether at
It is vertical:
Illustrating cloud server if invalid, there are incomplete data blocks, return to 0;
If so, then, design factorIt calculatesIt enables
Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;According to the linear properties that BLS signs, aggregate signatureVerifying
Aecom=Vcom(mod q) andWhether set up, if so, then illustrate that data from the sample survey block is complete, return
1;Otherwise illustrate that data from the sample survey block is imperfect, return to 0.
The dynamic verification method further includes modification data:
User will modify data blockCorresponding signature is found out using the linear homomorphism signature algorithm based on latticeIt enables and updating
InformationAnd it will more new informationIt is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), and cloud server is according to modification
Data blockSubscript i by data block u to be modifiediReplace with modification data blockSign eiIt replaces withObtain fileSignature setAccording to signature set Φ*It calculates new
The value of root nodeCloud server will demonstrate thatIt is sent to user;
User is according to (Ωi,ei) find out corresponding Merkel's Hash tree MTH root node value h 'R, judge ASig (hR)
=h 'RWithWhether set up, if ASig (hR)≠h′R, then illustrate modify data before data block not
Completely;If so, then user is according to signature(Ωi,ei) find out the value h of root nodeRIfThen user is to root node
Value hRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, execute data integrity validation, data
After integrity verification success, by local modification data blockSignaturePUpdateWith Sig (hR) delete.
The dynamic verification method further includes insertion data:
User obtains insertion data block u using the linear homomorphism signature algorithm based on lattice*'Signature e*', and believe updating
Cease Update={ I, i, u*',e*'It is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), will be inserted into data block u*'Storage
Server beyond the clouds, by the e that signs*'It is placed on signature eiLater, file is obtainedSignature setCalculate the value of new root nodeCloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h "R, judge ASig (hR)=h "RWithWhether set up, if ASig (hR)≠h″R, then illustrate be inserted into data before data block it is imperfect;If
It sets up, then user is according to signature e*'(Ωi,ei) find out the value h of root nodeRIfThen value h of the user to root nodeR
It is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, execute data integrity validation, data integrity
After being proved to be successful, local block is inserted into data block u*', signature e*'、PUpdateWith Sig (hR) delete.
The dynamic verification method further includes deleting data:
User sends more new information Update={ D, i } to cloud server, and cloud server executes polynomial time and calculates
Method ExeUpdate (F, Φ, Update), the data block u that will be stored on cloud serveriAnd its signature eiIt deletes, obtains file
F={ u1,u2,…,ui-1,ui+1,…,ul, signature setCalculate new root node
ValueCloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h " 'R, judge ASig (hR)=h " 'RWithWhether set up, if ASig (hR)≠h″′R, then illustrate delete data before data block it is imperfect;
If so, then user is according to ΩiFind out the value h of root nodeRIfThen value h of the user to root nodeRSign
To Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, after data integrity validation success,
By local PUpdateWith Sig (hR) delete.
The beneficial effects of the present invention are:
(1) the linear homomorphism signature in the present invention based on lattice guarantees that can resist the quantum that the following quantum computer is initiated attacks
It hits, impact resistant hash function guarantees the unforgeable of user data, during the linear operation on lattice guarantees that operation efficiency is more traditional
Exponent arithmetic improve a lot;
(2) present invention supports the verifying of cloud dynamic operation, such as modification, insertion, the deletion of file or data;
(3) publicly-owned audit is supported, while being verified by auditing by third party, moreover it is possible to reach the mesh of secret protection
's.
Detailed description of the invention
Fig. 1 is a block schematic illustration of the invention;
Fig. 2 is the flow diagram of one embodiment of data integrity validation in the present invention;
Fig. 3 is the schematic diagram that one embodiment of data is modified in the present invention;
Fig. 4 is the schematic diagram that one embodiment of data is inserted into the present invention;
Fig. 5 is the schematic diagram that one embodiment of data is deleted in the present invention.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing, but protection scope of the present invention is not limited to
It is as described below.
As shown in Figure 1, data are uploaded to cloud server by user, due to the software and hardware facilities of user, time and meter
The limitation of calculation ability etc. can not accomplish the integrality for verifying the data for being uploaded to cloud server whenever and wherever possible, thus
It completes to verify by auditing by third party (Third Party Auditor, TPA).It is complete that user thinks that auditing by third party sends data
Whole property audit request, auditing by third party challenge sent to cloud server (CSP) according to the request of user to replace user into
Row verifying, finally feeds back to user for verification result again.
Embodiment one
As shown in Fig. 2, the dynamic verification method of the cloud storage data using the linear homomorphism signature based on lattice, including data
Integrity verification, the data integrity validation include:
S01. key generates: the public key of the linear homomorphism signature algorithm on lattice is generated using the trapdoor base generating algorithm on lattice
And private key.
The mode that key generates is as follows:
(pk,sk)←TrapGen(1n)
In formula, TrqpGen (1n) be lattice on trapdoor base generating algorithm, pk is public key, and sk is private key,For q system
M*m INTEGER MATRICES constitute group, matrix A is obtained at random from this group, and obedience is uniformly distributed.Setting do not have
As long as clearly stipulate that m*m is tieed up, and each element is integer modulus q.
S02. data block is signed: multiple data blocks is divided documents into, using the linear homomorphism signature algorithm on lattice to each
Data block is signed, and is then based on the value that Merkel's Hash tree finds out root node, and sign to the value of root node, will finally be counted
Cloud server is sent to according to the signature of block, the signature of data block and root node.
The data block is signed
S021. file F is divided into l data block, F={ u1,u2,…,ul, wherein It is the column of m dimension
The group that vector is constituted, the value of each element is that integer mould q is obtained.
S022. design factor1≤j≤n, wherein id is the identifier of file F, and j is indicated
J-th of data block,It is the impact resistant secure hash function under random oracle model, n indicates system peace
Population parameter.
S023. by factor alphajInner product is sought with each data blockEnable inner product vector Vi=(Vi1,
Vi2,…,Vin)T, 1≤i≤l, 1≤j≤n.
S024. SamplePre (A, T, σ, V are calledi) generate data block signature ei, 1≤i≤l, enable signature set Φ=
{e1,e2,…,el,Sample Pre(A,T,σ,Vi) it is a sampling algorithm on lattice, the encipherment scheme based on lattice
It is all built upon in LWE-learning with errors problem, and the amount of error of LWE problem is generally from Gauss discrete sampling
It obtains.
S025. Merkel's Hash tree (MHT) is constructed according to signature set Φ, the leaf node of Merkel's Hash tree is by signing
eiIt is arranged according to preset order;The value of non-leaf nodes uses impact resistant hash function by its child nodeIt obtains, and calculates the value h of root nodeR;To the value h of root nodeRUsing Sample Pre (A, T, σ,
hR) algorithm signs to it, obtain the signature Sig (h of the value of root nodeR)。
S026. user is by { F, Φ, id, Sig (hR) it is sent to cloud server CSP, and by file F, signature set Φ
With signature Sig (hR) from local deletion.
The data block signature further includes being signed using Sample Pre (A, T, σ, id) to the identifier id of file F
Name, signature algorithm are to inform that auditing by third party request comes from when third party challenges using Sample Pre (A, T, σ, id)
That user and the file to be verified.
S03. third party challenges: the identifier of public key and file being supplied to auditing by third party, auditing by third party is to cloud
Whether the data block that server is initiated in challenge verifying cloud server changes.
Third party challenge includes: user by audit request AuditQuest=(Sig (id) | | id) (AuditQuest
It is the audit request that user issues auditing by third party, content includes the id of the file to be audited and the signature to id;Again to id
Secondary signature is to tell this audit request of auditing by third party from specific user.Auditing by third party possesses user X's
Public key, if the signature verification of id does not pass through, illustrate request be not from user X, just do not receive request accept, this be in order to
Other users are avoided to pretend to be user X) it is sent to auditing by third party, wherein Sig (id) indicates the signature to identifier id;Third party
After audit receives audit request AuditQuest=(Sig (id) | | id), signature Sig (id) is verified, if the label
Name Sig (id) is invalid, then auditing by third party does not receive request, it is desirable that user retransmits;If the signature Sig (id) is set up,
Auditing by third party arbitrarily chooses subsetAs the indexed set to data from the sample survey, wherein [l]=1,
2 ..., l }, S1≤S2≤…≤Sθ;Definition challenge chal={ id, ci,i}i∈I, ci∈Ζq, wherein ciIt is any for auditing by third party
The random coefficient of selection, it is ensured that cloud server will not forge proof, and will challenge chal={ id, ci,i}i∈IIt is sent to cloud
Server, it is desirable that cloud server provides corresponding proof.
S04. server proves: cloud server provides corresponding prove according to the challenge that auditing by third party is initiated.
The server proof includes: that cloud server receives challenge chal={ id, c that auditing by third party is senti,
i}i∈IAfterwards, matrix B=(α is taken1,α2,…,αn), αj=H2(id | | j), 1≤j≤n;Define BCT=0 (mod q), cloud service
Device is calculatedCloud server randomly selectsCalculate ui'=CTpi+ui, 1≤i≤l, in this way processing
It is in order not to reveal any related data block u to auditing by third partyiInformation;Define BCT=0 purpose be determined by B with
Orthogonal Matrix C, then handle ui'=CTpi+ui,In,It is that the n dimensional vector that integer mould q is obtained is constituted
Group, piIt is exactly randomly selected in this group, it is therefore an objective to as coefficient, increase ui' safety, due to piIt is completely random
It obtains, auditing by third party is impossible to from ui' in obtain it is any about uiInformation, guarantee user data do not examined by third party
Meter is stolen.
Cloud server is according to chal={ id, ci,i}i∈ICalculate the data after the polymerization of data from the sample survey block:
Cloud server will demonstrate thatIt is sent to auditing by third party,
Middle ΩiIt is the auxiliary information that the brotgher of node of i-th of leaf node to root node is constituted.
S05. third-party authentication: auditing by third party judges in cloud server according to the proof that the cloud server provides
Data block it is whether complete, and verification result is fed back into user.
The third-party authentication includes: that auditing by third party receives the proof from cloud serverAfterwards, according toAcquire the value h ' of root nodeR, judge ASig
(hR)=h 'RWithWhether set up: (whether the signature for verifying root node herein is correct, it is therefore an objective to judge
Whether the received information for proving Proof is wrong, if the signature of root node is correct, ASig (hR)=h 'R,It sets up, then h 'RCalculating it is correct, to prove the Ω in ProofiWith Sig (hR) correct)
Illustrating cloud server if invalid, there are incomplete data blocks, return to 0;
If so, then, design factorIt calculatesIt enables
Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;According to the linear properties that BLS signs, aggregate signatureVerifying
Aecom=Vcom(mod q) andWhether set up, if so, then illustrate that data from the sample survey block is complete, return
1;Otherwise illustrate that data from the sample survey block is imperfect, return to 0.Verifying herein is the aggregated data U in order to prove data from the sample survey blockcom
Integrality.
In, eiIt is the value of the leaf node of Merkel's Hash tree, ΩiIt is i-th of leaf node to root node
Auxiliary information, be made of (in brief, always the brotgher of node of i-th leaf node and the brotgher of node of father's node
Information until it can obtain root node is all auxiliary information).
BLS: being a kind of abbreviation of signature, full name: Lattice-based Linear Signature, the line of former data block
Property combination constitute aggregated data;My acquisition methods of the signature of this aggregated data: because signature is linear homomorphism, then
Signature after polymerization can be the linear combination of the signature of former data block.
It indicatesWith αjInner product obtains, this subscript com
It is according to Ucom, indicate from data from the sample survey block polymerization (being in fact exactly linear combination), corresponding subscript just uses
Vcom,j。
Embodiment two
On the basis of example 1, in the present embodiment, the dynamic verification method further includes modification data: being indicated with M
The solicited message of data modification is carried out, with user by data block uiIt is revised asFor, user will modify data blockIt uses
Linear homomorphism signature algorithm based on lattice finds out corresponding signatureEnable more new informationAnd it will more
New informationIt is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), and cloud server is according to modification
Data blockSubscript i by data block u to be modifiediReplace with modification data blockSign eiIt replaces withObtain fileSignature setAccording to signature set Φ*It calculates new
The value of root nodeAs shown in figure 3, cloud server will demonstrate thatIt is sent to user;
PUpdateIt is the proof that cloud server is sent to whether the data of verifier correctly update, it may be assumed that Proof of updating's
Abbreviation, it is therefore an objective to be distinguished with Proof.
User is according to (Ωi,ei) find out corresponding Merkel's Hash tree MTH root node value h 'R, judge ASig (hR)
=h 'RWithWhether set up, if ASig (hR)≠h′R, then illustrate modify data before data block not
Completely;If so, then user is according to signature(Ωi,ei) find out the value h of root nodeRIfIllustrate cloud server
Data have been carried out according to the requirement of user and have updated operation, then value h of the user to root nodeRIt is signed to obtain Sig (hR), and will
Sig(hR) it is sent to cloud server, data integrity validation is executed, after data integrity validation success, by local modification
Data blockSignaturePUpdateWith Sig (hR) delete.
In Fig. 3, the value of the 3rd data block is changed, is successively calculatedha=H1(hc||hd), thus
Embodiment three
On the basis of example 1, in the present embodiment, the dynamic verification method further includes modification data: being indicated with I
The solicited message for carrying out data insertion, adds data block u with user after i-th of data block*'For.
The dynamic verification method further includes insertion data: user is inserted using the linear homomorphism signature algorithm based on lattice
Enter data block u*'Signature e*', and will more new information Update={ I, i, u*',e*'It is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), will be inserted into data block u*'Storage
Server beyond the clouds, by the e that signs*'It is placed on signature eiLater, file is obtainedSignature setCalculate the value of new root node(as shown in Figure 4);Cloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h "R, judge ASig (hR)=h "RWithWhether set up, if ASig (hR) ≠ h " R, the then data block before illustrating to be inserted into data are imperfect;
If so, then user is according to signature e*'(Ωi,ei) find out the value h of root nodeRIfIllustrate cloud server according to
The requirement of user has carried out the operation of data insertion, then value h of the user to root nodeRIt is signed to obtain Sig (hR), and by Sig
(hR) it is sent to cloud server, data integrity validation is executed, after data integrity validation success, by local block insert number
According to block u*', signature e*'、PUpdateWith Sig (hR) delete.
In Fig. 4, new data block e is entered and left at the 4th node*', then node hg=H1(e4||e*'), successively calculate,
It finds out
Example IV
On the basis of example 1, in the present embodiment, the dynamic verification method further includes modification data: being indicated with D
Carry out the solicited message of data deletion.
The dynamic verification method further includes deleting data: user sends more new information Update={ D, i } and takes to cloud
Business device, cloud server execute polynomial time algorithm ExeUpdate (F, Φ, Update), will be stored on cloud server
Data block uiAnd its signature eiIt deletes, obtains file F={ u1,u2,…,ui-1,ui+1,…,ul, signature set Φ*"={ e1,
e2,…,ei-1,ei+1..., el, calculate the value of new root node(as shown in Figure 5), cloud server willIt is sent to user.
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h " 'R, judge ASig (hR)=h " 'RWithWhether set up, if ASig (hR) ≠ h " ' R, the then data block before illustrating to delete data are imperfect;
If so, then user is according to ΩiFind out the value h of root nodeRIfIllustrate cloud server according to user requirement into
The operation that data of having gone are deleted, then value h of the user to root nodeRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud
Server is held, data integrity validation is executed, after data integrity validation success, by local PUpdateWith Sig (hR) delete.
The 3rd data block is deleted in the figure, it is only necessary to take hd=e4?.
The above is only a preferred embodiment of the present invention, it should be understood that the present invention is not limited to described herein
Form should not be regarded as an exclusion of other examples, and can be used for other combinations, modifications, and environments, and can be at this
In the text contemplated scope, modifications can be made through the above teachings or related fields of technology or knowledge.And those skilled in the art institute into
Capable modifications and changes do not depart from the spirit and scope of the present invention, then all should be in the protection scope of appended claims of the present invention
It is interior.
Claims (8)
1. the dynamic verification method of the cloud storage data of linear homomorphism signature of the application based on lattice, which is characterized in that including data
Integrity verification, the data integrity validation include:
Key generates: the public key and private key of the linear homomorphism signature algorithm on lattice are generated using the trapdoor base generating algorithm on lattice;
Data block signature: divide documents into multiple data blocks, using the linear homomorphism signature algorithm on lattice to each data block into
Row signature is then based on the value that Merkel's Hash tree finds out root node, and signs to the value of root node, finally by data block, number
Cloud server is sent to according to the signature of block and the signature of root node;
Third party's challenge: the identifier of public key and file is supplied to auditing by third party, auditing by third party is sent out to cloud server
Whether the data block risen in challenge verifying cloud server changes;
Server proves: cloud server provides corresponding prove according to the challenge that auditing by third party is initiated;
Third-party authentication: auditing by third party judges the data block in cloud server according to the proof that the cloud server provides
It is whether complete, and verification result is fed back into user;
The data block is signed
File F is divided into l data block, F={ u1,u2,…,ul, wherein It is constituted for the column vector that m is tieed up
Group;
Design factor1≤j≤n, wherein id is the identifier of file F, and j indicates j-th of data block,
H2(·):It is the impact resistant secure hash function under random oracle model, n indicates system security parameter;
By factor alphajInner product is sought with each data blockEnable inner product vector Vi=(Vi1, Vi2..., Vin)T,
1≤i≤l,1≤j≤n;
Call SamplePre (A, T, σ, Vi) generate data block signature ei, 1≤i≤l enables signature set Φ={ e1,e2,…,
el,
Merkel's Hash tree is constructed according to signature set Φ, the leaf node of Merkel's Hash tree is by the e that signsiAccording to preset order
It arranges;The value of non-leaf nodes uses impact resistant hash function H by its child node1(·):It obtains, and counts
Calculate the value h of root nodeR;To the value h of root nodeRUsing SamplePre (A, T, σ, hR) algorithm signs to it, obtain root node
Value signature Sig (hR);
User is by { F, Φ, id, Sig (hR) it is sent to cloud server CSP, and by file F, signature set Φ and signature Sig
(hR) from local deletion;
The data block signature further includes being signed using SamplePre (A, T, σ, id) to the identifier id of file F.
2. the dynamic verification method for the cloud storage data that application according to claim 1 is signed based on the linear homomorphism of lattice,
It is characterized in that the mode that the key generates is as follows:
(pk,sk)←TrapGen(1n)
In formula, TrapGen (1n) be lattice on trapdoor base generating algorithm, pk is public key, and sk is private key,For the m*m of q system
The group that INTEGER MATRICES is constituted.
3. the dynamic verification method for the cloud storage data that application according to claim 1 is signed based on the linear homomorphism of lattice,
It is characterized in that third party's challenge includes:
Audit request AuditQuest=(Sig (id) | | id) is sent to auditing by third party by user, and wherein Sig (id) is indicated pair
The signature of identifier id;
After auditing by third party receives audit request AuditQuest=(Sig (id) | | id), signature Sig (id) is tested
Card, if the signature Sig (id) is set up, auditing by third party arbitrarily chooses subsetAs to data from the sample survey
Indexed set, wherein [l]={ 1,2 ..., L }, S1≤S2≤…≤Sθ;Definition challenge chal={ id, ci, i } and i ∈ I, ci∈
Zq, wherein ci is the random coefficient that auditing by third party is arbitrarily chosen, and will challenge chal={ id, ci, i } and i ∈ I is sent to cloud
Server.
4. the dynamic verification method for the cloud storage data that application according to claim 3 is signed based on the linear homomorphism of lattice,
It is characterized in that the server proof includes:
Cloud server receives challenge chal={ id, the c that auditing by third party is senti, i } and after i ∈ I, take matrix B=(a1,
a2,…,an), aj=H2(id | | j), 1≤j≤n;Define BCT=0 (modq), cloud server is calculatedCloud
Server randomly selectsCalculate u'i=CTpi+ui, 1≤i≤l;
Cloud server is according to chal={ id, ci, i } i ∈ I calculate data from the sample survey block polymerization after data:
Cloud server will demonstrate thatIt is sent to auditing by third party, wherein Ωi
It is the auxiliary information that the brotgher of node of i-th of leaf node to root node is constituted.
5. the dynamic verification method for the cloud storage data that application according to claim 4 is signed based on the linear homomorphism of lattice,
It is characterized in that the third-party authentication includes:
Auditing by third party receives the proof from cloud serverAfterwards,
According toAcquire the value h' of root nodeR, judge ASig (hR)=h'RWithWhether set up:
Illustrating cloud server if invalid, there are incomplete data blocks, return to 0;
If so, then, design factorIt calculatesEnable Vcom=
(VCom, 1,VCom, 2... VCom, n)T;According to the linear properties that BLS signs, aggregate signatureVerify Aecom=
Vcom(modq) andWhether set up, if so, then illustrate that data from the sample survey block is complete, return 1;Otherwise
Illustrate that data from the sample survey block is imperfect, returns to 0.
6. the dynamic verification method for the cloud storage data that application according to claim 4 is signed based on the linear homomorphism of lattice,
It is characterized in that the dynamic verification method further includes modification data:
User will modify data blockCorresponding signature is found out using the linear homomorphism signature algorithm based on latticeEnable more new informationAnd it will more new informationIt is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), and cloud server is according to modification data
BlockSubscript i by data block u to be modifiediReplace with modification data blockSign eiIt replaces withObtain fileSignature setIt is calculated according to signature set Φ *
The value of new root nodeCloud server will demonstrate thatIt is sent to user;
User is according to (Ωi,ei) find out corresponding Merkel's Hash tree MHT root node value h'R, judge ASig (hR)=h'R
WithWhether set up, if ASig (hR)≠h'R, then illustrate modify data before data block it is endless
It is whole;If so, then user is according to signature(Ωi,ei) find out the value h of root nodeRIfThen user is to root node
Value hRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, data are complete
After integrity verification success, by local modification data blockSignaturePUpdate and Sig (hR) delete.
7. the dynamic verification method for the cloud storage data that application according to claim 4 is signed based on the linear homomorphism of lattice,
It is characterized in that the dynamic verification method further includes insertion data:
User obtains insertion data block u using the linear homomorphism signature algorithm based on lattice*′Signature e*′, and will more new information
Update={ I, i, u*′,e*′It is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), will be inserted into data block u*′It is stored in cloud
Server is held, by the e that signs*′It is placed on signature eiLater, file is obtainedSignature setCalculate the value of new root nodeCloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h "R, judge ASig (hR)=h "RWithWhether set up, if ASig (hR)≠h”R, then illustrate be inserted into data before data block it is imperfect;
If so, then user is according to signature e*′(Ωi,ei) find out the value h of root nodeRIfThen value of the user to root node
hRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, data are complete
Property be proved to be successful after, local block is inserted into data block u*′, signature e*′、PUpdateWith Sig (hR) delete.
8. the dynamic verification method for the cloud storage data that application according to claim 1 is signed based on the linear homomorphism of lattice,
It is characterized in that the dynamic verification method further includes deleting data:
User sends more new information Update={ D, i } to cloud server, and cloud server executes polynomial time algorithm
ExeUpdate (F, Φ, Update), the data block u that will be stored on cloud serveriAnd its signature eiIt deletes, obtains file F
={ u1,u2,…ui-1, ui+1..., ul, signature set Φ * "={ e1,e2,…,ei-1,ei+1,…,e1, calculate new root node
ValueCloud server willIt is sent to user;
User finds out value h " ' the R of the root node of Merkel's Hash tree according to (Ω i, ei), judges ASig (hR)=h " ' R andWhether set up, if ASig (hR) ≠ h " ' R, the then data block before illustrating to delete data are endless
It is whole;If so, then user is according to ΩiFind out the value h of root nodeRIfThen value h of the user to root nodeRIt signs
Obtain Sig (hR), and by Sig (hR) it is sent to cloud server, execute data integrity validation, data integrity validation success
Afterwards, by local PUpdateWith Sig (hR) delete.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610674249.XA CN106301789B (en) | 2016-08-16 | 2016-08-16 | Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610674249.XA CN106301789B (en) | 2016-08-16 | 2016-08-16 | Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106301789A CN106301789A (en) | 2017-01-04 |
CN106301789B true CN106301789B (en) | 2019-07-09 |
Family
ID=57678101
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610674249.XA Active CN106301789B (en) | 2016-08-16 | 2016-08-16 | Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106301789B (en) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106788963B (en) * | 2017-01-05 | 2020-02-14 | 河南理工大学 | Improved identity-based full homomorphic encryption method on lattice |
CN107124272A (en) * | 2017-05-02 | 2017-09-01 | 西南石油大学 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
CN107395355B (en) * | 2017-06-12 | 2020-12-11 | 广东工业大学 | Cloud storage data integrity verification method based on implicit trusted third party |
CN107360156B (en) * | 2017-07-10 | 2019-10-29 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
CN107483585B (en) * | 2017-08-18 | 2020-03-10 | 西安电子科技大学 | Efficient data integrity auditing system and method supporting safe deduplication in cloud environment |
CN107592203A (en) * | 2017-09-25 | 2018-01-16 | 深圳技术大学筹备办公室 | A kind of aggregate signature method and its system based on lattice |
CN108123934B (en) * | 2017-12-06 | 2021-02-19 | 深圳先进技术研究院 | Mobile-end-oriented data integrity verification method |
CN108566278B (en) * | 2018-03-21 | 2020-04-14 | 北京金堤科技有限公司 | Data cooperation method and device |
CN108629040A (en) * | 2018-05-11 | 2018-10-09 | 北京奇虎科技有限公司 | Data proof of possession method, apparatus and system |
CN109586896B (en) * | 2018-11-14 | 2021-09-03 | 陕西师范大学 | Data integrity verification method based on Hash prefix tree |
CN109687969B (en) * | 2018-12-03 | 2021-10-15 | 上海扈民区块链科技有限公司 | Lattice-based digital signature method based on key consensus |
CN109981736B (en) * | 2019-02-22 | 2021-09-21 | 南京理工大学 | Dynamic public auditing method supporting mutual trust of user and cloud server |
CN110351362A (en) * | 2019-07-12 | 2019-10-18 | 全链通有限公司 | Data verification method, equipment and computer readable storage medium |
WO2021061833A1 (en) * | 2019-09-26 | 2021-04-01 | Visa International Service Association | Lattice based signatures with uniform secrets |
CN110752932B (en) * | 2019-10-18 | 2022-09-27 | 西安建筑科技大学 | Efficient cloud data integrity verification method suitable for third-party audit |
CN110781524B (en) * | 2019-10-29 | 2023-05-05 | 陕西师范大学 | Integrity verification method for data in hybrid cloud storage |
CN112311548A (en) * | 2020-03-25 | 2021-02-02 | 北京沃东天骏信息技术有限公司 | Data possession verification method, system, apparatus, and computer-readable storage medium |
CN112217629B (en) * | 2020-10-13 | 2022-07-22 | 安徽大学 | Cloud storage public auditing method |
CN112291236B (en) * | 2020-10-28 | 2022-06-21 | 青岛大学 | Cloud data ownership verification method, device, equipment and medium |
CN112637203A (en) * | 2020-12-18 | 2021-04-09 | 中国人民解放军战略支援部队信息工程大学 | Large data stream verification method and system |
CN112699123A (en) * | 2020-12-30 | 2021-04-23 | 武汉大学 | Method and system for verifying existence and integrity of data in data storage system |
CN115708339B (en) * | 2021-08-20 | 2024-03-12 | 清华大学 | Data processing method, device and storage medium |
CN114629661B (en) * | 2022-04-27 | 2024-02-23 | 中国科学技术大学 | Encryption information processing method and device |
CN116049897B (en) * | 2023-03-30 | 2023-12-01 | 北京华隐熵策数据科技有限公司 | Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption |
CN116319112B (en) * | 2023-05-24 | 2023-09-22 | 中国人民解放军军事科学院系统工程研究院 | Message integrity verification method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103218574A (en) * | 2013-04-09 | 2013-07-24 | 电子科技大学 | Hash tree-based data dynamic operation verifiability method |
CN103778387A (en) * | 2014-01-06 | 2014-05-07 | 中国科学技术大学苏州研究院 | Big-data dynamic memory integrity verification method based on lattice |
CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
CN104902027A (en) * | 2015-06-12 | 2015-09-09 | 电子科技大学 | Cloud storage service-oriented dynamic data integrity auditing program |
-
2016
- 2016-08-16 CN CN201610674249.XA patent/CN106301789B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103218574A (en) * | 2013-04-09 | 2013-07-24 | 电子科技大学 | Hash tree-based data dynamic operation verifiability method |
CN103778387A (en) * | 2014-01-06 | 2014-05-07 | 中国科学技术大学苏州研究院 | Big-data dynamic memory integrity verification method based on lattice |
CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
CN104902027A (en) * | 2015-06-12 | 2015-09-09 | 电子科技大学 | Cloud storage service-oriented dynamic data integrity auditing program |
Non-Patent Citations (8)
Title |
---|
一种基于同态标签的动态云存储数据完整性验证方法;胡德敏,余星;《计算机应用研究》;20140531(第5期);第1362-1365页 |
一种基于格的代理签名方案;余磊;《计算机工程》;20131031;第39卷(第10期);第123-126页 |
云存储中一种基于格的数据完整性验证方法;谭霜,何力等;《计算机研究与发展》;20150801;第52卷(第8期);第1862-1872页 |
云存储中的数据完整性证明研究及进展;谭霜,贾焰,韩伟红;《计算机学报》;20150131;第38卷(第1期);第164-177页 |
云存储服务中支持动态数据完整性检测方法;胡德敏,余星;《计算机应用研究》;20141031;第31卷(第10期);第3056-3060页 |
云存储服务的动态数据完整性审计方案;秦志光,王士雨,等;《计算机研究与发展》;20151030;第52卷(第10期);第2192-2199页 |
基于同态哈希函数的云数据完整性验证算法;周锐,王晓明;《计算机工程》;20140630;第40卷(第6期);第64-69页 |
基于格的大数据动态存储完整性验证方案;李雪晓,叶云等;《技术研究》;20140430(第4期);第46-50页 |
Also Published As
Publication number | Publication date |
---|---|
CN106301789A (en) | 2017-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106301789B (en) | Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice | |
Fu et al. | NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users | |
Freeman | Improved security for linearly homomorphic signatures: A generic framework | |
Boyle et al. | Functional signatures and pseudorandom functions | |
Ng et al. | Private data deduplication protocols in cloud storage | |
Wang et al. | Ring signature schemes from lattice basis delegation | |
WO2019076020A1 (en) | Identity authentication method and system, as well as computing device and storage medium | |
CN105787389A (en) | Cloud file integrity public audit evidence generating method and public auditing method | |
CN109088719B (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
US11546166B2 (en) | Hash tree computation device | |
Wei et al. | Forward-secure identity-based signature with efficient revocation | |
KR101404642B1 (en) | System and method for lattice-based certificateless signature | |
US20230318813A1 (en) | Adaptive Multiparty Non-Interactive Key Exchange | |
Perera et al. | Almost fully anonymous attribute-based group signatures with verifier-local revocation and member registration from lattice assumptions | |
Chen et al. | Lattice-based unidirectional infinite-use proxy re-signatures with private re-signature key | |
Yanhua et al. | Lattice-based sequential aggregate signatures with lazy verification | |
CN107046465B (en) | Intrusion-tolerant cloud storage data auditing method | |
CN111082932B (en) | Anti-repudiation identification private key generation and digital signature method, system and device | |
CN110505052B (en) | Cloud data public verification method for protecting data privacy | |
JP2014157354A (en) | Cryptographic devices and methods for generating and verifying linearly homomorphic structure-preserving signatures | |
Xu et al. | Public verifiable proof of storage protocol from lattice assumption | |
Wichs | Leveled fully homomorphic signatures from standard lattices | |
Wen et al. | Improved lattice-based ring signature schemes from basis delegation | |
Duan et al. | Lightweight key management system for inter-node communication in IoT | |
CN112217629A (en) | Cloud storage public auditing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |