CN106301789A - Apply the dynamic verification method of the cloud storage data that linear homomorphism based on lattice signs - Google Patents

Apply the dynamic verification method of the cloud storage data that linear homomorphism based on lattice signs Download PDF

Info

Publication number
CN106301789A
CN106301789A CN201610674249.XA CN201610674249A CN106301789A CN 106301789 A CN106301789 A CN 106301789A CN 201610674249 A CN201610674249 A CN 201610674249A CN 106301789 A CN106301789 A CN 106301789A
Authority
CN
China
Prior art keywords
signature
data
cloud server
sig
data block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610674249.XA
Other languages
Chinese (zh)
Other versions
CN106301789B (en
Inventor
王玉秀
文红
廖力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201610674249.XA priority Critical patent/CN106301789B/en
Publication of CN106301789A publication Critical patent/CN106301789A/en
Application granted granted Critical
Publication of CN106301789B publication Critical patent/CN106301789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种应用基于格的线性同态签名的云存储数据的动态验证方法,包括数据完整性验证:生成格上的线性同态签名算法的公钥和私钥;将文件分为多个数据块,对各数据块进行签名,然后基于默克尔哈希树求出根节点的值,并对根节点的值签名,将数据块、数据块的签名以及根节点的签名发送给云端服务器;将公钥和文件的标识符提供给第三方审计,第三方审计向云端服务器发起挑战验证所述数据块是否变化;云端服务器根据第三方审计发起的挑战提供相应证明;第三方审计根据云端服务器提供的证明判断数据块是否完整,并将验证结果反馈给用户。本发明可以抵抗未来量子计算机发起的量子攻击,在保证用户私密信息的同时支持云端动态操作验证。

The invention discloses a dynamic verification method for cloud storage data using a lattice-based linear homomorphic signature, including data integrity verification: generating a public key and a private key of a linear homomorphic signature algorithm on a lattice; dividing a file into multiple Each data block is signed, and then the value of the root node is calculated based on the Merkle hash tree, and the value of the root node is signed, and the data block, the signature of the data block and the signature of the root node are sent to the cloud. server; provide the public key and the identifier of the file to the third-party audit, and the third-party audit initiates a challenge to the cloud server to verify whether the data block has changed; the cloud server provides corresponding proof according to the challenge initiated by the third-party audit; The proof provided by the server judges whether the data block is complete, and feedbacks the verification result to the user. The invention can resist quantum attacks initiated by quantum computers in the future, and supports cloud dynamic operation verification while ensuring user private information.

Description

应用基于格的线性同态签名的云存储数据的动态验证方法A dynamic verification method for cloud storage data using lattice-based linear homomorphic signatures

技术领域technical field

本发明涉及加密技术领域,特别是涉及一种应用基于格的线性同态签名的云存储数据的动态验证方法。The invention relates to the field of encryption technology, in particular to a dynamic verification method for cloud storage data using a lattice-based linear homomorphic signature.

背景技术Background technique

云存储是云计算的一项基础服务,云存储提供商为用户提供大量的存储空间,用户可以随时随地访问云端数据,其在为用户提供便利的同时,也带来了新的安全隐患。用户将本地数据上传至云端服务器之后,失去对数据的直接控制,恶意云端服务提供商可能出于好奇或者其他不为人知的目的窥探或篡改用户的数据,因此,云端数据的完整性及可用性成为亟待解决的问题。基于传统密码方案的云端验证协议一般规约到某个困难问题的难解性,比如,基于RSA签名算法的验证协议,基于Diffie-Hellman困难问题的双线性映射的验证协议。伴随着科学技术的发展,使得量子计算机的问世成为可能。量子计算机可以在多项式时间内解决上述困难问题,从而基于传统密码方案的数据验证协议将不再安全。Cloud storage is a basic service of cloud computing. Cloud storage providers provide users with a large amount of storage space, and users can access cloud data anytime and anywhere. While providing convenience for users, it also brings new security risks. After the user uploads the local data to the cloud server, he loses direct control over the data. Malicious cloud service providers may spy on or tamper with the user's data out of curiosity or other unknown purposes. Therefore, the integrity and availability of cloud data become Problems to be solved. Cloud authentication protocols based on traditional cryptographic schemes generally specify the intractability of a difficult problem, for example, authentication protocols based on the RSA signature algorithm, and authentication protocols based on the bilinear mapping of the Diffie-Hellman difficult problem. With the development of science and technology, the advent of quantum computers has become possible. Quantum computers can solve the above difficult problems in polynomial time, so that data verification protocols based on traditional cryptographic schemes will no longer be secure.

根据目前的研究结果,对格上困难问题还没有有效的破解算法,基于格的困难问题构造的密码方案,是当前密码体制研究的一个重要方向,根据文献中格的定义,基于格的验证协议有以下优点:格在代数上是一个加法交换群,且格密码方案大都使用整数格,格上的线性运算与指数运算相比效率有很大提高;基于格的困难问题有现成的规约证明,保证格密码的安全性。Gentry,Peikert和Vaikuntanathan设计的签名方案(一下简称为GPV签名)作为标准数字签名方案,成为许多格公钥密码算法的基本工具。F.Wang使用GPV签名构建了二元域上基于格的线性同态签名方案(LHS),H.Liu在LHS的基础上又提出了云存储公有验证方案。然而,此方案不支持数据动态验证,在云存储验证中,由于时常会有文件或数据的插入、修改或删除,数据动态验证就显格外重要。According to the current research results, there is no effective cracking algorithm for the lattice-hard problem. The cryptographic scheme based on the lattice-hard problem is an important direction of the current cryptosystem research. According to the definition of lattice in the literature, the lattice-based verification protocol It has the following advantages: the lattice is an additive commutative group in algebra, and most lattice encryption schemes use integer lattices, and the efficiency of linear operations on lattices is greatly improved compared with exponential operations; there are ready-made protocol proofs for difficult problems based on lattices, Guarantee the security of the grid password. As a standard digital signature scheme, the signature scheme designed by Gentry, Peikert and Vaikuntanathan (hereinafter referred to as GPV signature) has become the basic tool of many lattice public key cryptographic algorithms. F.Wang used GPV signatures to build a lattice-based linear homomorphic signature scheme (LHS) on binary domains, and H.Liu proposed a cloud storage public verification scheme based on LHS. However, this solution does not support dynamic data verification. In cloud storage verification, since files or data are often inserted, modified or deleted, dynamic data verification is particularly important.

发明内容Contents of the invention

本发明的目的在于克服现有技术的不足,提供一种应用基于格的线性同态签名的云存储数据的动态验证方法,使用基于格的线性同态签名、默克尔哈希树以及随机预言模型下安全抗碰撞哈希函数,构造了新的云存储数据动态验证方法。The purpose of the present invention is to overcome the deficiencies of the prior art, to provide a dynamic verification method for cloud storage data using lattice-based linear homomorphic signatures, using lattice-based linear homomorphic signatures, Merkle hash trees and random oracles Based on the safe and anti-collision hash function under the model, a new dynamic verification method for cloud storage data is constructed.

本发明的目的是通过以下技术方案来实现的:应用基于格的线性同态签名的云存储数据的动态验证方法,包括数据完整性验证,所述数据完整性验证包括:The object of the present invention is achieved through the following technical solutions: the dynamic verification method of cloud storage data based on lattice-based linear homomorphic signatures, including data integrity verification, and the data integrity verification includes:

密钥生成:利用格上的陷门基生成算法生成格上的线性同态签名算法的公钥和私钥;Key generation: use the trapdoor base generation algorithm on the lattice to generate the public key and private key of the linear homomorphic signature algorithm on the lattice;

数据块签名:将文件划分为多个数据块,利用格上的线性同态签名算法对各数据块进行签名,然后基于默克尔哈希树求出根节点的值,并对根节点的值签名,最后将数据块、数据块 的签名以及根节点的签名发送给云端服务器;Data block signature: Divide the file into multiple data blocks, use the linear homomorphic signature algorithm on the lattice to sign each data block, and then calculate the value of the root node based on the Merkle hash tree, and calculate the value of the root node Signature, and finally send the data block, the signature of the data block and the signature of the root node to the cloud server;

第三方挑战:将公钥和文件的标识符提供给第三方审计,第三方审计向云端服务器发起挑战验证云端服务器中的数据块是否变化;Third-party challenge: provide the public key and file identifier to the third-party audit, and the third-party audit challenges the cloud server to verify whether the data blocks in the cloud server have changed;

服务器证明:云端服务器根据第三方审计发起的挑战提供相应证明;Server certification: the cloud server provides corresponding certification according to the challenge initiated by the third-party audit;

第三方验证:第三方审计根据所述云端服务器提供的证明判断云端服务器中的数据块是否完整,并将验证结果反馈给用户。Third-party verification: The third-party audit judges whether the data blocks in the cloud server are complete according to the certificate provided by the cloud server, and feeds back the verification result to the user.

所述密钥生成的方式如下:The key is generated in the following way:

(pk,sk)←TrapGen(1n)(pk,sk)←TrapGen(1 n )

pp kk == AA ∈∈ ZZ qq nno ** mm ,, sthe s kk == TT ∈∈ ZZ qq mm ** mm

式中,TrqpGen(1n)为格上的陷门基生成算法,pk为公钥,sk为私钥,为q进制的m*m整数矩阵构成的群。In the formula, TrqpGen(1 n ) is the trapdoor basis generation algorithm on the lattice, pk is the public key, sk is the private key, It is a group composed of m*m integer matrices in base q.

所述数据块签名包括:The data block signature includes:

将文件F分割为l个数据块,F={u1,u2,…,ul},其中 为m维的列向量构成的群;Divide the file F into l data blocks, F={u 1 ,u 2 ,…,u l }, where is a group composed of m-dimensional column vectors;

计算系数1≤j≤n,其中,id为文件F的标识符,j表示第j个数据块,是随机预言模型下的抗碰撞安全哈希函数,n表示系统安全参数;Calculation coefficient 1≤j≤n, where id is the identifier of file F, and j represents the jth data block, is the anti-collision security hash function under the random oracle model, and n represents the system security parameter;

将系数αj与每个数据块求内积令内积向量Vi=(Vi1,Vi2,…,Vin)T,1≤i≤l,1≤j≤n;Calculate the inner product of the coefficient α j with each data block Let the inner product vector V i =(V i1 ,V i2 ,...,V in ) T , 1≤i≤l, 1≤j≤n;

调用SamplePre(A,T,σ,Vi)生成数据块的签名ei,1≤i≤l,令签名集合Φ={e1,e2,…,el}, Call SamplePre(A,T,σ,V i ) to generate the signature e i of the data block, 1≤i≤l, let the signature set Φ={e 1 ,e 2 ,…,e l },

根据签名集合Φ构建默克尔哈希树,默克尔哈希树的叶子节点由签名ei按照预设顺序排列而成;非叶子节点的值由其子节点使用抗碰撞哈希函数得到,并计算出根节点的值hR;对根节点的值hR采用SamplePre(A,T,σ,hR)算法对其签名,得到根节点的值的签名Sig(hR);Construct a Merkle hash tree based on the signature set Φ. The leaf nodes of the Merkle hash tree are arranged in a preset order by signature e i ; the values of non-leaf nodes are determined by their child nodes using a collision-resistant hash function Obtain and calculate the value h R of the root node; use the SamplePre(A,T,σ,h R ) algorithm to sign the value h R of the root node, and obtain the signature Sig(h R ) of the value of the root node;

用户将{F,Φ,id,Sig(hR)}发送给云端服务器CSP,并将文件F、签名集合Φ和签名Sig(hR)从本地删除。The user sends {F,Φ,id,Sig(h R )} to the cloud server CSP, and deletes the file F, signature set Φ and signature Sig(h R ) locally.

所述数据块签名还包括采用SamplePre(A,T,σ,id)对文件F的标识符id进行签名。The data block signature also includes using SamplePre(A, T, σ, id) to sign the identifier id of the file F.

所述第三方挑战包括:The third-party challenges described include:

用户将审计请求AuditQuest=(Sig(id)||id)发送给第三方审计,其中Sig(id)表示对标识符id的签名;The user sends the audit request AuditQuest=(Sig(id)||id) to the third-party audit, where Sig(id) represents the signature on the identifier id;

第三方审计接收到审计请求AuditQuest=(Sig(id)||id)后,对签名Sig(id)进行验证,若所述签名Sig(id)成立,则第三方审计任意选取子集作为待抽样数据的下标集合,其中[l]={1,2,…,l},S1≤S2≤…≤Sθ;定义挑战chal={id,ci,i}i∈I,ci∈Zq,其中ci为第三方审计任意选取的随机系数,并将挑战chal={id,ci,i}i∈I发送给云端服务器。After the third-party audit receives the audit request AuditQuest=(Sig(id)||id), it verifies the signature Sig(id). If the signature Sig(id) is established, the third-party audit selects a subset arbitrarily As the subscript set of the data to be sampled, where [l]={1,2,…,l}, S 1 ≤S 2 ≤…≤S θ ; definition challenge chal={id,ci , i } i∈I , ci Z q , where ci is a random coefficient selected arbitrarily by the third-party audit, and the challenge chal={id, ci ,i} i∈I is sent to the cloud server.

所述服务器证明包括:Said server certificates include:

云端服务器接收到第三方审计发来的挑战chal={id,ci,i}i∈I后,取矩阵B=(α12,…,αn),αj=H2(id||j),1≤j≤n;定义BCT=0(modq),云端服务器计算得到 云端服务器随机选取计算ui′=CTpi+ui,1≤i≤l;After the cloud server receives the challenge chal={id,c i ,i} i∈I from the third-party audit, take the matrix B=(α 12 ,…,α n ), α j =H 2 (id ||j), 1≤j≤n; define BC T =0(modq), calculated by the cloud server Cloud server randomly selected Calculate u i ′=C T p i +u i , 1≤i≤l;

云端服务器根据chal={id,ci,i}i∈I计算抽样数据块聚合之后的数据: The cloud server calculates the aggregated data of sampled data blocks according to chal={id,c i ,i} i∈I :

云端服务器将证明发送给第三方审计,其中Ωi是第i个叶子节点到根节点的兄弟节点所构成的辅助信息。Cloud server will prove Send to a third-party audit, where Ω i is the auxiliary information composed of sibling nodes from the i-th leaf node to the root node.

所述第三方验证包括:Said third-party verification includes:

第三方审计接收到来自云端服务器的证明后,根据 求得根节点的值h′R,判断A·Sig(hR)=h′R是否均成立:Third-party audit received proof from cloud server after, according to Obtain the value h′ R of the root node, judge A·Sig(h R )=h′ R and Are both established:

若不成立则说明云端服务器存在不完整的数据块,返回0;If it is not established, it means that the cloud server has incomplete data blocks, and returns 0;

若成立,则,计算系数计算令Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;根据BLS签名的线性属性,聚合签名验证Aecom=Vcom(mod q)和是否均成立,若成立,则说明抽样数据块是完整的,返回1;否则说明抽样数据块不完整,返回0。If it holds, then calculate the coefficient calculate Let V com =(V com,1 ,V com.2 ,...V com,n ) T ; According to the linear property of BLS signature, aggregate signature Verify that Ae com = V com (mod q) and Whether all are true, if true, it means that the sampled data block is complete, and return 1; otherwise, it means that the sampled data block is incomplete, and return 0.

所述动态验证方法还包括修改数据:The dynamic verification method also includes modifying data:

用户将修改数据块使用基于格的线性同态签名算法求出对应的签名令更新信息 并将更新信息发送给云端服务器;The user will modify the data block Use the lattice-based linear homomorphic signature algorithm to find the corresponding signature order update information and will update the information sent to the cloud server;

云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),云端服务器根据修改数据块 的下标i将待修改数据块ui替换为修改数据块签名ei替换为得到文件签名集合根据签名集合Φ*计算出新的根节点的值云端服务器将证明发送给用户;The cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), and the cloud server modifies the data block according to The subscript i of the to-be-modified data block u i is replaced by the modified data block The signature e i is replaced by get file signature collection Calculate the value of the new root node according to the signature set Φ * Cloud server will prove sent to the user;

用户根据(Ωi,ei)求出对应默克尔哈希树MTH的根节点的值h′R,判断A·Sig(hR)=h′R是否均成立,若A·Sig(hR)≠h′R,则说明修改数据之前的数据块不完整;若成立,则用户根据签名和(Ωi,ei)求出根节点的值hR,若则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的修改数据块签名PUpdate和Sig(hR)删除。According to (Ω i , e i ), the user obtains the value h′ R corresponding to the root node of the Merkle hash tree MTH, and judges that A·Sig(h R )=h′ R and Whether they are all true, if A·Sig(h R )≠h′ R , it means that the data block before modifying the data is incomplete; if it is true, the user will and (Ω i , e i ) to find the value h R of the root node, if Then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local modified data block sign P Update and Sig(h R ) delete.

所述动态验证方法还包括插入数据:The dynamic validation method also includes inserting data:

用户利用基于格的线性同态签名算法得到插入数据块*'的签名e*′,并将更新信息Update={I,i,u*',e*'}发送给云端服务器;The user uses the lattice-based linear homomorphic signature algorithm to obtain the signature e *' of the inserted data block * ', and sends the update information Update={I,i,u *' ,e *' } to the cloud server;

云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),将插入数据块u*'存储在云端服务器,将签名e*'放在签名ei之后,得到文件签名集合计算新的根节点的值云端服务器将发送给用户;The cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), stores the inserted data block u *' in the cloud server, puts the signature e *' after the signature e i , and obtains the file signature collection Calculate the value of the new root node The cloud server will sent to the user;

用户根据(Ωi,ei)求出默克尔哈希树的根节点的值h″R,判断A·Sig(hR)=h″R是否均成立,若A·Sig(hR)≠h″R,则说明插入数据之前的数据块不完整;若成立,则用户根据签名e*'和(Ωi,ei)求出根节点的值hR,若则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的块插入数据块u*'、签名e*'、PUpdate和Sig(hR)删除。The user obtains the value h″ R of the root node of the Merkle hash tree according to (Ω i , e i ), and judges that A·Sig(h R )=h″ R and Whether they are all true, if A·Sig(h R )≠h″ R , it means that the data block before inserting the data is incomplete; if it is true, the user can find the root node according to the signature e *' and (Ω i ,e i ) value of h R , if Then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local block is inserted into the data block u *' , signature e *' , P Update , and Sig(h R ) delete.

所述动态验证方法还包括删除数据:The dynamic verification method also includes deleting data:

用户发送更新信息Update={D,i}给云端服务器,云端服务器执行多项式时间算法 ExeUpdate(F,Φ,Update),将存储在云端服务器上的数据块ui及其签名ei删除,得到文件F={u1,u2,…,ui-1,ui+1,…,ul},签名集合Φ*"={e1,e2,…,ei-1,ei+1,…,el},计算新的根节点的值云端服务器将发送给用户;The user sends update information Update={D,i} to the cloud server, and the cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), deletes the data block u i and its signature e i stored on the cloud server, and obtains the file F={u 1 ,u 2 ,…,u i-1 ,u i+1 ,…,u l }, signature set Φ *” ={e 1 ,e 2 ,…,e i-1 ,e i+ 1 ,…,e l }, calculate the value of the new root node The cloud server will sent to the user;

用户根据(Ωi,ei)求出默克尔哈希树的根节点的值h″′R,判断A·Sig(hR)=h″′R是否均成立,若A·Sig(hR)≠h″′R,则说明删除数据之前的数据块不完整;若成立,则用户根据Ωi求出根节点的值hR,若则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的PUpdate和Sig(hR)删除。The user obtains the value h″′ R of the root node of the Merkle hash tree according to (Ω i , e i ), and judges that A·Sig(h R )=h″′ R and Whether they are all true, if A·Sig(h R )≠h″′ R , it means that the data block before deleting the data is incomplete; if it is true, the user can find the value h R of the root node according to Ω i , if Then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local P Update and Sig (h R ) Deleted.

本发明的有益效果是:The beneficial effects of the present invention are:

(1)本发明中基于格的线性同态签名保证可以抵抗未来量子计算机发起的量子攻击,抗碰撞哈希函数保证用户数据的不可伪造性,格上的线性运算保证运算效率较传统中的指数运算有很大提高;(1) In the present invention, the grid-based linear homomorphic signature ensures that it can resist quantum attacks initiated by future quantum computers, and the anti-collision hash function ensures the unforgeability of user data, and the linear operation on the grid ensures that the calculation efficiency is higher than the traditional exponential The operation has been greatly improved;

(2)本发明支持云端动态操作验证,比如文件或数据的修改、插入、删除;(2) The present invention supports cloud dynamic operation verification, such as modification, insertion, and deletion of files or data;

(3)支持公有审计,在借助第三方审计进行验证的同时,还能达到隐私保护的目的。(3) Support public auditing, while using third-party auditing for verification, it can also achieve the purpose of privacy protection.

附图说明Description of drawings

图1为本发明的一个框架示意图;Fig. 1 is a framework schematic diagram of the present invention;

图2为本发明中数据完整性验证的一个实施例的流程示意图;Fig. 2 is a schematic flow chart of an embodiment of data integrity verification in the present invention;

图3为本发明中修改数据的一个实施例的示意图;Fig. 3 is a schematic diagram of an embodiment of modifying data in the present invention;

图4为本发明中插入数据的一个实施例的示意图;Fig. 4 is a schematic diagram of an embodiment of inserting data in the present invention;

图5为本发明中删除数据的一个实施例的示意图。Fig. 5 is a schematic diagram of an embodiment of deleting data in the present invention.

具体实施方式detailed description

下面结合附图进一步详细描述本发明的技术方案,但本发明的保护范围不局限于以下所述。The technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings, but the protection scope of the present invention is not limited to the following description.

如图1所示,用户将数据上传至云端服务器,由于用户的软硬件设施、时间以及计算能力等方面的局限性,无法做到随时随地验证上传至云端服务器的数据的完整性,因而借助第三方审计(Third Party Auditor,TPA)来完成验证。用户想第三方审计发送数据完整性审计请求,第三方审计根据用户的请求向云端服务器(CSP)发送挑战从而代替用户进行验证,最后再将验证结果反馈给用户。As shown in Figure 1, the user uploads data to the cloud server. Due to the limitations of the user's software and hardware facilities, time, and computing power, it is impossible to verify the integrity of the data uploaded to the cloud server anytime and anywhere. Three-party audit (Third Party Auditor, TPA) to complete the verification. The user sends a data integrity audit request to the third-party audit, and the third-party audit sends a challenge to the cloud server (CSP) to verify instead of the user according to the user's request, and finally feeds back the verification result to the user.

实施例一Embodiment one

如图2所示,应用基于格的线性同态签名的云存储数据的动态验证方法,包括数据完整性验证,所述数据完整性验证包括:As shown in Figure 2, the dynamic verification method of cloud storage data based on lattice-based linear homomorphic signature includes data integrity verification, and the data integrity verification includes:

S01.密钥生成:利用格上的陷门基生成算法生成格上的线性同态签名算法的公钥和私钥。S01. Key generation: use the trapdoor base generation algorithm on the lattice to generate the public key and private key of the linear homomorphic signature algorithm on the lattice.

密钥生成的方式如下:The keys are generated in the following way:

(pk,sk)←TrapGen(1n)(pk,sk)←TrapGen(1 n )

pp kk == AA ∈∈ ZZ qq nno ** mm ,, sthe s kk == TT ∈∈ ZZ qq mm ** mm

式中,TrqpGen(1n)为格上的陷门基生成算法,pk为公钥,sk为私钥,为q进制的m*m整数矩阵构成的群,矩阵A是从这个群随机获取的,服从均匀分布。的设置没有明确规定,只要是m*m维,且每个元素是整数取模q即可。In the formula, TrqpGen(1 n ) is the trapdoor basis generation algorithm on the lattice, pk is the public key, sk is the private key, It is a group composed of m*m integer matrices in base q. Matrix A is randomly obtained from this group and obeys uniform distribution. The setting of is not clearly specified, as long as it is m*m dimensional, and each element is an integer modulo q.

S02.数据块签名:将文件划分为多个数据块,利用格上的线性同态签名算法对各数据块进行签名,然后基于默克尔哈希树求出根节点的值,并对根节点的值签名,最后将数据块、数据块的签名以及根节点的签名发送给云端服务器。S02. Data block signature: Divide the file into multiple data blocks, use the linear homomorphic signature algorithm on the grid to sign each data block, and then calculate the value of the root node based on the Merkle hash tree, and the root node value signature, and finally send the data block, the signature of the data block and the signature of the root node to the cloud server.

所述数据块签名包括:The data block signature includes:

S021.将文件F分割为l个数据块,F={u1,u2,…,ul},其中 是m维的列向量构成的群,每个元素的值是整数模q得到。S021. Divide the file F into l data blocks, F={u 1 ,u 2 ,…,u l }, where is a group composed of m-dimensional column vectors, and the value of each element is obtained by integer modulo q.

S022.计算系数1≤j≤n,其中,id为文件F的标识符,j表示第j个数据块,是随机预言模型下的抗碰撞安全哈希函数,n表示系统安全参数。S022. Calculation coefficient 1≤j≤n, where id is the identifier of file F, and j represents the jth data block, is the anti-collision security hash function under the random oracle model, and n represents the system security parameter.

S023.将系数αj与每个数据块求内积令内积向量Vi=(Vi1,Vi2,…,Vin)T,1≤i≤l,1≤j≤n。S023. Calculate the inner product of the coefficient α j and each data block Let the inner product vector V i =(V i1 , V i2 ,...,V in ) T , 1≤i≤l, 1≤j≤n.

S024.调用SamplePre(A,T,σ,Vi)生成数据块的签名ei,1≤i≤l,令签名集合Φ={e1,e2,…,el},Sample Pre(A,T,σ,Vi)是格上的一个抽样算法,基于格的加密方案都是建立在LWE-learning with errors问题上,而LWE问题的错误量一般从高斯离散抽样得到。S024. Call SamplePre(A,T,σ,V i ) to generate the signature e i of the data block, 1≤i≤l, let the signature set Φ={e 1 ,e 2 ,...,e l }, Sample Pre(A,T,σ,V i ) is a sampling algorithm on the lattice. The lattice-based encryption schemes are all based on the LWE-learning with errors problem, and the error amount of the LWE problem is generally obtained from Gaussian discrete sampling.

S025.根据签名集合Φ构建默克尔哈希树(MHT),默克尔哈希树的叶子节点由签名ei按照预设顺序排列而成;非叶子节点的值由其子节点使用抗碰撞哈希函数得 到,并计算出根节点的值hR;对根节点的值hR采用SamplePre(A,T,σ,hR)算法对其签名,得到根节点的值的签名Sig(hR)。S025. Construct a Merkle hash tree (MHT) according to the signature set Φ. The leaf nodes of the Merkle hash tree are arranged in a preset order by signature e i ; the values of non-leaf nodes are used by their child nodes to use anti-collision hash function Obtain and calculate the value h R of the root node; use the SamplePre(A,T,σ,h R ) algorithm to sign the value h R of the root node, and obtain the signature Sig(h R ) of the root node value.

S026.用户将{F,Φ,id,Sig(hR)}发送给云端服务器CSP,并将文件F、签名集合Φ和签名Sig(hR)从本地删除。S026. The user sends {F,Φ,id,Sig(h R )} to the cloud server CSP, and deletes the file F, signature set Φ and signature Sig(h R ) locally.

所述数据块签名还包括采用SamplePre(A,T,σ,id)对文件F的标识符id进行签名,签名算法采用SamplePre(A,T,σ,id)是为了在第三方挑战时告知第三方审计请求来自那一个用户以及所要验证的文件。The data block signature also includes using SamplePre(A, T, σ, id) to sign the identifier id of the file F, and the signature algorithm uses SamplePre(A, T, σ, id) to inform the first party when a third party challenges The three-party audit request comes from which user and the file to be verified.

S03.第三方挑战:将公钥和文件的标识符提供给第三方审计,第三方审计向云端服务器发起挑战验证云端服务器中的数据块是否变化。S03. Third-party challenge: provide the public key and file identifier to the third-party audit, and the third-party audit initiates a challenge to the cloud server to verify whether the data blocks in the cloud server have changed.

所述第三方挑战包括:用户将审计请求AuditQuest=(Sig(id)||id)(AuditQuest是用户发给第三方审计的审计请求,内容包括要审计的文件的id以及对id的签名;对id再次签名是为了告诉第三方审计这个审计请求来源于特定的用户。第三方审计拥有用户X的公钥,如果id的签名验证不通过,说明请求不是来自于用户X,就不接受请求受理,这是为了避免其他用户冒充用户X)发送给第三方审计,其中Sig(id)表示对标识符id的签名;第三方审计接收到审计请求AuditQuest=(Sig(id)||id)后,对签名Sig(id)进行验证,若所述签名Sig(id)不成立,则第三方审计不接收请求,要求用户重发;若所述签名Sig(id)成立,则第三方审计任意选取子集作为待抽样数据的下标集合,其中[l]={1,2,…,l},S1≤S2≤…≤Sθ;定义挑战chal={id,ci,i}i∈I,ci∈Zq,其中ci为第三方审计任意选取的随机系数,确保云端服务器不会伪造证明,并将挑战chal={id,ci,i}i∈I发送给云端服务器,要求云端服务器给出相应的证明。Described third-party challenge comprises: user audit request AuditQuest=(Sig(id)||id) (AuditQuest is the audit request that user sends third-party audit, and content comprises the id of the file to be audited and the signature to id; The id is re-signed to tell the third-party audit that the audit request comes from a specific user. The third-party audit has the public key of user X. If the signature verification of id fails, it means that the request does not come from user X, and the request will not be accepted. This is to prevent other users from impersonating user X) to send to the third-party audit, where Sig(id) represents the signature on the identifier id; after the third-party audit receives the audit request AuditQuest=(Sig(id)||id), it will The signature Sig(id) is verified. If the signature Sig(id) is not valid, the third-party audit will not accept the request and requires the user to resend it; if the signature Sig(id) is valid, the third-party audit will select a subset arbitrarily As the subscript set of the data to be sampled, where [l]={1,2,…,l}, S 1 ≤S 2 ≤…≤S θ ; definition challenge chal={id,ci , i } i∈I , c i ∈ Z q , where c i is a random coefficient selected arbitrarily by the third-party audit to ensure that the cloud server will not forge the certificate, and send the challenge chal={id,ci , i } i∈I to the cloud server, requiring The cloud server gives the corresponding proof.

S04.服务器证明:云端服务器根据第三方审计发起的挑战提供相应证明。S04. Server certification: The cloud server provides corresponding certification according to the challenge initiated by the third-party audit.

所述服务器证明包括:云端服务器接收到第三方审计发来的挑战chal={id,ci,i}i∈I后,取矩阵B=(α12,…,αn),αj=H2(id||j),1≤j≤n;定义BCT=0(modq),云端服务器计算得到云端服务器随机选取计算ui′=CTpi+ui,1≤i≤l,这样处理是为了不向第三方审计泄露任何有关数据块ui的信息;定义BCT=0的目的是通过B来确定与之正交的矩阵C,然后处理ui′=CTpi+ui中,是整数模q得到的n维列向量构成的群,pi就是从这个群里随机选取的,目的是作为系数,增加ui′的安全性,由于pi是完全随机获取的,第三方审计就不可能从ui′中得到任何关于ui的信息,保证用户数据不被第三方审计窃取。The server proof includes: after the cloud server receives the challenge chal={id,ci, i } i∈I from the third-party audit, take the matrix B=(α 12 ,…,α n ), α j =H 2 (id||j), 1≤j≤n; define BC T =0(modq), calculated by the cloud server Cloud server randomly selected Calculate u i ′=C T p i +u i , 1≤i≤l, this is done in order not to disclose any information about data block u i to the third party audit; the purpose of defining BC T =0 is to determine through B The matrix C that is orthogonal to it, and then process u i ′=C T p i +u i , middle, It is a group composed of n-dimensional column vectors obtained by integer modulo q. p i is randomly selected from this group, and the purpose is to use it as a coefficient to increase the security of u i ′. Since p i is obtained completely randomly, third-party audit It is impossible to get any information about u i from u i ′, ensuring that user data will not be stolen by a third-party audit.

云端服务器根据chal={id,ci,i}i∈I计算抽样数据块聚合之后的数据: The cloud server calculates the aggregated data of sampled data blocks according to chal={id,c i ,i} i∈I :

云端服务器将证明发送给第三方审计,其中Ωi是第i个叶子节点到根节点的兄弟节点所构成的辅助信息。Cloud server will prove Send to a third-party audit, where Ω i is the auxiliary information composed of sibling nodes from the i-th leaf node to the root node.

S05.第三方验证:第三方审计根据所述云端服务器提供的证明判断云端服务器中的数据块是否完整,并将验证结果反馈给用户。S05. Third-party verification: the third-party audit judges whether the data block in the cloud server is complete according to the certificate provided by the cloud server, and feeds back the verification result to the user.

所述第三方验证包括:第三方审计接收到来自云端服务器的证明后,根据求得根节点的值h′R,判断A·Sig(hR)=h′R是否均成立:(此处验证根节点的签名是否正确,目的是判断接收的证明Proof的信息是否有误,如果根节点的签名正确,A·Sig(hR)=h′R成立,那么h′R的计算正确,从而证明Proof中的Ωi与Sig(hR)正确)The third-party verification includes: the third-party audit receives the certificate from the cloud server after, according to Obtain the value h′ R of the root node, judge A·Sig(h R )=h′ R and Whether all are established: (here to verify whether the signature of the root node is correct, the purpose is to judge whether the received proof proof information is wrong, if the signature of the root node is correct, A·Sig(h R )=h′ R , is established, then the calculation of h′ R is correct, thus proving that Ω i and Sig(h R ) in Proof are correct)

若不成立则说明云端服务器存在不完整的数据块,返回0;If it is not established, it means that the cloud server has incomplete data blocks, and returns 0;

若成立,则,计算系数计算令Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;根据BLS签名的线性属性,聚合签名验证Aecom=Vcom(mod q)和是否均成立,若成立,则说明抽样数据块是完整的,返回1;否则说明抽样数据块不完整,返回0。此处的验证是为了证明抽样数据块的聚合数据Ucom的完整性。If it holds, then calculate the coefficient calculate Let V com =(V com,1 ,V com.2 ,…V c o m,n ) T ; According to the linear property of BLS signature, aggregate signature Verify that Ae com = V com (mod q) and Whether all are true, if true, it means that the sampled data block is complete, and return 1; otherwise, it means that the sampled data block is incomplete, and return 0. The verification here is to prove the integrity of the aggregated data U com of the sampled data block.

中,ei是默克尔哈希树的叶子节点的值,Ωi是第i个叶子节点到根节点的辅助信息,由第i个叶子节点的兄弟节点以及父亲节点的兄弟节点组成(简而言之,一直到能够获得根节点为止的信息都是辅助信息)。 Among them, e i is the value of the leaf node of the Merkle hash tree, Ω i is the auxiliary information from the i-th leaf node to the root node, which is composed of the sibling nodes of the i-th leaf node and the sibling nodes of the parent node (simplified In other words, the information until the root node can be obtained is auxiliary information).

BLS:是一种签名的缩写,全称:Lattice-based Linear Signature,原数据块的线性组合构成的聚合数据;这个聚合数据的签名我的获取方法:因为签名是线性同态的,那么聚合后的签名就可以是原数据块的签名的线性组合。BLS: It is the abbreviation of a signature, full name: Lattice-based Linear Signature, the aggregated data formed by the linear combination of the original data blocks; the signature of this aggregated data is my acquisition method: because the signature is linearly homomorphic, then the aggregated data The signature can then be a linear combination of the signatures of the original data block.

Vcom,j=hαj(ucom)=<αj,ucom>表示与αj内积得到,这个下标com是根据Ucom而来,表示由抽样数据块聚合(其实就是线性组合)而来,与之对应的下标就使用Vcom,jV com,j =h αj (u com )=<α j ,u com > means Inner product with α j , the subscript com is derived from U com , indicating that it is obtained from the aggregation of sampled data blocks (actually a linear combination), and the corresponding subscript uses V com,j .

实施例二Embodiment two

在实施例一的基础上,本实施例中,所述动态验证方法还包括修改数据:以M表示进行数据修改的请求信息,以用户要将数据块ui修改为为例,用户将修改数据块使用基于格的线性同态签名算法求出对应的签名令更新信息并将更新信息 发送给云端服务器;On the basis of Embodiment 1, in this embodiment, the dynamic verification method also includes modifying data: M represents the request information for data modification, and the user wants to modify the data block u i to As an example, the user will modify the data block Use the lattice-based linear homomorphic signature algorithm to find the corresponding signature order update information and will update the information sent to the cloud server;

云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),云端服务器根据修改数据块的下标i将待修改数据块ui替换为修改数据块签名ei替换为得到文件签名集合根据签名集合Φ*计算出新的根节点的值如图3所示,云端服务器将证明发送给用户;PUpdate是云端服务器发送给验证者的数据是否正确更新的证明,即:Proof of updating的缩写,目的是与Proof区分。The cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), and the cloud server modifies the data block according to The subscript i of the to-be-modified data block u i is replaced by the modified data block The signature e i is replaced by get file signature collection Calculate the value of the new root node according to the signature set Φ * As shown in Figure 3, the cloud server will prove Sent to the user; P Update is the proof that the data sent by the cloud server to the verifier is updated correctly, that is, the abbreviation of Proof of updating, the purpose is to distinguish it from Proof.

用户根据(Ωi,ei)求出对应默克尔哈希树MTH的根节点的值h′R,判断A·Sig(hR)=h′R是否均成立,若A·Sig(hR)≠h′R,则说明修改数据之前的数据块不完整;若成立,则用户根据签名和(Ωi,ei)求出根节点的值hR,若说明云端服务器按照用户的要求进行了数据更新操作,则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的修改数据块签名PUpdate和Sig(hR)删除。According to (Ω i , e i ), the user obtains the value h′ R corresponding to the root node of the Merkle hash tree MTH, and judges that A·Sig(h R )=h′ R and Whether they are all true, if A·Sig(h R )≠h′ R , it means that the data block before modifying the data is incomplete; if it is true, the user will and (Ω i , e i ) to find the value h R of the root node, if It means that the cloud server has performed data update operations according to the user's requirements, then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification, and the data After the integrity verification is successful, the local modified data block sign P Update and Sig(h R ) delete.

在图3中,更改第3个数据块的值,依次计算ha=H1(hc||hd),从而 In Figure 3, change the value of the third data block and calculate in turn h a =H 1 (h c ||h d ), so

实施例三Embodiment three

在实施例一的基础上,本实施例中,所述动态验证方法还包括修改数据:以I表示进行数据插入的请求信息,以用户在第i个数据块之后添加数据块u*'为例。On the basis of Embodiment 1, in this embodiment, the dynamic verification method also includes modifying data: I represents the request information for data insertion, and the user adds data block u *' after the i-th data block as an example .

所述动态验证方法还包括插入数据:用户利用基于格的线性同态签名算法得到插入数据块u*'的签名e*',并将更新信息Update={I,i,u*',e*'}发送给云端服务器;The dynamic verification method also includes inserting data: the user uses a lattice-based linear homomorphic signature algorithm to obtain the signature e *' of the inserted data block u * ', and updates the update information Update={I, i, u *' , e * ' }Sent to the cloud server;

云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),将插入数据块u*'存储在云端服务器,将签名e*'放在签名ei之后,得到文件签名集合计算新的根节点的值(如图4所示);云端服务器将发送给用户;The cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), stores the inserted data block u *' in the cloud server, puts the signature e *' after the signature e i , and obtains the file signature collection Calculate the value of the new root node (as shown in Figure 4); the cloud server will sent to the user;

用户根据(Ωi,ei)求出默克尔哈希树的根节点的值h″R,判断A·Sig(hR)=h″R是否均成立,若A·Sig(hR)≠h″R,则说明插入数据之前的数据块不完整;若成立,则用户根据签名e*'和(Ωi,ei)求出根节点的值hR,若说明云端服务器按照用户的要求进行了数据插入的操作,则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的块插入数据块u*'、签名e*'、PUpdate和Sig(hR)删除。The user obtains the value h″ R of the root node of the Merkle hash tree according to (Ω i , e i ), and judges that A·Sig(h R )=h″ R and Whether they are all true, if A·Sig(h R )≠h″ R , it means that the data block before inserting the data is incomplete; if it is true, the user can find the root node according to the signature e *' and (Ω i ,e i ) value of h R , if It means that the cloud server has performed the data insertion operation according to the user's request, then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local block is inserted into the data block u *' , signature e *' , P Update and Sig(h R ) is deleted.

在图4中,在第4个节点处出入新的数据块e*',则节点hg=H1(e4||e*′),依次计算,求出 In Figure 4, a new data block e *' is entered and exited at the fourth node, then the node h g =H 1 (e 4 ||e *' ), calculated in turn, to obtain

实施例四Embodiment four

在实施例一的基础上,本实施例中,所述动态验证方法还包括修改数据:以D表示进行数据删除的请求信息。On the basis of Embodiment 1, in this embodiment, the dynamic verification method further includes modifying data: D represents request information for data deletion.

所述动态验证方法还包括删除数据:用户发送更新信息Update={D,i}给云端服务器,云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),将存储在云端服务器上的数据块ui及其签名ei删除,得到文件F={u1,u2,…,ui-1,ui+1,…,ul},签名集合Φ*"={e1,e2,…,ei-1,ei+1,…,el},计算新的根节点的值(如图5所示),云端服务器将发送给用户。The dynamic verification method also includes deleting data: the user sends update information Update={D, i} to the cloud server, and the cloud server executes the polynomial time algorithm ExeUpdate(F, Φ, Update), and stores the data block u on the cloud server i and its signature e i are deleted, and the file F={u 1 ,u 2 ,…,u i-1 ,u i+1 ,…,u l } is obtained, and the signature set Φ *" ={e 1 ,e 2 , ...,e i-1 ,e i+1 ,...,e l }, calculate the value of the new root node (As shown in Figure 5), the cloud server will sent to the user.

用户根据(Ωi,ei)求出默克尔哈希树的根节点的值h″′R,判断A·Sig(hR)=h″′R是否均成立,若A·Sig(hR)≠h″′R,则说明删除数据之前的数据块不完整;若 成立,则用户根据Ωi求出根节点的值hR,若说明云端服务器按照用户的要求进行了数据删除的操作,则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的PUpdate和Sig(hR)删除。The user obtains the value h″′ R of the root node of the Merkle hash tree according to (Ω i , e i ), and judges that A·Sig(h R )=h″′ R and Whether they are all true, if A·Sig(h R )≠h″′ R , it means that the data block before deleting the data is incomplete; if it is true, the user can find the value h R of the root node according to Ω i , if It means that the cloud server has performed the data deletion operation according to the user's request, then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification succeeds, the local P Update and Sig(h R ) are deleted.

在图中,将第3个数据块删除,只需要取hd=e4即可。In the figure, to delete the third data block, it only needs to take h d =e 4 .

以上所述仅是本发明的优选实施方式,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。The above descriptions are only preferred embodiments of the present invention, and it should be understood that the present invention is not limited to the forms disclosed herein, and should not be regarded as excluding other embodiments, but can be used in various other combinations, modifications and environments, and Modifications can be made within the scope of the ideas described herein, by virtue of the above teachings or skill or knowledge in the relevant art. However, changes and changes made by those skilled in the art do not depart from the spirit and scope of the present invention, and should all be within the protection scope of the appended claims of the present invention.

Claims (10)

1.应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,包括数据完整性验证,所述数据完整性验证包括:1. Apply the dynamic verification method of the cloud storage data based on the linear homomorphic signature of lattice, it is characterized in that, comprise data integrity verification, described data integrity verification comprises: 密钥生成:利用格上的陷门基生成算法生成格上的线性同态签名算法的公钥和私钥;Key generation: use the trapdoor base generation algorithm on the lattice to generate the public key and private key of the linear homomorphic signature algorithm on the lattice; 数据块签名:将文件划分为多个数据块,利用格上的线性同态签名算法对各数据块进行签名,然后基于默克尔哈希树求出根节点的值,并对根节点的值签名,最后将数据块、数据块的签名以及根节点的签名发送给云端服务器;Data block signature: Divide the file into multiple data blocks, use the linear homomorphic signature algorithm on the lattice to sign each data block, and then calculate the value of the root node based on the Merkle hash tree, and calculate the value of the root node Signature, and finally send the data block, the signature of the data block and the signature of the root node to the cloud server; 第三方挑战:将公钥和文件的标识符提供给第三方审计,第三方审计向云端服务器发起挑战验证云端服务器中的数据块是否变化;Third-party challenge: provide the public key and file identifier to the third-party audit, and the third-party audit challenges the cloud server to verify whether the data blocks in the cloud server have changed; 服务器证明:云端服务器根据第三方审计发起的挑战提供相应证明;Server certification: the cloud server provides corresponding certification according to the challenge initiated by the third-party audit; 第三方验证:第三方审计根据所述云端服务器提供的证明判断云端服务器中的数据块是否完整,并将验证结果反馈给用户。Third-party verification: The third-party audit judges whether the data blocks in the cloud server are complete according to the certificate provided by the cloud server, and feeds back the verification result to the user. 2.根据权利要求1所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述密钥生成的方式如下:2. the application according to claim 1 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of lattice, it is characterized in that, the mode of described key generation is as follows: (pk,sk)←TrapGen(1n)(pk,sk)←TrapGen(1 n ) 式中,TrqpGen(1n)为格上的陷门基生成算法,pk为公钥,sk为私钥,为q进制的m*m整数矩阵构成的群。In the formula, TrqpGen(1 n ) is the trapdoor basis generation algorithm on the lattice, pk is the public key, sk is the private key, It is a group composed of m*m integer matrices in base q. 3.根据权利要求1所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述数据块签名包括:3. the application according to claim 1 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of grid, it is characterized in that, described data block signature comprises: 将文件F分割为l个数据块,F={u1,u2,…,ul},其中 为m维的列向量构成的群;Divide the file F into l data blocks, F={u 1 ,u 2 ,…,u l }, where is a group composed of m-dimensional column vectors; 计算系数1≤j≤n,其中,id为文件F的标识符,j表示第j个数据块,是随机预言模型下的抗碰撞安全哈希函数,n表示系统安全参数;Calculation coefficient 1≤j≤n, where id is the identifier of file F, and j represents the jth data block, is the anti-collision security hash function under the random oracle model, and n represents the system security parameter; 将系数αj与每个数据块求内积令内积向量Vi=(Vi1,Vi2,…,Vin)T,1≤i≤l,1≤j≤n;Calculate the inner product of the coefficient α j with each data block Let the inner product vector V i =(V i1 ,V i2 ,...,V in ) T , 1≤i≤l, 1≤j≤n; 调用SamplePre(A,T,σ,Vi)生成数据块的签名ei,1≤i≤l,令签名集合Φ={e1,e2,…,el}, Call SamplePre(A,T,σ,V i ) to generate the signature e i of the data block, 1≤i≤l, let the signature set Φ={e 1 ,e 2 ,…,e l }, 根据签名集合Φ构建默克尔哈希树,默克尔哈希树的叶子节点由签名ei按照预设顺序排列而成;非叶子节点的值由其子节点使用抗碰撞哈希函数得到,并计算出根节点的值hR;对根节点的值hR采用SamplePre(A,T,σ,hR)算法对其签名,得到根节点的值的签名Sig(hR);Construct a Merkle hash tree based on the signature set Φ. The leaf nodes of the Merkle hash tree are arranged in a preset order by signature e i ; the values of non-leaf nodes are determined by their child nodes using a collision-resistant hash function Obtain and calculate the value h R of the root node; use the SamplePre(A,T,σ,h R ) algorithm to sign the value h R of the root node, and obtain the signature Sig(h R ) of the value of the root node; 用户将{F,Φ,id,Sig(hR)}发送给云端服务器CSP,并将文件F、签名集合Φ和签名Sig(hR)从本地删除。The user sends {F,Φ,id,Sig(h R )} to the cloud server CSP, and deletes the file F, signature set Φ and signature Sig(h R ) locally. 4.根据权利要求3所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述数据块签名还包括采用SamplePre(A,T,σ,id)对文件F的标识符id进行签名。4. The application according to claim 3 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of lattice, it is characterized in that, described data block signature also comprises adopting SamplePre (A, T, σ, id) to file F's identifier id to sign. 5.根据权利要求4所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述第三方挑战包括:5. the application according to claim 4 is based on the dynamic verification method of the cloud storage data of linear homomorphic signature of grid, it is characterized in that, described third-party challenge comprises: 用户将审计请求AuditQuest=(Sig(id)||id)发送给第三方审计,其中Sig(id)表示对标识符id的签名;The user sends the audit request AuditQuest=(Sig(id)||id) to the third-party audit, where Sig(id) represents the signature on the identifier id; 第三方审计接收到审计请求AuditQuest=(Sig(id)||id)后,对签名Sig(id)进行验证,若所述签名Sig(id)成立,则第三方审计任意选取子集作为待抽样数据的下标集合,其中[l]={1,2,…,l},S1≤S2≤…≤Sθ;定义挑战chal={id,ci,i}i∈I,ci∈Ζq,其中ci为第三方审计任意选取的随机系数,并将挑战chal={id,ci,i}i∈I发送给云端服务器。After the third-party audit receives the audit request AuditQuest=(Sig(id)||id), it verifies the signature Sig(id). If the signature Sig(id) is established, the third-party audit selects a subset arbitrarily As the subscript set of the data to be sampled, where [l]={1,2,…,l}, S 1 ≤S 2 ≤…≤S θ ; definition challenge chal={id,ci , i } i∈I , ci ∈Ζ q , where ci is a random coefficient selected arbitrarily by the third-party audit, and the challenge chal={id, ci ,i} i∈I is sent to the cloud server. 6.根据权利要求5所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述服务器证明包括:6. the application according to claim 5 is based on the dynamic verification method of the cloud storage data of linear homomorphic signature of grid, it is characterized in that, described server proof comprises: 云端服务器接收到第三方审计发来的挑战chal={id,ci,i}i∈I后,取矩阵B=(α12,…,αn),αj=H2(id||j),1≤j≤n;定义BCT=0(modq),云端服务器计算得到 云端服务器随机选取计算u′i=CTpi+ui,1≤i≤l;After the cloud server receives the challenge chal={id,c i ,i} i∈I from the third-party audit, take the matrix B=(α 12 ,…,α n ), α j =H 2 (id ||j), 1≤j≤n; define BC T =0(modq), calculated by the cloud server Cloud server randomly selected Calculate u′ i =C T p i +u i , 1≤i≤l; 云端服务器根据chal={id,ci,i}i∈I计算抽样数据块聚合之后的数据: The cloud server calculates the aggregated data of sampled data blocks according to chal={id,c i ,i} i∈I : 云端服务器将证明发送给第三方审计,其中Ωi是第i个叶子节点到根节点的兄弟节点所构成的辅助信息。Cloud server will prove Send to a third-party audit, where Ω i is the auxiliary information composed of sibling nodes from the i-th leaf node to the root node. 7.根据权利要求6所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其 特征在于,所述第三方验证包括:7. the application according to claim 6 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of lattice, it is characterized in that, described third-party verification comprises: 第三方审计接收到来自云端服务器的证明后,根据 求得根节点的值h′R,判断A·Sig(hR)=h′R是否均成立:Third-party audit received proof from cloud server after, according to Obtain the value h′ R of the root node, judge A·Sig(h R )=h′ R and Are both established: 若不成立则说明云端服务器存在不完整的数据块,返回0;If it is not established, it means that the cloud server has incomplete data blocks, and returns 0; 若成立,则,计算系数计算令Vcom=(Vcom,1,Vcom.2,…Vcom,n)T;根据BLS签名的线性属性,聚合签名验证Aecom=Vcom(modq)和是否均成立,若成立,则说明抽样数据块是完整的,返回1;否则说明抽样数据块不完整,返回0。If it holds, then calculate the coefficient calculate Let V com =(V com,1 ,V com.2 ,...V com,n ) T ; According to the linear property of BLS signature, aggregate signature Verify that Ae com = V com (modq) and Whether all are true, if true, it means that the sampled data block is complete, and return 1; otherwise, it means that the sampled data block is incomplete, and return 0. 8.根据权利要求6所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述动态验证方法还包括修改数据:8. the application according to claim 6 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of lattice, it is characterized in that, described dynamic verification method also comprises modification data: 用户将修改数据块使用基于格的线性同态签名算法求出对应的签名令更新信息并将更新信息发送给云端服务器;The user will modify the data block Use the lattice-based linear homomorphic signature algorithm to find the corresponding signature order update information and will update the information sent to the cloud server; 云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),云端服务器根据修改数据块 的下标i将待修改数据块ui替换为修改数据块签名ei替换为得到文件签名集合根据签名集合Φ*计算出新的根节点的值云端服务器将证明发送给用户;The cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), and the cloud server modifies the data block according to The subscript i of the to-be-modified data block u i is replaced by the modified data block The signature e i is replaced by get file signature collection Calculate the value of the new root node according to the signature set Φ * Cloud server will prove sent to the user; 用户根据(Ωi,ei)求出对应默克尔哈希树MTH的根节点的值h′R,判断A·Sig(hR)=h′R是否均成立,若A·Sig(hR)≠h′R,则说明修改数据之前的数据块不完整;若成立,则用户根据签名和(Ωi,ei)求出根节点的值hR,若则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的修改数据块签名PUpdate和Sig(hR)删除。According to (Ω i , e i ), the user obtains the value h′ R corresponding to the root node of the Merkle hash tree MTH, and judges that A·Sig(h R )=h′ R and Whether they are all true, if A·Sig(h R )≠h′ R , it means that the data block before modifying the data is incomplete; if it is true, the user will and (Ω i , e i ) to find the value h R of the root node, if Then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local modified data block sign P Update and Sig(h R ) delete. 9.根据权利要求6所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述动态验证方法还包括插入数据:9. The application according to claim 6 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of lattice, it is characterized in that, described dynamic verification method also comprises inserting data: 用户利用基于格的线性同态签名算法得到插入数据块u*'的签名e*',并将更新信息Update={I,i,u*',e*'}发送给云端服务器;The user uses the lattice-based linear homomorphic signature algorithm to obtain the signature e *' inserted into the data block u * ', and sends the update information Update={I,i,u *' ,e *' } to the cloud server; 云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),将插入数据块u*'存储在云端服务器,将签名e*'放在签名ei之后,得到文件签名集合计算新的根节点的值云端服务器将发送给用户;The cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), stores the inserted data block u *' in the cloud server, puts the signature e *' after the signature e i , and obtains the file signature collection Calculate the value of the new root node The cloud server will sent to the user; 用户根据(Ωi,ei)求出默克尔哈希树的根节点的值h”R,判断A·Sig(hR)=h″R是否均成立,若A·Sig(hR)≠h”R,则说明插入数据之前的数据块不完整;若成立,则用户根据签名e*'和(Ωi,ei)求出根节点的值hR,若则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的块插入数据块u*'、签名e*'、PUpdate和Sig(hR)删除。The user obtains the value h” R of the root node of the Merkle hash tree according to (Ω i , e i ), and judges that A·Sig(h R )=h″ R and Whether all are true, if A·Sig(h R )≠h” R , it means that the data block before inserting the data is incomplete; if it is true, the user can find the root node according to the signature e *' and (Ω i , e i ) value of h R , if Then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local block is inserted into the data block u *' , signature e *' , P Update , and Sig(h R ) delete. 10.根据权利要求1所述的应用基于格的线性同态签名的云存储数据的动态验证方法,其特征在于,所述动态验证方法还包括删除数据:10. the application according to claim 1 is based on the dynamic verification method of the cloud storage data of the linear homomorphic signature of lattice, it is characterized in that, described dynamic verification method also comprises deletion data: 用户发送更新信息Update={D,i}给云端服务器,云端服务器执行多项式时间算法ExeUpdate(F,Φ,Update),将存储在云端服务器上的数据块ui及其签名ei删除,得到文件F={u1,u2,…,ui-1,ui+1,…,ul},签名集合Φ*"={e1,e2,…,ei-1,ei+1,…,el},计算新的根节点的值云端服务器将发送给用户;The user sends update information Update={D,i} to the cloud server, and the cloud server executes the polynomial time algorithm ExeUpdate(F,Φ,Update), deletes the data block u i and its signature e i stored on the cloud server, and obtains the file F={u 1 ,u 2 ,…,u i-1 ,u i+1 ,…,u l }, signature set Φ*”={e 1 ,e 2 ,…,e i-1 ,e i+ 1 ,…,e l }, calculate the value of the new root node The cloud server will sent to the user; 用户根据(Ωi,ei)求出默克尔哈希树的根节点的值h”'R,判断A·Sig(hR)=h″'R是否均成立,若A·Sig(hR)≠h”'R,则说明删除数据之前的数据块不完整;若成立,则用户根据Ωi求出根节点的值hR,若则用户对根节点的值hR进行签名得到Sig(hR),并将Sig(hR)发送给云端服务器,执行数据完整性验证,数据完整性验证成功后,将本地的PUpdate和Sig(hR)删除。The user obtains the value h”' R of the root node of the Merkle hash tree according to (Ω i , e i ), and judges that A·Sig(h R )=h″' R and Whether all are true, if A·Sig(h R )≠h”' R , it means that the data block before deleting the data is incomplete; if it is true, the user can find the value h R of the root node according to Ω i , if Then the user signs the value h R of the root node to obtain Sig(h R ), and sends Sig(h R ) to the cloud server to perform data integrity verification. After the data integrity verification is successful, the local P Update and Sig (h R ) Deleted.
CN201610674249.XA 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice Active CN106301789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610674249.XA CN106301789B (en) 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610674249.XA CN106301789B (en) 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice

Publications (2)

Publication Number Publication Date
CN106301789A true CN106301789A (en) 2017-01-04
CN106301789B CN106301789B (en) 2019-07-09

Family

ID=57678101

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610674249.XA Active CN106301789B (en) 2016-08-16 2016-08-16 Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice

Country Status (1)

Country Link
CN (1) CN106301789B (en)

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788963A (en) * 2017-01-05 2017-05-31 河南理工大学 A kind of full homomorphic cryptography method of identity-based on improved lattice
CN107360156A (en) * 2017-07-10 2017-11-17 广东工业大学 P2P network method for cloud storage based on block chain under a kind of big data environment
CN107395355A (en) * 2017-06-12 2017-11-24 广东工业大学 A kind of cloud storage data integrity verification method based on implicit trusted third party
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 Efficient data integrity audit system and method supporting secure deduplication in cloud environment
CN107592203A (en) * 2017-09-25 2018-01-16 深圳技术大学筹备办公室 A kind of aggregate signature method and its system based on lattice
CN108123934A (en) * 2017-12-06 2018-06-05 深圳先进技术研究院 A kind of data integrity verifying method towards mobile terminal
CN108566278A (en) * 2018-03-21 2018-09-21 北京金堤科技有限公司 The method and device of data files
CN108629040A (en) * 2018-05-11 2018-10-09 北京奇虎科技有限公司 Data proof of possession method, apparatus and system
WO2018201730A1 (en) * 2017-05-02 2018-11-08 西南石油大学 Lattice-based cloud storage data security audit method supporting uploading of data via proxy
CN109586896A (en) * 2018-11-14 2019-04-05 陕西师范大学 A kind of data integrity verification method based on Hash prefix trees
CN109687969A (en) * 2018-12-03 2019-04-26 上海扈民区块链科技有限公司 A kind of lattice digital signature method based on key common recognition
CN109981736A (en) * 2019-02-22 2019-07-05 南京理工大学 A kind of dynamic public audit method for supporting user and Cloud Server to trust each other
CN110351362A (en) * 2019-07-12 2019-10-18 全链通有限公司 Data verification method, equipment and computer readable storage medium
CN110752932A (en) * 2019-10-18 2020-02-04 西安建筑科技大学 An efficient cloud data integrity verification method suitable for third-party auditing
CN110781524A (en) * 2019-10-29 2020-02-11 陕西师范大学 Integrity verification method for data in hybrid cloud storage
CN112217629A (en) * 2020-10-13 2021-01-12 安徽大学 A cloud storage public audit method
CN112291236A (en) * 2020-10-28 2021-01-29 青岛大学 A cloud data ownership verification method, device, equipment and medium
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN112637203A (en) * 2020-12-18 2021-04-09 中国人民解放军战略支援部队信息工程大学 Large data stream verification method and system
CN112699123A (en) * 2020-12-30 2021-04-23 武汉大学 Method and system for verifying existence and integrity of data in data storage system
CN114521319A (en) * 2019-09-26 2022-05-20 维萨国际服务协会 Lattice-based signatures with uniform secrets
CN114629661A (en) * 2022-04-27 2022-06-14 中国科学技术大学 Encrypted information processing method and device
WO2023020448A1 (en) * 2021-08-20 2023-02-23 清华大学 Data processing method and apparatus, and storage medium
CN115987979A (en) * 2022-11-15 2023-04-18 重庆邮电大学 Data integrity auditing method based on block trust election mechanism in edge calculation
CN116049897A (en) * 2023-03-30 2023-05-02 北京华隐熵策数据科技有限公司 Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption
CN116319112A (en) * 2023-05-24 2023-06-23 中国人民解放军军事科学院系统工程研究院 Message integrity verification method and system
CN116346367A (en) * 2023-04-24 2023-06-27 华南农业大学 Grating-based signcryption method with entrusted test function
CN117851423A (en) * 2023-12-01 2024-04-09 中国民航信息网络股份有限公司 Data dynamic updating method, device and equipment
CN118984214A (en) * 2024-10-21 2024-11-19 山东多次方半导体有限公司 A distributed quantum-resistant digital signature method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218574A (en) * 2013-04-09 2013-07-24 电子科技大学 Hash tree-based data dynamic operation verifiability method
CN103778387A (en) * 2014-01-06 2014-05-07 中国科学技术大学苏州研究院 Big-data dynamic memory integrity verification method based on lattice
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
CN104902027A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud storage service-oriented dynamic data integrity auditing program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218574A (en) * 2013-04-09 2013-07-24 电子科技大学 Hash tree-based data dynamic operation verifiability method
CN103778387A (en) * 2014-01-06 2014-05-07 中国科学技术大学苏州研究院 Big-data dynamic memory integrity verification method based on lattice
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
CN104902027A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud storage service-oriented dynamic data integrity auditing program

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
余磊: "一种基于格的代理签名方案", 《计算机工程》 *
周锐,王晓明: "基于同态哈希函数的云数据完整性验证算法", 《计算机工程》 *
李雪晓,叶云等: "基于格的大数据动态存储完整性验证方案", 《技术研究》 *
秦志光,王士雨,等: "云存储服务的动态数据完整性审计方案", 《计算机研究与发展》 *
胡德敏,余星: "一种基于同态标签的动态云存储数据完整性验证方法", 《计算机应用研究》 *
胡德敏,余星: "云存储服务中支持动态数据完整性检测方法", 《计算机应用研究》 *
谭霜,何力等: "云存储中一种基于格的数据完整性验证方法", 《计算机研究与发展》 *
谭霜,贾焰,韩伟红: "云存储中的数据完整性证明研究及进展", 《计算机学报》 *

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788963A (en) * 2017-01-05 2017-05-31 河南理工大学 A kind of full homomorphic cryptography method of identity-based on improved lattice
WO2018201730A1 (en) * 2017-05-02 2018-11-08 西南石油大学 Lattice-based cloud storage data security audit method supporting uploading of data via proxy
CN107395355A (en) * 2017-06-12 2017-11-24 广东工业大学 A kind of cloud storage data integrity verification method based on implicit trusted third party
CN107395355B (en) * 2017-06-12 2020-12-11 广东工业大学 A cloud storage data integrity verification method based on an implicit trusted third party
CN107360156A (en) * 2017-07-10 2017-11-17 广东工业大学 P2P network method for cloud storage based on block chain under a kind of big data environment
CN107360156B (en) * 2017-07-10 2019-10-29 广东工业大学 P2P network method for cloud storage based on block chain under a kind of big data environment
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 Efficient data integrity audit system and method supporting secure deduplication in cloud environment
CN107483585B (en) * 2017-08-18 2020-03-10 西安电子科技大学 Efficient data integrity auditing system and method supporting safe deduplication in cloud environment
CN107592203A (en) * 2017-09-25 2018-01-16 深圳技术大学筹备办公室 A kind of aggregate signature method and its system based on lattice
CN108123934A (en) * 2017-12-06 2018-06-05 深圳先进技术研究院 A kind of data integrity verifying method towards mobile terminal
CN108566278A (en) * 2018-03-21 2018-09-21 北京金堤科技有限公司 The method and device of data files
CN108629040A (en) * 2018-05-11 2018-10-09 北京奇虎科技有限公司 Data proof of possession method, apparatus and system
CN109586896A (en) * 2018-11-14 2019-04-05 陕西师范大学 A kind of data integrity verification method based on Hash prefix trees
CN109586896B (en) * 2018-11-14 2021-09-03 陕西师范大学 Data integrity verification method based on Hash prefix tree
CN109687969A (en) * 2018-12-03 2019-04-26 上海扈民区块链科技有限公司 A kind of lattice digital signature method based on key common recognition
CN109687969B (en) * 2018-12-03 2021-10-15 上海扈民区块链科技有限公司 A Lattice-based Digital Signature Method Based on Key Consensus
CN109981736A (en) * 2019-02-22 2019-07-05 南京理工大学 A kind of dynamic public audit method for supporting user and Cloud Server to trust each other
CN109981736B (en) * 2019-02-22 2021-09-21 南京理工大学 Dynamic public auditing method supporting mutual trust of user and cloud server
CN110351362A (en) * 2019-07-12 2019-10-18 全链通有限公司 Data verification method, equipment and computer readable storage medium
US11784825B2 (en) 2019-09-26 2023-10-10 Visa International Service Association Lattice based signatures with uniform secrets
CN114521319B (en) * 2019-09-26 2023-12-05 维萨国际服务协会 Lattice-based signature with uniform secret
CN114521319A (en) * 2019-09-26 2022-05-20 维萨国际服务协会 Lattice-based signatures with uniform secrets
US12120245B2 (en) 2019-09-26 2024-10-15 Visa International Service Association Lattice based signatures with uniform secrets
CN110752932B (en) * 2019-10-18 2022-09-27 西安建筑科技大学 An efficient cloud data integrity verification method suitable for third-party auditing
CN110752932A (en) * 2019-10-18 2020-02-04 西安建筑科技大学 An efficient cloud data integrity verification method suitable for third-party auditing
CN110781524B (en) * 2019-10-29 2023-05-05 陕西师范大学 Integrity verification method for data in hybrid cloud storage
CN110781524A (en) * 2019-10-29 2020-02-11 陕西师范大学 Integrity verification method for data in hybrid cloud storage
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN112217629A (en) * 2020-10-13 2021-01-12 安徽大学 A cloud storage public audit method
CN112217629B (en) * 2020-10-13 2022-07-22 安徽大学 Cloud storage public auditing method
CN112291236A (en) * 2020-10-28 2021-01-29 青岛大学 A cloud data ownership verification method, device, equipment and medium
CN112637203A (en) * 2020-12-18 2021-04-09 中国人民解放军战略支援部队信息工程大学 Large data stream verification method and system
CN112699123A (en) * 2020-12-30 2021-04-23 武汉大学 Method and system for verifying existence and integrity of data in data storage system
WO2023020448A1 (en) * 2021-08-20 2023-02-23 清华大学 Data processing method and apparatus, and storage medium
CN114629661A (en) * 2022-04-27 2022-06-14 中国科学技术大学 Encrypted information processing method and device
CN114629661B (en) * 2022-04-27 2024-02-23 中国科学技术大学 Encryption information processing method and device
CN115987979A (en) * 2022-11-15 2023-04-18 重庆邮电大学 Data integrity auditing method based on block trust election mechanism in edge calculation
CN115987979B (en) * 2022-11-15 2024-05-17 重庆邮电大学 Data integrity audit method based on block trust election mechanism in edge computing
CN116049897A (en) * 2023-03-30 2023-05-02 北京华隐熵策数据科技有限公司 Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption
CN116049897B (en) * 2023-03-30 2023-12-01 北京华隐熵策数据科技有限公司 Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption
CN116346367A (en) * 2023-04-24 2023-06-27 华南农业大学 Grating-based signcryption method with entrusted test function
CN116319112B (en) * 2023-05-24 2023-09-22 中国人民解放军军事科学院系统工程研究院 Message integrity verification method and system
CN116319112A (en) * 2023-05-24 2023-06-23 中国人民解放军军事科学院系统工程研究院 Message integrity verification method and system
CN117851423A (en) * 2023-12-01 2024-04-09 中国民航信息网络股份有限公司 Data dynamic updating method, device and equipment
CN118984214A (en) * 2024-10-21 2024-11-19 山东多次方半导体有限公司 A distributed quantum-resistant digital signature method and system
CN118984214B (en) * 2024-10-21 2024-12-31 山东多次方半导体有限公司 A distributed quantum-resistant digital signature method and system

Also Published As

Publication number Publication date
CN106301789B (en) 2019-07-09

Similar Documents

Publication Publication Date Title
CN106301789B (en) Using the dynamic verification method of the cloud storage data of the linear homomorphism signature based on lattice
CN110213042B (en) A cloud data deduplication method based on certificateless proxy re-encryption
Fu et al. NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users
CN108768608B (en) Privacy protection identity authentication method supporting thin client under block chain PKI
Wang et al. Panda: Public auditing for shared data with efficient user revocation in the cloud
CN103259660B (en) Based on the image authentication method of phase recovery and ECDSA
CN110677487A (en) An Outsourced Data Deduplication Cloud Storage Method Supporting Privacy and Integrity Protection
CN102420691B (en) Certificate-based forward security signature method and system thereof
CN113162768A (en) Intelligent Internet of things equipment authentication method and system based on block chain
CN104954390B (en) It can restore the cloud storage integrality detection method and system of Lost Security Key
CN107172071A (en) A kind of cloud Data Audit method and system based on attribute
CN106209365B (en) A method of re-signing when the user revokes using the backup data in the cloud environment
KR101404642B1 (en) System and method for lattice-based certificateless signature
CN111901320A (en) Anti-key forgery attack encryption method and system based on attribute revocation CP-ABE
CN114124371A (en) A certificateless public key searchable encryption method that satisfies MTP security
Huang et al. Certificateless public verification scheme with privacy-preserving and message recovery for dynamic group
CN109889332A (en) Certificate-Based Equality Testing Encryption Method
CN113242135B (en) Arbitration quantum signature design method based on Grover iterative flexible tracking
CN114020842A (en) Data sharing method and device based on homomorphic encryption technology
CN107248997B (en) Authentication method based on smart card in multi-server environment
JP2014157354A (en) Cryptographic devices and methods for generating and verifying linearly homomorphic structure-preserving signatures
CN116366239A (en) Cloud auditing method and system for anonymous data
CN110247761A (en) The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice
US11635952B2 (en) Secure update propagation with digital signatures
Armknecht et al. Sharing proofs of retrievability across tenants

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant