CN106301789B - Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice - Google Patents

Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice Download PDF

Info

Publication number
CN106301789B
CN106301789B CN201610674249.XA CN201610674249A CN106301789B CN 106301789 B CN106301789 B CN 106301789B CN 201610674249 A CN201610674249 A CN 201610674249A CN 106301789 B CN106301789 B CN 106301789B
Authority
CN
China
Prior art keywords
signature
data
cloud server
data block
root node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610674249.XA
Other languages
Chinese (zh)
Other versions
CN106301789A (en
Inventor
王玉秀
文红
廖力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201610674249.XA priority Critical patent/CN106301789B/en
Publication of CN106301789A publication Critical patent/CN106301789A/en
Application granted granted Critical
Publication of CN106301789B publication Critical patent/CN106301789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a kind of dynamic verification methods for the cloud storage data that application is signed based on the linear homomorphism of lattice, including data integrity validation: generating the public key and private key of the linear homomorphism signature algorithm on lattice;Multiple data blocks are splitted the file into, are signed to each data block, the value that Merkel's Hash tree finds out root node is then based on, and sign to the value of root node, the signature of data block, the signature of data block and root node is sent to cloud server;The identifier of public key and file is supplied to auditing by third party, auditing by third party initiates challenge to cloud server and verifies whether the data block changes;Cloud server provides corresponding prove according to the challenge that auditing by third party is initiated;Whether auditing by third party according to the proof that cloud server provides judges data block complete, and verification result is fed back to user.The present invention can resist the quantum attack that the following quantum computer is initiated, and dynamic operation verifying in cloud is supported while guaranteeing user's private information.

Description

Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice
Technical field
The present invention relates to encryption technology field, the cloud storage signed more particularly to a kind of application based on the linear homomorphism of lattice The dynamic verification method of data.
Background technique
Cloud storage is an infrastructure service of cloud computing, and cloud storage provider provides a large amount of memory space for user, is used Family can access cloud data whenever and wherever possible, while providing convenient for user, also bring new security risk.User It after local data is uploaded to cloud server, loses and data is directly controlled, malice cloud service provider may go out In curious or other lost purposes snooping or the data for distorting user, therefore, the integrality of cloud data and available Property become urgent problem to be solved.Difficulty of the general specification of cloud indentification protocol based on conventional cipher scheme to some difficult problem Xie Xing, for example, the indentification protocol based on RSA signature algorithm, the bilinear map based on Diffie-Hellman difficult problem Indentification protocol.Along with the development of science and technology, make it possible the appearance of quantum computer.Quantum computer can be more Above-mentioned difficulties are solved the problems, such as in the item formula time, so that the data verification agreement based on conventional cipher scheme will be no longer safe.
According to current result of study, difficult problem there are no effective cracking trajectory, ask by the difficulty based on lattice on plaid matching The cryptography scheme for inscribing construction, is an important directions of current password system research, according to the definition of lattice in document, based on lattice Indentification protocol has the advantage that lattice are an addition abelian group on algebra, and lattice cryptography scheme mostly uses integer lattice, on lattice Linear operation compared with exponent arithmetic efficiency improve a lot;Difficult problem based on lattice has ready-made specification to prove, guarantees The safety of lattice password.The signature scheme of Gentry, Peikert and Vaikuntanathan design (is once referred to as GPV label Name) it is used as standard digital signature scheme, become the basic tool of many lattice public key algorithms.F.Wang uses GPV signature structure The linear homomorphism signature scheme (LHS) on two element field based on lattice is built, H.Liu has also been proposed cloud storage public affairs on the basis of LHS There is proof scheme.However, this scheme does not support data dynamic authentication, in cloud storage verifying, due to having file or number often According to insertion, modification or deletion, data dynamic authentication just shows increasingly important.
Summary of the invention
It is signed it is an object of the invention to overcome the deficiencies of the prior art and provide a kind of application based on the linear homomorphism of lattice The dynamic verification method of cloud storage data uses linear homomorphism signature, Merkel's Hash tree and random oracle mould based on lattice Safe impact resistant hash function under type constructs new cloud storage data dynamic verification method.
The purpose of the present invention is achieved through the following technical solutions: the cloud of linear homomorphism signature of the application based on lattice is deposited The dynamic verification method of data is stored up, including data integrity validation, the data integrity validation include:
Key generates: public key and the private of the linear homomorphism signature algorithm on lattice are generated using the trapdoor base generating algorithm on lattice Key;
Data block signature: multiple data blocks are divided documents into, using the linear homomorphism signature algorithm on lattice to each data Block is signed, and the value that Merkel's Hash tree finds out root node is then based on, and sign to the value of root node, finally by data The signature of block, the signature of data block and root node is sent to cloud server;
Third party's challenge: being supplied to auditing by third party for the identifier of public key and file, and auditing by third party is to cloud service Whether the data block that device is initiated in challenge verifying cloud server changes;
Server proves: cloud server provides corresponding prove according to the challenge that auditing by third party is initiated;
Third-party authentication: auditing by third party judges the number in cloud server according to the proof that the cloud server provides It is whether complete according to block, and verification result is fed back into user.
The mode that the key generates is as follows:
(pk,sk)←TrapGen(1n)
In formula, TrqpGen (1n) be lattice on trapdoor base generating algorithm, pk is public key, and sk is private key,For q system M*m INTEGER MATRICES constitute group.
The data block is signed
File F is divided into l data block, F={ u1,u2,…,ul, wherein For the column vector structure of m dimension At group;
Design factor1≤j≤n, wherein id is the identifier of file F, and j is indicated j-th Data block,It is the impact resistant secure hash function under random oracle model, n indicates that system is joined safely Number;
By factor alphajInner product is sought with each data blockEnable inner product vector Vi=(Vi1, Vi2,…,Vin)T, 1≤i≤l, 1≤j≤n;
Call Sample Pre (A, T, σ, Vi) generate data block signature ei, 1≤i≤l enables signature set Φ={ e1, e2,…,el,
Merkel's Hash tree is constructed according to signature set Φ, the leaf node of Merkel's Hash tree is by the e that signsiAccording to default Sequence arranges;The value of non-leaf nodes uses impact resistant hash function by its child nodeIt obtains, And calculate the value h of root nodeR;To the value h of root nodeRUsing Sample Pre (A, T, σ, hR) algorithm signs to it, obtain root Signature Sig (the h of the value of nodeR);
User is by { F, Φ, id, Sig (hR) it is sent to cloud server CSP, and by file F, signature set Φ and signature Sig(hR) from local deletion.
The data block signature further includes being signed using Sample Pre (A, T, σ, id) to the identifier id of file F Name.
The third party challenges
Audit request AuditQuest=(Sig (id) | | id) is sent to auditing by third party by user, wherein Sig (id) table Show the signature to identifier id;
After auditing by third party receives audit request AuditQuest=(Sig (id) | | id), signature Sig (id) is carried out Verifying, if the signature Sig (id) is set up, auditing by third party arbitrarily chooses subsetAs wait sample The indexed set of data, wherein [l]={ 1,2 ..., l }, S1≤S2≤…≤Sθ;Definition challenge chal={ id, ci,i}i∈I, ci ∈Ζq, wherein ciFor the random coefficient that auditing by third party is arbitrarily chosen, and chal={ id, c will be challengedi,i}i∈IIt is sent to cloud Server.
The server proves
Cloud server receives challenge chal={ id, the c that auditing by third party is senti,i}i∈IAfterwards, matrix B=(α is taken1, α2,…,αn), αj=H2(id | | j), 1≤j≤n;Define BCT=0 (modq), cloud server is calculatedCloud End server randomly selectsCalculate ui'=CTpi+ui, 1≤i≤l;
Cloud server is according to chal={ id, ci,i}i∈ICalculate the data after the polymerization of data from the sample survey block:
Cloud server will demonstrate thatIt is sent to auditing by third party, Middle ΩiIt is the auxiliary information that the brotgher of node of i-th of leaf node to root node is constituted.
The third-party authentication includes:
Auditing by third party receives the proof from cloud server Afterwards, according toAcquire the value h ' of root nodeR, judge ASig (hR)=h 'RWithWhether at It is vertical:
Illustrating cloud server if invalid, there are incomplete data blocks, return to 0;
If so, then, design factorIt calculatesIt enables Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;According to the linear properties that BLS signs, aggregate signatureVerifying Aecom=Vcom(mod q) andWhether set up, if so, then illustrate that data from the sample survey block is complete, return 1;Otherwise illustrate that data from the sample survey block is imperfect, return to 0.
The dynamic verification method further includes modification data:
User will modify data blockCorresponding signature is found out using the linear homomorphism signature algorithm based on latticeIt enables and updating InformationAnd it will more new informationIt is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), and cloud server is according to modification Data blockSubscript i by data block u to be modifiediReplace with modification data blockSign eiIt replaces withObtain fileSignature setAccording to signature set Φ*It calculates new The value of root nodeCloud server will demonstrate thatIt is sent to user;
User is according to (Ωi,ei) find out corresponding Merkel's Hash tree MTH root node value h 'R, judge ASig (hR) =h 'RWithWhether set up, if ASig (hR)≠h′R, then illustrate modify data before data block not Completely;If so, then user is according to signaturei,ei) find out the value h of root nodeRIfThen user is to root node Value hRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, execute data integrity validation, data After integrity verification success, by local modification data blockSignaturePUpdateWith Sig (hR) delete.
The dynamic verification method further includes insertion data:
User obtains insertion data block u using the linear homomorphism signature algorithm based on lattice*'Signature e*', and believe updating Cease Update={ I, i, u*',e*'It is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), will be inserted into data block u*'Storage Server beyond the clouds, by the e that signs*'It is placed on signature eiLater, file is obtainedSignature setCalculate the value of new root nodeCloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h "R, judge ASig (hR)=h "RWithWhether set up, if ASig (hR)≠h″R, then illustrate be inserted into data before data block it is imperfect;If It sets up, then user is according to signature e*'i,ei) find out the value h of root nodeRIfThen value h of the user to root nodeR It is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, execute data integrity validation, data integrity After being proved to be successful, local block is inserted into data block u*', signature e*'、PUpdateWith Sig (hR) delete.
The dynamic verification method further includes deleting data:
User sends more new information Update={ D, i } to cloud server, and cloud server executes polynomial time and calculates Method ExeUpdate (F, Φ, Update), the data block u that will be stored on cloud serveriAnd its signature eiIt deletes, obtains file F={ u1,u2,…,ui-1,ui+1,…,ul, signature setCalculate new root node ValueCloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h " 'R, judge ASig (hR)=h " 'RWithWhether set up, if ASig (hR)≠h″′R, then illustrate delete data before data block it is imperfect; If so, then user is according to ΩiFind out the value h of root nodeRIfThen value h of the user to root nodeRSign To Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, after data integrity validation success, By local PUpdateWith Sig (hR) delete.
The beneficial effects of the present invention are:
(1) the linear homomorphism signature in the present invention based on lattice guarantees that can resist the quantum that the following quantum computer is initiated attacks It hits, impact resistant hash function guarantees the unforgeable of user data, during the linear operation on lattice guarantees that operation efficiency is more traditional Exponent arithmetic improve a lot;
(2) present invention supports the verifying of cloud dynamic operation, such as modification, insertion, the deletion of file or data;
(3) publicly-owned audit is supported, while being verified by auditing by third party, moreover it is possible to reach the mesh of secret protection 's.
Detailed description of the invention
Fig. 1 is a block schematic illustration of the invention;
Fig. 2 is the flow diagram of one embodiment of data integrity validation in the present invention;
Fig. 3 is the schematic diagram that one embodiment of data is modified in the present invention;
Fig. 4 is the schematic diagram that one embodiment of data is inserted into the present invention;
Fig. 5 is the schematic diagram that one embodiment of data is deleted in the present invention.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing, but protection scope of the present invention is not limited to It is as described below.
As shown in Figure 1, data are uploaded to cloud server by user, due to the software and hardware facilities of user, time and meter The limitation of calculation ability etc. can not accomplish the integrality for verifying the data for being uploaded to cloud server whenever and wherever possible, thus It completes to verify by auditing by third party (Third Party Auditor, TPA).It is complete that user thinks that auditing by third party sends data Whole property audit request, auditing by third party challenge sent to cloud server (CSP) according to the request of user to replace user into Row verifying, finally feeds back to user for verification result again.
Embodiment one
As shown in Fig. 2, the dynamic verification method of the cloud storage data using the linear homomorphism signature based on lattice, including data Integrity verification, the data integrity validation include:
