CN103731261B - Secret key distribution method under encrypted repeating data deleted scene - Google Patents
Secret key distribution method under encrypted repeating data deleted scene Download PDFInfo
- Publication number
- CN103731261B CN103731261B CN201410010603.XA CN201410010603A CN103731261B CN 103731261 B CN103731261 B CN 103731261B CN 201410010603 A CN201410010603 A CN 201410010603A CN 103731261 B CN103731261 B CN 103731261B
- Authority
- CN
- China
- Prior art keywords
- key
- file
- uploader
- follow
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a secret key distribution method under an encrypted repeating data deleted scene. The secret key distribution method under the encrypted repeating data deleted scene mainly solves the problems that the prior art is low in safety and large in computing amount. The secret key distribution method under the encrypted repeating data deleted scene comprises steps of (1), achieving file ownership authentication through zero-knowledge authentication which is based on a Schnorr system and every time extracting a plurality of plaintext files to generate into ownership evidences; (2), judging whether a client passes the file ownership authentication through a server according to pre-obtained middle evidences and the ownership evidences submitted through the client; (3) generating into repeat encrypted secret keys through a secret key distribution auxiliary, enabling the server to perform agent repeat encryption on the file secret keys through the repeat encrypted secret keys, generating into the repeat encrypted cryptograph, sending the repeat encrypted cryptograph to the client and achieving distribution of the file secret keys. The secret key distribution method under the encrypted repeating data deleted scene can improve the safety of client data, reduce computing amount of the client and the server during the interactive process and applied to the cloud store service which is equipped with the repeat data deleting technology.
Description
Technical field
The invention belongs to field of information security technology, particularly to a kind of cryptographic key distribution method, can be used for cloud storage service
In, under the encryption data de-duplication scene that multi-client intersects, client is distributed to the key of initial data.
Background technology
Growing with cloud computing technology, more and more personal begin to use with enterprise inexpensively, easily cloud service
With branching operation and storage.In such a mode, substantial amounts of redundant data will certainly be produced.In order to save the uploading bandwidth of user
With the storage resource of cloud service provider, " data de-duplication " technology is suggested.This technology can ensure that server memory is stored up
Uniqueness in block level or file-level for the data, to reduce data redundancy.
" data de-duplication " technology classification has: the opportunity according to data de-duplication application is different, has client weight
Complex data deletes server end data de-duplication;There are block level data de-duplication and file-level weight according to data granularity size
Complex data is deleted.Wherein, during the client-side deduplication of file-level, server judges according to file identification first
Whether this document has existed, if existed, this client need not go up transmitting file, and this client only need to be marked by server
File owner.Undoubtedly, this technology not only can save the storage resource of server, but also can save the net of user
Network bandwidth.At present, there is much well-known cloud storage service, such as dropbox and memopal, using this technology.It is said that business
Apply reached data de-duplication rate from 1:10 to 1:500 so that storage and bandwidth conservation reach 90%.
In existing client-side deduplication system, file cryptographic Hash that server is submitted to by client is sentencing
Whether disconnected file exists.Such mechanism can bring potential injury to user, and such as attacker by server end can be
The no reply needing to upload, to guess whether other clients have this document, can guess the body of user by such exploration
Part information, this attack has been applied to some well-known storage service providers, such as mozyhome and dropbox.Also has a class
Attack is that attacker obtains the cryptographic Hash of file according to certain mode, but does not have actual file, by existing machine
System, he can be with unauthorized access actual file, because server thinks " have file cryptographic Hash then represent have complete file ".
Meanwhile, this also can make attacker abuse as content distributing network (cdn) by data storage service, i.e. publication document cryptographic Hash,
With shared file in colony, this is greatly increased the load of cloud service provider.
Personal data secret protection consciousness with user improves constantly, and increasing cloud service provider claims offer
Encryption storage, but it has been reported that, the client software of social networks twitter there are security breaches so that attacker is permissible
Access the private data of user.But the storage encryption that service provides nor the server acquisition user avoiding " honest and curious "
Data.Therefore, occur in that the client-side deduplication scheme that another kind of combination " end-to-end " is encrypted.In this scheme,
File is encrypted by the key that user randomly chooses, and file cipher text uploads onto the server.But this introduces a new problem again,
Except the owner of key, whether no one can determine that two parts of ciphertexts corresponding to a plaintext, and server can only be directed to a certain
User uses data de-duplication technology, and this will substantially reduce the deletion efficiency of repeated data.
In order to solve the above problems, industry proposes solution below:
Whether one .harnik et al. proposes pow (proofs of ownership) strategy real to verify user
Have file: after server and client side pre-processes to file, set up merkle tree, server randomly chooses a leaf
The set of child node, challenges to client it is desirable to client returns from merkle root vertex to this leaf node collection
Set of paths.But this document ownership certificate scheme has two shortcomings: first, the program needs client to frequently execute pole
For time-consuming i/o request and a large amount of consumption calculations resource;Second, the security of scheme is based on hypothesis difficult of proof.
Two. convergent encryption is the cryptographic primitive being proposed by douceur et al. it is intended to protect in data de-duplication
The confidentiality of card data.The convergent encryption of data refers to the symmetric encryption scheme determining, plaintext is encrypted, encryption key
Obtained by the method that determination is applied on plaintext.Obviously, identical plaintext will produce identical key and identical ciphertext,
So that the data de-duplication across user is achieved.But convergent encryption is not provided that Semantic Security, because it is easily by interior
Hold guessing attack.Shown by the result of study of bellare et al., convergent encryption is only uncertain data and provides guarantor
Close property.
Three. in known scheme, also there is not special cipher key distribution scheme.After file key is encrypted, directly transmit
To client, and key-encrypting key generally uses key generation method in similar convergent encryption scheme to obtain, that is, its with
The method determining is by generating in plain text.Therefore, key-encrypting key can face and attack with convergent encryption scheme identical: first, interior
Hold guessing attack;Second, no Semantic Security ensures.
Content of the invention
Present invention aims to the deficiency of above-mentioned prior art, propose under a kind of encryption data de-duplication scene
Cryptographic key distribution method, with the cloud storage service of data de-duplication improve user data security, reduce client
With operand in interaction for the server.
The technical scheme is that and be achieved in that:
One. know-why:
In order to solve the safety problem in " data de-duplication under the conditions of user data secret protection " scene, the present invention
One cryptography safety, efficient proof scheme are proposed.Include two parts in the program, be based on schnorr body respectively
The File Ownership of zero knowledge probative agreement processed proves and using the key distribution acting on behalf of re-encryption realization.
Using the proof realizing File Ownership based on the zero knowledge probative agreement of schnorr system.Zero-knowledge proof, that is,
On the premise of not revealing knowledge, subject proves the correctness of a certain judgement to verifier.Due to its intrinsic " Zero Knowledge "
Attribute, the evidences of title based on original plain text file will not reveal original plain text file information, is ensured in interaction with this
The confidentiality of data.The first uploader of file, according to original document, calculates middle evidence and uploads onto the server;On follow-up
During the File Ownership that biography person is carried out with server proves to interact, server compares the ownership of middle evidence and follow-up uploader
Evidence, to determine whether to recognize the File Ownership of follow-up uploader.Server, according to stochastical sampling and coefficient of dynamics technology, allows
Follow-up uploader generates fresh evidences of title, to keep out Replay Attack.
Meanwhile, using act on behalf of Re-encryption Technology realize key distribution.Act on behalf of re-encryption, that is, close with authorized person's public key encryption
Literary composition can be converted into the ciphertext that grantee's private key can be deciphered.When having follow-up uploader after File Ownership certification, assist
The file owners of key distribution generate re-encrypted private key rk, and obtain file key ciphertext k ' with public key encryption file key k, clothes
Business device is carried out after re-encryption computing to file key ciphertext k ' using re-encrypted private key rk, obtains re-encryption ciphertext k ' '.Follow-up upload
After person obtains the re-encryption ciphertext k ' ' of file key k, just can obtain file key k with its private key deciphering re-encryption ciphertext k ' ',
Realize the mandate to original document with this to access.
Two. realize step:
The first uploader for identical file and follow-up uploader, the concrete steps of realizing of the present invention include:
(1) evidence and original document ciphertext in the middle of the upload of file first place uploader fu:
1a) the first uploader fu of file is according to the requirement of the zero knowledge probative agreement based on schnorr system, to original
After file m carries out piecemeal, generate middle evidence ips using congruence;
1b) the first uploader fu of file randomly chooses file key k, original document m is carried out symmetric cryptography obtain original
File cipher text m ', and the public key pk with file first place uploader fufuEncryption file key k, obtains file key ciphertext k 'fu;
1c) upload middle evidence ips, original document ciphertext m ' and file key ciphertext k 'fuTo server;
(2) follow-up uploader su carries out File Ownership with server proves to interact:
2a) follow-up uploader su selects random number r, generates coefficient correlation x and sends to server: x=βrMod d, its
In, 1≤β≤d-1, β are the units that rank is q, i.e. 1=βqMod d, d and q are prime number, and meet d and can be divided exactly by q for 1;
2b) server randomly chooses file block number c and two random number s ', s ' ', composition authentication challenge set:
Chal=(c, s ', s ' '), and send to follow-up uploader su;
2c) follow-up uploader su, according to the original document m being had and authentication challenge set chal, generates File Ownership
Evidence fps simultaneously sends to server;
2d) server is according to middle evidence ips with the File Ownership evidence fps that receives from follow-up uploader su, raw
Become between two groups of evidences apart from dps, to determine whether to recognize the File Ownership of follow-up uploader su, recognize follow-up uploader su
File Ownership, then server follow-up uploader su is labeled as the owner of file, execution step (3);Otherwise, follow-up upload
This File Ownership authentification failure of person su;
(3) server distribution key is to follow-up uploader su:
3a) follow-up uploader su uploads the public key pk of oneselfsuTo server;
3b) server is by the public key pk of follow-up uploader susuSend and distribute auxiliary au to key;
3c) key distributes the auxiliary au private key sk of oneselfauWith the public key pk receiving from serversu, generate re-encryption
Key rkau→su;
3d) key distribution auxiliary au public key pkauEncryption file key k, obtains file key ciphertext k 'au;
3e) key distribution auxiliary au is by the file key ciphertext k ' of oneselfau, public key pkauAnd re-encrypted private key rkau→su
It is back to server simultaneously;
3f) server re-encrypted private key rkau→suKey is distributed with the file key ciphertext k ' of auxiliary auauCarry out generation
Reason re-encryption, obtains re-encryption ciphertext k ' 'suAnd send it to follow-up uploader su;
3g) follow-up uploader su its private key sksuDeciphering re-encryption ciphertext k ' 'su, obtain file key k.
The present invention compared with prior art has the advantage that
First, confidentiality is strong.
The present invention using File Ownership certification is realized based on the Zero Knowledge certification of schnorr system so that server no
The evidences of title that method is submitted to according to client obtains any information related to original plain text file it is ensured that in verification process
The high confidentiality of data.
Second, safe.
The present invention carries out key distribution so that server cannot obtain any of file key using acting on behalf of Re-encryption Technology
Information is it is ensured that the high security of file key.
3rd, operand is few.
The present invention extracts a number of blocks of files using random sampling technique and carries out ownership certification, decreases server
Operand with client;Based on the evidences of title generation method of original plain text file, save client to original plaintext
The cryptographic calculation of file.
Brief description
Fig. 1 is the general flow chart of the present invention;
Fig. 2 is the sub-process figure that in the present invention, File Ownership certification prepares;
Fig. 3 is the sub-process figure of File Ownership authentication phase interaction in the present invention;
Fig. 4 is the sub-process figure of key distribution phase interaction in the present invention.
Specific embodiment
Symbol and abbreviation
M is original document;
K is the file key of the original document that file first place uploader randomly chooses;
M ' is original document ciphertext, i.e. the ciphertext form of original document m gained after file key k encryption;
N is the piecemeal number of original document;
{b1,b2,…,bi,…,bnFor original document piecemeal set;
pkfu,skfuPublic private key pair for the first uploader fu;
pksu,sksuPublic private key pair for follow-up uploader su;
pkau,skauDistribute the public private key pair of auxiliary au for key;
k′auDistribute the public key pk of auxiliary au for file key k through keyauCiphertext form after encryption;
k′′suFor file key ciphertext k 'auCiphertext form after re-encryption;
C challenges in proof procedure for single, the blocks of files number of request;
D, q are prime number, and both sides relation meets d | p-1;
β is the unit that rank is q, i.e. 1=βqMod d, 1≤β≤d-1;
G is rank is that d generates the cyclic group for g for the unit, g={ g0,g1,…,gd-1};
H () is random Harsh function;
gj,gh,gu,gv,gwBe the four different numerical value selecting from cyclic group g, the span of j, h, u, v, w all from
0 arrives d-1;
L, s are from integer set zdTwo different numerical value of middle selection;
Mod is complementation computing;
Tcr () is collisionless hash function, and this function has two |input parametes, and this two parameter belongs to cyclic group g;
Tcr ' () is collisionless hash function, and this function has a |input paramete, and this parameter belongs to cyclic group g;
Sym.enc () is symmetric encryption scheme;
Sym.dec () is symmetrical deciphering scheme.
Further illustrate embodiment of the present invention below by the drawings and specific embodiments.
With reference to Fig. 1, the present invention to realize step as follows:
Step 1, the first uploader fu is authenticated to File Ownership preparing.
With reference to Fig. 2, being implemented as follows of this step:
1a) original document m is divided into equal-sized n block, obtains m={ b1,b2,…,bi,…,bn};
1b) according to the requirement of the zero knowledge probative agreement based on schnorr system, for each piecemeal of original document m,
Using evidence ips in the middle of congruence generation:
ips={ipsi,
Wherein, ipsiIt is the element in middle evidence ips,biIt is original document m={ b1,
b2,…,bi,…,bnEach piecemeal, from 1 to n, 1≤β≤d-1, β are the units that rank is q to i, i.e. 1=βqMod d, d are with q
Prime number, and meet d-1 and can be divided exactly by q, mod is complementation computing;Each element in middle evidence ips is divided with original document m's
Block has one-to-one relationship;
1c) randomly choose file key k;
1d) with file key k, symmetric cryptography is carried out to original document m, obtains original document ciphertext m ':
M '=sym.enc (k, m),
Wherein, sym.enc () is symmetric encryption scheme;
1e) upload middle evidence ips and original document ciphertext m ' to server.
Step 2, server carries out File Ownership certification with follow-up uploader su and interacts.
With reference to Fig. 3, being implemented as follows of this step:
2a) follow-up uploader su selects random number r, generates coefficient correlation x and sends to server, its coefficient correlation x is pressed
Equation below generates:
x=βrMod d,
Wherein, 1≤β≤d-1, β are the units that rank is q, i.e. 1=βqMod d, d and q are prime number, and meet d-1 can be whole by q
Remove, mod is complementation computing;
After 2b) server receives coefficient correlation x, select authentication document block number c and two random number s ', s ' ' forms certification
Challenge set chal=(c, s ', s ' '), authentication challenge set chal is sent to follow-up uploader su;
2c) follow-up uploader su, according to authentication challenge set chal, firstly generates File Ownership evidence fps, and uploads
To server, evidences of title fps, generate as follows:
fps={fpsi,
Wherein, fpsiIt is the element in File Ownership evidence fps,fpsi=bi* s ' '+r,It is pseudo-
Random permutation function, biIt is original document m={ b1,b2,…,bi,…,bnEach piecemeal, r be random number, from 1 to c, c is ρ
File block number in authentication challenge set chal, s ', s ' ' be two random numbers in authentication challenge set chal;
2d) server, according to middle evidence ips and File Ownership evidence fps, generates between two groups of evidences apart from dps:
dps={dpsi,
Wherein, dpsiIt is the element apart from dps between evidence, ipsiIt is the element of middle evidence ips, fpsiIt is that file owns
Warrant is according to the element of fps;
2e) server according between two evidences apart from dps={ dpsiJudging whether to recognize the file institute of follow-up uploader su
Have the right: if dps=is { dpsiIn each element all equal with coefficient correlation x, then recognize follow-up uploader su file own
Power, execution step 3;Otherwise, the File Ownership authentification failure of follow-up uploader su.
Step 3, server carries out key distribution to follow-up uploader su.
With reference to Fig. 4, being implemented as follows of this step:
3a) follow-up uploader su uploads the public key pk of oneselfsuTo server;
3b) server is by the public key pk of follow-up uploader susuSend and distribute auxiliary au to key;
3c) key distributes auxiliary au according to re-encrypted private key create-rule, with the private key sk of oneselfauConnect with from server
The public key pk receivingsu, generate re-encrypted private key rkau→su:
3c1) from integer set zdTwo integer x of middle random selectionau,yau, the private key of composition key distribution auxiliary au
skau:
skau=(xau,yau),
Wherein, integer set zd={ 0,1 ..., d-1 }, d are prime number;
3c2) from integer set zdIn randomly choose two integer x againsu,ysu, form the private key sk of follow-up uploader susu:
sksu=(xsu,ysu);
3c3) according to prime number d, determine that rank is that d generates cyclic group g for g for the unit, g={ g0,g1,…,gd-1};
3c4) randomly choose numerical value g from cyclic group gj, the span of j is from 0 to d-1;
3c5) the private key sk according to follow-up uploader susu, cyclic group g generation unit g and numerical value gj, calculate its corresponding public key
pksu:
The private key sk of auxiliary au 3c6) is distributed according to keyauPublic key pk with follow-up uploader susu, calculate re-encryption
Key rkau→su:
3d) key distribution auxiliary au public key pkauEncryption file key k, obtains file key ciphertext k 'au:
The private key sk of auxiliary au 3d1) is distributed according to keyau, calculate its corresponding public key pkau:
3d2) randomly choose four different numerical value g from cyclic group gh,gu,gv,gw, wherein, the value model of h, u, v, w
Enclose all from 0 to d-1, from integer set zdMiddle random selection two different numerical value l, s;
3d3) according to numerical value gj,gh,gu,gv,gw, l, s, key distribute the public key pk of auxiliary auauWith file key k, count
Calculate intermediate variable c1,c2,c3,c4,c5:
c2=gh·1,
c4=(gu·t·gv·s·gw)1, wherein t=tcr (c2,c3),
c5=s,
Wherein, e (g, gj) it is bilinear map, k is file key, and tcr () is collisionless hash function;
3d4) according to intermediate variable c1,c2,c3,c4,c5, obtain file key ciphertext k 'au:
k′au=(c1,c2,c3,c4,c5);
3e) key distribution auxiliary au is by the file key ciphertext k ' of oneselfau, public key pkauAnd re-encrypted private key rkau→su
It is back to server simultaneously;
3f) server re-encrypted private key rkau→suKey is distributed with the file key ciphertext k ' of auxiliary auauCarry out generation
Reason re-encryption, obtains re-encryption ciphertext k ' 'su:
3f1) from integer set zd=0,1 ..., and d-1 } middle random selection two integer r ' and r ' ';
3f2) according to integer r ' and r ' ', file key ciphertext k 'au, key distribute auxiliary au public key pkauAdd again
Key is rkau→su, calculate intermediate variable c6,c7,c8:
Wherein, c1It is file key ciphertext k 'au=(c1,c2,c3,c4,c5) part,It is key distribution auxiliary
Person's au public key Part;
3f3) according to file key ciphertext k 'auWith intermediate variable c6,c7,c8, calculate intermediate variable kt:
kt=c2||c3||c4||c5||c6||c7||c8,
Wherein, symbol | | represent concatenation operation;
3f4) according to generation unit and random number r ', calculating intermediate variable a:
a=gr′;
3f5) according to intermediate variable a, numerical value gh, r ' and intermediate variable ktDistribute the public key pk of auxiliary au with keyau, meter
Calculate re-encryption ciphertext k ' 'su:
k′′su=(a, b, c),
T '=tcr ' (a),
Wherein, tcr ' () is collisionless hash function, and sym.enc () is symmetric encipherment algorithm, and h () is random Harsh letter
Number;
3g) follow-up uploader su its private key sksuDeciphering re-encryption ciphertext k ' 'su, obtain file key k:
3g1) the private key sk according to follow-up uploader susuWith re-encryption ciphertext k ' 'su, calculate intermediate variable kt:
Wherein, variable a and c is re-encryption ciphertext k ' 'su=(a, b, c) part, sym.dec () is that symmetrical deciphering is calculated
Method;
3g2) parse intermediate variable kt:
kt=c2||c3||c4||c5||c6||c7||c8,
Wherein, symbol | | represent concatenation operation;
3g3) according to intermediate variable ktPrivate key sk with follow-up uploader susu, calculation document key k:
Wherein, e (c6,c8) it is bilinear map.
Claims (8)
1. the cryptographic key distribution method under a kind of encryption data de-duplication scene, comprises the steps:
(1) evidence and original document ciphertext in the middle of the upload of file first place uploader fu:
1a) the first uploader fu of file is according to the requirement of the zero knowledge probative agreement based on schnorr system, to original document
After m carries out piecemeal, generate middle evidence ips using congruence;
1b) the first uploader fu of file randomly chooses file key k, carries out symmetric cryptography to original document m and obtains original document
Ciphertext m ';
1c) upload middle evidence ips and original document ciphertext m ' to server;
(2) follow-up uploader su carries out File Ownership with server proves to interact:
2a) follow-up uploader su selects random number r, generates coefficient correlation x and sends to server: x=βrMod d, wherein, 1≤
β≤d-1, β are the units that rank is q, i.e. 1=βqMod d, d and q are prime number, and meet d-1 and can be divided exactly by q;
2b) server randomly chooses file block number c and two random number s ', s ", composition authentication challenge set: chal=(c, s ',
S "), and send to follow-up uploader su;
2c) follow-up uploader su, according to the original document m being had and authentication challenge set chal, generates File Ownership evidence
Fps simultaneously sends to server;
2d) server according to middle evidence ips with the File Ownership evidence fps that receives from follow-up uploader su, generates two
Apart from dps between group evidence, to determine whether to recognize the File Ownership of follow-up uploader su, recognize the file of follow-up uploader su
Ownership, then server follow-up uploader su is labeled as the owner of file, execution step (3);Otherwise, follow-up uploader su
This File Ownership authentification failure;
(3) server distribution key is to follow-up uploader su:
3a) follow-up uploader su uploads the public key pk of oneselfsuTo server;
3b) server is by the public key pk of follow-up uploader susuSend and distribute auxiliary au to key;
3c) key distributes the auxiliary au private key sk of oneselfauWith the public key pk receiving from serversu, generate re-encrypted private key
rkau→su;
3d) key distribution auxiliary au public key pkauEncryption file key k, obtains file key ciphertext k 'au;
3e) key distribution auxiliary au is by the file key ciphertext k ' of oneselfau, public key pkauAnd re-encrypted private key rkau→suSimultaneously
It is back to server;
3f) server re-encrypted private key rkau→suKey is distributed with the file key ciphertext k ' of auxiliary auauCarry out agency's weight
Encryption, obtains re-encryption ciphertext k "suAnd send it to follow-up uploader su;
3g) follow-up uploader su its private key sksuDeciphering re-encryption ciphertext k "su, obtain file key k.
2. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Utilization congruence described in 1a) generates middle evidence ips, is generated by equation below:
Ips={ ipsi,
Wherein, ipsiIt is the element in middle evidence ips,biIt is original document m={ b1,b2,...,
bi,...,bnEach piecemeal, from 1 to n, n is the block count of original document m to i, and 1≤β≤d-1, β are the units that rank is q, i.e. 1=
βqMod d, d and q are prime number, and meet d-1 and can be divided exactly by q, and mod is complementation computing.
3. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Described in 2c) according to the original document m being had and authentication challenge set chal, generate File Ownership evidence fps, by as follows
Step is carried out:
Fps={ fpsi,
Wherein, fpsiIt is the element in File Ownership evidence fps,fpsi=bi* s "+r,It is that pseudorandom is put
Exchange the letters number, biIt is original document m={ b1,b2,...,bi,...,bnEach piecemeal, r be random number, from 1 to c, c is certification to ρ
File block number in challenge set chal, s ', s " are two random numbers in authentication challenge set chal.
4. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Described in 2d) according to middle evidence ips and the File Ownership evidence fps that receives from follow-up uploader su, generate two groups of cards
According between apart from dps, carry out as follows:
Dps={ dpsi,
Wherein, dpsiIt is the element apart from dps between evidence, ipsiIt is the element of middle evidence ips, fpsiIt is File Ownership card
Element according to fps.
5. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Key described in 3c) distributes the auxiliary au private key sk of oneselfauWith the public key pk receiving from serversu, generate re-encryption close
Key rkau→su, carry out as follows:
3c1) from integer set zdTwo integer x of middle random selectionau,yau, the private key sk of composition key distribution auxiliary auau:
skau=(xau,yau),
Wherein, integer set zd={ 0,1 ..., d-1 }, d is prime number;
3c2) from integer set zdTwo integer x of middle random selectionsu,ysu, form the private key sk of follow-up uploader susu:
sksu=(xsu,ysu);
3c3) according to prime number d, determine that rank is that d generates cyclic group g for g for the unit, g={ g0,g1,...,gd-1};
3c4) randomly choose numerical value g from cyclic group gj, the span of j is from 0 to d-1;
3c5) the private key sk according to follow-up uploader susu, cyclic group g generation unit g and numerical value gj, calculate its corresponding public key pksu:
The private key sk of auxiliary au 3c6) is distributed according to keyauPublic key pk with follow-up uploader susu, calculate re-encrypted private key
rkau→su:
6. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Key distribution auxiliary au public key pk described in 3d)auEncryption file key k, obtains file key ciphertext k 'au, walk by following
Suddenly carry out:
The private key sk of auxiliary au 3d1) is distributed according to keyau, calculate its corresponding public key pkau:
3d2) randomly choose four different numerical value g from cyclic group gh,gu,gv,gw, wherein, the span of h, u, v, w all from
0 arrives d-1, from integer set zdMiddle random selection two different numerical value l, s;
3d3) according to numerical value gj,gh,gu,gv,gw, l, s, key distribute the public key pk of auxiliary auauWith file key k, in calculating
Between variable c1,c2,c3,c4,c5:
c2=gh·l,
c3=e (g, gj)lK,
c4=(gu·t·gv·s·gw)l, wherein t=tcr (c2,c3),
c5=s,
Wherein, e (g, gj) it is bilinear map, k is file key, and tcr () is collisionless hash function;
3d4) according to intermediate variable c1,c2,c3,c4,c5, obtain file key ciphertext k 'au:
k′au=(c1,c2,c3,c4,c5).
7. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Re-encrypted private key rk is used described in 3f)au→suKey is distributed with the file key ciphertext k ' of auxiliary auauCarry out acting on behalf of re-encryption,
Obtain re-encryption ciphertext k "su, carry out as follows:
3f1) from integer set zdTwo integer r ' and r is randomly choosed " in={ 0,1 ..., d-1 };
3f2) according to integer r ' and r ", file key ciphertext k 'au, key distribute auxiliary au public key pkauAnd re-encrypted private key
For rkau→su, calculate intermediate variable c6,c7,c8:
Wherein, c1It is file key ciphertext k 'au=(c1,c2,c3,c4,c5) part,It is key distribution auxiliary au
Public keyPart;
3f3) according to file key ciphertext k 'auWith intermediate variable c6,c7,c8, calculate intermediate variable kt:
kt=c2||c3||c4||c5||c6||c7||c8,
Wherein, symbol | | represent concatenation operation;
3f4) according to the first g and random number r ' of generation, calculating intermediate variable a:
A=gr′;
3f5) according to intermediate variable a, numerical value gh, r ' and intermediate variable ktDistribute the public key pk of auxiliary au with keyau, calculate weight
Encrypted cipher text k "su:
T '=tcr ' (a),
k″su=(a, b, c),
Wherein, tcr ' () is collisionless hash function, and sym.enc () is symmetric encipherment algorithm, and h () is random Harsh function.
8. the cryptographic key distribution method under encryption data de-duplication scene according to claim 1 is it is characterised in that step
Follow-up uploader su described in 3g) its private key sksuDeciphering re-encryption ciphertext k "su, obtain file key k, enter as follows
OK:
3g1) the private key sk according to follow-up uploader susuWith re-encryption ciphertext k "su, calculate intermediate variable kt:
Wherein, variable a and c is re-encryption ciphertext k "su=(a, b, c) part, sym.dec () is symmetrical decipherment algorithm.
3g2) parse intermediate variable kt:
kt=c2||c3||c4||c5||c6||c7||c8,
Wherein, symbol | | represent concatenation operation;
3g3) according to intermediate variable ktPrivate key sk with follow-up uploader susu, calculation document key k:
Wherein, e (c6,c8) it is bilinear map.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410010603.XA CN103731261B (en) | 2014-01-09 | 2014-01-09 | Secret key distribution method under encrypted repeating data deleted scene |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410010603.XA CN103731261B (en) | 2014-01-09 | 2014-01-09 | Secret key distribution method under encrypted repeating data deleted scene |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103731261A CN103731261A (en) | 2014-04-16 |
CN103731261B true CN103731261B (en) | 2017-01-18 |
Family
ID=50455197
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410010603.XA Expired - Fee Related CN103731261B (en) | 2014-01-09 | 2014-01-09 | Secret key distribution method under encrypted repeating data deleted scene |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103731261B (en) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104021157B (en) * | 2014-05-22 | 2019-04-02 | 广州爱范儿科技股份有限公司 | Keyword in cloud storage based on Bilinear map can search for encryption method |
CN104023051A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Multi-user multi-keyword searchable encryption method in cloud storage |
CN104022866A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Searchable encryption method for multi-user cipher text keyword in cloud storage |
EP3235163B1 (en) | 2014-12-18 | 2021-07-14 | Nokia Technologies Oy | De-duplication of encrypted data |
CN104468612B (en) * | 2014-12-24 | 2017-06-23 | 无锡儒安科技有限公司 | The Attribute Matching Approach of the protection privacy based on symmetric cryptography |
CN104683113A (en) * | 2015-03-25 | 2015-06-03 | 成都艺辰德迅科技有限公司 | Security storage method based on data encryption |
CN104660720A (en) * | 2015-03-25 | 2015-05-27 | 成都艺辰德迅科技有限公司 | Security storage method based on identity authentication |
CN104935588B (en) * | 2015-06-12 | 2017-11-24 | 华中科技大学 | A kind of hierarchical encryption management method of safe cloud storage system |
CN105072300A (en) * | 2015-08-05 | 2015-11-18 | 南京感动科技有限公司 | Voice communication method for cloud supervision |
CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
KR102415626B1 (en) * | 2016-01-04 | 2022-07-01 | 한국전자통신연구원 | Method and apparatus for verifying data ownership |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
CN106534077B (en) * | 2016-10-18 | 2019-08-20 | 华南理工大学 | A kind of identifiable proxy re-encryption system and method based on symmetric cryptography |
CN106506474B (en) * | 2016-11-01 | 2020-01-17 | 西安电子科技大学 | Efficient traceable data sharing method based on mobile cloud environment |
CN107147615B (en) * | 2017-03-29 | 2019-10-25 | 西安电子科技大学 | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene |
CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
KR102469979B1 (en) * | 2017-06-14 | 2022-11-25 | 탈레스 Dis 프랑스 Sa | Method for mutually symmetric authentication between a first application and a second application |
CN107741947B (en) * | 2017-08-30 | 2020-04-24 | 浙江九州量子信息技术股份有限公司 | Method for storing and acquiring random number key based on HDFS file system |
CN109450648B (en) * | 2018-12-27 | 2022-01-28 | 石更箭数据科技(上海)有限公司 | Key generation device, data processing apparatus, and data transfer system |
CN110289950B (en) * | 2019-05-29 | 2021-11-09 | 北京链化未来科技有限公司 | Key information generation method and device |
CN110443053B (en) * | 2019-07-31 | 2023-03-14 | 四川效率源信息安全技术股份有限公司 | Key generation method based on key cycle table and mapping table |
CN112134939A (en) * | 2020-09-16 | 2020-12-25 | 许永宾 | Block city cloud platform based on smart city |
-
2014
- 2014-01-09 CN CN201410010603.XA patent/CN103731261B/en not_active Expired - Fee Related
Non-Patent Citations (2)
Title |
---|
Schnor数字签名的零知识证明;汤鹏志;《微电子学与计算机》;20120630;第29卷(第6期);全文 * |
基于身份密钥交换的安全模型;刘文菊;《通信学报》;20100331;第31卷(第3期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN103731261A (en) | 2014-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103731261B (en) | Secret key distribution method under encrypted repeating data deleted scene | |
CN106961336B (en) | A kind of key components trustship method and system based on SM2 algorithm | |
CN105681273B (en) | Client-side deduplication method | |
CN104038341B (en) | A kind of cross-system of identity-based acts on behalf of re-encryption method | |
CN102611749B (en) | Cloud-storage data safety auditing method | |
CN105491006B (en) | Cloud outsourcing key sharing means and method | |
CN102891898B (en) | Network bid inviting and bidding system based on cloud storage | |
CN107124268A (en) | A kind of privacy set common factor computational methods for resisting malicious attack | |
CN109086615A (en) | A kind of support multiple key search public key encryption method of anti-keyword guessing attack | |
CN111385306B (en) | Anonymous authentication method and system based on anti-tampering device in smart power grid | |
CN104601605A (en) | Efficient privacy protection auditing scheme based on chameleon hash function in cloud storage | |
CN110011781A (en) | A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount | |
Liu et al. | An anonymous data aggregation scheme for smart grid systems | |
CN105897812A (en) | Safe data sharing method suitable for hybrid cloud environment | |
Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
CN102811125A (en) | Certificateless multi-receiver signcryption method with multivariate-based cryptosystem | |
CN110414981A (en) | A kind of homomorphic cryptography method that supporting ZKPs and block chain transaction amount encryption method | |
CN106452748A (en) | Multiple users-based outsourcing database audit method | |
CN104754570B (en) | Key distribution and reconstruction method and device based on mobile internet | |
CN104539610A (en) | Agent re-encryption method for improving outsourced encrypted data sharing function | |
CN103746811A (en) | Anonymous signcryption method from identity public key system to certificate public key system | |
CN108462575A (en) | Upload data ciphering method based on no trusted party thresholding Hybrid Encryption | |
CN109976948A (en) | Private information backup method and recovery method and system | |
CN106549963A (en) | Safe storage system based on HDFS | |
Lan et al. | A New Security Cloud Storage Data Encryption Scheme Based on Identity Proxy Re-encryption. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170118 Termination date: 20220109 |
|
CF01 | Termination of patent right due to non-payment of annual fee |