CN114598717A - Distributed cloud storage data access method and data service system - Google Patents

Abstract

The invention relates to a distributed cloud storage data access method and a data service system, which implement cluster management on data distributed and stored on each network node, wherein a cluster center node takes a data feature issued by a bloom filter recording cluster member as index information, a user provides query service when needing to access the data, and the positioned cluster member directly transmits target data to the user, so that data query and data storage services are isolated, and catastrophic loss caused by single-point failure after the data is completely stored in the center node is avoided; the data security can be ensured by taking the unidirectional data characteristics as data indexes, and any third party cannot acquire a specific data object requested by a user; meanwhile, a partial blind signature algorithm is adopted for restricting transaction parameters which are agreed by both sides of the service, so that both sides can independently finish the transfer and target data access service by taking the signature as a transaction certificate.

Description

Distributed cloud storage data access method and data service system

Technical Field

The invention relates to the field of cloud storage application, in particular to a distributed cloud storage data access method and a data service system.

Background

Cloud storage is a complex storage resource pool system developed on the cloud computing concept. The cloud storage centralizes a plurality of different types of storage devices in a network through application software to cooperatively work through cluster application, a distributed file system and the like, and provides intensive data storage and shared access functions for users through the application software and respective interfaces thereof, so that the users can flexibly use a cloud storage space or receive cloud data access service and pay as required. The rapid development of cloud computing in recent years has attracted more and more users to deploy large amounts of applications and data into cloud platforms.

Currently, distributed storage technologies mainly include two types: centralized systems and peer-to-peer systems. The centralized system is characterized in that index information in the system is stored on a metadata server, a user submits a query request to the metadata server, and the metadata server provides an object to which data belongs and a geographic storage position, such as GFS (global navigation system), HDFS (Hadoop distributed file system) and other service systems; the peer-to-peer system dispersedly stores the index information on each node of the system, each node is in a peer-to-peer status, and a part of nodes collaborate with each other to inquire the specific position of the target data in the data inquiry process, and the system of the type is Dynamo, BitTorrent and the like. However, in both centralized and decentralized data service systems, the index information of the file is directly associated with the data ontology, that is, the index node can know the data object that the user requests to access through the index information, which exposes the privacy of the user; for an attacker, the specific position of the cloud data can be positioned by launching a malicious index request, so that the data storage node is invaded and the original data is illegally stolen, copied or tampered, or a DoS (denial of service) attack and the like are launched to cause the server to break down.

In addition, since the data on the cloud is out of the physical control of the user, an illegal user can try to acquire the information contained in the data by illegally accessing the data, which causes the leakage of data information and user privacy. In order to ensure privacy and confidentiality of data, an encryption technology is usually adopted to store a file in a cloud server or a network node in a ciphertext mode, and when data is accessed, a trusted third-party key management mechanism distributes a key for a legal visitor, or the visitor and an interviewee establish a data secret transmission channel by adopting a key exchange protocol such as Diffie-Hellman and the like to realize safe data transmission. However, such interactive key agreement messages are easily intercepted and the key is stolen by disguising the identities of both parties. Meanwhile, the ciphertext retrieval needs to be supported by a searchable encryption technology, so that a large amount of cloud computing resources need to be consumed, a certain burden is brought to a server, and the access cost of a user to data is increased.

Disclosure of Invention

In order to solve the safety problem existing when the existing distributed cloud storage technology implements data access, the invention provides a novel distributed cloud storage data access method and a data service system. In order to achieve the purpose, the distributed cloud storage data access method specifically comprises the following implementation steps:

performing clustering management on cloud data which are stored on each node of a network in a distributed manner, and recording data characteristics of the cloud data stored by each cluster member by a cluster center node by adopting a bloom filter;

the data request node retrieves target data from the cluster center node by using the data characteristics, takes a cluster member stored with the target data as a data providing node, and the two parties generate a collection public key address together by using the interchanged address public parameters;

the data providing node generates a part of blinded message according to the data characteristics of the target data and the address public parameters, and the data requesting node signs the part of blinded message to obtain a part of blinded signature;

the data providing node blindly resolves partial blind signatures to obtain blind signatures, takes the blind signatures as transaction certificates which are agreed by two parties, transfers the data access service fee to the collection public key address recorded in the signatures, and transmits appointed target data to the data requesting node according to the data characteristics recorded in the signatures;

after verifying that the target data is correct, the data request node transmits the address secret parameter to the data providing node;

the data providing node generates a collection private key address by using the address secret parameter, wherein the collection private key address is used for spending the digital coins on the collection public key address.

Further preferably, the step of retrieving the target data by the data requesting node is:

the data request node extracts a target data identifier recorded in the block chain, calculates a space vector corresponding to the target data identifier as a data feature, and broadcasts a data retrieval request containing the space vector to the network;

each cluster central node respectively judges whether the local bloom filter contains the space vector, and informs a cluster member to which the space vector belongs;

the cluster members search local data identifications corresponding to the space vectors, and forward first data commitments related to the local data identifications to the data request nodes through the cluster center nodes;

the data request node forms a commitment set by all the received first data commitments, uses the target data identification to participate in generating a second data commitment, selects the same element as the second data commitment from the commitment set as the target data commitment, and uses a cluster center node which sends the target data commitment as a data source center node.

Further preferably, the step of generating the collection public key address by the data requesting node and the data providing node together is:

the data request node respectively generates a random public and private key pair and a first master control address public and private key pair by adopting a key generation algorithm, and sends a random public key and a first master control address public key to the data providing node;

the data providing node generates a second master control address public and private key pair by adopting the same key generation algorithm and sends the second master control address public key to the data requesting node;

the data request node adopts a random public key address generation algorithm, and a disposable random address generated by a random private key, a first master control address public key and a second master control address public key is used as a collection public key address of the data providing node;

the data providing node adopts a random public key address generation algorithm, and a disposable random address generated by a random public key, a first master control address public key and a second master control address private key is used as a local collection public key address;

the two public payment public key addresses generated by the two parties are the same.

Further preferably, the step of performing partial blind signature between the data requesting node and the data providing node is:

the cluster center node publishes public parameters of a partial blind signature generation algorithm to the data request node and the data providing node, distributes a temporary signature public and private key pair for executing partial blind signature for the data request node by utilizing the public parameters, and sends the temporary signature public and private key pair to the data request node in a secret mode;

the data request node generates a shared information constraint parameter of a partial blind signature by a random public key, a first master control address public key and a target data identifier, the shared information constraint parameter is used for constraining partial blind signature implementation conditions and is forwarded to the data providing node through the data source central node;

the data providing node blinds the public key of the second master control address, combines the blinding message with the shared information constraint parameter to generate a part of blinding message, and forwards the part of blinding message to the data request node through the data source central node;

the data request node obtains a partial blind signature by using the temporary signature private key to sign the partial blind message, and forwards the partial blind signature to the data providing node through the data source central node;

and the data providing node blindly resolves the partial blind signature to obtain a blind-removed signature, and forwards the blind-removed signature and the secondary signature message to the data request node through the data source central node after performing secondary signature on the blind-removed signature by using the signature private key of the data providing node.

Further preferably, the cluster center node adopts an identity-based partial blind signature algorithm, and generates a temporary signature public and private key pair by using the public parameters and the data request node identity.

Further preferably, the step of generating the collection private key address is:

the data request node encrypts the first master control address private key and forwards a ciphertext to the data providing node through the data source central node;

after the data providing node decrypts the ciphertext, a random private key address generation algorithm is adopted, and a disposable random address generated by a random public key, a first master control address private key and a second master control address private key is used as a collection private key address.

Further preferably, the data request node and the data providing node use a key generation algorithm to generate a symmetric key for data encryption and decryption by using the target data identifier, and the encrypted data includes a random public key, a first master address public key, a second master address public key, a shared information constraint parameter, a partial blinding message, a partial blind signature, a blinding-removed signature, a secondary signature message, and a first master address private key exchanged by both parties.

Further preferably, the method further comprises the data requesting node accountability step:

when the data request node pays the service fee but does not receive the target data, publishing a blind signature removal message, a secondary signature message, a signature public key of the data providing node, a random public and private key pair, a first master control address public key, a second master control address public key and a target data identifier to a network;

any third party verifies the main body of the secondary signature message by using the signature public key of the data providing node, if the main body is not the blind signature removal, the data requesting node is proved to be responsible and invalid, otherwise, the blind signature removal verification algorithm is adopted, the random public key, the first master control address public key, the second master control address public key and the target data identification are used for verifying the blind signature removal, if the verification fails, the data request node is proved to be invalid, otherwise, the random public key and the random private key are further verified whether to be matched, if not, indicating that the data request node is responsible for invalid, otherwise, regenerating an address value by using the random private key, the first master address public key and the second master address public key, if the digital currency with the agreed amount does not exist on the address value, the data request node is indicated to be in charge invalid, otherwise, the data request node is indicated to be in charge valid, and the data providing node default is confirmed.

Further preferably, the method further comprises the data providing node accountability step:

when the data providing node has sent the target data but does not receive the first master control address private key, publishing a blind signature removal, a random public key, a first master control address public key, a second master control address public and private key pair and a target data identifier to a network;

and any third party adopts a blind-removing signature verification algorithm, verifies the blind-removing signature by using the random public key, the first master control address public key, the second master control address public key and the target data identifier, if the verification fails, the data providing node is proved to be invalid, otherwise, whether the second master control address public key is matched with the second master control address private key is further verified, if the verification is not matched, the data providing node is proved to be invalid, otherwise, the random public key, the first master control address public key and the second master control address private key are used for regenerating an address value, if no digital currency with appointed amount is stored on the address value, the data providing node is proved to be invalid, otherwise, the data providing node is proved to be valid, and the data requesting node is confirmed to be illegal.

The invention also provides a distributed cloud storage data service system which comprises a service terminal system and a client subsystem, wherein the service terminal system comprises a cluster center node deployed in a distributed manner, a data providing node governed by the cluster center node in a cluster manner and a block chain constructed by network nodes together, and the client subsystem comprises a data request node;

the service terminal system is used for providing cloud data access service for the client subsystem, and the cloud data is stored on the data providing nodes in a distributed mode;

a data identifier and a standard hash value of the cloud data are recorded on the block chain, the data identifier is used for marking the cloud data, and the standard hash value is used for verifying the integrity of the cloud data;

the cluster center node records the data characteristics of cloud data stored by each cluster member by adopting a bloom filter, wherein the data characteristics are generated by data identification;

the data providing node further comprises: the system comprises an address generation module, a message blinding-removing module and a service providing module;

an address generation module: generating self address public parameters, generating a collection public key address by the address public parameters exchanged by the data request node, and generating a collection private key address by using the address secret parameters, wherein the collection private key address is used for spending digital coins on the collection public key address;

a message blinding module: generating a partial blinding message according to the data characteristics of the target data and the address public parameters;

and a message blinding module: blindly removing the partial blind signature to obtain a blind signature removal name, and taking the blind signature removal name as a transaction certificate for both parties to achieve consensus;

a service providing module: transmitting specified target data to the data request node according to the data characteristics recorded in the signature;

the data requesting node includes: the system comprises a data query module, an address generation module, a message signature module, a data verification module and a service settlement module;

a data query module: target data are retrieved from the cluster center node by utilizing the data characteristics, and cluster members storing the target data are used as data providing nodes;

an address generation module: generating self address public parameters and address secret parameters, and generating a collection public key address by the address public parameters exchanged by the data providing nodes;

a message signature module: for obtaining a partially blinded signature for the partially blinded message signature;

a data verification module: performing hash operation on the received target data, comparing the obtained hash value with a standard hash value recorded in a block chain, and judging the integrity of the data;

and a fee settlement module: for transferring the data access service fee to the payee public key address recorded in the signature.

The distributed cloud storage data access method and the data service system have the beneficial effects that:

the data distributed and stored on each network node is subjected to clustering management, each cluster member uploads data from a local user to be accessed to a cluster center node in a characteristic value form, the cluster center node records the characteristic value of the data by using a bloom filter as index information, the utilization rate of a storage space is improved, the user provides query service by the cluster center node when needing to access the data, the positioned cluster member node directly transmits target data to the user, data query and data storage services are isolated, and catastrophic loss caused by single-point failure after the data are all stored in the center node is avoided; the cloud data are characterized as data features which accord with the storage rule of the bloom device, and the cloud data cannot be reversely deduced through a series of hash values because the data features have hash unidirectionality, so that the data security can be ensured by taking the data features as data indexes, and any third party cannot know a specific data object requested by a user.

The cost of the data access service is settled by block chain digital coins, a collection public key address is determined by a user party and a service provider through common negotiation, the generated collection public key address has randomness and uniqueness to the current data transaction, the user party masters a part of secret parameters of the collection address, the secret participation is sent to the service provider only under the condition that the acceptance data is correct, the service provider obtains the collection private key address corresponding to the collection public key address through calculation, and the settlement mode can restrict the transaction behavior of the service provider and reduce the default risk.

The data providing node further blindly resolves the partial blind signature to obtain a blind signature name, the blind signature name is used as a transaction certificate for the two parties to achieve consensus, the two parties can autonomously complete transfer and target data access service according to the certificate, a credit platform and the like are not needed to provide guarantee, any party can disclose the transaction certificate to the whole network to implement auditing work or ask a party for disqualification, and the transaction activity freedom degree and the transaction object honesty degree are improved.

Drawings

Fig. 1 is a flowchart of a distributed cloud storage data access method provided by the present invention;

FIG. 2 is a schematic diagram of recording and retrieving target data by using a bloom filter in an embodiment of the present invention;

fig. 3 is a schematic diagram of a data service system structure provided by the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

As shown in fig. 1, the distributed cloud storage data access method provided by the present invention includes the following steps:

cluster management is carried out on cloud data which are stored on each node of a network in a distributed mode, and a cluster center node records data characteristics of the cloud data stored by each cluster member by adopting a bloom filter;

the data request node retrieves target data from the cluster center node by using the data characteristics, takes a cluster member stored with the target data as a data providing node, and the two parties generate a collection public key address together by using the interchanged address public parameters;

the data providing node generates a partial blinding message according to the data characteristics of the target data and the address public parameters, and the data requesting node signs the partial blinding message to obtain a partial blinding signature;

the data providing node blindly resolves partial blind signatures to obtain blind signatures, takes the blind signatures as transaction certificates which are agreed by two parties, transfers the data access service fee to the collection public key address recorded in the signatures, and transmits appointed target data to the data requesting node according to the data characteristics recorded in the signatures;

after verifying that the target data is correct, the data request node transmits the address secret parameter to the data providing node;

the data providing node generates a collection private key address by using the address secret parameter, wherein the collection private key address is used for spending the digital coins on the collection public key address.

The invention is different from the traditional centralized system, needs a service platform to implement single-point aggregation on the scattered data, is also different from a peer-to-peer system, needs to store the cloud data on a plurality of intermediate nodes in a scattered manner, binds the data retrieval and the data access service together, and is implemented by one or more intermediate nodes together. The distributed cloud storage service system provided by the invention is used for performing cluster management on stored data scattered on each network node, retrieval service is provided for local data through elected or voluntarily added cluster center nodes, but a data body is not directly hosted to the cluster center nodes, when a user demands data access, the cluster center nodes are responsible for verifying the identity validity of the user and completing primary orientation on the demands, oriented cluster members and the user directly confirm whether the supply-demand relationship between the two parties is established, when the local stored data of the cluster members are confirmed to be demanded by the user nodes, target data are forwarded to the user nodes, complete separation of data retrieval and data access service is realized, and the risk of data leakage by a third party is reduced while the efficiency of the retrieval service is improved.

The clustering mode can adopt a trusted third party platform hosting mode or a network ad hoc mode. The trusted third-party platform can be a large cloud storage provider, a customized retrieval service module is constructed by a customized service mechanism provided by network operators such as Microsoft, IBM, Google and Oracle, and the data node can select an object which accords with the trusted third-party platform as a retrieval service party according to protocol frameworks of different operators.

The network ad hoc mode is a clustered subnet self-organized by all network members. In an initialization state, each network node broadcasts a probe message outwards according to a fixed period, wherein the probe message comprises the ID of the node, the IDs of other received nodes and a weight value. The weighted value is related to the local channel bandwidth, the number of local adjacent nodes, the level of operation and storage capacity, evaluation parameters of the evaluation center on the nodes and the like, namely, the nodes with rich network resources and good credit are selected as cluster heads. The current node receives the information of the neighbor nodes while broadcasting the information, compares the received weight value with the self weight value, selects the node with high weight value as a local candidate cluster head according to the comparison result, continuously repeats the comparison process until no more adjacent nodes with higher weight values appear, then declares the self selected candidate cluster head mutually, and finally takes one or more nodes with highest candidate ticket number as a cluster center node in a certain local area. The election process of the cluster center node is dynamically adjusted according to a certain period so as to adapt to the change of the network environment. In addition, each independently operating network node can also select a plurality of cluster center nodes in the area to jointly provide proxy retrieval service, the same group of data can be distributed to one cluster center node in a one-to-one mode, or can be distributed to a plurality of cluster center nodes in a one-to-many mode, the selection mode depends on the network load and the access heat of the data in the network, and dynamic adjustment can be continuously implemented.

After the cluster center node setting is completed, any network node calculates the data characteristics of local data, uploads the data characteristics to one or more cluster center nodes selected by the network node, records the data characteristics in a bloom filter after the cluster center nodes verify that the identity of cluster members is legal, and constructs the mapping relation between the data characteristics and the provider ID of the data characteristics locally and simultaneously. Because the identities of the data provider and the requester can be exchanged at any time, each cluster member can be a data providing node or a data requiring node, and the cluster members can request the cluster center node to distribute a temporary signature public and private key and a key for data encryption for the cluster center node to verify the real identity of the data sender and ensure the data transmission safety.

The bloom filter is a probability data structure, can be used for judging whether a certain element is in a set or not, has the characteristics of high running speed and small memory occupation, adopts the feature of data recording of the bloom filter, can give consideration to data privacy protection, reduces data storage space and improves network bandwidth limitation, and provides good data service experience for visitors. But a certain misrecognition rate exists, the error recognition rate of the bloom filter can be determined to be that a certain element is not in the set or is possibly in the set, but the error recognition rate of the bloom filter can not be determined to be completely in the set, and the misrecognition rate of the bloom filter is increased along with the increase of the data characteristic record quantity.

Therefore, the invention adopts a bloom filter and data commitment mode to accurately position the target data. The data commitment used in the invention is non-interactive and is used for verifying whether the committed data is the target data, the data is primarily screened by a bloom filter, and then the provenance of the target data is determined by the data commitment. Firstly, a user node calculates the data characteristics of target data to be accessed, wherein the data characteristics can be expressed in a space vector form, and the data characteristics are broadcasted to a network; then each cluster central node judges whether the received data characteristics are contained in a locally set bloom filter, if not, no response is made, and if yes, the cluster central node notifies the cluster member nodes which upload the data characteristics; the cluster member nodes construct a data commitment by using the public identification information of the data and feed back the data commitment to the user nodes, at the moment, the user nodes calculate a new commitment by using the public identification information of the target data, if the new commitment value is consistent with the received data commitment, the data corresponding to the data commitment is an object which the user wants to access, because the consistent commitment result can be restored only by using the same identification information, and the identification information has uniqueness on the single data. In addition, only the single data characteristics and the data commitment with the zero-knowledge proof characteristic are mutually transmitted by the two parties in the handshake phase, the data commitment does not contain identification information or other identity information capable of identifying data, and any third party including the cluster center node cannot know which part of data is specifically determined by the two parties in negotiation, namely, the data retrieval result is transparent and invisible to the third party.

In the following embodiments provided by the present invention, the steps of retrieving target data by a data request node are specifically described as follows:

the data request node extracts a target data identifier recorded in the block chain, calculates a space vector corresponding to the target data identifier as a data feature, and broadcasts a data retrieval request containing the space vector to the network;

each cluster central node respectively judges whether the local bloom filter contains the space vector, and informs a cluster member to which the space vector belongs;

the cluster members search local data identifications corresponding to the space vectors, and forward first data commitments related to the local data identifications to the data request nodes through the cluster center nodes;

the data request node forms a commitment set by all the received first data commitments, uses the target data identification to participate in generating a second data commitment, selects the same element as the second data commitment from the commitment set as the target data commitment, and uses a cluster center node which sends the target data commitment as a data source center node.

In the above embodiment, before providing access service, all accessible cloud data first needs to link corresponding data identifiers, and only the identifier information, the digest, and the standard hash value of the data are recorded in the block, and the data body is not completely recorded, so that the confidentiality of the data is ensured, and the data is prevented from being damaged or abused. The identification information has uniqueness to the data, can be drawn up by a data provider and participated in auditing by all blockchain members, mainly confirms whether the identification has a repeated value in the blockchain and conforms to the character specification, and also can be coded by a blockchain generator and verified by other blockchain members in the production stage of the digital currency. The abstract is convenient for the user to implement plaintext retrieval and find the target data meeting the self requirement. The standard hash value is the core of building the block, each data provider performs hash operation on the data ontology locally through a consensus algorithm, the generated hash value with the standard format is broadcasted to other block chain members, and a Merkle tree based on the data identification is built. And the user finds the data identification recorded in the designated leaf node according to the Merkle tree path provided by the block chain through the abstract matching requirement.

Both parties performing data access service also complete service transaction on the blockchain, for example, the UTXO mode of blockchain application is adopted, the visitor settles service fee in the form of digital coins, random address is generated by using an address generator as output, and the deposit address of the digital coins is used as input, so that the transfer of the digital coins between the addresses is realized. Unlike the traditional digital currency transaction mode: in the invention, the payment receiving addresses confirmed by the two parties are not provided by the data provider independently, but are obtained by negotiation between the two transaction parties. The same collection public key address can be generated on each party through the exchanged address public parameters, the collection public key address is also public externally and is used for receiving the digital coins, but the data requester also masters a part of address secret parameters of the collection address, and the data provider cannot generate the corresponding collection private key address when not knowing the secret parameters, so that the digital coins on the transaction address cannot be spent. At the moment, a relatively safe transaction mode can be selected, after a data requester receives data of a data provider, address secret parameters are sent to the data provider only under the condition that the data provider checks that the data is correct, the data provider calculates a collection private key address corresponding to the collection public key address according to the address secret parameters, and the data provider can obtain ownership of the collection address.

In the following embodiments provided by the present invention, specifically, the step of generating a public key address for collection by the data requesting node and the data providing node is as follows:

the data request node respectively generates a random public and private key pair and a first master control address public and private key pair by adopting a key generation algorithm, and sends a random public key and a first master control address public key to the data providing node;

the data providing node generates a second master control address public and private key pair by adopting the same key generation algorithm and sends the second master control address public key to the data requesting node;

the data request node adopts a random public key address generation algorithm, and a disposable random address generated by a random private key, a first master control address public key and a second master control address public key is used as a collection public key address of the data providing node;

the data providing node adopts a random public key address generation algorithm, and a disposable random address generated by a random public key, a first master control address public key and a second master control address private key is used as a local collection public key address;

because both parties adopt a homomorphic key generation algorithm, two collection public key addresses generated by both parties are the same.

On the other hand, the step of locally generating a collection private key address by the data providing node is as follows:

when the verification data is correct, the data request node encrypts the private key of the first master control address and forwards a ciphertext to the data providing node through the data source central node;

after the data providing node decrypts the ciphertext, a random private key address generation algorithm is adopted, and a disposable random address generated by a random public key, a first master control address private key and a second master control address private key is used as a collection private key address.

In the above embodiment, as long as the data providing node does not reveal the part of the secret parameter, the data requesting node cannot locally generate the collection private key address even if the data requesting node does not show the first master control address private key to the other party, so that it can be known that the data requesting node cannot always obtain ownership of the collection address. After the data providing node offers the data service to the data requesting node by contract, the transaction will be locked if the data requesting node does not transmit the address secret parameters to the data providing node and cannot spend or redeem the digital currency paid for to the address of the payee public key. Therefore, the settlement method can simultaneously restrict the transaction behaviors of both parties, play a role of mutual restriction and reduce the default risk.

The partial blind signature combines the characteristics of the blind signature, in the partial blind signature scheme, a signer can add information negotiated with a user or own information during blind signature, and a message provider cannot tamper the information added by the signer, so that a signature applicant is prevented from providing illegal information to misuse the signature, and the benefit of the signer is damaged. Therefore, the blindness of the signature information to the signer can be ensured, the signer can control the signed content, and the method is more practical than the simple blinding signature. The invention adopts a partial blind signature algorithm, a user signs a partial blind message of a data providing node by using signature verification parameters provided by a cluster center node to obtain a partial blind signature, the partial blind message comprises shared information used for restricting the implementing condition of the partial blind signature, the shared information achieves consensus through the exchange parameters of two parties and a master control address public key blind message used for constructing a collection address, the data providing node further unblinds the partial blind signature to obtain a blind signature, and the blind signature is used as a transaction certificate which is achieved by the two parties to achieve the consensus, so that the two parties can independently complete the transfer and target data access service according to the certificate.

The following describes the steps of performing partial blind signature between a data requesting node and a data providing node in an embodiment:

the cluster center node publishes public parameters of a partial blind signature generation algorithm to the data request node and the data providing node, distributes a temporary signature public and private key pair for executing partial blind signature for the data request node by utilizing the public parameters, and sends the temporary signature public and private key pair to the data request node in a secret mode;

the data request node generates a shared information constraint parameter of a partial blind signature by a random public key, a first master control address public key and a target data identifier, the shared information constraint parameter is used for constraining partial blind signature implementation conditions and is forwarded to the data providing node through the cluster center node;

the data providing node blinds the public key of the second master control address, combines the blinding message with the shared information constraint parameter to generate a part of blinding message, and forwards the part of blinding message to the data request node through the data source central node;

the data request node obtains a partial blind signature by using the temporary signature private key to sign the partial blind message, and forwards the partial blind signature to the data providing node through the data source central node;

and the data providing node blindly resolves the partial blind signature to obtain a blind-removed signature, and forwards the blind-removed signature and the secondary signature message to the data request node through the data source central node after performing secondary signature on the blind-removed signature by using the signature private key of the data providing node.

In the above embodiment, relevant parameters used for negotiating the collection public key address are merged into a partial blind signature, the partial blind signature provides irrevocable transaction evidences for both transaction parties, that is, the data request node is responsible for the blind signature removal message, the data providing node is responsible for the secondary signature message, if any party has a default behavior, the other party can disclose the transaction evidences to the whole network, the public trust node or the evaluation organization performs auditing work, finds out an untrue object, and asks for blame to the default party, and further restricts the transaction behavior of the network node by tracing and performing punishment to the default party, such as requiring to trace loss, limiting the transaction behavior, bringing the transaction behavior into a list of the loss node, and the like, thereby being beneficial to improving the integrity of the transaction object and purifying the network environment.

The following describes the processing procedure of the data access method in detail by using a specific implementation algorithm, which mainly comprises an address generation algorithm, a signature algorithm, a key generation algorithm and an encryption and decryption algorithm.

Firstly, an initialization stage:

in an initialization state, for an unclustered node newly added to a network, routing table data is established with adjacent nodes, then the weight value of the node is calculated, and a clustering request message containing the weight value and a node ID is broadcasted outwards. W_iThe weight values may be generated by the following algorithm:

W_i＝x*B_i+y*Q_i+z*L_i

wherein, B_iRepresenting the channel bandwidth, Q_iIndicates the number of neighboring nodes, L_iThe method comprises the steps of representing the operation and storage capacity grade of local equipment, dividing grade values through certain parameter standards, and respectively representing the channel bandwidth, the number of nodes and the quantitative parameters of the grade values by x, y and z.

The receiving node of the clustering request message can verify the running state of the non-clustered node through the Ping command and analyze the number of one-hop nodes recorded in the routing table of the non-clustered node to verify the phaseWhether the number of neighboring nodes is substantial. If the receiving node is also non-clustered, the weight value W may be assigned_iComparing with the weight value of the local candidate cluster head or the self, if the weight value W_iIf the cluster size is larger than the preset size, replacing the non-clustered node as a candidate cluster head, otherwise, returning a clustering response message to the non-clustered node, wherein the message comprises the local candidate cluster head ID and the weight value, and updating the candidate cluster head by the non-clustered node.

Conversely, if the receiving node is clustered, the weight value W may be assigned_iComparing with the locally selected cluster head weight value, if the weight value W_iIf the cluster head is larger than the threshold value, the cluster head is not processed for the moment, otherwise, a clustering return receipt message is returned to the non-clustering node, the message contains the locally selected cluster head ID and the weight value, and the non-clustering node updates the candidate cluster head.

The non-clustered nodes continuously update the candidate cluster heads through weight comparison according to the received clustering receipt messages until the nodes corresponding to the maximum value are selected as final cluster center nodes, and a plurality of nodes with larger weights can also be selected as the cluster center nodes together according to requirements. If no nearby nodes with higher weight values than local appear, the non-clustered node may declare itself to the network as a cluster-centric node.

After clustering is completed, the cluster member nodes compress and map the public identification information of the locally stored data into one point in a space vector through a group of hash functions, and upload the space vector to the cluster center node and store the space vector to the bloom filter. If the point corresponding to the input data exists in the bloom filter, the data is possibly in the set; otherwise, it means that the data is not in the set. As shown in fig. 2, the bloom filter formally consists of a set of n-bit-based bit vectors S ═ S (S)₁,s₂,...s_n) And a series of Hash functions H ═ H (Hash)₁,Hash₂,...Hash_m) Composition, m & lt, n. Setting all initial values of the bit vector set to be 0, and carrying out hash operation on any input data to obtain a value of [1, n]Inner hash value sequence (h)₁,h₂,...h_m) I.e. a space vector characterized by m dimensions, willEach hash value h_i(1 ≦ i ≦ m) mapping to bit vector set S ═ (S)₁,s₂,...s_n) The corresponding bits are juxtaposed to be 1, and the rest bits which are not mapped still keep 0, thus completing the recording process from the space vector to the bit vector set of the input data. Because the calculation process of the hash function is unidirectional and irreversible, the cluster center node is based on the hash value sequence (h)₁,h₂,...h_m) The data identification cannot be obtained through reverse calculation, so that the data source cannot be traced by utilizing the space vector, and the data secret is protected.

The cluster member node also needs to uplink the data identifier, and stores the identifier information, the abstract and the standard hash value of the data into the blockchain through a blockchain consensus mechanism, so as to serve as a public query resource for the whole network node. The data id may be encoded using a pseudo-random code generated locally by the cluster member node, or may be automatically assigned during the block generation phase. If the data id is assigned by the blockchain, the cluster member nodes need to perform the data related parameter uplink operation first, and then calculate the space vector by using the coding information fed back by the blockchain as the data id. For the hash function group, SHA-512 algorithm can be adopted to execute hash operation, and the algorithm can meet the requirement of a bloom filter with large data capacity and simultaneously improve the collision resistance of the space vector factor.

II, data access stage:

the data request node u obtains the data summary information and the data identification required by the data request node u from a third-party retrieval platform, the third-party retrieval platform must be a full node recorded with a complete block chain, and the third-party retrieval platform can be a full node or a light node only reserving a block head relative to the data request node. Then calculating a space vector H corresponding to the target data identifier_u＝ (h_u1,h_u2,...h_um) Generating asymmetric encryption public key alpha by using elliptic curve or RSA key generation algorithm_pkAnd a decryption private key alpha_skBroadcasting to the network a broadcast containing a space vector H_uAnd an encrypted public key alpha_pkIs requested for data retrieval.

Each cluster central node respectively judges whether the local bloom filter contains a space vector H_uAnd if not, not processing, and if so, informing the cluster member node to which the space vector belongs.

Searching a local data identifier corresponding to the space vector by the cluster member node i, and associating the local data identifier with a first data commitment (cm)_i,t_i) And forwarding the data request node to the data request node through the cluster center node. The first data commitment is given by a commitment value cm_iAnd blinding factor t_iThe composition, expressed as a commitment function:

wherein, tau_iRepresenting the local data identity.

The cluster center node distributes a temporary signature public and private key pair (a) for executing a partial blind signature algorithm to the data request node_pk,a_sk) Will contain the temporary signature private key a in a secret way_skAnd a first data commitment (cm)_i,t_i) Is sent to the data requesting node. Using the encrypted public key alpha_pkThe process of encrypting the above transmitted data can be represented as:

c＝E_u(α_pk,(a_sk,cm_i,t_i))

wherein E is_u() Denotes an encryption function defined by the data requesting node u, and c denotes a cipher text.

In the embodiment of the invention, a signature public and private key pair (a) is obtained by adopting an identity characteristic-based signature generation algorithm_pk，a_sk). The specific process is as follows:

firstly, selecting a system safety parameter 1^kRandomly selecting big prime number q less than or equal to 2^k，G₁、G₂An addition cycle group and a multiplication cycle group of order q, respectively. Then selecting a generator P E G₁A bilinear map e: g₁×G₁→ G₂And calculating T-e (P, P). Randomly selecting integers

As the master private key of the system, compute P_pubsP serves as the master public key of the system. Selecting three strong collision-resistant hash functions H₁，H₃：

Common parameter sequence L_pub＝{q，e，T，G₁，G₂，P，P_pub，H₁，H₂，H₃H, common parameter sequence L_pubAnd the master control private key s is kept secret from the outside. The calculation result of the public parameter sequence is generated before the user accesses the system and is changed at any time according to the use frequency. Common parameter sequence L_pubThe data retrieval response is sent to the data requesting node, but no encryption is required.

Then using the common parameter sequence L_pubConstructing a temporary signature public and private key pair (a) associated with the identity of the data requesting node_pk，a_sk). Setting the identity of a data request node as ID_uIdentity ID_uThe identity identifier and the inherent signature key have uniqueness, and the identity identifier and the inherent signature key are used for identifying the true identity of the user.

Identity ID of data requesting node_uRecording in the data retrieval request, calculating after the cluster center node confirms that the identity of the data request node is legal

As a temporary signature private key.

Data requesting node using decryption private key alpha_skDecrypting the ciphertext c to obtain a plaintext message c ═ D_u(α_sk，c)＝ {a_sk，cm_i，t_i}，D_u() Representing the decryption function defined by the data requesting node u. Due to the use of space vectorsThe targeted retrieval target data has uncertainty, the cluster center node only feeds back the result with the same vector value to the data requesting party, and whether the data objects with the same vector value are the same or not is not considered, so that the data requesting node may receive a plurality of data retrieval receipts sent from different cluster center nodes. Extracting the first data commitment value recorded in all the receipt to form commitment set CM ═ CM₁，cm₂，...cm_n-1，cm_n}. Using the target data identification to participate in generating a second data commitment value:

wherein, tau_uRepresenting the target data identity.

The second data commitment value cm_uComparing with the elements in the promise set CM, if the elements with the same value are not found, indicating that the set does not contain the target object, possibly the data retrieval request does not reach the target node, and performing secondary retrieval; and if the elements with consistent values are found, using the elements as target data commitments, and using the cluster center node which sends the target data commitments as a data source center node.

Then utilizes the common parameter sequence L recorded in the data retrieval receipt_pubVerifying temporary signature private key a_skValidity, adopting the same key generation algorithm with the cluster central node, and calculating a temporary signature public key a by using the local identity_pk＝ P_pub+H₁(ID_u) P, then verify equation e (a)_sk，a_pk) If T is true, the public and private key pair is signed temporarily (a)_pk，a_sk) Otherwise, the cluster center node is required to regenerate the cluster center node until the verification equation is satisfied.

After the temporary signature public and private key pair is confirmed to be valid, a private public and private key pair exclusive to the data request node is locally generated (b)_pk，b_sk). Randomly selecting random numbers

As the exclusive private key, the bilinear map e is used to further calculate the exclusive public key b_pk＝e(b_skP，a_pk)。

A receive address negotiation process is then performed requiring the data requestor to exchange respective address disclosure parameters with the data provider. The data request node selects random numbers R and V, and makes R ═ rP, V ═ vP, and β ═ τ_uP, using (R, R) as a random public and private key pair, (V, V) as a first master control address public and private key pair, and using beta as a shared key of both parties for encrypting data.

Setting shared information F ═ R | | | V | | | τ negotiated and established between data request node and data providing node_u}, calculating

Randomly selecting integers

Further calculation of

As a shared information constraint parameter, encrypting the random public key R, the first master control address public key V and the shared information constraint parameter W by using a shared key beta to obtain a ciphertext c_uE (β, (R, V, W)), E () represents a symmetric encryption algorithm.

Finally, the data request node utilizes the inherent signature private key sk of the data request node_uFor ciphertext c_uTarget data commitment cm_uAnd a private public key b_pkSignature:

σ_u＝S_sig(sk_u，(c_u，cm_u，b_pk))

wherein S is_sig() Representing a signature generation algorithm.

Will contain the signature σ_uAnd sending the data access request of the signed information to the data source central node.

The data source central node firstly verifies the signature in the data access request:

Verify(pk_u，(c_u，cm_u，b_pk)，σ_u)→b

inputting the inherent public signature key pk of the data request node to the signature verification algorithm Verify ()_uSigned information and signature σ_uOutputting a Boolean variable b, proving sigma when the Boolean variable b returns TRUE_uBy verification, prove σ when returning FALSE_uFailing to pass the verification.

After the verification is passed, the ciphertext c is transmitted_uTarget data commitment cm_uAnd a private public key b_pkAnd sending the data to the cluster member which receives the same commitment value before, wherein the cluster member is the data providing node.

Data providing node searching for commitment cm from sent message and target data_uFirst data commitment cm with consistent value_iFurther confirm the committed local data and mark tau_iThus, it is possible to generate a decryption key β ═ τ_iAnd P. From this, only τ is_i＝τ_uThen β' is β, the correct plaintext can be obtained by decryption. Using secret key beta' to pair cipher text c_uDecrypting to obtain plaintext c'_u＝D(β′，c_u)＝{R，V，W}。

And selecting a random number X, calculating X as xP, and taking (X, X) as a second master address public and private key pair. Then blinding the public key X of the second master control address and blinding the message X^*And combining with the shared information constraint parameter W, calculating to obtain a partial blinding message by the following formula:

wherein the hash value H ═ H₂(X, F, Z), median values

Representing a blinding factor;

the partially blinded message Y is then again blinded with the key beta^*After being encrypted, the data are forwarded to the data request node through the data source central node.

Similarly, the data requesting node benefitsAfter the local key beta is used for decrypting the ciphertext of the data providing node, a partial blinding message Y is obtained^*. And (3) calculating by using a partial blind signature algorithm and a temporary signature private key to obtain a partial blind signature of the partial blind message:

δ^*＝ja_sk+H₃(F)b_skY^*

partial blind signature delta with reuse of secret key beta^*Encrypting and using the inherent signature private key sk_uAnd after signing, sending the signature message to the data source central node.

The data source central node is responsible for verifying the validity of the signature message and forwarding the signature message confirmed to be valid to the data providing node.

The data providing node firstly decrypts the ciphertext by using the key beta' to obtain the plaintext signature message, and then partially blindly signs a^*Blindness-removing signature delta-mu delta obtained by blindness removal^*The blind signature removing delta takes the second master control address public key X as a master signature object and simultaneously contains the constraint on the shared information F. For any node, through the public data set (X, Z, F, P)_pub) And a public key b specific to the data requesting node_pkAnd an identity ID_uThe validity of the signature can be verified.

Since the information F and the master public key P are shared_pubKnown to the data requesting node, and therefore only the data set (δ, X, Z) needs to be forwarded to the data requesting node by the data source central node. Requiring the data-providing node to utilize the local intrinsic signature private key sk before forwarding_iThe data set (delta, X, Z) containing the blinding-removed signature delta is subjected to secondary signature so as to prove the condition approval of the blinding-removed signature delta by the data providing node, and when the data providing node denies the transaction, the secondary signature message can be disclosed to the public.

After the data group (delta, X, Z) and the secondary signature thereof are encrypted by the key beta', the access receiving message containing the ciphertext is forwarded to the data request node through the data source central node.

The data request node uses the key beta to decrypt the ciphertext in the access receiving message to obtain the data group (delta, X, Z) and twoAnd (5) secondary signature. Firstly, the inherent signature public key pk of the data providing node is utilized_iVerifying the validity of the secondary signature, and after the validity is confirmed, further verifying the blind signature removal through a signature verification algorithm:

if the above equation is true, the blind signature removal is valid, otherwise the signature is invalid.

After confirming that the blind signature removal is valid, generating a collection public key address by adopting a random public key address generation algorithm:

addr_pk＝H₂(rX)P+V

to the public key address addr of collection_pkPaying data access service fee, charging according to data byte amount, or charging according to fixed limit set by data providing node, wherein the specific calculation mode and pricing are recorded in the access receiving message.

Similarly, a random public key address generation algorithm is also adopted at the data providing node to generate a collection public key address:

addr_pk＝H₂(Rx)P+V

after confirming the receiving public key address addr_pkAnd after the data access service charge with the specified amount is stored, providing service for the data request node, and forwarding the encrypted target data to the data request node through the data source central node. Similarly, the data source central node can also require the data providing node to pay additional network proxy service fee according to the forwarded data traffic, the specific metering standard is determined by the negotiation of both parties, and the settlement mode can also be realized by digital currency or other financial instruments.

Thirdly, settlement stage:

the data request node firstly decrypts the ciphertext to obtain the target data in a plaintext form. And then, recalculating the complete hash value of the data by using a hash algorithm commonly identified by the block chain, comparing the complete hash value with the standard hash value recorded in the block chain, if the complete hash value is different from the standard hash value recorded in the block chain, indicating that the data is incomplete or has errors (such as packet loss), sending an error message to the data providing node by using the data source central node, retransmitting the data by using the data providing node, and if the complete hash value is the same as the standard hash value recorded in the block chain, indicating that the target data is correct.

And after the target data is confirmed to be complete, encrypting and signing the private key v of the first master control address, and forwarding a data acknowledgement receipt containing the ciphertext and the signature to the data providing node through the data source central node.

After the data providing node decrypts the ciphertext and successfully verifies the signature, a first master control address private key v in a plaintext form is obtained, and a random private key address generation algorithm is adopted to generate a collection private key address:

addr_sk＝H₂(Rx)+v

gathering public key address addr_pkAnd the address addr of the collection private key_skThe derivation process of the mutually effective address pairs is as follows:

addr_pk＝addr_skP＝(H₂(Rx)+v)P＝H₂(Rx)P+V ＝H₂(rxP)P+V＝H₂(rX)P+V

in other embodiments provided by the present invention, when the data request node sends a data retrieval request, it may broadcast a partial space vector of the target data to the network, assuming that the target data identifies the corresponding space vector H_u＝ (h_u1，h_u2，...h_um) Then the partial coordinate values h may be extracted_ui∈H_uI is not less than 1 and not more than m and constitutes a component space vector H'_uAs a retrieval target. For the cluster center node, as long as the local bloom filter contains the partial space vector, the corresponding local data commitment is fed back to the data request node. Compared with the retrieval process implemented by using a complete space vector, the data retrieval range is expanded by using a part of space vectors, so that the risk of reverse analysis of target data can be effectively reduced, and the data privacy is improved.

The invention takes the data promise as a data filter, can accurately position the storage position of target data, and can simultaneously keep secret to the outside for specific data objects accessed by users, except that a data request node utilizes a space vector H_u(or partial space vector H'_u) And a pairTarget data identification tau with external security_uExcept for the fact that the commitment with the same value can be calculated, the commitment cannot be calculated by any other node; similarly, for other first data commitments which are not matched, the data request nodes also cannot judge which data objects are commitments specifically made to the data request nodes, and malicious nodes are prevented from detecting the distribution situation of network cloud data in a mode of broadcasting a large amount of non-directional false data requests so as to implement network attacks on certain interested data storage nodes.

On the other hand, the first data commitment value cm provided by any cluster member_iBecause of the addition of the random blinding factor t_iThe calculated commitment values have certain randomness, so that the commitment values calculated by the plurality of network nodes storing the same data are different inevitably, even if the same data object stored on the same node is subjected to the same data object, the commitments sent continuously outwards are completely different, and an attacker cannot trace the source of the data through the intercepted commitment values.

In another embodiment of the present invention, the distributed cloud storage data access method further includes an accountability mechanism. When one of the data access party and the data providing party has default behaviors, the other party starts a accountability process to prove to a public trust platform or the whole network, and proves that the other party performs the transaction behaviors according to the agreement of the consensus algorithm, but does not perform the related transaction activities according to the agreement, so that the evidence of transaction failure is caused. The data processing method specifically comprises the accountability of a data request node and a data providing node. Data request node accountability step:

when the data request node pays the service fee but does not receive the target data, the data providing node does not provide the target data transmission record, and the data request node publishes the blinding-removing signature delta, the secondary signature message and the signature public key pk of the data providing node to the network_iA random public and private key pair (R, R), a first master address public key V, a second master address public key X and a target data identification tau_uIntermediate value Z, private public key b of data request node_pkAnd an identity ID_u。

Signature public key pk of data providing node used by any third party_iVerifying the main body of the secondary signature message, if the main body is not the blind-removing signature delta, indicating that the data request node is responsible and invalid, otherwise, indicating that the secondary signature message is valid, further adopting a blind-removing signature verification algorithm to calculate the shared information F ═ R | | | V | | | τ_uH, H₂(X, F, Z) using the public parameter sequence L already disclosed by the cluster center node_pub＝{q，e，T，G₁，G₂，P，P_pub，H₁，H₂，H₃Verifying whether the following equation holds:

if the verification fails, the data request node is indicated to ask for accountability and invalid, otherwise, the blind signature removal is indicated to be valid; and then further verifying whether the random public key is matched with the random private key, namely whether an R (rP) equation is true or not, if not, indicating that the data request node is responsible and invalid, otherwise, regenerating an address value addr by using the random private key R, the first master address public key V and the second master address public key X_pk＝H₂(rX) P + V, namely a collection public key address negotiated by both parties, if the address value does not store the digital currency with the agreed amount, the data request node does not pay corresponding cost and the accountability is invalid, otherwise, the data request node pays the corresponding service fee according to the agreement and the accountability is valid, and the data providing node is confirmed to violate.

In the present embodiment, the data providing node performs accountability:

when the data providing node has sent the target data but has not received the first master address private key V, the data requesting node does not provide the data acknowledgement receipt transmission record, and the data providing node publishes to the network a blinding removal signature δ, a random public key R, the first master address public key V, a second master address public and private key pair (X, X), and a target data identification τ_uIntermediate value Z, private public key b of data request node_pkAnd an identity ID_u。

Similarly, any third party calculates shared information F ═ R calculation ability by using blind-removing signature verification algorithm|V||τ_uH, H₂(X, F, Z) using the public parameter sequence L already disclosed by the cluster center node_pub＝ {q，e，T，G₁，G₂，P，P_pub，H₁，H₂，H₃Verifying whether the following equation holds:

if the verification fails, the data providing node is proved to be responsible and invalid, otherwise, the blind signature removal is proved to be valid; further verifying whether the second master control address public key is matched with the second master control address private key, namely whether an X X equation is true or not, if not, indicating that the data providing node is in charge of invalid, otherwise, indicating that the second master control address public and private key pair really provides the data providing node with legal possession, and then regenerating an address value addr by using the random public key R, the first master control address public key V and the second master control address private key X_pk＝H₂(Rx) P + V, if no digital currency with agreed amount exists on the address value, it is indicated that the data providing node is responsible for invalid, because the data requesting node needs to pay service fee firstly according to the transaction rule, the data providing node can send data to the data requesting node when confirming that the digital currency exists on the collection public key address, namely, the data providing node is determined to violate the transaction rule firstly, otherwise, it is indicated that the data requesting node pays service fee according to the transaction agreement, because the data requesting node does not complete the evidence, it is indicated that the data providing node is responsible for valid, and it is confirmed that the data requesting node violates the agreement.

The validity of the de-blind signature verification algorithm used in the embodiments of the present invention is analyzed as follows:

therefore, the blind signature removing verification algorithm can effectively verify the authenticity of the signature, and is suitable for a signer, a signet and a transaction evidence receiver disclosed by the two parties, so that transaction parties can believe that the partial blind signature transaction mode provided by the invention has sufficient operation reliability, and the transaction auditing work is convenient to execute.

In order to realize the cloud data access method, the invention also provides a distributed cloud storage data service system, the whole system adopts a C/S mode design and comprises a service terminal system and a client subsystem, the service terminal system comprises a cluster center node which is distributed and deployed, a data providing node which is governed by the cluster center node in a clustering way and a block chain which is built by network nodes together, and the client subsystem comprises a data request node. A large number of computing nodes (cluster centers) which are scattered at different positions and have large storage spaces and storage nodes (cluster members) are combined together by utilizing a service terminal system to form a data service platform, the cluster centers have high data processing performance and are responsible for scheduling data storage services and managing data information in the system, the cluster members store cloud data widely distributed on the network and are data providers, and the nodes are organized and managed in a unified mode according to a consensus algorithm set in the process of building the system through network communication and provide data storage and access services to the outside.

As shown in the system structure of fig. 3, in particular, the service subsystem is configured to provide a cloud data access service for a client subsystem, where the cloud data is stored in a distributed manner on a data providing node;

a data identifier and a standard hash value of the cloud data are recorded on the block chain, the data identifier is used for marking the cloud data, and the standard hash value is used for verifying the integrity of the cloud data;

the cluster center node records the data characteristics of cloud data stored by each cluster member by adopting a bloom filter, wherein the data characteristics are generated by data identification;

the data providing node further comprises: the system comprises an address generation module, a message blinding-removing module and a service providing module;

an address generation module: generating self address public parameters, generating a collection public key address by the address public parameters exchanged by the data request node, and generating a collection private key address by using the address secret parameters, wherein the collection private key address is used for spending digital coins on the collection public key address;

a message blinding module: generating a partial blinding message according to the data characteristics of the target data and the address public parameters;

and a message blinding module: blinding the partial blind signature to obtain a blind signature removal, and taking the blind signature removal as a transaction certificate for both parties to reach a consensus;

a service providing module: transmitting specified target data to the data request node according to the data characteristics recorded in the signature;

the data requesting node includes: the system comprises a data query module, an address generation module, a message signature module, a data verification module and a fee settlement module;

a data query module: target data are retrieved from the cluster center node by utilizing the data characteristics, and cluster members storing the target data are used as data providing nodes;

an address generation module: generating self address public parameters and address secret parameters, and generating a collection public key address by the address public parameters exchanged by the data providing nodes;

a message signature module: for obtaining a partially blinded signature for the partially blinded message signature;

a data verification module: performing hash operation on the received target data, comparing the obtained hash value with a standard hash value recorded in a block chain, and judging the integrity of the data;

and a fee settlement module: for transferring the data access service fee to the payee public key address recorded in the signature.

It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (10)

1. A distributed cloud storage data access method is characterized by comprising the following steps:

performing clustering management on cloud data which are stored on each node of a network in a distributed manner, and recording data characteristics of the cloud data stored by each cluster member by a cluster center node by adopting a bloom filter;

the data request node retrieves target data from the cluster center node by using the data characteristics, takes a cluster member stored with the target data as a data providing node, and the two parties generate a collection public key address together by using the interchanged address public parameters;

the data providing node generates a partial blinding message according to the data characteristics of the target data and the address public parameters, and the data requesting node signs the partial blinding message to obtain a partial blinding signature;

the data providing node blindly resolves partial blind signatures to obtain blind signatures, takes the blind signatures as transaction certificates which are agreed by two parties, transfers the data access service fee to the collection public key address recorded in the signatures, and transmits appointed target data to the data requesting node according to the data characteristics recorded in the signatures;

after verifying that the target data is correct, the data request node transmits the address secret parameter to the data providing node;

the data providing node generates a collection private key address by using the address secret parameter, wherein the collection private key address is used for spending the digital coins on the collection public key address.

2. The distributed cloud storage data access method according to claim 1, wherein the step of retrieving the target data by the data request node is:

the data request node extracts a target data identifier recorded in the block chain, calculates a space vector corresponding to the target data identifier as a data feature, and broadcasts a data retrieval request containing the space vector to the network;

each cluster central node respectively judges whether the local bloom filter contains the space vector, and informs cluster members to which the space vector belongs;

the cluster members search local data identifications corresponding to the space vectors, and forward first data commitments related to the local data identifications to the data request nodes through the cluster center nodes;

the data request node forms a commitment set by all the received first data commitments, uses the target data identification to participate in generating a second data commitment, selects the same element as the second data commitment from the commitment set as the target data commitment, and uses a cluster center node which sends the target data commitment as a data source center node.

3. The distributed cloud storage data access method according to claim 2, wherein the step of generating a collection public key address by the data requesting node and the data providing node together is as follows:

the data request node respectively generates a random public and private key pair and a first master control address public and private key pair by adopting a key generation algorithm, and sends a random public key and a first master control address public key to the data providing node;

the data providing node generates a second master control address public and private key pair by adopting the same key generation algorithm and sends the second master control address public key to the data requesting node;

the data request node adopts a random public key address generation algorithm, and a disposable random address generated by a random private key, a first master control address public key and a second master control address public key is used as a collection public key address of the data providing node;

the data providing node adopts a random public key address generation algorithm, and a disposable random address generated by a random public key, a first master control address public key and a second master control address private key is used as a local collection public key address;

the two public payment public key addresses generated by the two parties are the same.

4. The distributed cloud storage data access method according to claim 3, wherein the step of performing partial blind signature between the data request node and the data providing node is as follows:

the cluster center node publishes public parameters of a partial blind signature generation algorithm to the data request node and the data providing node, distributes a temporary signature public and private key pair for executing partial blind signature for the data request node by utilizing the public parameters, and sends the temporary signature public and private key pair to the data request node in a secret mode;

the data request node generates a shared information constraint parameter of a partial blind signature by a random public key, a first master control address public key and a target data identifier, and the shared information constraint parameter is used for constraining partial blind signature implementation conditions and is forwarded to the data providing node through the data source central node;

the data providing node blinds the public key of the second master control address, combines the blinding message with the shared information constraint parameter to generate a part of blinding message, and forwards the part of blinding message to the data request node through the data source central node;

the data request node obtains a partial blind signature for the partial blind message signature by using the temporary signature private key, and forwards the partial blind signature to the data providing node through the data source central node;

and the data providing node blindly resolves the partial blind signature to obtain a blind-removed signature, and forwards the blind-removed signature and the secondary signature message to the data request node through the data source central node after performing secondary signature on the blind-removed signature by using the signature private key of the data providing node.

5. The distributed cloud storage data access method of claim 4, wherein the cluster center node uses an identity-based partial blind signature algorithm to generate a temporary signature public-private key pair by using public parameters and a data request node identity.

6. The distributed cloud storage data access method of claim 5, wherein the step of generating the collection private key address is:

the data request node encrypts the first master control address private key and forwards a ciphertext to the data providing node through the data source central node;

after the data providing node decrypts the ciphertext, a random private key address generation algorithm is adopted, and a one-time random address generated by a random public key, a first master control address private key and a second master control address private key is used as a collection private key address.

7. The distributed cloud storage data access method of claim 6, wherein the data request node and the data providing node use a key generation algorithm to generate a symmetric key for data encryption and decryption by using the target data identifier, and the encrypted data includes a random public key exchanged by both parties, a first master address public key, a second master address public key, a shared information constraint parameter, a partial blinding message, a partial blind signature, a blinding-removed signature, a secondary signature message, and a first master address private key.

8. The distributed cloud storage data access method according to claim 7, further comprising the data requesting node accountability step of:

when the data request node pays the service fee but does not receive the target data, publishing a blind signature removal message, a secondary signature message, a signature public key of the data providing node, a random public and private key pair, a first master control address public key, a second master control address public key and a target data identifier to a network;

any third party verifies the main body of the secondary signature message by using the signature public key of the data providing node, if the main body is not the blind signature removal, the data requesting node is proved to be responsible and invalid, otherwise, the blind signature removal verification algorithm is adopted, the random public key, the first master control address public key, the second master control address public key and the target data identification are used for verifying the blind signature removal, if the verification fails, the data request node is proved to be invalid, otherwise, the random public key and the random private key are further verified whether to be matched, if not, indicating that the data request node is responsible for invalid, otherwise, regenerating an address value by using the random private key, the first master address public key and the second master address public key, if the digital currency with the agreed amount does not exist on the address value, the data request node is indicated to be in charge invalid, otherwise, the data request node is indicated to be in charge valid, and the data providing node default is confirmed.

9. The distributed cloud storage data access method of claim 7, further comprising the data providing node accountability step of:

when the data providing node has sent the target data but does not receive the first master control address private key, publishing a blind signature removal, a random public key, a first master control address public key, a second master control address public and private key pair and a target data identifier to a network;

and any third party adopts a blind-removing signature verification algorithm, verifies the blind-removing signature by using the random public key, the first master control address public key, the second master control address public key and the target data identifier, if the verification fails, the data providing node is proved to be invalid, otherwise, whether the second master control address public key is matched with the second master control address private key is further verified, if the verification is not matched, the data providing node is proved to be invalid, otherwise, the random public key, the first master control address public key and the second master control address private key are used for regenerating an address value, if no digital currency with appointed amount is stored on the address value, the data providing node is proved to be invalid, otherwise, the data providing node is proved to be valid, and the data requesting node is confirmed to be illegal.

10. The distributed cloud storage data service system is characterized by comprising a service terminal system and a client subsystem, wherein the service terminal system comprises a cluster center node deployed in a distributed manner, a data providing node governed by the cluster center node in a cluster manner and a block chain constructed by network nodes together, and the client subsystem comprises a data request node;

the service terminal system is used for providing cloud data access service for the client subsystem, and the cloud data is stored on the data providing nodes in a distributed mode;

a data identifier and a standard hash value of the cloud data are recorded on the block chain, the data identifier is used for marking the cloud data, and the standard hash value is used for verifying the integrity of the cloud data;

the cluster center node records the data characteristics of cloud data stored by each cluster member by adopting a bloom filter, wherein the data characteristics are generated by data identification;

the data providing node further comprises: the system comprises an address generation module, a message blinding-removing module and a service providing module;

an address generation module: generating self address public parameters, generating a collection public key address by the address public parameters exchanged by the data request node, and generating a collection private key address by using the address secret parameters, wherein the collection private key address is used for spending digital coins on the collection public key address;

a message blinding module: generating a partial blinding message according to the data characteristics of the target data and the address public parameters;

and a message blinding module: blinding the partial blind signature to obtain a blind signature removal, and taking the blind signature removal as a transaction certificate for both parties to reach a consensus;

a service providing module: transmitting specified target data to the data request node according to the data characteristics recorded in the signature;

the data requesting node includes: the system comprises a data query module, an address generation module, a message signature module, a data verification module and a service settlement module;

a data query module: target data are retrieved from the cluster center node by utilizing the data characteristics, and cluster members storing the target data are used as data providing nodes;

an address generation module: generating self address public parameters and address secret parameters, and generating a collection public key address by the address public parameters exchanged by the data providing node;

a message signature module: for obtaining a partially blinded signature for the partially blinded message signature;

a data verification module: performing hash operation on the received target data, comparing the obtained hash value with a standard hash value recorded in a block chain, and judging the integrity of the data;

and a fee settlement module: for transferring the data access service fee to the payee public key address recorded in the signature.

Images