CN106790311A - Cloud Server stores integrality detection method and system - Google Patents

Abstract

A kind of efficient Cloud Server for supporting that data delete weight and user identity anonymity is proposed the invention provides a kind of present invention store integrality detection method and detecting system.From unlike traditional Cloud Server, the support data that the present invention is provided delete the identity that heavy Cloud Server is known that the different user for possessing same file, and such Cloud Server can just be inferred to the attribute of this encryption file according to the identity of these users.Any information of the authenticator not comprising user identity required for the audit of user's generation.And when user downloads file, it is only necessary to it is sent to one legal proof of Cloud Server, it is not necessary to any identity information.In whole scheme, Cloud Server does not know any information on these user identity.And in the method, realize the quantitative storage of Cloud Server.

Description

Cloud Server stores integrality detection method and system

Technical field

The invention belongs to Cloud Server technical field of memory, and in particular to one kind supports that data delete weight and user identity is anonymous Property Cloud Server storage integrality detection method.

Background technology

In recent years, Cloud Server computing technique gradually penetrates into the every aspect of people's life, is that the life of people brings Great convenience.Cloud Server storage service in Cloud Server service can provide cheap data storage and take to people Business, and be widely used.Increasing user is ready their data to be stored on long-range Cloud Server, with This is locally stored and safeguards the resource that these data needs expend to discharge.For Cloud Server, to deposit from difference The increasing data of user.Nearest investigation according to EMC shows that the data for having 75% are to repeat.Cloud Server is deposited Service provider is in order to save bandwidth cost and storage overhead for storage, when multiple users upload identical data to Cloud Server, He attempts deleting in copy, i.e., file Cloud Servers different to each only store portion.So can greatly improve cloud clothes The utilization rate of business device memory space so that Cloud Server can be more user services.

For a user, although Cloud Server storage has very attracting advantage, but there is also some safety Problem.For example, Cloud Server can suffer from the malicious attack of hacker, or hardware fault, so that causing user data to lose Lose.Or some Cloud Servers are for economic interests, the data that user infrequently accesses are abandoned.Also the Cloud Server having in order to Good reputation is maintained, the fact that conceal loss of data to user.When their data are stored in long-range cloud service by user On device, it is meant that lose the control to the direct physics of these data.Maliciously distorted when their data and When partial data is lost, user be able to not may know in time.So user has reason to suspect storage in remote cloud server Data integrality.

Cloud Server storage integrity detection is an effective solution.Cloud Server storage integrity detection is divided into Privately owned audit and public audit.In privately owned audit program, user audits task.But because user's computing resource is limited And storage is big in Cloud Server data volume, audit task is cumbersome, and privately owned audit can bring very big calculating and communication to user Burden.In public audit, by one believable auditing by third party person (TPA) of audit task outsourcing, TPA only needs to examine user Meter result returns to user, so can greatly mitigate user's audit burden, more meets practical application.

For Cloud Server, compared with traditional Cloud Server, support that the Cloud Server that data delete weight is known that Possess the identity of the different user of same file.So Cloud Server just can guess this according to the identity of these users The attribute of individual file, causes data-privacy to be compromised.And in traditional scheme, the different user for possessing same file is only Vertical carries out audit task.The repeatedly used authenticator of audit is so not only calculated for same text document, also to be carried out Multiple audit task.And many parts of authenticators from different user are also stored for Cloud Server, this takes for cloud A storage burden for business device.So whether for being required for an efficient side for Cloud Server or user Method come solve the problems, such as support data delete weight and user identity anonymity Cloud Server store integrity detection.

The content of the invention

To solve problems of the prior art, the present invention provides an efficient support data and deletes weight and user identity The Cloud Server storage integrality detection method of anonymity.When the authenticator required for the audit of user's generation does not include any use The information of family identity.And the integrality detection method that this patent is proposed, can not only protect the anonymity of user identity, also may be used To realize the quantitative storage of Cloud Server.I.e. for a file, it is only necessary to calculate a authenticator, Cloud Server is also only needed to The copy of a these authenticators of storage.

To overcome above-mentioned technical problem, the present invention to provide a kind of data and delete weight and the storage of user identity anonymity Cloud Server Integrity detection device, it includes：

Initial upload user client, follow-up upload request subscription client, Cloud Server, auditing by third party center；

The initial upload user client refers to that the file for needing long-range storage was not deposited previously on Cloud Server Storage, and the authenticator of calculation document is needed when uploading and Cloud Server is together sent to this document；

The Cloud Server has abundant calculating and storage resource, and provides a user with data storage service；

The auditing by third party center can represent user and complete audit task to mitigate the calculating of user and communicate negative Load.

In addition to initial uploader, also including follow-up upload request user, its desired upload Cloud Server has been stored with File, it is not necessary to upload calculate authenticator.

The present invention is also provided and is carried out that data delete weight and the storage of user identity anonymity Cloud Server is complete using said apparatus Property detection method, it includes：

The first step, when user needs a file to store in long-range Cloud Server, first the hash values of this document It is sent to Cloud Server；

Second step, after Cloud Server receives this hash value, sees whether the hash values of the file having had are same, If it has, illustrating that this file is had stored on Cloud Server, the user is follow-up upload request person, is just not required to go up again Pass this file；

3rd step, if it did not, illustrating this user for initial uploader, the user needs the ciphertext file together with it One piece of corresponding authenticator is sent to Cloud Server；If it has, cloud randomly chooses several fast sequence numbers of random file is sent to user, These blocks of files are returned to cloud by user, and Cloud Server verifies the correctness of these blocks of files.Correctly, this user is illustrated It is follow-up upload user, then need not goes up transmitting file；It is incorrect, the ciphertext file is equally needed together with it with initial uploader One piece of corresponding authenticator is sent to Cloud Server；

4th step, user sends the request of audit commission to auditing by third party center, then auditing by third party center (TPA) Challenge information is sent to Cloud Server first, after Cloud Server is received, the corresponding proof of generation is calculated and is sent to as response TPA, TPA verify this reasonability for proving, after the completion of audit, the result of audit is returned to user by TPA.

The data delete the method that weight and user identity anonymity Cloud Server store integrity detection, further specific bag Include：

1st step, system initialization, pseudorandom hash function required for generating various systematic parameters and selection scheme with And pseudo-random permutation function；

Be encrypted for the metadata convergent encryption algorithm of user by the 2nd step, file encryption；

3rd step, data delete weight, judge whether Cloud Server has been stored with this document, if stored, user is just not With uploading again；

4th step, data file is uploaded, and the data after encryption are uploaded to Cloud Server by user；

5th step, audit, auditing by third party center is audited to file, and auditing result is returned into user.

Wherein, the 1st step is further included：

A is walked, pseudorandom hash function and pseudo-random permutation function required for selection scheme；

B is walked, and generates various systematic parameters.

Wherein, the 2nd step is further included：

A is walked, and user is to n data block { m₁..., m_nIn each data block as hash function input H₃；

B is walked, hash function H₃The encryption key of each blocks of files is exported,

C is walked, generation ciphertext C={ C₁, C₂..., C_n}。

Wherein, the 3rd step is further included：

A is walked, the hash values of user's calculation document first, and this hash value is sent into Cloud Server；

B is walked, and whether after Cloud Server receives this hash value, seeing the hash values of the file of storage has identical with this value , if it did not, the authenticator required for notifying the user to upload this document and its corresponding audit；

C is walked, if the hash values of stored file have equal with this hash value, Cloud Server is from [1, n] D element composition set D of random selection is sent to user, and the blocks of files of corresponding sequence number is sent to cloud service by user as response Device；

D is walked, and after Cloud Server receives the response of user, is calculated：

And verify ((whether η ' ψ ', v) set up e, and whole text is possessed really if setting up and being considered as user for T ', g)=e Part.User can not upload this file and can be with legal access this document.

Wherein, the 4th step is further included：

A is walked, and user uses key k_tagFor each blocks of files generates authenticator.User selects s random number first： {u₁, u₂..., u_s, it is that each blocks of files is calculated：

B is walked, and user is by ciphertext and its corresponding T_iUpload to Cloud Server.

Wherein, the 5th step is further included：

A is walked, and produces inquiry, and audit center TPA randomly chooses one a c set of element, and generation two with Machine number,By challenge information chal=(c, k₁, k₂) it is sent to Cloud Server；

B is walked, and after producing proof, Cloud Server to receive inquiry, 1≤t≤c is calculated firstWith Then calculateWithMost backward TPA is returned and be may certify that Cloud Server possesses entirely The proof (T, η) of file, wherein η={ η₁, η₂..., η_s}；

C is walked, it was demonstrated that checking, after TPA receives proof, 1≤t≤c is calculated firstWithThen Whether checking equation is set up：

Audited if setting up and passed through, do not passed through otherwise.

The present invention is also provided and is carried out that data delete weight and the storage of user identity anonymity Cloud Server is complete using said apparatus Property detection system, it includes：

System initialization module, pseudorandom hash function required for generating various systematic parameters and selection scheme and Pseudo-random permutation function；

File encryption module, the metadata convergent encryption algorithm of user is encrypted；

Data delete molality block, judge whether Cloud Server has been stored with this document, if stored, user just without Upload again；

Data after encryption are uploaded to Cloud Server by data file uploading module, user；

Audit Module, auditing by third party center is audited to file, and auditing result is returned into user.

Beneficial technique effect

The present invention compared with prior art, has the advantages that：

(1) present invention can ensure that the anonymity of user identity.In existing data delete weight integrity detection scheme, use Family generation authenticator is the private key for needing to use user, and this private key includes the identity information of user.And supporting data Delete in the Cloud Server of weight, Cloud Server is known that the identity of the different user for possessing identical file.According to these users' Identity, Cloud Server can guess the general contents of this document, and the data-privacy of user is seriously damaged.In the present invention, Cloud Server not can know that the identity information of the different user for possessing identical file.Because user is recognizing for each blocks of files generation Card device is only related to file content, unrelated with each subscriber identity information for possessing this file.When user is needed from Cloud Server When downloading this document, it is only necessary to submit a legal download proof to Cloud Server, it is not required that the identity letter of user Breath.

(2) method that the present invention is provided realizes the quantitative storage of Cloud Server.Weight integrality is deleted in most data In detection scheme, Cloud Server needs to store the N parts of authenticator of blocks of files to every text document, and wherein N is to possess this file User quantity.So the storage burden of the Cloud Server of these schemes is linear with N.In the present invention, it is right In every text document, Cloud Server only needs to store a authenticator for completing audit task.So in that patent, cloud clothes The storage burden of business device is quantitative unrelated with the number of users for possessing identical file.

(3) present invention realizes and only needs to calculate a authenticator for every text document.Deleted in existing data and weighed In whole property detection scheme, the different user needs for possessing identical file independently calculate respective authenticator.In the present invention, only need Initial uploader is wanted to calculate authenticator to each blocks of files, follow-up upload request person need not calculate authenticator.So this Method significantly reduces calculating and the communications burden of follow-up upload request person.

Brief description of the drawings

Fig. 1 is the Cloud Server storage integrity detection system illustraton of model for supporting data to delete weight and user identity anonymity.

Fig. 2 is the corresponding relation figure of Cloud Server storage file and user.

Fig. 3 deletes weight stage schematic diagram for data.

Fig. 4 is audit phase schematic diagram.

Specific embodiment

The identity anonymous of weight and user are deleted for the data for solving the problems, such as Cloud Server, the present invention proposes a kind of height The support data of effect delete the Cloud Server storage integrality detection method of weight and user identity anonymity.With traditional Cloud Server Unlike, the support data that the present invention is provided delete the body that heavy Cloud Server is known that the different user for possessing same file Part, such Cloud Server can just be inferred to the attribute of this encryption file according to the identity of these users.If for example, gathered around The user for having this document is student, then this file content should educate the content of aspect.Certainly, with user identity Refinement, the file content guessed also can be more, the severe leakage data-privacy of user.In the method, user generates Any information of the authenticator not comprising user identity required for audit.And when user downloads file, it is only necessary to it is sent to One legal proof of Cloud Server, it is not necessary to any identity information.In whole scheme, Cloud Server is not known on these Any information of user identity.And in the method, realize the quantitative storage of Cloud Server.For each file, only First uploader is needed to calculate its authenticator, Cloud Server also only needs to store a authenticator, and same a with possessing The number of users of file is unrelated.

In order to further improve storage efficiency and audit performance, this patent is deposited to user data using a kind of common segment structure Storage：Data file F is divided into n data block { m₁, m₂..., m_n, and each blocks of files is divided into s part, i.e. m_i= {m_i1, m_i2..., m_is, 1≤i≤n.

Theory involved by this patent is as follows：

Bilinear Pairing：

If G₁It is that rank is the module of q, G₂It is that two ranks are the multiplicative group of q, if mapping e：G₁×G₂→G₂Meet following property Matter：

1) bilinearity：ForA, b ∈ G₁Meet e (aP, bQ)=e (P, Q)^ab。

2) non-degeneracy：There is P, Q ∈ G so that

3) computability：There is efficient algorithm, forE (P, Q) can be calculated.

Then mapping e is called Bilinear Pairing.

BLS short signatures：

1) group G is the multiplication loop group that rank is prime number q, and its generation unit is g, and signer is randomly selectedThen calculate X=g^x∈ G, the public and private key of signer is respectively X and x.

2) assume that message is M, signer calculates σ=(H (M))^x, wherein

3) when verifying, then known message M and its signature sigma first calculate e (g, σ) and whether e (X, H (M)) be equal, if It is equal, represent that σ is the signature of message M.

The present invention provides a kind of data and deletes weight and user identity anonymity Cloud Server storage integrity detection device, its bag Include：

Initial upload user client, follow-up upload request subscription client, Cloud Server and auditing by third party center；

The initial upload user client refers to that the file for needing long-range storage was not deposited previously on Cloud Server Storage, and the authenticator of calculation document is needed when uploading and Cloud Server is together sent to this document；

The Cloud Server has abundant calculating and storage resource, and provides a user with data storage service；

The auditing by third party center can represent user and complete audit task to mitigate the calculating of user and communicate negative Load.

In addition to initial uploader, also including follow-up upload request user, its desired upload Cloud Server has been stored with File, it is not necessary to upload calculate authenticator.

The present invention is also provided and is carried out that data delete weight and the storage of user identity anonymity Cloud Server is complete using said apparatus Property detection method, it includes：

The first step, when user needs a file to store in long-range Cloud Server, first the hash values of this document It is sent to Cloud Server；

Second step, after Cloud Server receives this hash value, sees whether the hash values of the file having had are same, If it has, illustrating that this file is had stored on Cloud Server, the user is follow-up upload request person, is just not required to go up again Pass this file；

3rd step, if it did not, illustrating this user for initial uploader, the user needs the ciphertext file together with it One piece of corresponding authenticator is sent to Cloud Server；If it has, cloud randomly chooses several fast sequence numbers of random file is sent to user, These blocks of files are returned to cloud by user, and Cloud Server verifies the correctness of these blocks of files.Correctly, this user is illustrated It is follow-up upload user, then need not goes up transmitting file；It is incorrect, the ciphertext file is equally needed together with it with initial uploader One piece of corresponding authenticator is sent to Cloud Server；

4th step, user sends the request of audit commission to auditing by third party center, then auditing by third party center (TPA) Challenge information is sent to Cloud Server first, after Cloud Server is received, the corresponding proof of generation is calculated and is sent to as response TPA, TPA verify this reasonability for proving, after the completion of audit, the result of audit is returned to user by TPA.

The data delete the method that weight and user identity anonymity Cloud Server store integrity detection, further specific bag Include：

1st step, system initialization, pseudorandom hash function required for generating various systematic parameters and selection scheme with And pseudo-random permutation function；

Be encrypted for the metadata convergent encryption algorithm of user by the 2nd step, file encryption；

3rd step, data delete weight, judge whether Cloud Server has been stored with this document, if stored, user is just not With uploading again；

4th step, data file is uploaded, and the data after encryption are uploaded to Cloud Server by user；

5th step, audit, auditing by third party center is audited to file, and auditing result is returned into user.

1st step is further included：

A is walked, pseudorandom hash function and pseudo-random permutation function required for selection scheme；

B is walked, and generates various systematic parameters.

It is the multiplication loop group group G of prime number p that a steps are further specially systematic parameter generation center selection rank₁With G₂, e is computable bilinear map e：G₁×G₁→G₂, g is G₁Generation unit,Five pseudorandom hash letters of selection Number, wherein H₁It is to be mapped to from stringHash functions：H₂It is to be mapped to the hash function of any from string：H₂： { 0,1 }^*→G₁；Wherein H₃It is the string that the string of a random length is mapped to certain length：H₃：{ 0,1 }^*→ { 0,1 }^l, wherein l It is the bit length and other two hash functions of the key of used AES：And h：{ 0,1 }^*→ { 0,1 }^*, and a pseudo-random permutation function is selected, by the another several numbers therein of a few number Random Maps in [1, n]：

The b steps are further specially user and perform H₁, H₃Function and using the content of file F as input, generates each rank Key required for section, wherein function H₁It is output as k_tag, required key, user's calculating during as calculating authenticatorAs authentication secret, function H₃Output k_enc, for encrypting file F, user calculatesAs from cloud service Device downloads a proof for legitimacy of file.

2nd step is further included：

A is walked, and user is to n data block { m₁..., m_nIn each data block as hash function input H₃；

B is walked, hash function H₃The encryption key of each blocks of files is exported,

C is walked, generation ciphertext C={ C₁, C₂..., C_n}。

3rd step is further included：

A is walked, the hash values of user's calculation document first, and this hash value is sent into Cloud Server；

B is walked, and whether after Cloud Server receives this hash value, seeing the hash values of the file of storage has identical with this value , if it did not, the authenticator required for notifying the user to upload this document and its corresponding audit；

C is walked, if the hash values of stored file have equal with this hash value, Cloud Server is from [1, n] D element composition set D of random selection is sent to user, and the blocks of files of corresponding sequence number is sent to cloud service by user as response Device；

D is walked, and after Cloud Server receives the response of user, is calculated：

And verify ((whether η ' ψ ', v) set up e, and whole text is possessed really if setting up and being considered as user for T ', g)=e Part.User can not upload this file and can be with legal access this document.

4th step is further included：

A is walked, and user uses key k_tagFor each blocks of files generates authenticator.User selects s random number first： {u₁, u₂..., u_s, it is that each blocks of files is calculated：

B is walked, and user is by ciphertext and its corresponding T_iUpload to Cloud Server.

5th step is further included：

A is walked, and produces inquiry, and audit center TPA randomly chooses one a c set of element, and generation two with Machine number,By challenge information chal=(c, k₁, k₂) it is sent to Cloud Server；

B is walked, and after producing proof, Cloud Server to receive inquiry, 1≤t≤c is calculated firstWith Then calculateWithMost backward TPA is returned and be may certify that Cloud Server possesses entirely The proof (T, η) of file, wherein η={ η₁, η₂..., η_s}；

C is walked, it was demonstrated that checking, after TPA receives proof, 1≤t≤c is calculated firstWithThen Whether checking equation is set up：

Audited if setting up and passed through, do not passed through otherwise.

The present invention is also provided and is carried out that data delete weight and the storage of user identity anonymity Cloud Server is complete using said apparatus Property detection system, it includes：

System initialization module, pseudorandom hash function required for generating various systematic parameters and selection scheme and Pseudo-random permutation function；

File encryption module, the metadata convergent encryption algorithm of user is encrypted；

Data delete molality block, judge whether Cloud Server has been stored with this document, if stored, user just without Upload again；

Data after encryption are uploaded to Cloud Server by data file uploading module, user；

Audit Module, auditing by third party center is audited to file, and auditing result is returned into user.

In system initialization module：

Pseudorandom hash function and pseudo-random permutation function required for selection scheme, systematic parameter generation center selection rank It is the multiplication loop group group G of prime number p₁And G₂, e is computable bilinear map e：G₁×G₁→G₂, g is G₁Generation unit,Five pseudorandom hash functions of selection, wherein H₁It is to be mapped to from stringHash functions：H₂It is The hash function of any is mapped to from string：H₂：{ 0,1 }^*→G₁；Wherein H₃It is that the string of a random length is mapped to a fixed length The string of degree：H₃：{ 0,1 }^*→ { 0,1 }^l, wherein l is the bit length and other two hash of the key of used AES Function：And h：{ 0,1 }^*→ { 0,1 }^*, and a pseudo-random permutation function is selected, will be several in [1, n] Number Random Maps another several numbers therein：

Various systematic parameters are generated, user performs H₁, H₃Function and using the content of file F as input, generates each stage institute The key of needs, wherein function H₁It is output as k_tag, required key, user's calculating during as calculating authenticator As authentication secret, function H₃Output k_enc, for encrypting file F, user calculatesDownloaded as from Cloud Server One proof of legitimacy of file.

In the file encryption module：

User is to n data block { m₁..., m_nIn each data block as hash function input H₃；

Hash function H₃The encryption key of each blocks of files is exported,

Generation ciphertext C={ C₁, C₂..., C_n}。

The data are deleted in molality block：

The hash values of user's calculation document first, and this hash value is sent to Cloud Server；

After Cloud Server receives this hash value, see the file of storage hash values whether have with this value identical, if No, the authenticator required for notifying the user to upload this document and its corresponding audit；

If the hash values of stored file have equal with this hash value, Cloud Server is selected at random from [1, n] Select d element composition set D and be sent to user, the blocks of files of corresponding sequence number is sent to Cloud Server by user as response；

D is walked, and after Cloud Server receives the response of user, is calculated：

And verify ((whether η ' ψ ', v) set up e, and whole text is possessed really if setting up and being considered as user for T ', g)=e Part, user can not upload this file and can be with legal access this document.

In the data file uploading module：

User uses key k_tagFor each blocks of files generates authenticator.User selects s random number first：{u₁, u₂..., u_s, it is that each blocks of files is calculated：

User is by ciphertext and its corresponding T_iUpload to Cloud Server.

In the Audit Module：

Inquiry is produced, audit center TPA randomly chooses one the c set of element, and produces two random numbers,By challenge information chal=(c, k₁, k₂) it is sent to Cloud Server；

After producing proof, Cloud Server to receive inquiry, 1≤t≤c is calculated firstWithThen count CalculateWithMost backward TPA is returned and be may certify that Cloud Server possesses whole file Prove (T, η), wherein η={ η₁, η₂..., η_s}；

Checking, after TPA receives proof, calculates 1≤t≤c firstWithThen verify Whether equation is set up：

Audited if setting up and passed through, do not passed through otherwise.

Describe embodiments of the present invention in detail using embodiment and accompanying drawing below, how skill is applied to the present invention whereby Art means solve technical problem, and reach the implementation process of technique effect and can fully understand and implement according to this.

Fig. 1 is the Cloud Server storage integrity detection system illustraton of model for supporting data to delete weight.The system is illustrated in figure In have four participation entities, i.e., initial uploader, follow-up upload request user, Cloud Server, trusted third party audit center (TPA).Initial uploader and follow-up upload request user are the users of Cloud Server, have and substantial amounts of want outsourcing Data, the limited equipment of computing capability.Wherein initial uploader needs the file for uploading not have in Cloud Server, so just Beginning uploader needs for the ciphertext of this document to send jointly to Cloud Server together with its corresponding authenticator.Follow-up upload request User wants that the file for uploading has existed on Cloud Server, so they need not upload this document and authenticator.Cloud takes Business device is the platform for providing the user Cloud Server service, and user can be helped to store substantial amounts of outer bag data.In auditing by third party The heart (TPA) alleviates the computation burden of user in audit process, and Data Audit is entrusted to TPA by user, and TPA will after the completion of audit Result returns to user.

When user needs a file to store in long-range Cloud Server, the hash values of this document are sent to cloud first Server.After Cloud Server receives this hash value, see whether the hash values of the file having had are same.If it has, Illustrate that this file is had stored on Cloud Server, the user is follow-up upload request person, be just not required to upload this text again Part.If it did not, illustrating this user for initial uploader, the user needs the ciphertext file together with its corresponding authenticator One piece is sent to Cloud Server.In audit process, user sends the request of audit commission to auditing by third party center, and then the Tripartite's audit center (TPA) sends challenge information to Cloud Server first.After Cloud Server is received, the corresponding card of generation is calculated It is bright to be sent to TPA as response.TPA verifies this reasonability for proving.After the completion of audit, TPA returns to the result of audit User.

Fig. 2 is the corresponding relation figure of Cloud Server storage file and user.Illustrate supporting data to delete the cloud of weight in figure On server, a file of Cloud Server storage generally corresponds to multiple users.Signal in figure a, it can be seen that text Part correspondence multiple user.Assuming that three files that are stored with Cloud Server, file 1, file 2 and file 3.Deleted data are supported On the Cloud Server of weight, it is known that Cloud Server knows the identity of the different user for possessing identical file.So occur as soon as this A kind of situation of sample, it is assumed that the user identity of file 1 is student in figure, then Cloud Server is it is known that its respective file 1 General Matters be related to education.With the refinement of user identity, the content of the file that Cloud Server is guessed also by Gradually it is close to true content.For example, the user of this file 1 is not only the university student of student or department of computer science, then cloud takes Business device can just guess that the content of file 1 should be relevant with university computer teaching.Further, if file 1 has one The identity of people is university data structure teacher, then it is Teaching of Data Structure that Cloud Server just can accurately guess file 1 Data.So obvious severe leakage user data privacy.So, it is very important to protect the privacy of identities of user.

Fig. 3 deletes weight stage schematic diagram for data.Illustrated in figure from user C to Cloud Server send file hash values, Then Cloud Server judges whether there has been this document according to this value.If had, just verify whether user is certain Possess this file, this document need not then be uploaded by the user for verifying.Otherwise, user needs to upload this document and its is right The authenticator answered.

Illustrate such as in figure, before transmitting file on user, hash values h (C) of file cipher text are sent to cloud first.Cloud is received See in the file having had whether there is the hash value equal with this value to this hash value.If it has, explanation user wants to upload File existed in cloud.In order to determine that this user possesses whole file and wants to upload this document really, cloud is in [1, n] Randomly select d element and issue user.After user receives the challenge information that cloud is sent, by the blocks of files { m of corresponding sequence number_i}_i∈DMake Cloud is sent to respond.After receiving the response that cloud is sent, cloud is calculated first：

And verify ((whether η ' ψ ' v) set up equation e for T ', g)=e.If set up, cloud just believes that the user is certain Possess whole file.The user is not required to upload this file again.

Fig. 4 is audit phase schematic diagram.TPA is illustrated in figure and sends challenge information to Cloud Server, then Cloud Server One is sent to TPA may certify that its proof for possessing whole file really.Last TPA verifies this reasonability for proving. If the Cloud Server honest whole file that is stored with really rationally, is considered as, without cheating.Otherwise it is assumed that Cloud Server does not have Be stored with whole file.

After auditing by third party center (TPA) receives the audit request that user sends, one is randomly choosed first c unit The set of element, and two random numbers are produced,By challenge information chal=(c, k₁, k₂) be sent to Cloud Server.After high in the clouds receives inquiry, 1≤t≤c is calculated firstWithThen calculate WithMost backward TPA is returned and be may certify that cloud possesses the proof (T, η) of whole file, and wherein η= {η₁, η₂..., η_s}.After TPA receives proof, 1≤t≤c is calculated firstWithThen verify following Whether equation is set up：

Audited if setting up and passed through, do not passed through otherwise.

Implementation process of the invention is as follows：

System initialization：Systematic parameter generation center selection rank is the multiplication loop group group G of prime number p₁And G₂, e is to calculate Bilinear map e：G₁×G₁→G₂, g is G₁Generation unit,Five pseudorandom hash functions of selection, wherein H₁It is It is mapped to from stringHash functions：H₂It is to be mapped to the hash function of any from string：H₂：{ 0,1 }^*→G₁； Wherein H₃It is the string that the string of a random length is mapped to certain length：H₃：{ 0,1 }^*→ { 0,1 }^l, wherein l is to use to add The bit length of the key of close algorithm.And other two hash functions：And h：{ 0,1 }^*→ { 0,1 }^*.And And one pseudo-random permutation function of selection, by the another several numbers therein of a few number Random Maps in [1, n]：User performs H₁, H₃Function and using the content of file F as input, generates each stage institute The key of needs.Wherein function H₁It is output as k_tag, required key during as calculating authenticator.User calculates As authentication secret.Function H₃Output k_enc, for encrypting file F.User calculatesFile is downloaded as from high in the clouds A proof for legitimacy.

The file encryption stage：User is to n data block { m₁..., m_nIn each data block as hash function input H₃.Hash function H₃The encryption key of each blocks of files is exported,Generated using these encryption keys Ciphertext C={ C₁, C₂..., C_n}。

Data delete the weight stage：Before upper transmitting file, hash values h (C) of user's calculation document ciphertext first, and by this Hash values h (C) are sent to Cloud Server.Whether after high in the clouds receives h (C), seeing the hash values of the file of storage has identical with h (C) 's.If it did not, the authenticator required for notifying the user to upload this document and its corresponding audit.If stored text The hash values of part have equal with this hash value h (C), and Cloud Server d element of random selection from [1, n] is sent to user, Be sent to cloud cloud receive the response of user after as responding the blocks of files of corresponding sequence number by user, calculates：

And verify ((whether η ' ψ ', v) set up e, and whole text is possessed really if setting up and being considered as user for T ', g)=e Part.User can not upload this file and can be with legal access this document.

Data upload the stage：User uses key k_tagFor each blocks of files generates authenticator.User select first s with Machine number：{u₁, u₂..., u_s, it is that each blocks of files calculates authenticator：

Data are calculated when block authenticator is to audit for verification of data integrity, block label is based in this patent BLS short signatures are calculated；User is file cipher text C={ C₁, C₂..., C_nAnd block label T_iHigh in the clouds storage, Ran Houke are dealt into together Audit task is entrusted into audit center by escape way.Just can be according to user after the user's commission of audit central authentication is legal It is required that to data casual audit.

The inquiry stage：Audit center TPA randomly chooses one the c set of element, and produces two random numbers,By challenge information chal=(c, k₁, k₂) it is sent to Cloud Server.

Prove the generation stage：After high in the clouds receives inquiry, 1≤t≤c is calculated firstWithThen count CalculateWithMost backward TPA is returned and be may certify that cloud possesses the proof of whole file (T, η), wherein η={ η₁, η₂..., η_s}。

Checking：After TPA receives proof, 1≤t≤c is calculated firstWithThen verify Whether equation is set up：

Audited if setting up and passed through, do not passed through otherwise.Show that data are complete if by checking, otherwise corrupted data or Lose.Auditing result is sent to user by audit center, and user can accordingly assess the quality of cloud service.

All above-mentioned this intellectual properties of primarily implementation, the not this new product of implementation of setting limitation other forms And/or new method.Those skilled in the art will be using this important information, the above modification, to realize similar execution feelings Condition.But, all modifications or transformation are based on the right that new product of the present invention belongs to reservation.

The above, is only presently preferred embodiments of the present invention, is not the limitation for making other forms to the present invention, is appointed What those skilled in the art changed possibly also with the technology contents of the disclosure above or be modified as equivalent variations etc. Effect embodiment.But it is every without departing from technical solution of the present invention content, according to technical spirit of the invention to above example institute Any simple modification, equivalent variations and the remodeling made, still fall within the protection domain of technical solution of the present invention.

Claims (9)

1. a kind of data delete weight and user identity anonymity Cloud Server stores integrity detection device, it is characterised in that：Including：

Initial upload user client, follow-up upload request subscription client, Cloud Server, auditing by third party center；

The initial upload user client refers to that the file for needing length of run to store is not previously stored on Cloud Server, and And the authenticator of calculation document is needed when uploading and Cloud Server is together sent to this document；

The Cloud Server has abundant calculating and storage resource, and provides a user with data storage service；

The auditing by third party center can represent user and complete audit task to mitigate calculating and the communications burden of user.

In addition to initial uploader, also including follow-up upload request user, the text that its desired upload Cloud Server has been stored with Part, it is not necessary to upload and calculate authenticator.

2. data are carried out using claim 1 described device and delete weight and user identity anonymity Cloud Server storage integrity detection Method, it is characterised in that including：

The first step, when user needs a file to store in long-range Cloud Server, first sends the hash values of this document To Cloud Server；

Second step, after Cloud Server receives this hash value, sees whether the hash values of the file having had are same, if Have, illustrate that this file is had stored on Cloud Server, the user is follow-up upload request person, is just not required to upload this again File；

3rd step, if it did not, illustrating this user for initial uploader, the user needs the ciphertext file together with its correspondence One piece of authenticator be sent to Cloud Server；If it has, cloud randomly chooses several fast sequence numbers of random file is sent to user, user These blocks of files are returned into cloud, Cloud Server verifies the correctness of these blocks of files.Correctly, after illustrating that this user is Continuous upload user, then need not go up transmitting file；It is incorrect, the ciphertext file is equally needed together with its correspondence with initial uploader One piece of authenticator be sent to Cloud Server；

4th step, user sends the request of audit commission to auditing by third party center, and then auditing by third party center (TPA) first Challenge information is sent to Cloud Server, after Cloud Server is received, the corresponding proof of generation is calculated and is sent to TPA as response, TPA verifies this reasonability for proving, after the completion of audit, the result of audit is returned to user by TPA.

3. data described in claim 2 delete the method that weight and user identity anonymity Cloud Server store integrity detection, and it is special Levy and be, further include：

1st step, system initialization, pseudorandom hash function and puppet required for generating various systematic parameters and selection scheme Random permutation function；

Be encrypted for the metadata convergent encryption algorithm of user by the 2nd step, file encryption；

3rd step, data delete weight, judge whether Cloud Server has been stored with this document, if stored, user is just without again Upload；

4th step, data file is uploaded, and the data after encryption are uploaded to Cloud Server by user；

5th step, audit, auditing by third party center is audited to file, and auditing result is returned into user.

4. data as claimed in claim 3 delete the method that weight and user identity anonymity Cloud Server store integrity detection, its It is characterised by：

1st step further includes,

A is walked, pseudorandom hash function and pseudo-random permutation function required for selection scheme；

B is walked, and generates various systematic parameters.

5. the data as described in claim 3 or 4 delete the method that weight and user identity anonymity Cloud Server store integrity detection, It is characterized in that：

2nd step is further included：

A is walked, and user is to n data block { m₁..., m_nIn each data block as hash function input H₃；

B is walked, hash function H₃The encryption key of each blocks of files is exported,

C is walked, generation ciphertext C={ C₁, C₂..., C_n}。

6. the data as described in claim 3 to 5 delete the method that weight and user identity anonymity Cloud Server store integrity detection, It is characterized in that：

3rd step is further included：

A is walked, the hash values of user's calculation document first, and this hash value is sent into Cloud Server；

B walk, after Cloud Server receives this hash value, see the file of storage hash values whether have with this value identical, such as Fruit does not have, the authenticator required for notifying the user to upload this document and its corresponding audit；

C is walked, if the hash values of stored file have equal with this hash value, Cloud Server is random from [1, n] D element composition set D of selection is sent to user, and the blocks of files of corresponding sequence number is sent to Cloud Server by user as response；

D is walked, and after Cloud Server receives the response of user, is calculated：

$\begin{array}{cc}{T}^{\′}=\underset{i\∈D}{\Π}{T}_i& {\mathrm{\η}}^{\′}=\underset{i\∈D}{\Π}H\left(i\right)\end{array}$

$\begin{array}{cc}{\mathrm{\ψ}}_i^{\′}={\Π}_{j=1}^s{u}_j^{m_{ij}},i\∈D& {\mathrm{\ψ}}^{\′}=\underset{i\∈D}{\Π}{\mathrm{\ψ}}_i^{\′},\end{array}$

And verify ((whether η ' ψ ', v) set up e, and whole file is possessed really if setting up and being considered as user for T ', g)=e.With Family can not upload this file and can be with legal access this document.

7. the data as described in claim 3 to 6 delete the method that weight and user identity anonymity Cloud Server store integrity detection, It is characterized in that：

4th step is further included：

A is walked, and user uses key k_tagFor each blocks of files generates authenticator.User selects s random number first：{u₁, u₂..., u_s, it is that each blocks of files is calculated：

$T_i={\left(H_2\right(i)\·{\Π}_{j=1}^s{u_j}^{m_{ij}})}^{k_{tag}}$

B is walked, and user is by ciphertext and its corresponding T_iUpload to Cloud Server.

8. the data as described in claim 3 to 7 delete the method that weight and user identity anonymity Cloud Server store integrity detection, It is characterized in that：

5th step is further included：

A is walked, and produces inquiry, and audit center TPA randomly chooses one the c set of element, and produces two random numbers,By challenge information chal=(c, k₁, k₂) it is sent to Cloud Server；

B is walked, and after producing proof, Cloud Server to receive inquiry, 1≤t≤c is calculated firstWithThen CalculateWithMost backward TPA is returned and be may certify that Cloud Server possesses whole file Proof (T, η), wherein η={ η₁, η₂..., η_s}；

C is walked, it was demonstrated that checking, after TPA receives proof, 1≤t≤c is calculated firstWithThen verify Whether equation is set up：

$e(T,g)=e\left({\Π}_{t=1}^c\right(H_2{\left(l_t\right)}^{a_t}\·\underset{j=1}{\overset{s}{\Π}}{u}_j^{{\mathrm{\η}}_j}),v)$

Audited if setting up and passed through, do not passed through otherwise.

9. a kind of data delete the system that weight and user identity anonymity Cloud Server store integrity detection, it is characterised in that bag Include：

System initialization module, pseudorandom hash function and puppet required for generating various systematic parameters and selection scheme with Machine permutation function；

File encryption module, the metadata convergent encryption algorithm of user is encrypted；

Data delete molality block, judge whether Cloud Server has been stored with this document, if stored, user just without going up again Pass；

Data after encryption are uploaded to Cloud Server by data file uploading module, user；

Audit Module, auditing by third party center is audited to file, and auditing result is returned into user.