CN103731261A - Secret key distribution method under encrypted repeating data deleted scene - Google Patents
Secret key distribution method under encrypted repeating data deleted scene Download PDFInfo
- Publication number
- CN103731261A CN103731261A CN201410010603.XA CN201410010603A CN103731261A CN 103731261 A CN103731261 A CN 103731261A CN 201410010603 A CN201410010603 A CN 201410010603A CN 103731261 A CN103731261 A CN 103731261A
- Authority
- CN
- China
- Prior art keywords
- file
- key
- uploader
- follow
- key distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a secret key distribution method under an encrypted repeating data deleted scene. The secret key distribution method under the encrypted repeating data deleted scene mainly solves the problems that the prior art is low in safety and large in computing amount. The secret key distribution method under the encrypted repeating data deleted scene comprises steps of (1), achieving file ownership authentication through zero-knowledge authentication which is based on a Schnorr system and every time extracting a plurality of plaintext files to generate into ownership evidences; (2), judging whether a client passes the file ownership authentication through a server according to pre-obtained middle evidences and the ownership evidences submitted through the client; (3) generating into repeat encrypted secret keys through a secret key distribution auxiliary, enabling the server to perform agent repeat encryption on the file secret keys through the repeat encrypted secret keys, generating into the repeat encrypted cryptograph, sending the repeat encrypted cryptograph to the client and achieving distribution of the file secret keys. The secret key distribution method under the encrypted repeating data deleted scene can improve the safety of client data, reduce computing amount of the client and the server during the interactive process and applied to the cloud store service which is equipped with the repeat data deleting technology.
Description
Technical field
The invention belongs to field of information security technology, particularly a kind of cryptographic key distribution method, can be used in cloud stores service, under the encryption data de-duplication scene that multi-client intersects, and the key distribution of client to initial data.
Background technology
Along with cloud computing technology is growing, increasing individual brings into use cheapness, cloud service easily with branching operation and storage with enterprise.Under this pattern, will certainly produce a large amount of redundant datas.In order to save user's uploading bandwidth and the storage resources of cloud service provider, " data de-duplication " technology is suggested.The uniqueness of the data that this technology can guarantee server memory storage in piece level or file-level, to reduce data redundancy.
The classification of " data de-duplication " technology has: according to the difference on opportunity of data de-duplication application, have client data de-duplication and server end data de-duplication; According to data granularity size, there are piece level data de-duplication and file-level data de-duplication.Wherein, in the client data de-duplication process of file-level, first server judges according to file identification whether this file exists, if existed, this client is without upload file, and server only needs this client tab file owner.Undoubtedly, this technology not only can be saved the storage resources of server, but also can save user's the network bandwidth.At present, there are a lot of well-known cloud stores service, as Dropbox and Memopal, use this technology.It is said, business is applied the data de-duplication rate reaching from 1:10 to 1:500, makes storage and bandwidth conservation reach 90%.
In existing client data deduplication system, the file cryptographic Hash that server is submitted to by client judges whether file exists.Such mechanism can be brought potential injury to user, as whether assailant can need the reply of uploading to guess whether other clients have this file by server end, can sound out to guess by such identity information of user, this attack has been applied to some well-known storage service providers, as MozyHome and Dropbox.Also have a class attack to be, assailant has obtained the cryptographic Hash of file according to certain mode, but does not have actual file, by existing mechanism, he can unauthorized access actual file, because server is thought " have file cryptographic Hash represent have complete file ".Meanwhile, this also can make assailant is content distributing network (CDN) by data storage service abuse, i.e. publication document cryptographic Hash, and with shared file in colony, this will greatly increase the weight of the load of cloud service provider.
Along with user's personal data secret protection consciousness improves constantly; more and more cloud service provider claims to provide and encrypts storage; but report, the client software of social networks Twitter exists security breaches, make the private data that assailant can calling party.But the storage encryption that service provides can not avoid the server of " honest and curious " to obtain user data.Therefore, there is the client data de-duplication scheme that another kind of combination " end-to-end " is encrypted.In this scheme, file is encrypted by the random key of selecting of user, and file cipher text uploads onto the server.But this introduces again a new problem, except the owner of key, no one can determine that whether two parts of ciphertexts are corresponding to same expressly a, and server can only be used data de-duplication technology for a certain user, and this will reduce the deletion efficiency of repeating data greatly.
In order to address the above problem, industry has proposed following solution:
One .Harnik et al. has proposed POW (Proofs of Ownership) strategy to be carried out authentication of users and whether really has file: server and client side carries out after preliminary treatment file, set up Merkle tree, the random set of selecting a leaf node of server, to client, challenge, require client to return to the set of paths from Merkle root vertex to this leaf node collection.But this File Ownership certificate scheme has two shortcomings: one, and this scheme needs frequent I/O request very consuming time and a large amount of consumption calculations resource carried out of client; Its two, the hypothesis of the fail safe of scheme based on difficult of proof.
Two. convergent encryption is the cryptography primitive being proposed by Douceur et al., attempts to guarantee the confidentiality of data in data de-duplication.The symmetric encryption scheme that the convergent encryption of data refers to determine is to being expressly encrypted, and encryption key obtains by apply definite method on plaintext.Obviously, identical plaintext, by producing identical key and identical ciphertext, makes to be achieved across user's data de-duplication.But convergent encryption can not provide Semantic Security, because it is easily subject to content guessing attack.Result of study by Bellare et al. shows, convergent encryption can only provide confidentiality for uncertain data.
Three. known to scheme in, also do not have special cipher key distribution scheme.After file key is encrypted, be directly transferred to client, and key-encrypting key generally obtains with the key generation method in similar convergent encryption scheme, its with the method determined by expressly generating.Therefore, key-encrypting key can face the attack identical with convergent encryption scheme: one, content guessing attack; Its two, without Semantic Security, guarantee.
Summary of the invention
The object of the invention is to the deficiency for above-mentioned prior art, a kind of cryptographic key distribution method of encrypting under data de-duplication scene is proposed, with the fail safe that improves user data in the cloud stores service of data de-duplication, reduce client and the operand of server in reciprocal process.
Technical scheme of the present invention is achieved in that
One. know-why:
In order to solve the safety problem in " data de-duplication under user data secret protection condition " scene, the present invention propose a cryptography safety, efficient proof scheme.In this scheme, comprising two parts, is respectively that the File Ownership based on Schnorr system zero knowledge probative agreement proves and utilizes and act on behalf of the key distribution that re-encryption realizes.
The zero knowledge probative agreement of utilization based on Schnorr system realized the proof of File Ownership.Zero-knowledge proof, is not revealing under the prerequisite of knowledge, and subject proves the correctness of a certain judgement to verifier.Due to its intrinsic " zero knowledge " attribute, the evidences of title based on original plaintext file can not revealed original plaintext fileinfo, by the confidentiality of data in this assurance reciprocal process.The first uploader of file, according to original document, is calculated middle evidence and uploads onto the server; The File Ownership carrying out at follow-up uploader and server prove mutual in, the evidences of title of evidence and follow-up uploader in the middle of server comparison, to determine whether to admit the File Ownership of follow-up uploader.Server, according to stochastical sampling and coefficient of dynamics technology, allows follow-up uploader generate fresh evidences of title, to keep out Replay Attack.
Meanwhile, utilization is acted on behalf of Re-encryption Technology and is realized key distribution.Act on behalf of re-encryption, with the ciphertext of authorized person's public key encryption, can be converted into the ciphertext that grantee's private key can be deciphered.After having follow-up uploader to authenticate by File Ownership, the file owner of auxiliary key distribution generates re-encrypted private key rk, and obtain file key ciphertext k ' with public key encryption file key k, server is used re-encrypted private key rk to carry out after re-encryption computing file key ciphertext k ', obtains re-encryption ciphertext k ' '.Follow-up uploader obtains after the re-encryption ciphertext k ' ' of file key k, and by its private key deciphering re-encryption ciphertext, k ' ' just can obtain file key k, with this, realizes the granted access to original document.
Two. performing step:
For the first uploader and the follow-up uploader of identical file, the concrete steps that realize of the present invention comprise:
(1) the first uploader FU of file uploads middle evidence and original document ciphertext:
1a) the first uploader FU of file, according to the requirement of the zero knowledge probative agreement based on Schnorr system, carries out after piecemeal original document m, utilizes congruence to generate middle evidence IPs;
1b) the random select File key of the first uploader FU k of file, carries out symmetric cryptography to original document m and obtains original document ciphertext m ', and with the PKI pk of the first uploader FU of file
fUencrypt file key k, obtains file key ciphertext k '
fU;
1c) upload middle evidence IPs, original document ciphertext m ' and file key ciphertext k '
fUto server;
(2) follow-up uploader SU and server carry out File Ownership proves mutual:
2a) follow-up uploader SU selects random number r, generates coefficient correlation x and is sent to server: x=β
rmod d, wherein, 1≤β≤d-1, β is that rank are the unit of q, i.e. 1=β
qmod d, d and q are prime number, and meet d and 1 can be divided exactly by q;
2b) the random select File piece of server is counted c and two random number s ', s ' ', and the set of composition authentication challenge:
Chal=(c, s ', s ' '), and be sent to follow-up uploader SU;
2c) follow-up uploader SU is according to had original document m and authentication challenge set Chal, and spanned file evidences of title FPs is also sent to server;
2d) server is according to middle evidence IPs and the File Ownership evidence FPs that receives from follow-up uploader SU, generate two groups of evidence spacing DPs, to determine whether to admit the File Ownership of follow-up uploader SU, admit the File Ownership of follow-up uploader SU, server is labeled as follow-up uploader SU the owner of file, execution step (3); Otherwise, this File Ownership authentification failure of follow-up uploader SU;
(3) extremely follow-up uploader SU of server distributed key:
3a) follow-up uploader SU uploads the PKI pk of oneself
sUto server;
3b) server is by the PKI pk of follow-up uploader SU
sUbe sent to key distribution auxiliary AU;
3c) the private key sk of oneself for key distribution auxiliary AU
aUwith the PKI pk receiving from server
sU, generate re-encrypted private key rk
aU → SU;
3d) key distribution auxiliary AU PKI pk
aUencrypt file key k, obtains file key ciphertext k '
aU;
3e) key distribution auxiliary AU is by the file key ciphertext k ' of oneself
aU, PKI pk
aUand re-encrypted private key rk
aU → SUbe back to server simultaneously;
3f) server re-encrypted private key rk
aU → SUto the file key ciphertext k ' of key distribution auxiliary AU
aUact on behalf of re-encryption, obtain re-encryption ciphertext k ' '
sUand send it to follow-up uploader SU;
3g) its private key sk for follow-up uploader SU
sUdeciphering re-encryption ciphertext k ' '
sU, obtain file key k.
The present invention compared with prior art has the following advantages:
The first, confidentiality is strong.
The zero knowledge authentication of utilization of the present invention based on Schnorr system realizes File Ownership authentication, the evidences of title that server cannot be submitted to according to client obtains any information relevant to original plaintext file, has guaranteed the high confidentiality of data in verification process.
The second, safe.
Utilization of the present invention is acted on behalf of Re-encryption Technology and is carried out key distribution, makes server cannot obtain any information of file key, has guaranteed the high security of file key.
The 3rd, operand is few.
The blocks of files that the present invention utilizes random sampling technique to extract some is carried out ownership authentication, has reduced the operand of server and client; Evidences of title generation method based on original plaintext file, has saved the cryptographic calculation of client to original plaintext file.
Accompanying drawing explanation
Fig. 1 is general flow chart of the present invention;
Fig. 2 is the sub-process figure that in the present invention, File Ownership authentication is prepared;
Fig. 3 is the mutual sub-process figure of File Ownership authentication phase in the present invention;
Fig. 4 is mutual sub-process figure of key distribution stage in the present invention.
Embodiment
Symbol and abbreviation
M is original document;
K is the file key of the random original document of selecting of the first uploader of file;
M ' is original document ciphertext, i.e. the ciphertext form of original document m gained after file key k encrypts;
N is the piecemeal number of original document;
{ b
1, b
2..., b
i..., b
nit is the set of original document piecemeal;
Pk
fU, sk
fUfor the public private key pair of the first uploader FU;
Pk
sU, sk
sUfor the public private key pair of follow-up uploader SU;
Pk
aU, sk
aUfor the public private key pair of key distribution auxiliary AU;
K '
aUfor file key k is through the PKI pk of key distribution auxiliary AU
aUciphertext form after encryption;
K ' '
sUfor file key ciphertext k '
aUciphertext form after re-encryption;
C is in single challenge proof procedure, the blocks of files number of request;
D, q is prime number, and both sides relation meets d|p-1;
β is that rank are the unit of q, i.e. 1=β
qmod d, 1≤β≤d-1;
G is that rank are that d generator is the cyclic group of g, G={g
0, g
1..., g
d-1;
H () is random Harsh function;
G
j, g
h, g
u, g
v, g
wfor four different numerical value selecting from cyclic group G, j, h, u, v, the span of w is all from 0 to d-1;
L, s is from integer set Z
dtwo different numerical value of middle selection;
Mod is complementation computing;
TCR () is collisionless hash function, and this function has two input parameters, and this two parameter all belongs to cyclic group G;
TCR ' () is collisionless hash function, and this function has an input parameter, and this parameter belongs to cyclic group G;
SYM.Enc () is symmetric encryption scheme;
SYM.Dec () is symmetrical decrypt scheme.
Below by the drawings and specific embodiments, further illustrate embodiment of the present invention.
With reference to Fig. 1, performing step of the present invention is as follows:
Step 1, the first uploader FU authenticates preparation to File Ownership.
With reference to Fig. 2, being implemented as follows of this step:
1a) original document m is divided into equal-sized n piece, obtains m={b
1, b
2..., b
i..., b
n;
1b) according to the requirement of the zero knowledge probative agreement based on Schnorr system, for each piecemeal of original document m, utilize congruence to generate middle evidence IPs:
IPs={IPs
i},
Wherein, IPs
ielement in the middle of being in evidence IPs,
b
ioriginal document m={b
1, b
2..., b
i..., b
neach piecemeal, i is from 1 to n, 1≤β≤d-1, β is that rank are the unit of q, i.e. 1=β
qmod d, d and q are prime number, and meet d-1 and can be divided exactly by q, and mod is complementation computing; Each element in middle evidence IPs and the piecemeal of original document m have one-to-one relationship;
1c) random select File key k;
1d) with file key k, original document m is carried out to symmetric cryptography, obtains original document ciphertext m ':
m′=SYM.Enc(k,m),
Wherein, SYM.Enc () is symmetric encryption scheme;
1e) upload middle evidence IPs and original document ciphertext m ' to server.
Step 2, it is mutual that server and follow-up uploader SU carry out File Ownership authentication.
With reference to Fig. 3, being implemented as follows of this step:
2a) follow-up uploader SU selects random number r, generates coefficient correlation x and is sent to server, and its coefficient correlation x generates by following formula:
x=β
rmod?d,
Wherein, 1≤β≤d-1, β is that rank are the unit of q, i.e. 1=β
qmod d, d and q are prime number, and meet d-1 and can be divided exactly by q, and mod is complementation computing;
2b) server is received after coefficient correlation x, and selective authenticate blocks of files is counted c and two random number s ', and s ' ' composition authentication challenge set Chal=(c, s ', s ' '), is sent to follow-up uploader SU by authentication challenge set Chal;
2c) follow-up uploader SU is according to authentication challenge set Chal, first spanned file evidences of title FPs, and upload onto the server, evidences of title FPs, generates by following formula:
FPs={FPs
i},
Wherein, FPs
ithe element in File Ownership evidence FPs,
fPs
i=b
i* s ' '+r,
pseudo-random permutation function, b
ioriginal document m={b
1, b
2..., b
i..., b
neach piecemeal, r is random number, ρ is from 1 to c, c is the blocks of files number in authentication challenge set Chal, s ', s ' ' is two random numbers in authentication challenge set Chal;
2d) server, according to middle evidence IPs and File Ownership evidence FPs, generates two groups of evidence spacing DPs:
DPs={DPs
i},
Wherein, DPs
ithe element of evidence spacing DPs, IPs
ithe element of evidence IPs in the middle of being, FPs
iit is the element of File Ownership evidence FPs;
2e) server is according to two evidence spacing DPs={DPs
ijudge whether to admit the File Ownership of follow-up uploader SU: if DPs={DPs
iin each element all equate with coefficient correlation x, admit the File Ownership of follow-up uploader SU, execution step 3; Otherwise, the File Ownership authentification failure of follow-up uploader SU.
Step 3, server carries out key distribution to follow-up uploader SU.
With reference to Fig. 4, being implemented as follows of this step:
3a) follow-up uploader SU uploads the PKI pk of oneself
sUto server;
3b) server is by the PKI pk of follow-up uploader SU
sUbe sent to key distribution auxiliary AU;
3c) key distribution auxiliary AU is according to re-encrypted private key create-rule, with the private key sk of oneself
aUwith the PKI pk receiving from server
sU, generate re-encrypted private key rk
aU → SU:
3c1) from integer set Z
din random select two integer x
aU, y
aU, the private key sk of composition key distribution auxiliary AU
aU:
sk
AU=(x
AU,y
AU),
Wherein, integer set Z
d=0,1 ..., d-1}, d is prime number;
3c2) from integer set Z
din select at random again two integer x
sU, y
sU, form the private key sk of follow-up uploader SU
sU:
sk
SU=(x
SU,y
SU);
3c3) according to prime number d, determine that rank are that d generator is the cyclic group G of g, G={g
0, g
1..., g
d-1;
3c4) the random numerical value g that selects from cyclic group G
j, the span of j is from 0 to d-1;
3c5) according to the private key sk of follow-up uploader SU
sU, cyclic group G generator g and numerical value g
j, calculate its corresponding PKI pk
sU:
3c6) according to the private key sk of key distribution auxiliary AU
aUpKI pk with follow-up uploader SU
sU, calculate re-encrypted private key rk
aU → SU:
3d) key distribution auxiliary AU PKI pk
aUencrypt file key k, obtains file key ciphertext k '
aU:
3d1) according to the private key sk of key distribution auxiliary AU
aU, calculate its corresponding PKI pk
aU:
3d2) four different numerical value g of random selection from cyclic group G
h, g
u, g
v, g
w, wherein, h, u, v, the span of w is all from 0 to d-1, from integer set Z
din random two different numerical value l, the s of selecting;
3d3) according to numerical value g
j, g
h, g
u, g
v, g
w, l, the PKI pk of s, key distribution auxiliary AU
aUwith file key k, calculate intermediate variable C
1, C
2, C
3, C
4, C
5:
C
2=g
h·1,
C
4=(g
utg
vsg
w)
1, wherein t=TCR (C
2, C
3),
C
5=s,
Wherein, e (g, g
j) be bilinear map, k is file key, TCR () is collisionless hash function;
3d4) according to intermediate variable C
1, C
2, C
3, C
4, C
5, obtain file key ciphertext k '
aU:
k′
AU=(C
1,C
2,C
3,C
4,C
5);
3e) key distribution auxiliary AU is by the file key ciphertext k ' of oneself
aU, PKI pk
aUand re-encrypted private key rk
aU → SUbe back to server simultaneously;
3f) server re-encrypted private key rk
aU → SUto the file key ciphertext k ' of key distribution auxiliary AU
aUact on behalf of re-encryption, obtain re-encryption ciphertext k ' '
sU:
3f1) from integer set Z
d=0,1 ..., random two integer r ' and the r ' ' of selecting in d-1};
3f2) according to integer r ' and r ' ', file key ciphertext k '
aU, key distribution auxiliary AU PKI pk
aUwith re-encrypted private key be rk
aU → SU, calculate intermediate variable C
6, C
7, C
8:
Wherein, C
1file key ciphertext k '
aU=(C
1, C
2, C
3, C
4, C
5) part,
it is key distribution auxiliary AU PKI
Part;
3f3) according to file key ciphertext k '
aUwith intermediate variable C
6, C
7, C
8, calculate intermediate variable k
t:
k
t=C
2||C
3||C
4||C
5||C
6||C
7||C
8,
Wherein, symbol || represent concatenation operation;
3f4) according to generator and random number r ', calculate intermediate variable A:
A=g
r′;
3f5) according to intermediate variable A, numerical value g
h, r ' and intermediate variable k
tpKI pk with key distribution auxiliary AU
aU, calculate re-encryption ciphertext k ' '
sU:
k′′
SU=(A,B,C),
t′=TCR′(A),
Wherein, TCR ' () is collisionless hash function, and SYM.Enc () is symmetric encipherment algorithm, and H () is random Harsh function;
3g) its private key sk for follow-up uploader SU
sUdeciphering re-encryption ciphertext k ' '
sU, obtain file key k:
3g1) according to the private key sk of follow-up uploader SU
sUwith re-encryption ciphertext k ' '
sU, calculate intermediate variable k
t:
Wherein, variables A and C are re-encryption ciphertext k ' '
sU=(A, B, C) part, SYM.Dec () is symmetrical decipherment algorithm;
3g2) resolve intermediate variable k
t:
k
t=C
2||C
3||C
4||C
5||C
6||C
7||C
8,
Wherein, symbol || represent concatenation operation;
3g3) according to intermediate variable k
tprivate key sk with follow-up uploader SU
sU, calculation document key k:
Wherein, e (C
6, C
8) be bilinear map.
Claims (8)
1. encrypt the cryptographic key distribution method under data de-duplication scene, comprise the steps:
(1) the first uploader FU of file uploads middle evidence and original document ciphertext:
1a) the first uploader FU of file, according to the requirement of the zero knowledge probative agreement based on Schnorr system, carries out after piecemeal original document m, utilizes congruence to generate middle evidence IPs;
1b) the random select File key of the first uploader FU of file, carries out symmetric cryptography to original document m and obtains original document ciphertext m ';
1c) upload middle evidence IPs and original document ciphertext m ' to server;
(2) follow-up uploader SU and server carry out File Ownership proves mutual:
2a) follow-up uploader SU selects random number r, generates coefficient correlation x and is sent to server: x=β
rmod d, wherein, 1≤β≤d-1, β is that rank are the unit of q, i.e. 1=β
qmod d, d and q are prime number, and meet d-1 and can be divided exactly by q;
2b) the random select File piece of server is counted c and two random number s ', s ' ', and the set of composition authentication challenge:
Chal=(c, s ', s ' '), and be sent to follow-up uploader SU;
2c) follow-up uploader SU is according to had original document m and authentication challenge set Chal, and spanned file evidences of title FPs is also sent to server;
2d) server is according to middle evidence IPs and the File Ownership evidence FPs that receives from follow-up uploader SU, generate two groups of evidence spacing DPs, to determine whether to admit the File Ownership of follow-up uploader SU, admit the File Ownership of follow-up uploader SU, server is labeled as follow-up uploader SU the owner of file, execution step (3); Otherwise, this File Ownership authentification failure of follow-up uploader SU;
(3) extremely follow-up uploader SU of server distributed key:
3a) follow-up uploader SU uploads the PKI pk of oneself
sUto server;
3b) server is by the PKI pk of follow-up uploader SU
sUbe sent to key distribution auxiliary AU;
3c) the private key sk of oneself for key distribution auxiliary AU
aUwith the PKI pk receiving from server
sU, generate re-encrypted private key rk
aU → SU;
3d) key distribution auxiliary AU PKI pk
aUencrypt file key, obtains file key ciphertext k '
aU;
3e) key distribution auxiliary AU is by the file key ciphertext k ' of oneself
aU, PKI pk
aUand re-encrypted private key rk
aU → SUbe back to server simultaneously;
3f) server re-encrypted private key rk
aU → SUto the file key ciphertext k ' of key distribution auxiliary AU
aUact on behalf of re-encryption, obtain re-encryption ciphertext k ' '
sUand send it to follow-up uploader SU;
3g) its private key sk for follow-up uploader SU
sUdeciphering re-encryption ciphertext k ' '
sU, obtain file key.
2. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1, is characterized in that step 1a) described utilize congruence generate in the middle of evidence IPs, by following formula, generate:
IPs={IPs
i},
Wherein, IPs
ielement in the middle of being in evidence IPs,
b
ioriginal document m={b
1, b
2..., b
i..., b
neach piecemeal, i is from 1 to n, n is the block count of original document m, 1≤β≤d-1, β is that rank are the unit of q, i.e. 1=β
qmod d, d and q are prime number, and meet d-1 and can be divided exactly by q, and mod is complementation computing.
3. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1, it is characterized in that, step 2c) described according to had original document m and authentication challenge set Chal, spanned file evidences of title FPs, carries out as follows:
FPs={FPs
i},
Wherein, FPs
ithe element in File Ownership evidence FPs,
fPs
i=b
i* s ' '+r,
pseudo-random permutation function, b
ioriginal document m={b
1, b
2..., b
i..., b
neach piecemeal, r is random number, ρ is from 1 to c, c is the blocks of files number in authentication challenge set Chal, s ', s ' ' is two random numbers in authentication challenge set Chal.
4. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1, it is characterized in that, step 2d) described according to middle evidence IPs and the File Ownership evidence FPs that receives from follow-up uploader SU, generate two groups of evidence spacing DPs, by following formula, undertaken:
DPs={DPs
i},
Wherein, DPs
ithe element of evidence spacing DPs, IPs
ithe element of evidence IPs in the middle of being, FPs
iit is the element of File Ownership evidence FPs.
5. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1, is characterized in that step 3c) the described key distribution auxiliary AU private key sk of oneself
aUwith the PKI pk receiving from server
sU, generate re-encrypted private key rk
aU → SU, carry out as follows:
3c1) from integer set Z
din random select two integer x
aU,
aU, the private key sk of composition key distribution auxiliary AU
aU:
sk
AU=(x
AU,
AU),
Wherein, integer set Z
d=, 1 ..., d-1}, d is prime number;
3c2) from integer set Z
din random select two integer x
sU,
sU, form the private key sk of follow-up uploader SU
sU:
sk
SU=(x
SU,
SU);
3c3) according to prime number d, determine that rank are that d generator is the cyclic group G of g, G={g
0, g
1..., g
d-1;
3c4) the random numerical value g that selects from cyclic group G
j, the span of j is from 0 to d-1;
3c5) according to the private key sk of follow-up uploader SU
sU, cyclic group G generator g and numerical value g
j, calculate its corresponding PKI pk
sU:
3c6) according to the private key sk of key distribution auxiliary AU
aUpKI pk with follow-up uploader SU
sU, calculate re-encrypted private key rk
aU → SU:
6. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1, is characterized in that step 3d) described key distribution auxiliary AU PKI pk
aUencrypt file key, obtains file key ciphertext k '
aU, carry out as follows:
3d1) according to the private key sk of key distribution auxiliary AU
aU, calculate its corresponding PKI pk
aU:
3d2) four different numerical value g of random selection from cyclic group C
h, g
u, g
v, g
w, wherein, h, u, v, the span of w is all from 0 to d-1, from integer set Z
din random two different numerical value l, the s of selecting;
3d3) according to numerical value g
j, g
h, g
u, g
v, g
w, l, the PKI pk of s, key distribution auxiliary AU
aUwith file key k, calculate intermediate variable C
1, C
2, C
3, C
4, C
5:
C
2=g
h·1,
C
4=(g
utg
vsg
w)
l, wherein t=TCR (C
2, C
3),
C
5=s,
Wherein, e (g, g
j) be bilinear map, k is file key, TCR () is collisionless hash function;
3d4) according to intermediate variable C
1, C
2, C
3, C
4, C
5, obtain file key ciphertext k '
aU:
k′
AU=(C
1,C
2,C
3,C
4,C
5)。
7. according to the cryptographic key distribution method under the encryption data de-duplication scene described in claim 1 or step 5, it is characterized in that step 3f) the described re-encrypted private key rk that uses
aU → SUto the file key ciphertext k ' of key distribution auxiliary AU
aUact on behalf of re-encryption, obtain re-encryption ciphertext k ' '
sU, carry out as follows:
3f1) from integer set Z
d=0,1 ..., random two integer r ' and the r ' ' of selecting in d-1};
3f2) according to integer r ' and r ' ', file key ciphertext k '
aU, key distribution auxiliary AU PKI pk
aUwith re-encrypted private key be rk
aU → SU, calculate intermediate variable C
6, C
7, C
8:
Wherein, C
1file key ciphertext k '
aU=(C
1, C
2, C
3, C
4, C
5) part,
it is key distribution auxiliary AU PKI
Part;
3f3) according to file key ciphertext k '
aUwith intermediate variable C
6, C
7, C
8, calculate intermediate variable k
t:
k
t=C
2||C
3||C
4||C
5||C
6||C
7||C
8,
Wherein, symbol || represent concatenation operation;
3f4) according to generator g and random number r ', calculate intermediate variable A:
A=g
r′;
3f5) according to intermediate variable A, numerical value g
h, r ' and intermediate variable k
tpKI pk with key distribution auxiliary AU
aU, calculate re-encryption ciphertext k ' '
sU:
t′=TCR′(A),
k′′
SU=(A,B,C),
Wherein, TCR ' () is collisionless hash function, and SYM.Enc () is symmetric encipherment algorithm, and H () is random Harsh function.
8. according to the cryptographic key distribution method under the encryption data de-duplication scene described in claim 1 or step 5, it is characterized in that step 3g) described its private key of follow-up uploader SU sk
sUdeciphering re-encryption ciphertext k ' '
sU, obtain file key k, carry out as follows:
3g1) according to the private key sk of follow-up uploader SU
sUwith re-encryption ciphertext k ' '
sU, calculate intermediate variable k
t:
Wherein, variables A and C are re-encryption ciphertext k ' '
sU=(A, B, C) part, SYM.Dec () is symmetrical decipherment algorithm.
3g2) resolve intermediate variable k
t:
k
t=C
2||C
3||C
4||C
5||C
6||C
7||C
8,
Wherein, symbol || represent concatenation operation;
3g3) according to intermediate variable k
tprivate key sk with follow-up uploader SU
sU, calculation document key k:
Wherein, e (C
6, C
8) be bilinear map.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410010603.XA CN103731261B (en) | 2014-01-09 | 2014-01-09 | Secret key distribution method under encrypted repeating data deleted scene |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410010603.XA CN103731261B (en) | 2014-01-09 | 2014-01-09 | Secret key distribution method under encrypted repeating data deleted scene |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103731261A true CN103731261A (en) | 2014-04-16 |
CN103731261B CN103731261B (en) | 2017-01-18 |
Family
ID=50455197
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410010603.XA Expired - Fee Related CN103731261B (en) | 2014-01-09 | 2014-01-09 | Secret key distribution method under encrypted repeating data deleted scene |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103731261B (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104021157A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Method for keyword searchable encryption based on bilinear pairs in cloud storage |
CN104022866A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Searchable encryption method for multi-user cipher text keyword in cloud storage |
CN104023051A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Multi-user multi-keyword searchable encryption method in cloud storage |
CN104468612A (en) * | 2014-12-24 | 2015-03-25 | 无锡儒安科技有限公司 | Privacy protection type attribute matching method based on symmetrical encryption |
CN104660720A (en) * | 2015-03-25 | 2015-05-27 | 成都艺辰德迅科技有限公司 | Security storage method based on identity authentication |
CN104683113A (en) * | 2015-03-25 | 2015-06-03 | 成都艺辰德迅科技有限公司 | Security storage method based on data encryption |
CN104935588A (en) * | 2015-06-12 | 2015-09-23 | 华中科技大学 | Layered key management method of secure cloud storage system |
CN105072300A (en) * | 2015-08-05 | 2015-11-18 | 南京感动科技有限公司 | Voice communication method for cloud supervision |
CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
CN106506474A (en) * | 2016-11-01 | 2017-03-15 | 西安电子科技大学 | A kind of efficient traceable data sharing method based on mobile cloud environment |
CN106534077A (en) * | 2016-10-18 | 2017-03-22 | 华南理工大学 | Authenticable agent re-encryption system and method based on symmetric cryptography |
CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
KR20170081498A (en) * | 2016-01-04 | 2017-07-12 | 한국전자통신연구원 | Method and apparatus for verifying data ownership |
CN107147615A (en) * | 2017-03-29 | 2017-09-08 | 西安电子科技大学 | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
CN107741947A (en) * | 2017-08-30 | 2018-02-27 | 浙江九州量子信息技术股份有限公司 | The storage of random number key based on HDFS file system and acquisition methods |
CN109450648A (en) * | 2018-12-27 | 2019-03-08 | 石更箭数据科技(上海)有限公司 | Key generating device, data processing equipment and stream compression system |
CN110289950A (en) * | 2019-05-29 | 2019-09-27 | 杭州隐知科技有限公司 | A kind of key information generation method and device |
CN110443053A (en) * | 2019-07-31 | 2019-11-12 | 四川效率源信息安全技术股份有限公司 | A kind of key generation method based on key rotation table and mapping table |
CN110800248A (en) * | 2017-06-14 | 2020-02-14 | 泰雷兹数字安全法国股份有限公司 | Method for mutual symmetric authentication between a first application and a second application |
CN112134939A (en) * | 2020-09-16 | 2020-12-25 | 许永宾 | Block city cloud platform based on smart city |
US10897362B2 (en) | 2014-12-18 | 2021-01-19 | Nokia Technologies Oy | De-duplication of encrypted data |
-
2014
- 2014-01-09 CN CN201410010603.XA patent/CN103731261B/en not_active Expired - Fee Related
Non-Patent Citations (2)
Title |
---|
刘文菊: "基于身份密钥交换的安全模型", 《通信学报》 * |
汤鹏志: "Schnor数字签名的零知识证明", 《微电子学与计算机》 * |
Cited By (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104021157A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Method for keyword searchable encryption based on bilinear pairs in cloud storage |
CN104022866A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Searchable encryption method for multi-user cipher text keyword in cloud storage |
CN104023051A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Multi-user multi-keyword searchable encryption method in cloud storage |
CN104021157B (en) * | 2014-05-22 | 2019-04-02 | 广州爱范儿科技股份有限公司 | Keyword in cloud storage based on Bilinear map can search for encryption method |
US10897362B2 (en) | 2014-12-18 | 2021-01-19 | Nokia Technologies Oy | De-duplication of encrypted data |
CN104468612A (en) * | 2014-12-24 | 2015-03-25 | 无锡儒安科技有限公司 | Privacy protection type attribute matching method based on symmetrical encryption |
CN104468612B (en) * | 2014-12-24 | 2017-06-23 | 无锡儒安科技有限公司 | The Attribute Matching Approach of the protection privacy based on symmetric cryptography |
CN104660720A (en) * | 2015-03-25 | 2015-05-27 | 成都艺辰德迅科技有限公司 | Security storage method based on identity authentication |
CN104683113A (en) * | 2015-03-25 | 2015-06-03 | 成都艺辰德迅科技有限公司 | Security storage method based on data encryption |
CN104935588A (en) * | 2015-06-12 | 2015-09-23 | 华中科技大学 | Layered key management method of secure cloud storage system |
CN104935588B (en) * | 2015-06-12 | 2017-11-24 | 华中科技大学 | A kind of hierarchical encryption management method of safe cloud storage system |
CN105072300A (en) * | 2015-08-05 | 2015-11-18 | 南京感动科技有限公司 | Voice communication method for cloud supervision |
CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
KR102415626B1 (en) * | 2016-01-04 | 2022-07-01 | 한국전자통신연구원 | Method and apparatus for verifying data ownership |
KR20170081498A (en) * | 2016-01-04 | 2017-07-12 | 한국전자통신연구원 | Method and apparatus for verifying data ownership |
US10515225B2 (en) * | 2016-01-04 | 2019-12-24 | Electronics And Telecommunications Research Institute | Method for mutual verifying of data ownership |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
CN106534077A (en) * | 2016-10-18 | 2017-03-22 | 华南理工大学 | Authenticable agent re-encryption system and method based on symmetric cryptography |
CN106534077B (en) * | 2016-10-18 | 2019-08-20 | 华南理工大学 | A kind of identifiable proxy re-encryption system and method based on symmetric cryptography |
CN106506474A (en) * | 2016-11-01 | 2017-03-15 | 西安电子科技大学 | A kind of efficient traceable data sharing method based on mobile cloud environment |
CN106506474B (en) * | 2016-11-01 | 2020-01-17 | 西安电子科技大学 | Efficient traceable data sharing method based on mobile cloud environment |
CN107147615A (en) * | 2017-03-29 | 2017-09-08 | 西安电子科技大学 | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene |
CN107147615B (en) * | 2017-03-29 | 2019-10-25 | 西安电子科技大学 | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene |
CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
CN110800248A (en) * | 2017-06-14 | 2020-02-14 | 泰雷兹数字安全法国股份有限公司 | Method for mutual symmetric authentication between a first application and a second application |
CN110800248B (en) * | 2017-06-14 | 2022-11-22 | 泰雷兹数字安全法国股份有限公司 | Method for mutual symmetric authentication between a first application and a second application |
CN107741947B (en) * | 2017-08-30 | 2020-04-24 | 浙江九州量子信息技术股份有限公司 | Method for storing and acquiring random number key based on HDFS file system |
CN107741947A (en) * | 2017-08-30 | 2018-02-27 | 浙江九州量子信息技术股份有限公司 | The storage of random number key based on HDFS file system and acquisition methods |
CN109450648A (en) * | 2018-12-27 | 2019-03-08 | 石更箭数据科技(上海)有限公司 | Key generating device, data processing equipment and stream compression system |
CN109450648B (en) * | 2018-12-27 | 2022-01-28 | 石更箭数据科技(上海)有限公司 | Key generation device, data processing apparatus, and data transfer system |
CN110289950A (en) * | 2019-05-29 | 2019-09-27 | 杭州隐知科技有限公司 | A kind of key information generation method and device |
CN110289950B (en) * | 2019-05-29 | 2021-11-09 | 北京链化未来科技有限公司 | Key information generation method and device |
CN110443053A (en) * | 2019-07-31 | 2019-11-12 | 四川效率源信息安全技术股份有限公司 | A kind of key generation method based on key rotation table and mapping table |
CN110443053B (en) * | 2019-07-31 | 2023-03-14 | 四川效率源信息安全技术股份有限公司 | Key generation method based on key cycle table and mapping table |
CN112134939A (en) * | 2020-09-16 | 2020-12-25 | 许永宾 | Block city cloud platform based on smart city |
Also Published As
Publication number | Publication date |
---|---|
CN103731261B (en) | 2017-01-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103731261B (en) | Secret key distribution method under encrypted repeating data deleted scene | |
CN106961336B (en) | A kind of key components trustship method and system based on SM2 algorithm | |
Timothy et al. | A hybrid cryptography algorithm for cloud computing security | |
Mao et al. | Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption | |
Xue et al. | Provable data transfer from provable data possession and deletion in cloud storage | |
CN102611749B (en) | Cloud-storage data safety auditing method | |
CN105681273B (en) | Client-side deduplication method | |
Liang et al. | A CCA-secure identity-based conditional proxy re-encryption without random oracles | |
CN107124268A (en) | A kind of privacy set common factor computational methods for resisting malicious attack | |
CN110011781A (en) | A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount | |
CN104486307A (en) | Decentralized key management method based on homomorphic encryption | |
Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
CN104038341A (en) | Identity-based cross-system proxy re-encryption method | |
CN112543187A (en) | Industrial Internet of things safety data sharing method based on edge block chain | |
CN110414981A (en) | A kind of homomorphic cryptography method that supporting ZKPs and block chain transaction amount encryption method | |
Udendhran | A hybrid approach to enhance data security in cloud storage | |
Wang et al. | A regulation scheme based on the ciphertext-policy hierarchical attribute-based encryption in bitcoin system | |
CN103746811A (en) | Anonymous signcryption method from identity public key system to certificate public key system | |
CN104539610A (en) | Agent re-encryption method for improving outsourced encrypted data sharing function | |
Lan et al. | A New Security Cloud Storage Data Encryption Scheme Based on Identity Proxy Re-encryption. | |
CN109976948A (en) | Private information backup method and recovery method and system | |
CN104320249B (en) | A kind of elastoresistance leakage encryption method of identity-based | |
Peng et al. | Efficient distributed decryption scheme for IoT gateway-based applications | |
CN103746810A (en) | Anonymous sign-cryption method from certificate public key system to identity public key system | |
Li et al. | Recoverable private key scheme for consortium blockchain based on verifiable secret sharing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170118 Termination date: 20220109 |
|
CF01 | Termination of patent right due to non-payment of annual fee |