S01. key generates: the public key of the linear homomorphism signature algorithm on lattice is generated using the trapdoor base generating algorithm on lattice And private key.
The mode that key generates is as follows:
(pk,sk)←TrapGen(1n)
In formula, TrqpGen (1n) be lattice on trapdoor base generating algorithm, pk is public key, and sk is private key,For q system M*m INTEGER MATRICES constitute group, matrix A is obtained at random from this group, and obedience is uniformly distributed.Setting do not have As long as clearly stipulate that m*m is tieed up, and each element is integer modulus q.
S02. data block is signed: multiple data blocks is divided documents into, using the linear homomorphism signature algorithm on lattice to each Data block is signed, and is then based on the value that Merkel's Hash tree finds out root node, and sign to the value of root node, will finally be counted Cloud server is sent to according to the signature of block, the signature of data block and root node.
The data block is signed
S021. file F is divided into l data block, F={ u1,u2,…,ul, wherein It is the column of m dimension The group that vector is constituted, the value of each element is that integer mould q is obtained.
S022. design factor1≤j≤n, wherein id is the identifier of file F, and j is indicated J-th of data block,It is the impact resistant secure hash function under random oracle model, n indicates system peace Population parameter.
S023. by factor alphajInner product is sought with each data blockEnable inner product vector Vi=(Vi1, Vi2,…,Vin)T, 1≤i≤l, 1≤j≤n.
S024. SamplePre (A, T, σ, V are calledi) generate data block signature ei, 1≤i≤l, enable signature set Φ= {e1,e2,…,el,Sample Pre(A,T,σ,Vi) it is a sampling algorithm on lattice, the encipherment scheme based on lattice It is all built upon in LWE-learning with errors problem, and the amount of error of LWE problem is generally from Gauss discrete sampling It obtains.
S025. Merkel's Hash tree (MHT) is constructed according to signature set Φ, the leaf node of Merkel's Hash tree is by signing eiIt is arranged according to preset order;The value of non-leaf nodes uses impact resistant hash function by its child nodeIt obtains, and calculates the value h of root nodeR;To the value h of root nodeRUsing Sample Pre (A, T, σ, hR) algorithm signs to it, obtain the signature Sig (h of the value of root nodeR)。
S026. user is by { F, Φ, id, Sig (hR) it is sent to cloud server CSP, and by file F, signature set Φ With signature Sig (hR) from local deletion.
The data block signature further includes being signed using Sample Pre (A, T, σ, id) to the identifier id of file F Name, signature algorithm are to inform that auditing by third party request comes from when third party challenges using Sample Pre (A, T, σ, id) That user and the file to be verified.
S03. third party challenges: the identifier of public key and file being supplied to auditing by third party, auditing by third party is to cloud Whether the data block that server is initiated in challenge verifying cloud server changes.
Third party challenge includes: user by audit request AuditQuest=(Sig (id) | | id) (AuditQuest It is the audit request that user issues auditing by third party, content includes the id of the file to be audited and the signature to id;Again to id Secondary signature is to tell this audit request of auditing by third party from specific user.Auditing by third party possesses user X's Public key, if the signature verification of id does not pass through, illustrate request be not from user X, just do not receive request accept, this be in order to Other users are avoided to pretend to be user X) it is sent to auditing by third party, wherein Sig (id) indicates the signature to identifier id;Third party After audit receives audit request AuditQuest=(Sig (id) | | id), signature Sig (id) is verified, if the label Name Sig (id) is invalid, then auditing by third party does not receive request, it is desirable that user retransmits;If the signature Sig (id) is set up, Auditing by third party arbitrarily chooses subsetAs the indexed set to data from the sample survey, wherein [l]=1, 2 ..., l }, S1≤S2≤…≤Sθ;Definition challenge chal={ id, ci,i}i∈I, ci∈Ζq, wherein ciIt is any for auditing by third party The random coefficient of selection, it is ensured that cloud server will not forge proof, and will challenge chal={ id, ci,i}i∈IIt is sent to cloud Server, it is desirable that cloud server provides corresponding proof.
S04. server proves: cloud server provides corresponding prove according to the challenge that auditing by third party is initiated.
The server proof includes: that cloud server receives challenge chal={ id, c that auditing by third party is senti, i}i∈IAfterwards, matrix B=(α is taken12,…,αn), αj=H2(id | | j), 1≤j≤n;Define BCT=0 (mod q), cloud service Device is calculatedCloud server randomly selectsCalculate ui'=CTpi+ui, 1≤i≤l, in this way processing It is in order not to reveal any related data block u to auditing by third partyiInformation;Define BCT=0 purpose be determined by B with Orthogonal Matrix C, then handle ui'=CTpi+ui,In,It is that the n dimensional vector that integer mould q is obtained is constituted Group, piIt is exactly randomly selected in this group, it is therefore an objective to as coefficient, increase ui' safety, due to piIt is completely random It obtains, auditing by third party is impossible to from ui' in obtain it is any about uiInformation, guarantee user data do not examined by third party Meter is stolen.
Cloud server is according to chal={ id, ci,i}i∈ICalculate the data after the polymerization of data from the sample survey block:
Cloud server will demonstrate thatIt is sent to auditing by third party, Middle ΩiIt is the auxiliary information that the brotgher of node of i-th of leaf node to root node is constituted.
S05. third-party authentication: auditing by third party judges in cloud server according to the proof that the cloud server provides Data block it is whether complete, and verification result is fed back into user.
The third-party authentication includes: that auditing by third party receives the proof from cloud serverAfterwards, according toAcquire the value h ' of root nodeR, judge ASig (hR)=h 'RWithWhether set up: (whether the signature for verifying root node herein is correct, it is therefore an objective to judge Whether the received information for proving Proof is wrong, if the signature of root node is correct, ASig (hR)=h 'R,It sets up, then h 'RCalculating it is correct, to prove the Ω in ProofiWith Sig (hR) correct)
Illustrating cloud server if invalid, there are incomplete data blocks, return to 0;
If so, then, design factorIt calculatesIt enables Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;According to the linear properties that BLS signs, aggregate signatureVerifying Aecom=Vcom(mod q) andWhether set up, if so, then illustrate that data from the sample survey block is complete, return 1;Otherwise illustrate that data from the sample survey block is imperfect, return to 0.Verifying herein is the aggregated data U in order to prove data from the sample survey blockcom Integrality.
In, eiIt is the value of the leaf node of Merkel's Hash tree, ΩiIt is i-th of leaf node to root node Auxiliary information, be made of (in brief, always the brotgher of node of i-th leaf node and the brotgher of node of father's node Information until it can obtain root node is all auxiliary information).
BLS: being a kind of abbreviation of signature, full name: Lattice-based Linear Signature, the line of former data block Property combination constitute aggregated data;My acquisition methods of the signature of this aggregated data: because signature is linear homomorphism, then Signature after polymerization can be the linear combination of the signature of former data block.
It indicatesWith αjInner product obtains, this subscript com It is according to Ucom, indicate from data from the sample survey block polymerization (being in fact exactly linear combination), corresponding subscript just uses Vcom,j
Embodiment two
On the basis of example 1, in the present embodiment, the dynamic verification method further includes modification data: being indicated with M The solicited message of data modification is carried out, with user by data block uiIt is revised asFor, user will modify data blockIt uses Linear homomorphism signature algorithm based on lattice finds out corresponding signatureEnable more new informationAnd it will more New informationIt is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), and cloud server is according to modification Data blockSubscript i by data block u to be modifiediReplace with modification data blockSign eiIt replaces withObtain fileSignature setAccording to signature set Φ*It calculates new The value of root nodeAs shown in figure 3, cloud server will demonstrate thatIt is sent to user; PUpdateIt is the proof that cloud server is sent to whether the data of verifier correctly update, it may be assumed that Proof of updating's Abbreviation, it is therefore an objective to be distinguished with Proof.
User is according to (Ωi,ei) find out corresponding Merkel's Hash tree MTH root node value h 'R, judge ASig (hR) =h 'RWithWhether set up, if ASig (hR)≠h′R, then illustrate modify data before data block not Completely;If so, then user is according to signaturei,ei) find out the value h of root nodeRIfIllustrate cloud server Data have been carried out according to the requirement of user and have updated operation, then value h of the user to root nodeRIt is signed to obtain Sig (hR), and will Sig(hR) it is sent to cloud server, data integrity validation is executed, after data integrity validation success, by local modification Data blockSignaturePUpdateWith Sig (hR) delete.
In Fig. 3, the value of the 3rd data block is changed, is successively calculatedha=H1(hc||hd), thus
Embodiment three
On the basis of example 1, in the present embodiment, the dynamic verification method further includes modification data: being indicated with I The solicited message for carrying out data insertion, adds data block u with user after i-th of data block*'For.
The dynamic verification method further includes insertion data: user is inserted using the linear homomorphism signature algorithm based on lattice Enter data block u*'Signature e*', and will more new information Update={ I, i, u*',e*'It is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), will be inserted into data block u*'Storage Server beyond the clouds, by the e that signs*'It is placed on signature eiLater, file is obtainedSignature setCalculate the value of new root node(as shown in Figure 4);Cloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h "R, judge ASig (hR)=h "RWithWhether set up, if ASig (hR) ≠ h " R, the then data block before illustrating to be inserted into data are imperfect; If so, then user is according to signature e*'i,ei) find out the value h of root nodeRIfIllustrate cloud server according to The requirement of user has carried out the operation of data insertion, then value h of the user to root nodeRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, after data integrity validation success, by local block insert number According to block u*', signature e*'、PUpdateWith Sig (hR) delete.
In Fig. 4, new data block e is entered and left at the 4th node*', then node hg=H1(e4||e*'), successively calculate, It finds out
Example IV
On the basis of example 1, in the present embodiment, the dynamic verification method further includes modification data: being indicated with D Carry out the solicited message of data deletion.
The dynamic verification method further includes deleting data: user sends more new information Update={ D, i } and takes to cloud Business device, cloud server execute polynomial time algorithm ExeUpdate (F, Φ, Update), will be stored on cloud server Data block uiAnd its signature eiIt deletes, obtains file F={ u1,u2,…,ui-1,ui+1,…,ul, signature set Φ*"={ e1, e2,…,ei-1,ei+1..., el, calculate the value of new root node(as shown in Figure 5), cloud server willIt is sent to user.
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h " 'R, judge ASig (hR)=h " 'RWithWhether set up, if ASig (hR) ≠ h " ' R, the then data block before illustrating to delete data are imperfect; If so, then user is according to ΩiFind out the value h of root nodeRIfIllustrate cloud server according to user requirement into The operation that data of having gone are deleted, then value h of the user to root nodeRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud Server is held, data integrity validation is executed, after data integrity validation success, by local PUpdateWith Sig (hR) delete.
The 3rd data block is deleted in the figure, it is only necessary to take hd=e4?.
The above is only a preferred embodiment of the present invention, it should be understood that the present invention is not limited to described herein Form should not be regarded as an exclusion of other examples, and can be used for other combinations, modifications, and environments, and can be at this In the text contemplated scope, modifications can be made through the above teachings or related fields of technology or knowledge.And those skilled in the art institute into Capable modifications and changes do not depart from the spirit and scope of the present invention, then all should be in the protection scope of appended claims of the present invention It is interior.

Claims (8)

1. the dynamic verification method of the cloud storage data of linear homomorphism signature of the application based on lattice, which is characterized in that including data Integrity verification, the data integrity validation include:
Key generates: the public key and private key of the linear homomorphism signature algorithm on lattice are generated using the trapdoor base generating algorithm on lattice;
Data block signature: divide documents into multiple data blocks, using the linear homomorphism signature algorithm on lattice to each data block into Row signature is then based on the value that Merkel's Hash tree finds out root node, and signs to the value of root node, finally by data block, number Cloud server is sent to according to the signature of block and the signature of root node;
Third party's challenge: the identifier of public key and file is supplied to auditing by third party, auditing by third party is sent out to cloud server Whether the data block risen in challenge verifying cloud server changes;
Server proves: cloud server provides corresponding prove according to the challenge that auditing by third party is initiated;
Third-party authentication: auditing by third party judges the data block in cloud server according to the proof that the cloud server provides It is whether complete, and verification result is fed back into user;
The data block is signed
File F is divided into l data block, F={ u1,u2,…,ul, wherein It is constituted for the column vector that m is tieed up Group;
Design factor1≤j≤n, wherein id is the identifier of file F, and j indicates j-th of data block, H2(·):It is the impact resistant secure hash function under random oracle model, n indicates system security parameter;
By factor alphajInner product is sought with each data blockEnable inner product vector Vi=(Vi1, Vi2..., Vin)T, 1≤i≤l,1≤j≤n;
Call SamplePre (A, T, σ, Vi) generate data block signature ei, 1≤i≤l enables signature set Φ={ e1,e2,…, el,
Merkel's Hash tree is constructed according to signature set Φ, the leaf node of Merkel's Hash tree is by the e that signsiAccording to preset order It arranges;The value of non-leaf nodes uses impact resistant hash function H by its child node1(·):It obtains, and counts Calculate the value h of root nodeR;To the value h of root nodeRUsing SamplePre (A, T, σ, hR) algorithm signs to it, obtain root node Value signature Sig (hR);
User is by { F, Φ, id, Sig (hR) it is sent to cloud server CSP, and by file F, signature set Φ and signature Sig (hR) from local deletion;
The data block signature further includes being signed using SamplePre (A, T, σ, id) to the identifier id of file F.
2. the dynamic verification method for the cloud storage data that application according to claim 1 is signed based on the linear homomorphism of lattice, It is characterized in that the mode that the key generates is as follows:
(pk,sk)←TrapGen(1n)
In formula, TrapGen (1n) be lattice on trapdoor base generating algorithm, pk is public key, and sk is private key,For the m*m of q system The group that INTEGER MATRICES is constituted.
3. the dynamic verification method for the cloud storage data that application according to claim 1 is signed based on the linear homomorphism of lattice, It is characterized in that third party's challenge includes:
Audit request AuditQuest=(Sig (id) | | id) is sent to auditing by third party by user, and wherein Sig (id) is indicated pair The signature of identifier id;
After auditing by third party receives audit request AuditQuest=(Sig (id) | | id), signature Sig (id) is tested Card, if the signature Sig (id) is set up, auditing by third party arbitrarily chooses subsetAs to data from the sample survey Indexed set, wherein [l]={ 1,2 ..., L }, S1≤S2≤…≤Sθ;Definition challenge chal={ id, ci, i } and i ∈ I, ci∈ Zq, wherein ci is the random coefficient that auditing by third party is arbitrarily chosen, and will challenge chal={ id, ci, i } and i ∈ I is sent to cloud Server.
4. the dynamic verification method for the cloud storage data that application according to claim 3 is signed based on the linear homomorphism of lattice, It is characterized in that the server proof includes:
Cloud server receives challenge chal={ id, the c that auditing by third party is senti, i } and after i ∈ I, take matrix B=(a1, a2,…,an), aj=H2(id | | j), 1≤j≤n;Define BCT=0 (modq), cloud server is calculatedCloud Server randomly selectsCalculate u'i=CTpi+ui, 1≤i≤l;
Cloud server is according to chal={ id, ci, i } i ∈ I calculate data from the sample survey block polymerization after data:
Cloud server will demonstrate thatIt is sent to auditing by third party, wherein Ωi It is the auxiliary information that the brotgher of node of i-th of leaf node to root node is constituted.
5. the dynamic verification method for the cloud storage data that application according to claim 4 is signed based on the linear homomorphism of lattice, It is characterized in that the third-party authentication includes:
Auditing by third party receives the proof from cloud serverAfterwards, According toAcquire the value h' of root nodeR, judge ASig (hR)=h'RWithWhether set up:
Illustrating cloud server if invalid, there are incomplete data blocks, return to 0;
If so, then, design factorIt calculatesEnable Vcom= (VCom, 1,VCom, 2... VCom, n)T;According to the linear properties that BLS signs, aggregate signatureVerify Aecom= Vcom(modq) andWhether set up, if so, then illustrate that data from the sample survey block is complete, return 1;Otherwise Illustrate that data from the sample survey block is imperfect, returns to 0.
6. the dynamic verification method for the cloud storage data that application according to claim 4 is signed based on the linear homomorphism of lattice, It is characterized in that the dynamic verification method further includes modification data:
User will modify data blockCorresponding signature is found out using the linear homomorphism signature algorithm based on latticeEnable more new informationAnd it will more new informationIt is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), and cloud server is according to modification data BlockSubscript i by data block u to be modifiediReplace with modification data blockSign eiIt replaces withObtain fileSignature setIt is calculated according to signature set Φ * The value of new root nodeCloud server will demonstrate thatIt is sent to user;
User is according to (Ωi,ei) find out corresponding Merkel's Hash tree MHT root node value h'R, judge ASig (hR)=h'R WithWhether set up, if ASig (hR)≠h'R, then illustrate modify data before data block it is endless It is whole;If so, then user is according to signaturei,ei) find out the value h of root nodeRIfThen user is to root node Value hRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, data are complete After integrity verification success, by local modification data blockSignaturePUpdate and Sig (hR) delete.
7. the dynamic verification method for the cloud storage data that application according to claim 4 is signed based on the linear homomorphism of lattice, It is characterized in that the dynamic verification method further includes insertion data:
User obtains insertion data block u using the linear homomorphism signature algorithm based on lattice*′Signature e*′, and will more new information Update={ I, i, u*′,e*′It is sent to cloud server;
Cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), will be inserted into data block u*′It is stored in cloud Server is held, by the e that signs*′It is placed on signature eiLater, file is obtainedSignature setCalculate the value of new root nodeCloud server willIt is sent to user;
User is according to (Ωi,ei) find out Merkel's Hash tree root node value h "R, judge ASig (hR)=h "RWithWhether set up, if ASig (hR)≠h”R, then illustrate be inserted into data before data block it is imperfect; If so, then user is according to signature e*′i,ei) find out the value h of root nodeRIfThen value of the user to root node hRIt is signed to obtain Sig (hR), and by Sig (hR) it is sent to cloud server, data integrity validation is executed, data are complete Property be proved to be successful after, local block is inserted into data block u*′, signature e*′、PUpdateWith Sig (hR) delete.
8. the dynamic verification method for the cloud storage data that application according to claim 1 is signed based on the linear homomorphism of lattice, It is characterized in that the dynamic verification method further includes deleting data:
User sends more new information Update={ D, i } to cloud server, and cloud server executes polynomial time algorithm ExeUpdate (F, Φ, Update), the data block u that will be stored on cloud serveriAnd its signature eiIt deletes, obtains file F ={ u1,u2,…ui-1, ui+1..., ul, signature set Φ * "={ e1,e2,…,ei-1,ei+1,…,e1, calculate new root node ValueCloud server willIt is sent to user;
User finds out value h " ' the R of the root node of Merkel's Hash tree according to (Ω i, ei), judges ASig (hR)=h " ' R andWhether set up, if ASig (hR) ≠ h " ' R, the then data block before illustrating to delete data are endless It is whole;If so, then user is according to ΩiFind out the value h of root nodeRIfThen value h of the user to root nodeRIt signs Obtain Sig (hR), and by Sig (hR) it is sent to cloud server, execute data integrity validation, data integrity validation success Afterwards, by local PUpdateWith Sig (hR) delete.
CN201610674249.XA 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice Active CN106301789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610674249.XA CN106301789B (en) 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610674249.XA CN106301789B (en) 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice

Publications (2)

Publication Number Publication Date
CN106301789A CN106301789A (en) 2017-01-04
CN106301789B true CN106301789B (en) 2019-07-09

Family

ID=57678101

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610674249.XA Active CN106301789B (en) 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice

Country Status (1)

Country Link
CN (1) CN106301789B (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788963B (en) * 2017-01-05 2020-02-14 河南理工大学 Improved identity-based full homomorphic encryption method on lattice
CN107124272A (en) * 2017-05-02 2017-09-01 西南石油大学 The lattice cloud storage data safety auditing method for supporting agent data to upload
CN107395355B (en) * 2017-06-12 2020-12-11 广东工业大学 Cloud storage data integrity verification method based on implicit trusted third party
CN107360156B (en) * 2017-07-10 2019-10-29 广东工业大学 P2P network method for cloud storage based on block chain under a kind of big data environment
CN107483585B (en) * 2017-08-18 2020-03-10 西安电子科技大学 Efficient data integrity auditing system and method supporting safe deduplication in cloud environment
CN107592203A (en) * 2017-09-25 2018-01-16 深圳技术大学筹备办公室 A kind of aggregate signature method and its system based on lattice
CN108123934B (en) * 2017-12-06 2021-02-19 深圳先进技术研究院 Mobile-end-oriented data integrity verification method
CN108566278B (en) * 2018-03-21 2020-04-14 北京金堤科技有限公司 Data cooperation method and device
CN108629040A (en) * 2018-05-11 2018-10-09 北京奇虎科技有限公司 Data proof of possession method, apparatus and system
CN109586896B (en) * 2018-11-14 2021-09-03 陕西师范大学 Data integrity verification method based on Hash prefix tree
CN109687969B (en) * 2018-12-03 2021-10-15 上海扈民区块链科技有限公司 Lattice-based digital signature method based on key consensus
CN109981736B (en) * 2019-02-22 2021-09-21 南京理工大学 Dynamic public auditing method supporting mutual trust of user and cloud server
CN110351362A (en) * 2019-07-12 2019-10-18 全链通有限公司 Data verification method, equipment and computer readable storage medium
WO2021061833A1 (en) * 2019-09-26 2021-04-01 Visa International Service Association Lattice based signatures with uniform secrets
CN110752932B (en) * 2019-10-18 2022-09-27 西安建筑科技大学 Efficient cloud data integrity verification method suitable for third-party audit
CN110781524B (en) * 2019-10-29 2023-05-05 陕西师范大学 Integrity verification method for data in hybrid cloud storage
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN112217629B (en) * 2020-10-13 2022-07-22 安徽大学 Cloud storage public auditing method
CN112291236B (en) * 2020-10-28 2022-06-21 青岛大学 Cloud data ownership verification method, device, equipment and medium
CN112637203A (en) * 2020-12-18 2021-04-09 中国人民解放军战略支援部队信息工程大学 Large data stream verification method and system
CN112699123A (en) * 2020-12-30 2021-04-23 武汉大学 Method and system for verifying existence and integrity of data in data storage system
CN115708339B (en) * 2021-08-20 2024-03-12 清华大学 Data processing method, device and storage medium
CN114629661B (en) * 2022-04-27 2024-02-23 中国科学技术大学 Encryption information processing method and device
CN116049897B (en) * 2023-03-30 2023-12-01 北京华隐熵策数据科技有限公司 Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption
CN116319112B (en) * 2023-05-24 2023-09-22 中国人民解放军军事科学院系统工程研究院 Message integrity verification method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218574A (en) * 2013-04-09 2013-07-24 电子科技大学 Hash tree-based data dynamic operation verifiability method
CN103778387A (en) * 2014-01-06 2014-05-07 中国科学技术大学苏州研究院 Big-data dynamic memory integrity verification method based on lattice
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
CN104902027A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud storage service-oriented dynamic data integrity auditing program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218574A (en) * 2013-04-09 2013-07-24 电子科技大学 Hash tree-based data dynamic operation verifiability method
CN103778387A (en) * 2014-01-06 2014-05-07 中国科学技术大学苏州研究院 Big-data dynamic memory integrity verification method based on lattice
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
CN104902027A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud storage service-oriented dynamic data integrity auditing program

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
一种基于同态标签的动态云存储数据完整性验证方法;胡德敏,余星;《计算机应用研究》;20140531(第5期);第1362-1365页
一种基于格的代理签名方案;余磊;《计算机工程》;20131031;第39卷(第10期);第123-126页
云存储中一种基于格的数据完整性验证方法;谭霜,何力等;《计算机研究与发展》;20150801;第52卷(第8期);第1862-1872页
云存储中的数据完整性证明研究及进展;谭霜,贾焰,韩伟红;《计算机学报》;20150131;第38卷(第1期);第164-177页
云存储服务中支持动态数据完整性检测方法;胡德敏,余星;《计算机应用研究》;20141031;第31卷(第10期);第3056-3060页
云存储服务的动态数据完整性审计方案;秦志光,王士雨,等;《计算机研究与发展》;20151030;第52卷(第10期);第2192-2199页
基于同态哈希函数的云数据完整性验证算法;周锐,王晓明;《计算机工程》;20140630;第40卷(第6期);第64-69页
基于格的大数据动态存储完整性验证方案;李雪晓,叶云等;《技术研究》;20140430(第4期);第46-50页

Also Published As

Publication number Publication date
CN106301789A (en) 2017-01-04

Similar Documents

Publication Publication Date Title
CN106301789B (en) Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice
Fu et al. NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users
Freeman Improved security for linearly homomorphic signatures: A generic framework
Boyle et al. Functional signatures and pseudorandom functions
Ng et al. Private data deduplication protocols in cloud storage
Wang et al. Ring signature schemes from lattice basis delegation
WO2019076020A1 (en) Identity authentication method and system, as well as computing device and storage medium
CN105787389A (en) Cloud file integrity public audit evidence generating method and public auditing method
CN109088719B (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
US11546166B2 (en) Hash tree computation device
Wei et al. Forward-secure identity-based signature with efficient revocation
KR101404642B1 (en) System and method for lattice-based certificateless signature
US20230318813A1 (en) Adaptive Multiparty Non-Interactive Key Exchange
Perera et al. Almost fully anonymous attribute-based group signatures with verifier-local revocation and member registration from lattice assumptions
Chen et al. Lattice-based unidirectional infinite-use proxy re-signatures with private re-signature key
Yanhua et al. Lattice-based sequential aggregate signatures with lazy verification
CN107046465B (en) Intrusion-tolerant cloud storage data auditing method
CN111082932B (en) Anti-repudiation identification private key generation and digital signature method, system and device
CN110505052B (en) Cloud data public verification method for protecting data privacy
JP2014157354A (en) Cryptographic devices and methods for generating and verifying linearly homomorphic structure-preserving signatures
Xu et al. Public verifiable proof of storage protocol from lattice assumption
Wichs Leveled fully homomorphic signatures from standard lattices
Wen et al. Improved lattice-based ring signature schemes from basis delegation
Duan et al. Lightweight key management system for inter-node communication in IoT
CN112217629A (en) Cloud storage public auditing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant