CN103425941B - The verification method of cloud storage data integrity, equipment and server - Google Patents
The verification method of cloud storage data integrity, equipment and server Download PDFInfo
- Publication number
- CN103425941B CN103425941B CN201310330155.7A CN201310330155A CN103425941B CN 103425941 B CN103425941 B CN 103425941B CN 201310330155 A CN201310330155 A CN 201310330155A CN 103425941 B CN103425941 B CN 103425941B
- Authority
- CN
- China
- Prior art keywords
- file
- module
- user
- module file
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention provides the verification method of a kind of cloud storage data integrity, including: generate the identifier of file to be stored, described file is carried out coding simultaneously and obtain multiple module file;Utilize user's public-key cryptography and private cipher key that each module file is calculated the authenticating tag of each module file, each authenticating tag is generated authentication in open data;Described identifier, module file and authenticating tag are submitted to server;Generate file integrality inquiry request, send described inquiry request to server, receive what described server returned, utilize the report information of the described file of the authenticating tag generation that user's public-key cryptography, identifier, module file are corresponding with module file;Utilize report information described in user's public-key cryptography and described authentication in open data verification.The present invention also provides for checking equipment and the authentication server of correspondence, and the integrity of cloud storage data can carry out open checking.
Description
Technical field
The present invention relates to cloud storage technical field, particularly relate to the verification method of a kind of cloud storage data integrity, one
Plant the checking equipment of cloud storage data integrity, and the authentication server of a kind of cloud storage data integrity.
Background technology
Cloud storage is that storage resource is put on network the emerging scheme of one for people's access, with traditional storage mode phase
Ratio, cloud storage is with in economy, and the aspect such as scale and management has the advantage can not ignore.Such as, when a client is because of it
Locally stored space is the least and when cannot store substantial amounts of data file, client's be not required to upgrade oneself facility such as hardware comes
Solving this problem, only need to spend rational expense, the data of these magnanimity are stored cloud storage service supplier is provided
High in the clouds just can save many unnecessary worries.Although the facility that cloud storage is brought is apparent from, but therewith
The safety issue produced but be can not ignore, for saving resource or consideration economically, server likely delete or
The file that amendment user is uploaded.Therefore, the data file for a careful cloud storage user, to storage to high in the clouds
Carry out integrity verification most important.
Assume that some data files are stored high in the clouds by upload user, and delete these literary compositions having stored high in the clouds in this locality
Part, and the file that high in the clouds is arrived in these storages is shared by other user, so now these store the shared user of files
All can carry out the integrity verification of file independently.In other words, (as at train or aircraft in the sight that some is special
On), upload user in person cannot store the data file in high in the clouds and carry out integrity verification him.Now this upload user must not
A trusted party (relatives, friend or subordinate) is not entrusted to carry out the integrity verification of high in the clouds storage file for him.Above-mentioned
In situation, upload user in order to allow other entities that its storage to the data file in high in the clouds can carry out integrity verification, and incite somebody to action
The private key of oneself is sent to other people way and there will naturally be great potential safety hazard.Therefore, it is necessary to design one is supported open
The storage proof scheme of certification, solves above-mentioned safety problem.
Ateniese et al. give first open can the definition of certificate scheme, and storage proof problem is formally described
(PDP) problem is stored for evincible data.But the authentication in open PDP scheme that they propose leading at cloud storage server end
Letter is dissatisfactory with computational efficiency aspect.
Juels Yu Kaliski proposes first concept proving (POR) about time taking property, and the POR system to safety
It is described in detail.Briefly, in the POR system of a safety, if a cloud storage server is for user
Sent out its inquiry to return a correct response and make this user accept, then user enters in polynomial time with server
After row is repeatedly mutual, from these interactive information, user can recover original data file.The first string that document is mentioned
Not there is open confirmability (only supporting private key certification), and only support the certification of predefined constant number of times;Second side
Although case can not limit the authentication in open of number of times, but O (l) is individual to be recognized to require server to send in certification interaction
Card value.
Giving two effective POR schemes as Shacham with Waters, wherein the first string only supports that private key is recognized
Card, second scheme be open can certification, but the two scheme is the highest with the calculation cost of cloud server end user.
Additionally, utilize homomorphism cryptographic methods, XuJia proposes several POR scheme.But these schemes the most only support private
Key certification.AlptekinKupcu proposes first effective complete dynamically PDP scheme, and user is stored in the file in high in the clouds to it
It is updated operation, and remains able to carry out the integrated authentication of file.But their scheme expands to support that disclosure can certification
Time, higher calculating and communication cost can be produced.Give a disclosure as Yuan Jiawei and Yu Shucheng can recognize
The POR scheme of card, utilizes the multinomial commitment scheme of a safety, the communication cost that their scheme acquirement is fixed, but he
Scheme but need server to carry out exponent arithmetic repeatedly.
Summary of the invention
Based on this, the present invention provides the verification method of a kind of cloud storage data integrity, checking equipment and authentication server,
The integrity of cloud storage data can be carried out open checking.
The verification method of a kind of cloud storage data integrity, comprises the steps:
Generate the identifier of file to be stored, described file is carried out coding simultaneously and obtain multiple module file;
Utilize user's public-key cryptography and private cipher key that each module file is calculated each module file to recognize
Card label, generates authentication in open data to each authenticating tag;
Described identifier, module file and authenticating tag are submitted to server;
Generate file integrality inquiry request, send described inquiry request to server, receive what described server returned,
Utilize the report of the described file of the authenticating tag generation that user's public-key cryptography, identifier, module file are corresponding with module file
Information;
Utilize report information described in user's public-key cryptography and described authentication in open data verification.
The verification method of a kind of cloud storage data integrity, comprises the steps:
Receive identifier, module file and the authenticating tag corresponding with module file of user side transmission and store;
Receive the file integrality inquiry request that user side sends, utilize file integrality inquiry request, public affairs described in user
Open key, authenticating tag that identifier, module file are corresponding with module file generates report information and feeds back to described user side, with
Verify for described user side.
A kind of checking equipment of cloud storage data integrity, including:
Coding module, for generating the identifier of file to be stored, carries out module coding to described file simultaneously and obtains many
Individual module file;
Generation module, is used for utilizing user's public-key cryptography and private cipher key to be calculated each to each module file
The authenticating tag of module file, generates authentication in open data to each authenticating tag;
Submit module to, for described identifier, module file and authenticating tag are submitted to server;
Enquiry module, is used for generating file integrality inquiry request, sends described inquiry request to server, receives described
Server returns, and utilizes the institute that the authenticating tag that user's public-key cryptography, identifier, module file are corresponding with module file generates
State the report information of file;
Authentication module, is used for utilizing report information described in user's public-key cryptography and described authentication in open data verification.
A kind of authentication server of cloud storage data integrity, including:
Receiver module, for receiving identifier, module file and the certification mark corresponding with module file that user side sends
Sign and store;
Feedback module, for receiving the file integrality inquiry request that user side sends, utilizes file described in user complete
Property inquiry request, public-key cryptography, authenticating tag that identifier, module file are corresponding with module file generate report information and feed back to
Described user side, verifies for described user side.
Verification method, equipment and the server of above-mentioned cloud storage data integrity, user is by the mould obtained after coding
Block file is authenticated recognizing of the calculating of label, regeneration authentication in open data, server memory module file and module file
Card label, when needs carry out file verification, it is not necessary to providing the private information of user, server may utilize user's public-key cryptography pair
The module file of storage and authenticating tag generate report information, and verifier verifies report information with user's public-key cryptography again, it is achieved
The authentication in open of cloud storage data integrity;The present invention allow arbitrary authority checking person without obtaining the private information of user,
Just the data file that user can be stored in high in the clouds carries out integrity verification, and need not download file.
Accompanying drawing explanation
Fig. 1 is the verification method of cloud storage data integrity of the present invention schematic flow sheet in embodiment one.
Fig. 2 is the verification method of cloud storage data integrity of the present invention schematic flow sheet in embodiment two.
Fig. 3 is the verification method of cloud storage data integrity of the present invention schematic flow sheet in embodiment three.
Fig. 4 is the checking equipment of cloud storage data integrity of the present invention structural representation in embodiment four.
Fig. 5 is the authentication server of cloud storage data integrity of the present invention structural representation in embodiment five.
Detailed description of the invention
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited to
This.
The present invention program can include three class participants: user, Cloud Server and verifier.Some file is stored by user
To Cloud Server, and delete these files in this locality.Cloud Server lays claim to ability and intactly stores the data file of client.Test
Card person has permission and client is stored in the data file of Cloud Server carries out integrity verification, and need not the secret number of client
According to.
Embodiment one
As it is shown in figure 1, be the verification method schematic flow sheet in the present embodiment of cloud storage data integrity of the present invention,
Illustrate as a example by the handling process of user side in the present embodiment, comprise the steps:
S11, the identifier of generation file to be stored, carry out coding to described file simultaneously and obtain multiple module file;
S12, utilize user's public-key cryptography and private cipher key that each module file is calculated each module file
Authenticating tag, to each authenticating tag generate authentication in open data;
S13, described identifier, module file and authenticating tag are submitted to server;
S14, generation file integrality inquiry request, send described inquiry request to server, receive described server and return
Return, utilize the described file of the authenticating tag generation that user's public-key cryptography, identifier, module file are corresponding with module file
Report information;
S15, utilize report information described in user's public-key cryptography and described authentication in open data verification.
In step s 11, user needs file is carried out pretreatment before upper transmitting file to Cloud Server, generates described file
Identifier;Again file F to be stored being carried out module, rate-ρ algorithm can be used to process, user first arranges system ginseng
Number ρ ∈ (0,1), the error correcting code of application rate-ρ encodes and generates multiple module file (F to data file F0,…,
Fn-1) so that each module Fi∈{0,1}mλ, and arbitrary n module F of ρiAll can recover original data file F, its
Middle n is total number of described module file.
In the present embodiment, the public-key cryptography of user and private cipher key can be generated by RSA key generating algorithm, specifically
Generation step as follows:
Upload user randomly selects a λ bits RSA modulus N=pq so that It it is all element
Count, and p, q have identical bit long;
OrderWherein(N) it is Euler's function, represents and be not more than N and coprime with N
The number of positive integer;
From QRNIn randomly select one generate unit g, wherein QRNRepresent the quadratic residue subgroup of mould N;
Randomly selectWherein,Represent withCoprime and at mouldUnder residue class;
From pseudo-random function race { PRFseed:{0,1}2λ→Zφ(N)Key space in randomly select a seed seed;
Make gτ=gτ, PKI is pk=(N, g, gτ), private key is sk=(p, q, τ, seed).
Wherein in an embodiment, the identifier of described file meets constraints id ∈ { 0,1}λ, wherein, id is institute
Stating identifier, λ is the bit long of modulus in user's public-key cryptography.
Obtain multiple module file FiAfter, user need to utilize public-key cryptography and private cipher key to calculate recognizing of each module file
Card label, more each authenticating tag is generated authentication in open data;
The described user's of utilization public-key cryptography and private cipher key are calculated each module literary composition to the file of each module
The step of the authenticating tag of part can be:
According to the following formula described authenticating tag of generation:
Wherein, i is the numbering of module file, FiFor i-th module file, σiFor the authenticating tag that module file i is corresponding, τ
For the random number in user's private cipher key, PRFseedFor the pseudo random number that random seed seed in user's private cipher key is corresponding, i ∈
[0, n-1], n is total number of described module file, and N is the modulus in user's public-key cryptography.
The described step to each authenticating tag generation authentication in open data can be:
According to the following formula each authentication in open data of generation:
Wherein, giFor the authentication in open data of i-th module file, g is the generation unit in user's public-key cryptography.
After processing module file, the upper transmitting file of user is to Cloud Server, and in step s 13, user submits to cloud
The data of server only need to include the authenticating tag of identifier, module file and correspondence thereof;I.e. cloud user can be by
It is sent to server, and only local storage (id, n) and openWherein
After data are submitted to successfully, verifier can generate file integrality inquiry request, sends inquiry request to server,
Receive the report information that server returns;Finally checking this report information, it is judged that the integrity of data;
Wherein in an embodiment, the step of described generation file integrality inquiry request can be:
Randomly select the subset that scale is | C |=lTo each i ∈ C, fromIn random
Choose weight νi, described inquiry request is { (i, νi):i∈C}.;
The step of described checking report information is:
Judge whether following equalities is set up:
Wherein, described report information is (M, σ), M=Σi∈CνiFiModN, σ=Σi∈CνiσiModN, i are described module literary composition
The numbering of part,N is total number of described module file, νiFor the random weight that numbering i is corresponding, FiFor i-th
Module file, N is the modulus in user's public-key cryptography, σiFor the authenticating tag that i-th module file is corresponding;
If setting up, the storage of the most described file is complete;If being false, the storage of the most described file is imperfect.
Embodiment two
As in figure 2 it is shown, be the verification method schematic flow sheet in the present embodiment of cloud storage data integrity of the present invention,
Illustrate as a example by the handling process of Cloud Server in the present embodiment, comprise the steps:
S22, identifier, module file and the authenticating tag corresponding with module file of reception user side transmission also store;
The file integrality inquiry request that S23, reception user side send, utilizes file integrality inquiry described in user to ask
Ask, authenticating tag that public-key cryptography, identifier, module file are corresponding with module file generates report information and feeds back to described user
End, verifies for described user side.
Wherein in an embodiment, described document validation requests includes the numbering of module file, and described numbering is right
The random weight answered;
Described report information is (M, σ), according to the following formula described report information of generation:
M=Σi∈CνiFiModN, σ=Σi∈CνiσimodN
Wherein, i is the numbering of described module file,N is total number of described module file, νiFor compiling
Number random weight corresponding for i, FiFor i-th module file, N is the modulus in user's public-key cryptography, σiFor i-th module file
Corresponding authenticating tag.
Embodiment three
As it is shown on figure 3, again by one specific embodiment illustrate the present invention handling process, in the present embodiment, be with
Illustrate as a example by family end and server two-way interactive.
S31, user side generate the identifier of file to be stored, described file carries out coding simultaneously and obtains multiple module literary composition
Part;
S32, user side utilize user's public-key cryptography and private cipher key that each module file is calculated each mould
The authenticating tag of block file, generates authentication in open data to each authenticating tag;
Described identifier, module file and authenticating tag are submitted to server by S33, user side;
S34, server receive identifier, module file and the authenticating tag corresponding with module file of user's transmission and deposit
Storage;
S35, user side generate file integrality inquiry request, send described inquiry request to server;
S36, server, when receiving the inquiry request that user sends, utilize user's public-key cryptography, identifier, module literary composition
The authenticating tag that part is corresponding with module file generates the report information of described file and feeds back to user side;
S37, user side receive the report information that described server returns;
S38, user side utilize report information described in user's public-key cryptography and described authentication in open data verification;
1. key generates ((1λ) → (pk, sk))
A) upload user randomly selects a λ bits RSA modulus N=pq so that All
Being prime number and p, q has identical bit long;
B) orderWhereinFor Euler's function, represent and be not more than N and coprime with N
The number of positive integer;
C) from QRNIn randomly select one generate unit g, wherein QRNRepresent the quadratic residue subgroup of mould N;
D) randomly selectWherein,Represent withCoprime and at mouldUnder residue class;
E) from pseudo-random function raceKey space in randomly select a seed
seed;
Make gτ=gτ, PKI is pk=(N, g, gτ), private key is sk=(p, q, τ, seed).
2. coding
A) upload user arranges systematic parameter ρ ∈ (0,1).Data file F is encoded by the error correcting code of application rate-ρ
And generate file module (F0,…,Fn-1) so that each module Fi∈{0,1}mλ, and n module F of arbitrary ρiAll can
Recover original data file F;
B) it is that file F selects a unique identifier id ∈ { 0,1}λ;
C) it is each data file module Fi, i ∈ [0, n-1], calculate an authenticating tag
D) order coding file isWillIt is sent to cloud storage server;
E) it is each σiCalculate a disclosed authentication data
Coding file isClient willIt is sent to server, only local
Storage (id, n) and open
3. challenge (id, n) → Q
A) verifier randomly selects the subset that scale is | C |=l
B) for each i ∈ C, verifier fromIn random choose weight νi;
Make Q={ (i, νi):i∈C};
4. prove
A) (id, the Q) that cloud server verifier sends;
B) Cloud Server finds out coding file according to identifier id
C) Cloud Server report calculated message (M, σ);
M=Σi∈CνiFiModN, σ=Σi∈CνiσimodN。
(M, σ) is sent to verifier by server.
5. checking Refusal or acceptance
Utilize PKI pk and corresponding public information sequence { gi, verifier verifies whether following equalities is set up:
If the equation is set up, export " acceptance ", represent that file is complete;Otherwise output " refusal ", represents that file is imperfect.
Embodiment four
As shown in Figure 4, it is the checking equipment structural representation in the present embodiment of cloud storage data integrity of the present invention,
Illustrate with subscriber equipment in the present embodiment, including:
Coding module 41, for generating the identifier of file to be stored, carries out coding to described file simultaneously and obtains multiple
Module file;
Generation module 42, is used for utilizing user's public-key cryptography and private cipher key to be calculated each module file often
The authenticating tag of individual module file, generates authentication in open data to each authenticating tag;
Submit module 43 to, for described identifier, module file and authenticating tag are submitted to server;
Enquiry module 44, is used for generating file integrality inquiry request, sends described inquiry request to server, receives institute
State what server returned, utilize the authenticating tag that user's public-key cryptography, identifier, module file are corresponding with module file to generate
The report information of described file;
Authentication module 45, is used for utilizing report information described in user's public-key cryptography and described authentication in open data verification.
Wherein in an embodiment, described user's public-key cryptography and private cipher key in described generation module 42 pass through
RSA key algorithm generates:
Randomly select a λ bits RSA modulus N=pq so that It is all prime number, and
P, q have identical bit long;
OrderWherein(N) it is Euler's function, represents and be not more than N and coprime with N
The number of positive integer;
From QRNIn randomly select one generate unit g, wherein QRNRepresent the quadratic residue subgroup of mould N;
Randomly selectWherein,Represent withCoprime and at mouldUnder residue class;
From pseudo-random function raceKey space in randomly select a seed
seed;
Make gτ=gτ, described user's public-key cryptography is pk=(N, g, gτ), described user's private cipher key be sk=(p, q, τ,
seed)。
Wherein in an embodiment, the identifier of described file meets constraints id ∈ { 0,1}λ, wherein, id is institute
Stating identifier, λ is the bit long of modulus in user's public-key cryptography.
Wherein in an embodiment, described generation module is additionally operable to:
According to the following formula described authenticating tag of generation:
Wherein, i is the numbering of module file, FiFor i-th module file, σiFor the authenticating tag that module file i is corresponding, τ
For the random number in user's private cipher key, PRFseedFor the pseudo random number that random seed seed in user's private cipher key is corresponding, i ∈
[0, n-1], n is total number of described module file, and N is the modulus in user's public-key cryptography.
Wherein in an embodiment, described generation module is additionally operable to:
According to the following formula each authentication in open data of generation:
Wherein, giFor the authentication in open data of i-th module file, g is the generation unit in user's public-key cryptography.
Wherein in an embodiment, described enquiry module is additionally operable to:
Randomly select the subset that scale is | C |=lTo each i ∈ C, fromIn random choosing
Take weight viWeigh described inquiry request for { (i, νi):i∈C}。
Wherein in an embodiment, described authentication module is additionally operable to:
Judge whether following equalities is set up:
Wherein, described report information is (M, σ), M=Σi∈CνiFiModN, σ=Σi∈CνiσiModN, i are described module literary composition
The numbering of part,N is total number of described module file, νiFor the random weight that numbering i is corresponding, FiFor i-th
Module file, N is the modulus in user's public-key cryptography, σiFor the authenticating tag that i-th module file is corresponding;
If setting up, the storage of the most described file is complete;If being false, the storage of the most described file is imperfect.
Embodiment five
As it is shown in figure 5, be the authentication server structural representation in the present embodiment of cloud storage data integrity of the present invention
Figure, illustrates in the present embodiment as a example by server, including:
Receiver module 51, for receiving identifier, module file and the certification corresponding with module file that user side sends
Label also stores;
Feedback module 52, for receiving the file integrality inquiry request that user side sends, utilizes file described in user complete
The authenticating tag that whole property inquiry request, public-key cryptography, identifier, module file are corresponding with module file generates report information feedback
To described user side, verify for described user side.
Wherein in an embodiment, described document validation requests includes the numbering of module file, and described numbering is right
The random weight answered;
Described report information is (M, σ), and described feedback module is additionally operable to according to the following formula described report information of generation:
M=Σi∈CνiFiModN, σ=Σi∈CνiσimodN
Wherein, i is the numbering of described module file,N is total number of described module file, νiFor compiling
Number random weight corresponding for i, FiFor i-th module file, N is the modulus in user's public-key cryptography, σiFor i-th module file
Corresponding authenticating tag.
Next beneficial effects of the present invention is illustrated.
First, it is defined below:
Definition 1: if for algorithm defined above (key generates, coding, challenge, it was demonstrated that, checking) any output,
Prove that the response that algorithm is returned can make verification algorithm output accept, and this proof procedure is not related to any being given birth to by key
Become the private key sk that algorithm is exported, then the scheme of these algorithms composition referred to as discloses evincible data storage (PPDP).
Definition 2: if a honest Cloud Server, when he the most intactly stores data file the honesty of client
Ground runs proves that, when algorithm generates a response, total energy authenticatee accept, and the most such PPDP scheme is complete.
In order to prove the safety of PPDP scheme, here need to introduce a safety game.
Arrange: challenger runs key schedule and generates a pair public and private key (pk, sk).The open PKI pk of challenger, only
Preserve private key sk.
Study: assailant makes the inquiry that some are following adaptively:
Storage inquiry: assailant chooses data file F and issues challenger, challenger returnsAs response.The last challenger of this step only preserves that (id n), and attacks
Person can obtain encoding fileAnd corresponding file identifier id and one group of authentication in open information
Revene lookup: assailant sends a file identifier id to challenger, if id is in previous step by assailant
Storage inquiry in produced, then the file F that challenger couple is corresponding with id initiates following authentication challenge to assailant:
Utilizing metadata n, challenger can select a random challenge Q and be sent to assailant.
The inquiry Q sent for challenger, assailant can generate a response R and return to challenger (R may be by arbitrarily side
Formula generates).
R is verified by challenger's runtime verification algorithm, and exports b ∈ { accepting, refusal }.
Resolution bit b is sent to assailant by challenger.If it addition, id is not the storage inquiry former by assailant
Generated in, then challenger not as.
Submit to: assailant selects a file identifier id* to be sent to challenger during learning.F* is made to represent
The data file relevant to id*.
Return and take: data file F* is initiated the PPDP revene lookup of multinomial time by challenger.Wherein, challenger serves as checking
Person, assailant plays the part of cloud storage server.From these interactive information, challenger utilizes the recovery algorithms of some PPT, it is possible to
To a data file module F'.The inquiry initiated for challenger, if the response of assailant makes challenger at verification process
Middle output accepts, then assailant wins in this game;If the file module F' that challenger obtains is equal to original file mould
Block F*, then challenger wins this game.
From above-mentioned safety game, provide following one and define:
It is rational for defining 3: one PPDP schemes, if definition safety game in, attack win probability with choose
The difference of the probability that war person wins is insignificant.(the inquiry Q initiated for challenger, when the response (M ', σ ') of assailant's output
Can pass through certification, but (M ', σ ') ≠ (M, σ), and the probability that this event occurs is insignificant, and (M, σ) indicates card here
The actual response of bright algorithm output.)
Lemma 1 (completeness of PPDP): above-mentioned PPDP scheme is complete under the description of definition 2.
Prove:
Theorem 1: if the pseudo-random function race PRF in the present invention is safe, and discrete logarithm problem and big integer
Resolution problem is all insoluble, then the PPDP scheme of the present invention is rational.
Before proving above-mentioned conclusion, first provide following lemma.
If the pseudo-random function race PRF in lemma 2 present invention is safe, and discrete logarithm problem divides with big integer
Solution problem is all insoluble, then the assailant of PPT can obtain some of relevant τ after interacting in safety is played
The probability of useful informationAnd due to λ ≈ logN ≈ 2+2logp ',It is to neglect
Slightly, wherein φ (N), p ', q ' are defined in key schedule, and make p '=min{p ', q ' }.
Prove: because pseudo-random function PRF is safe, so there is not such PPT assailant in safety is played
Output and the Z of PRF can be distinguishedφ(N)In true random number.Therefore, secret τ-value is at σiMiddle well concealed.And,
Owing to DLP problem is difficult to resolve, the most there is not such PPT assailant can be from PKI pkgτMiddle acquisition is any and τ
Relevant effective information.So there is not the PPT assailant obtaining any effective information relevant with τ from safety is played.
The proof of theorem 1: assume assailant serve as Cloud Server generate in any way an effective response (M ',
σ '), and make challenger accept, and be (M, σ) by proving the actual response that algorithm generates, it is clear that for effective response (M ', σ ')
All can set up with real response (M, σ) certification equation.So we have
By (1) formula divided by (2) formula, obtain
By above-mentioned calculating, assailant can obtain equation below
gσ-σ′=g(M-M′)τmodN (3)
For (3) formula, it is considered to two kinds of different situations below.
Case1:M ≠ M '.If M and M ' is unequal, then PPT assailant can obtain some and τ from (3) formula above
Relevant effective information.But according to the conclusion of lemma 2, the probability that this situation occurs is insignificant.(otherwise, exist separately
An outer assailant β can call above-mentioned assailant and solve DLP problem with the probability can not ignore.)
Case2:M=M '.As M=M ', it is meant that challenger wins safety game.Here M '=Σi∈CνiFi, this
Being a system of linear equations about coding module, its coefficient is the weight set { ν of challengeri}i∈C.Therefore, in order to be closed
In unknown quantity Fi, l=| C | individual linear independence equation of i ∈ C, challenger needs agreeing to that index set C performs agreement l=| C |
Secondary.So by solving a system of linear equations, challenger just can recover original file module Fi,i∈C。
By above-mentioned analysis, it is possible to obtain following inference:
Inference 1: the probability that the probability that assailant wins in safety is played occurs equal to case1 occurs plus case2
Probability.I.e.
Pr [assailant wins in safety is played]=Pr [case1 generation]+Pr [case2 generation]
Owing to Pr [case1 generation] is insignificant, and case2 means that challenger wins safety game,
Therefore theorem 1 is proven.
The present invention allows arbitrary authority checking person without obtaining the secret knowledge of client, just client can be stored in high in the clouds
Data file carry out integrity verification, and all these file need not be downloaded.
The server of the present invention is made without any exponent arithmetic, than existing many public affairs in terms of computational efficiency
Open certificate scheme more effective, have more practicality.
Analysis of complexity: these modules MAC that verifier is inquired about by cloud storage server by utilizing isomorphism are to (Fi,σi)
Being integrated into a single module, by (M, the σ) that calculate and return to verifier as response, such operation makes the present invention
Become highly effective in communication, the calculating of server end: user and server-side are all communication cost and the Ο (λ) of Ο (λ)
Storage cost, λ is the bit long of N here.The each inquiry sent for verifier, it is 2 λ that the response rule that server is returned are touched
Bit.And server only needs to carry out the multiplying of 2l time and the additive operation of 2l time to generate such a response,
This makes the solution of the present invention on the one hand this be better than many existing authentication in open schemes.Receiving the response of server
After, verifier needs to carry out the exponent arithmetic of l+2 time and l+1 multiplying to perform identifying algorithm, this and those existing public affairs
Open certificate scheme and there is comparability equally.Therefore, all these calculation cost all linearly closes with the element number in inquiry
System.From label σi∈{0,1}λWith Fi∈{0,1}mλIn, it is known that the storage cost of server isBut, arranging
In the stage, client needs to carry out primary group multiplication, primary group addition and a PRF for each data module and calculates and generate a phase
The label answered.Additionally, client also needs to carry out primary group exponent arithmetic to generate public information gi, and all these is located in advance
Reason process all can be carried out by off-line.Here l=| C | represents index number selected in verification process.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed, but also
Therefore the restriction to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that, for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, it is also possible to make some deformation and improvement, these broadly fall into the guarantor of the present invention
Protect scope.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (18)
1. the verification method of a cloud storage data integrity, it is characterised in that comprise the steps:
Generate the identifier of file to be stored, described file to be stored is carried out coding simultaneously and obtain multiple module file;
Utilize user's public-key cryptography and private cipher key that each module file is calculated the certification mark of each module file
Sign, each authenticating tag is generated authentication in open data;
Described identifier, module file and authenticating tag are submitted to server;
Generate file integrality inquiry request, send described inquiry request to server, receive what described server returned, utilize
The report of the described file to be stored that the authenticating tag that user's public-key cryptography, identifier, module file are corresponding with module file generates
Announcement information;
Utilize report information described in user's public-key cryptography and described authentication in open data verification;
Described file to be stored is encoded and obtains the step of multiple module file and include:
Using rate-ρ algorithm to process, arrange systematic parameter ρ ∈ (0,1), file F is carried out by the error correcting code of application rate-ρ
Encode and generate multiple module file (F0,…,Fn-1) so that each module file Fi∈{0,1}mλ, and arbitrary n mould of ρ
Block file FiAll can recover original file F.
The verification method of cloud storage data integrity the most according to claim 1, it is characterised in that described user discloses close
Key and private cipher key are generated by RSA key generating algorithm:
Randomly select a λ bits RSA modulus N=pq so thatIt is all prime number, and p, q tool
There is identical bit long;
OrderWhereinFor Euler's function, represent and be not more than N and coprime with N the most whole
The number of number;
From QRNIn randomly select one generate unit g, wherein QRNRepresent the quadratic residue subgroup of mould N;
Randomly selectWherein, the random number during τ is user's private cipher key;Represent withCoprime and
MouldUnder residue class;
From pseudo-random function raceKey space in randomly select a seed seed;
Make gτ=gτ, described user's public-key cryptography is pk=(N, g, gτ), described user's private cipher key be sk=(p, q, τ,
seed)。
The verification method of cloud storage data integrity the most according to claim 2, it is characterised in that the mark of described file
Symbol meets constraints id ∈ { 0,1}λ, wherein, id is described identifier, and λ is the bit long of modulus in user's public-key cryptography.
The verification method of cloud storage data integrity the most according to claim 3, it is characterised in that described utilize user public
The step opening the authenticating tag that key and private cipher key are calculated each module file to the file of each module is:
According to the following formula described authenticating tag of calculating:
Wherein, i is the numbering of module file, FiFor i-th module file, σiFor the authenticating tag that module file i is corresponding,
PRFseedFor the pseudo random number that random seed seed in user's private cipher key is corresponding, i ∈ [0, n-1], n are described module file
Total number, N is the modulus in user's public-key cryptography.
The verification method of cloud storage data integrity the most according to claim 3, it is characterised in that described to each certification
Label generates the step of authentication in open data:
According to the following formula each authentication in open data of generation:
Wherein, giFor the authentication in open data of i-th module file, g is the generation unit in user's public-key cryptography.
The verification method of cloud storage data integrity the most according to claim 5, it is characterised in that described generation file is complete
The step of whole property inquiry request is:
Randomly select the subset that scale is | C |=lC is a subset of set [0, n-1], and l represents C
The number of middle element;To each i ∈ C, fromIn randomly select weight νi, described inquiry request is { (i, νi):i∈
C}。
The verification method of cloud storage data integrity the most according to claim 6, it is characterised in that described checking report letter
The step of breath is:
Judge whether following equalities is set up:
Wherein, described report information is (M, σ), M=∑i∈CνiFiModN, σ=∑i∈CνiσiModN, i are described module file
Numbering,N is total number of described module file, νiFor the random weight that numbering i is corresponding, FiFor i-th module
File, N is the modulus in user's public-key cryptography, σiFor the authenticating tag that i-th module file is corresponding;
If setting up, the storage of the most described file is complete;If being false, the storage of the most described file is imperfect.
8. the verification method of a cloud storage data integrity, it is characterised in that comprise the steps:
Receive identifier, module file and the authenticating tag corresponding with module file of user side transmission and store;
Receive user side send file integrality inquiry request, utilize file integrality inquiry request described in user, disclose close
The authenticating tag that key, identifier, module file are corresponding with module file generates report information and feeds back to described user side, for institute
State user side checking;
Described module file is:
Using rate-ρ algorithm to process, arrange systematic parameter ρ ∈ (0,1), file F is carried out by the error correcting code of application rate-ρ
Encode and generate multiple module file (F0,…,Fn-1) so that each module file Fi∈{0,1}mλ, and arbitrary n mould of ρ
Block file FiAll can recover original file F.
The verification method of cloud storage data the most according to claim 8, it is characterised in that
Described document validation requests includes the numbering of module file, and the random weight that described numbering is corresponding;
Described report information is (M, σ), according to the following formula described report information of generation:
M=∑i∈CνiFiModN, σ=∑i∈CνiσimodN
Wherein, i is the numbering of described module file,C is a subset of set [0, n-1], and n is described mould
Total number of block file, νiFor the random weight that numbering i is corresponding, FiFor i-th module file, N is the mould in user's public-key cryptography
Number, σiFor the authenticating tag that i-th module file is corresponding.
10. the checking equipment of a cloud storage data integrity, it is characterised in that including:
Coding module, for generating the identifier of file to be stored, carries out coding to described file to be stored simultaneously and obtains multiple
Module file;
Generation module, is used for utilizing user's public-key cryptography and private cipher key that each module file is calculated each module
The authenticating tag of file, generates authentication in open data to each authenticating tag;
Submit module to, for described identifier, module file and authenticating tag are submitted to server;
Enquiry module, is used for generating file integrality inquiry request, sends described inquiry request to server, receives described service
Device returns, and utilizes and treats described in the authenticating tag generation that user's public-key cryptography, identifier, module file are corresponding with module file
The report information of storage file;
Authentication module, is used for utilizing report information described in user's public-key cryptography and described authentication in open data verification;
Described file to be stored is encoded and obtains the step of multiple module file and include:
Using rate-ρ algorithm to process, arrange systematic parameter ρ ∈ (0,1), file F is carried out by the error correcting code of application rate-ρ
Encode and generate multiple module file (F0,…,Fn-1) so that each module file Fi∈{0,1}mλ, and arbitrary n mould of ρ
Block file FiAll can recover original file F.
The checking equipment of 11. cloud storage data integrities according to claim 10, it is characterised in that described generation module
In described user's public-key cryptography and private cipher key generated by RSA key generating algorithm:
Randomly select a λ bits RSA modulus N=pq so thatIt is all prime number, and p, q tool
There is identical bit long;
OrderWhereinFor Euler's function, represent and be not more than N and coprime with N the most whole
The number of number;
From QRNIn randomly select one generate unit g, wherein QRNRepresent the quadratic residue subgroup of mould N;
Randomly selectWherein, the random number during τ is user's private cipher key;Represent withCoprime and
MouldUnder residue class;
From pseudo-random function raceKey space in randomly select a seed seed;
Make gτ=gτ, described user's public-key cryptography is pk=(N, g, gτ), described user's private cipher key be sk=(p, q, τ,
seed)。
The checking equipment of 12. cloud storage data integrities according to claim 11, it is characterised in that the mark of described file
Know symbol and meet constraints id ∈ { 0,1}λ, wherein, id is described identifier, and λ is the bit long of modulus in user's public-key cryptography.
The checking equipment of 13. cloud storage data integrities according to claim 12, it is characterised in that described generation module
It is additionally operable to:
According to the following formula described authenticating tag of calculating:
Wherein, i is the numbering of module file, FiFor i-th module file, σiFor the authenticating tag that module file i is corresponding,
PRFseedFor the pseudo random number that random seed seed in user's private cipher key is corresponding, i ∈ [0, n-1], n are described module file
Total number, N is the modulus in user's public-key cryptography.
The checking equipment of 14. cloud storage data integrities according to claim 12, it is characterised in that described generation module
It is additionally operable to:
According to the following formula each authentication in open data of generation:
Wherein, giFor the authentication in open data of i-th module file, g is the generation unit in user's public-key cryptography.
The checking equipment of 15. cloud storage data integrities according to claim 14, it is characterised in that described enquiry module
It is additionally operable to:
Randomly select the subset that scale is | C |=lC is a subset of set [0, n-1], and l represents C
The number of middle element;To each i ∈ C, fromIn random choose weight νi, described inquiry request is { (i, νi):i
∈C}。
The checking equipment of 16. cloud storage data integrities according to claim 15, it is characterised in that described authentication module
It is additionally operable to:
Judge whether following equalities is set up:
Wherein, described report information is (M, σ), M=Σi∈CνiFiModN, σ=Σi∈CνiσiModN, i are described module file
Numbering,N is total number of described module file, νiFor the random weight that numbering i is corresponding, FiFor i-th module
File, N is the modulus in user's public-key cryptography, σiFor the authenticating tag that i-th module file is corresponding;
If setting up, the storage of the most described file is complete;If being false, the storage of the most described file is imperfect.
The authentication server of 17. 1 kinds of cloud storage data integrities, it is characterised in that including:
Receiver module, for receiving identifier, module file and the authenticating tag corresponding with module file of user side transmission also
Storage;
Feedback module, for receiving the file integrality inquiry request that user side sends, utilizes file integrality described in user to look into
The request of inquiry, public-key cryptography, authenticating tag that identifier, module file are corresponding with module file generate described in report information feeds back to
User side, verifies for described user side;
Described module file is:
Using rate-ρ algorithm to process, arrange systematic parameter ρ ∈ (0,1), file F is carried out by the error correcting code of application rate-ρ
Encode and generate multiple module file (F0,…,Fn-1) so that each module file Fi∈{0,1}mλ, and arbitrary n mould of ρ
Block file FiAll can recover original file F.
The authentication server of 18. cloud storage data according to claim 17, it is characterised in that
Described document validation requests includes the numbering of module file, and the random weight that described numbering is corresponding;
Described report information is (M, σ), and described feedback module is additionally operable to according to the following formula described report information of generation:
M=Σi∈CνiFiModN, σ=Σi∈CνiσimodN
Wherein, i is the numbering of described module file, and C is a subset of set [0, n-1],N is described mould
Total number of block file, νiFor the random weight that numbering i is corresponding, FiFor i-th module file, N is the mould in user's public-key cryptography
Number, σiFor the authenticating tag that i-th module file is corresponding.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310330155.7A CN103425941B (en) | 2013-07-31 | 2013-07-31 | The verification method of cloud storage data integrity, equipment and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310330155.7A CN103425941B (en) | 2013-07-31 | 2013-07-31 | The verification method of cloud storage data integrity, equipment and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103425941A CN103425941A (en) | 2013-12-04 |
CN103425941B true CN103425941B (en) | 2016-12-28 |
Family
ID=49650661
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310330155.7A Active CN103425941B (en) | 2013-07-31 | 2013-07-31 | The verification method of cloud storage data integrity, equipment and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103425941B (en) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103944874B (en) * | 2014-02-18 | 2017-01-25 | 国家超级计算深圳中心 | Highly reusable cloud storage data storage verification method and system |
CN104052819B (en) * | 2014-06-27 | 2017-06-13 | 西安电子科技大学 | The high in the clouds data integrity verification method of many geographical position storages |
CN104392185B (en) * | 2014-12-01 | 2017-11-10 | 公安部第三研究所 | The method that data integrity validation is realized in cloud environment daily record evidence obtaining |
CN104717217B (en) * | 2015-03-18 | 2018-04-06 | 电子科技大学 | The provable security data property held verification method based on section entitlement in a kind of cloud storage |
CA2983149A1 (en) * | 2015-05-15 | 2016-11-24 | Parker-Hannifan Corporation | Integrated asset integrity management system |
CN104980437B (en) * | 2015-06-12 | 2019-02-12 | 电子科技大学 | A kind of authorization third party's data integrity method of proof of identity-based |
CN105227317B (en) * | 2015-09-02 | 2019-04-05 | 青岛大学 | A kind of cloud data integrity detection method and system for supporting authenticator privacy |
CN105787390B (en) * | 2016-03-02 | 2018-11-27 | 深圳大学 | A kind of verification method and its system of data integrity |
CN108055128B (en) * | 2017-12-18 | 2021-11-19 | 数安时代科技股份有限公司 | RSA key generation method, RSA key generation device, storage medium and computer equipment |
CN109299619B (en) * | 2018-10-09 | 2020-12-25 | 北京腾云天下科技有限公司 | Data query method, computing device and system |
CN109818944B (en) * | 2019-01-08 | 2021-05-04 | 桂林电子科技大学 | Cloud data outsourcing and integrity verification method and device supporting preprocessing |
CN110995734B (en) * | 2019-12-12 | 2020-12-15 | 深圳大学 | Cloud storage auditing method and system based on error correcting code and computer equipment |
CN111259454B (en) * | 2020-01-10 | 2022-07-05 | 山东师范大学 | Non-interactive data integrity auditing method, fair payment method and system |
CN111291046B (en) * | 2020-01-16 | 2023-07-14 | 湖南城市学院 | Computer big data storage control system and method |
CN112231766B (en) * | 2020-10-14 | 2023-04-14 | 西北工业大学 | Dynamic storage proving method based on novel authentication structure |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102541475A (en) * | 2012-03-12 | 2012-07-04 | 成都市华为赛门铁克科技有限公司 | Data storage method and data storage device |
CN103067363A (en) * | 2012-12-20 | 2013-04-24 | 华中科技大学 | Index conversion method for public data integrity checking |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8065517B2 (en) * | 2007-11-01 | 2011-11-22 | Infineon Technologies Ag | Method and system for transferring information to a device |
-
2013
- 2013-07-31 CN CN201310330155.7A patent/CN103425941B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102541475A (en) * | 2012-03-12 | 2012-07-04 | 成都市华为赛门铁克科技有限公司 | Data storage method and data storage device |
CN103067363A (en) * | 2012-12-20 | 2013-04-24 | 华中科技大学 | Index conversion method for public data integrity checking |
Non-Patent Citations (1)
Title |
---|
《云计算中数据存储的完整性校验模型研究》;陈春霖;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130615(第6期);第8-47页 * |
Also Published As
Publication number | Publication date |
---|---|
CN103425941A (en) | 2013-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103425941B (en) | The verification method of cloud storage data integrity, equipment and server | |
Yu et al. | Attribute-based cloud data integrity auditing for secure outsourced storage | |
Backes et al. | Ring signatures: logarithmic-size, no setup—from standard assumptions | |
CN103733564B (en) | Utilize the digital signature of implicit certificate chain | |
CN103765809B (en) | The public key of implicit authentication | |
Schröder et al. | Verifiable data streaming | |
CN102983971B (en) | Certificateless signature algorithm for user identity authentication in network environment | |
CN105939191A (en) | Client secure deduplication method of ciphertext data in cloud storage | |
CN103986732B (en) | Cloud storage data auditing method for preventing secret key from being revealed | |
CN105721158A (en) | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system | |
CN106330865A (en) | Property base keyword searching method supporting efficient revocation in cloud environment | |
CN104780050A (en) | Elliptic curve-based forward security member-revocable certificateless group signature scheme | |
CN103220146B (en) | Zero Knowledge digital signature method based on multivariate public key cryptosystem | |
CN104901804A (en) | User autonomy-based identity authentication implementation method | |
CN106487786A (en) | A kind of cloud data integrity verification method based on biological characteristic and system | |
Fischer et al. | A public randomness service | |
CN108337092A (en) | Method and system for executing collective's certification in a communication network | |
Yu et al. | Public cloud data auditing with practical key update and zero knowledge privacy | |
Fiore et al. | Multi‐key homomorphic authenticators | |
CN114329621A (en) | Block chain cross-chain interactive data integrity verification method | |
CN101729250A (en) | Verification method, equipment and system of increment provable data integrity (IPDI) | |
CN108234504A (en) | The proxy data integrality detection method of identity-based in a kind of cloud storage | |
CN114362958B (en) | Intelligent home data security storage auditing method and system based on blockchain | |
Gritti et al. | Logarithmic size ring signatures without random oracles | |
CN112422294B (en) | Anonymous voting method and device based on ring signature, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant after: Age of security Polytron Technologies Inc Applicant after: Guangzhou University Address before: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant before: Guangdong Certificate Authority Center Co., Ltd. Applicant before: Guangzhou University |
|
COR | Change of bibliographic data | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |