CN106991148A - It is a kind of to support the full database authentication system and method for updating operation - Google Patents

It is a kind of to support the full database authentication system and method for updating operation Download PDF

Info

Publication number
CN106991148A
CN106991148A CN201710190195.4A CN201710190195A CN106991148A CN 106991148 A CN106991148 A CN 106991148A CN 201710190195 A CN201710190195 A CN 201710190195A CN 106991148 A CN106991148 A CN 106991148A
Authority
CN
China
Prior art keywords
database
client
server
data
count
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710190195.4A
Other languages
Chinese (zh)
Other versions
CN106991148B (en
Inventor
马建峰
陈晓峰
习宁
张志为
杨昌松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710190195.4A priority Critical patent/CN106991148B/en
Publication of CN106991148A publication Critical patent/CN106991148A/en
Application granted granted Critical
Publication of CN106991148B publication Critical patent/CN106991148B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2358Change logging, detection, and notification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2365Ensuring data consistency and integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to database technical field, a kind of database authentication system and method for supporting full renewal to operate is disclosed, it is proposed that incrementally with the reversible Bloom filter promised to undertake, solve the problems, such as the rapid data Converse Index in limited range;And on this basis, propose and support the full database authentication system and method for updating operation (insert, delete and replace), solve the defect that traditional verification method only supports the static database of fixed size to verify, eliminate vector in database expansion process and promise to undertake the expense for recalculating and verifying, improve database authentication efficiency, suitable for most dynamic data base system used in network today, it is ensured that the integrality of cloud database.

Description

It is a kind of to support the full database authentication system and method for updating operation
Technical field
The invention belongs to database technical field, more particularly to it is a kind of support the full database authentication system for updating operation and Method.
Background technology
With the fast development of communication network, cloud computing technology, by resource constraint enterprises and individuals by its large-scale number It is outsourced to according to storehouse in cloud storage service device.The storages of data, tissue, management and reliability, availability ensure by cloud service Provider is responsible for so that user need not build the data center of oneself, reduce the cost of user.But cloud storage technology gives people While bring that greatly storage is convenient, also bring huge security challenge.Due to data position and organizational form to Family is transparent, in cloud platform and cloud service provider not exclusively believable cloud storage environment, is stored on cloud server Data very likely deleted, distort, pollute by malicious attacker, or damage due to cloud storage service device, collapse are caused The loss of data storage.
Integrity verification and recovery currently for cloud storage data have had more achievement, Merkle Hash trees (CN201310185462.0, CN201310246856.0), dynamic POR (Proofs of Retrievability) Etc. (CN201410350589.8) method is verified, but integrally still lacks effective verification method for cloud database.For The integrity verification of cloud database is realized, Benabbas, Gennaro and Vahlis be firstly introduced and can verify that database The concept of (abbreviation VDB) so that resource-constrained client can verify one that high in the clouds is stored under limited resources environment Very big database, for after efficiently retrieve and update the data storehouse record provides facilitate (Backes M, Fiore D, Reischuk R M.Verifiable delegation of computation on outsourced data[C] .Proceedings of the 2013 ACM SIGSAC conference on Computer&communications security.ACM,2013:863-874.).If server attempts to tamper with database, it will be detected by user.Meanwhile, visitor Calculating and storage resource that family end is used in VDB schemes are not dependent on the size of database.First practical VDB scheme be By using the polynomial primitive construction that can verify that commission.However, the program is without the open attribute that can verify that.Also It is to say, only the owner of database can verify the correctness of data, third party's arbitration checking is not supported.Therefore, Catalano and Fiore are proposed one and the VDB schemes (D.Catalano for building sharable content object are promised to undertake based on original vector and D.Fiore,Vector commitments and their applications,PKC 2013,LNCS 7778, Springer-Verlag,pp.55-72,2013.).On the basis of the program, Chen points out Catalano-Fiore VDB frames The security vulnerabilities of frame, then propose the VDB schemes of a new sharable content object using the idea for promising to undertake constraint.Wherein, own Calculate the normal size that is all based in bilinearity group of structure it is assumed that therefore for real-world application be it is efficient (X.Chen, J.Li,X.Huang,J.Ma,and W.Lou,New Publicly Verifiable Databases with Efficient Updates,IEEE Transactions on Dependable and Secure Computing,Inpress,2015)。
However, existing VDB schemes all only support that substituting this update operates, main cause is the data note of Outsourced database Record bar number must be fixed, when insertion operation occurs for database, then the data newly added can not be verified, it is necessary to be weighed New to calculate and generation common parameter and promise vector, complexity is O (q) power level (wherein q represents the size of database), and this will Configuration phase to client brings huge overhead.2016, Miao proposed stratification and is based on promising to undertake vectorial VDB side Method operates (insertion, deletion, replacement) (M.Miao, J.Wang, J.Ma, and W.Susilo, Publicly to support to update entirely verifiable databases with efficient insertion/deletion operations,Journal of Computer and System Sciences).However, when client is in the same position insert continually data record of database When, the number of levels during hierarchy type is promised to undertake is linearly increasing.Therefore, the calculating of Cloud Server (rather than client) and storage overload Also will be linearly increasing, and it reduce the efficiency of VDB schemes.
In order to ensure that data will not be entered in storing process by disabled user, untrusted third party, untrusted Cloud Server Row modification, it is therefore desirable to which the integrality to database is verified.Traditional database authentication scheme can support the renewal replaced Operation, but the database of fixed size is only limitted to, and when occurring insertion and updating operation, it is necessary to recalculate vectorial promise, band Carry out huge overhead.However, increasing application demand is that user is carried out frequently to the data being stored on cloud now The operations such as insertion, replacement, deletion, while when data are entered Mobile state and updated, it is desirable to which data dynamically update the expense brought and to the greatest extent may be used Can be small.Therefore, existing database authentication method can not be directly used under the storage environment of dynamic cloud database.
In summary, the problem of prior art is present be:Held due to regenerating common parameter and vector needed for verifying Promise expense is than larger, and the traditional database proof scheme limited by fixed size only supports replacement operation, it is impossible to support insertion and Deletion action.And in today of nowadays information-based high speed development, database fixed size will can not meet growing number According to storage demand.Therefore, how to realize that the support for updating operation complete to dynamic data base (is inserted in the case where ensureing client performance requirement Enter, delete and replace) it is main contributions point of the invention.
The content of the invention
The problem of existing for prior art, the full database authentication system for updating operation is supported the invention provides a kind of And method.
The present invention is achieved in that to eliminate because insertion operation causes common parameter and vector in database to be promised to undertake The overhead recalculated, the present invention devises the band promise of new data directory structure-incrementally based on Bloom filter Reversible Bloom filter.Here, the present invention gives the reversible Bloom filter that a kind of band is promised to undertake first, what the band was promised to undertake can Inverse Bloom filter is defined as follows:
OrderFor two random Hash functions;Define bag in each CIBF unit Bs [i] (1≤i≤q) Containing three fields:
" count " field, initial value is 0:The quantity 1 of all elements in counter field, wherein memory cell B [i] ≤i≤q;The insertion or deletion of element x are equal to B [i] .count plus or minus ones in B [i];
" idHash " field, with initial value χ (0):Value field is promised to undertake, it stores the hash of all Sequential Elements in B [i] Value χ ();
Define the f (count) of q item datas before B [q+1] .count and B [q+1] .idHash fields difference representation database Promised to undertake with idHash vector, i.e. B [q+1] .count=VC (f (B [0] .count) ..., f (B [q] .count)), B [q+ 1] .idHash=VC (χ (B [0] .count) ..., χ (B [q] .count)).On the basis of being as defined above, of the invention is another One purpose is to devise a kind of incrementally with the reversible Bloom filter promised to undertake, the grand mistake of reversible cloth incrementally with promise The specific expanded definition of filter is as follows:
DefinitionIt is increasing sequence (b by " count " field definition1,b2,...,bq);Data Index process is as follows:
1) for search index Server first determining unit index x, 1≤x≤q and
2) server is by bx-1And bxInformation and corresponding checking authority give client;
3) if checking authority is legal, client determines indexIt is l-th of element in xth unit, i.e.,Wherein
Another object of the present invention is to provide a kind of number described in incrementally with the reversible Bloom filter promised to undertake According to storehouse verification method, the database authentication method includes:
(1) configuration phase:By client to can verify that database carries out initialization operation Setup (1k, DB), define public Parameter PP, calculates vector and promises to undertake CC, generation certificate parameter (public key PK, database coding S and private key SK), and relevant information is connected Server is together uploaded to database, the checking in data procedures to data base integrity is inquired about for subsequent user;Configuration Function Setup (1k, DB) in k represent security parameter, DB represents operated database, i.e. DB=(x, vx),1≤x≤q;
(2) inquiry phase:Client submits inquiry requestDatabase-located client inquires about number According to, and checking authority is calculated according to certificate parameter, then issue client together with data;Inquiry operationIn, PK represents public key, and S representation databases are encoded,Represent the index of client query data;
(3) Qualify Phase:Client is verified to credential serverThe legal output of checking is looked into Ask data;Otherwise validation failure is exported;
(4) the more new stage:When replacement, deletion and insertion operation occur for client, server-side database is updated, Simultaneously by client Collaboration Server amendment certificate parameter.
Further, described (1) concrete configuration process is as follows:
1) common parameter PP is defined
OrderWithRepresent that Prime Orders p circulation multiplication group possesses bilinearity corresponding relationG is representedGenerating function,Represent cryptographic Hash function;
From prime number spaceQ element of middle random selectionAnd calculate1≤i,j ≤ q and i ≠ j;
Generate common parameterWherein message space
2) calculate vector and promise to undertake CC, generate subsequent authentication parameter
According to common parameter PP, count field (1,2 ..., vector promise q)And data Record (v1,v2,...,vq) vector promise
Client randomly chooses 1 elementGenerate Y=gy, then calculateAnd by H0 It is sent to server end;Wherein, T represents counter and initial value is 0;
If H0Legal, server is by (H0,CC,CR, T) and information is added in auxiliary information aux;
After the completion of calculating, following certificate parameter is configured:Public key PK=(PP, Y, CC,CR), database coding S=(PP, aux, DB), private key SK=y.
Further, described (2) detailed process is as follows:
Current count Field Count is (b1,b2,...,bq), whereinDefinition Then haveAnd
Given search indexServer determining unit index 1≤x≤q, and meeting first (define b0=0);
Then server is calculatedAndGenerate validating documents
Validating documents and data are together returned to client by server.
Further, described (3) detailed process is as follows:Information of the client in credential server, calculates e (H respectively0, G) andWithWith e (πx,g);And Whether checking three below condition meets:
1)e(H0, g) it is equal to
2)It is equal to
3)Equal to e (πx,g);
When three above condition is met simultaneously, show that database is not tampered with, be verified;Client according toObtain The data to be accessed
Further, replacement operation includes in described (4):
Client obtains current record from server firstI.e. client obtains proof τ from server, and verifies logical Cross;
Then, T=T+1 is updated,Meanwhile, client calculates CC'=CC,WithClient willIt is sent to server;
If tx' legal, server is usedCarry out the data stored in replacement data storehouse in data cell x, i.e.,Meanwhile, server update public key PK=(PP, Y, CC′,CR'), and database is encoded into the auxiliary information in S (H0,CC,CR, T) and it is updated to (tx′,CC′,CR′,T)。
Further, the renewal process of deletion action is v in replacement operation in described (4)x'=φ situation.
Further, insertion operation includes in described (4):
When client is in data cell xData v is inserted afterwards*, i.e.,
Then, T=T+1 is updated;Meanwhile, client is calculatedWithClient willIt is sent to server;
If tx' legal, server is usedCarry out the data stored in replacement data storehouse in data cell x, i.e.,Meanwhile, in server update Bloom filter after data cell x all unit i (x≤i≤q) counting word Section, i.e. bi=bi+1;Last server update public key PK=(PP, Y, CC′,CR'), and database is encoded into the auxiliary information in S (H0,CC,CR, T) and it is updated to (tx′,CC′,CR′,T)。
Another object of the present invention is to provide a kind of dynamic data for the reversible Bloom filter for applying the band to promise to undertake Storehouse system.
Advantages of the present invention and good effect are:Propose with the reversible Bloom filter promised to undertake and incrementally with promise Reversible Bloom filter, solves the problems, such as the data Converse Index in limited range;And on this basis, by Bloom filter With promising to undertake that vector calculation is combined, it is proposed that support updates the VDB methods of operation (insertion, replacement, deletion) entirely, it is to avoid Database fixed size causes common parameter and vector to promise to undertake the overhead recalculated in conventional authentication system and method, carries The high efficiency of VDB system and method, and the dynamic change of VDB system size is supported, it is more applicable for network today and is used Most dynamic data base system.Safety verification for dynamic cloud database provides technical support, it is ensured that cloud database Integrality.
Brief description of the drawings
Fig. 1 is the full database authentication method flow diagram for updating operation of support provided in an embodiment of the present invention.
Fig. 2 is CIBF provided in an embodiment of the present invention insertion and deletion action schematic diagram.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
The application principle of the present invention is explained in detail below in conjunction with the accompanying drawings.
As shown in figure 1, the full database authentication method for updating operation of support provided in an embodiment of the present invention includes following step Suddenly:
S101:Configuration phase:By client to can verify that database (VDB) carries out initialization operation:Define common parameter, Calculate vector to promise to undertake, generate certificate parameter, and relevant information is uploaded to server together with database, for subsequent user Inquire about the checking to data base integrity in data procedures;
S102:Inquiry phase:Client submits inquiry request, and database-located client inquires about data, and according to testing Demonstrate,prove parameter and calculate checking authority, then issue client together with data;
S103:Qualify Phase:Client is verified to credential server, verifies that data are inquired about in legal output;Otherwise Export validation failure;
S104:The more new stage:When replacement, deletion and insertion operation (updating operation) occur for client, server end number It is updated according to storehouse, while by client Collaboration Server amendment certificate parameter.
The application principle of the present invention is further described below in conjunction with the accompanying drawings.
In order to which the database authentication method to fixed size is extended, the invention mainly comprises the content of two parts, It is that, with the reversible Bloom filter promised to undertake, another is then the database authentication method for supporting full operation first.
1. with the reversible Bloom filter promised to undertake
(1) with the reversible Bloom filter definition promised to undertake
With promise to undertake reversible Bloom filter (CIBF) be it is a kind of Bloom filter is extended after data structure, together When there is element inquiry and vectorial commitment function, for looking into there is the element in the big data set S of insertion and deletion action Ask.It is defined as follows:
OrderFor two random Hash functions.Define each CIBF units (Cell) B [i] (1≤i≤ Q) three fields are included in:
" count " field (initial value is 0):The quantity 1 of all elements in counter field, wherein memory cell B [i] ≤i≤q.Note, the insertion (or deletion) of element x adds 1 (or subtracting 1) equal to B [i] .count in B [i].
" idHash " field (has initial value χ (0)):Value field is promised to undertake, all Sequential Elements dissipates in its storage B [i] Train value χ ().
Define the f (count) of q item datas before B [q+1] .count and B [q+1] .idHash fields difference representation database Promised to undertake with idHash vector, i.e. B [q+1] .count=VC (f (B [0] .count) ..., f (B [q] .count)), B [q+ 1] .idHash=VC (χ (B [0] .count) ..., χ (B [q] .count)).
CIBF insertion and deletion action example are as shown in Figure 2.
Note, insertion deletion is an ordered operation.Data record (x, y) in one CIBF unit (Cell) with (y, X) it is different.Herein, record (x, y) represents y to be inserted into behind x.In addition, under this structure, it is allowed to constantly hold Row identical operation insertion operation (for example, the repeatedly insertion x in same unit).Compared to IBF models, in x has been set Element if, then can not do insertion operation again.On the other hand, if we will from the deletion record y in a CIBF unit, So y must be the element of this unit.Similarly for IBF models, it is impossible to delete non-existent element y in set.
After some renewal (deletion/insertion/replacement) operations are performed on database D B, CIBF's represents as shown in table 1 Form.
Table 1
Wherein, ai>=0,1≤i≤q represents the number of the data record in a determining unit; Illustrate the vector that all (orderly) data records in same unit i are constituted.
(2) incrementally with the reversible Bloom filter promised to undertake
Under the support with the reversible Bloom filter promised to undertake, the highly effective and safe for realizing large database updates.In order to Ensure the correct index of data record in verification process, devise incrementally with the reversible Bloom filter promised to undertake (Increasing CIBF), i.e., be an incremental sequence for B [i] .count in unit.Specific expanded definition is as follows:
For general CIBF data structures as shown in Figure 2, definitionOn this basis, will " count " field definition is increasing sequence (b1,b2,...,bq), as shown in table 2.
For using the database described by the reversible Bloom filter incrementally with promise, the Index process of data It is as follows:
Table 2
1) for search indexServer first determining unit index x, 1≤x≤q and
2) server is by bx-1And bxInformation and corresponding checking authority give client.
3) if checking authority is legal, client can determine indexIt is l-th of element in xth unit, i.e.,Wherein
2. support the full database authentication process for updating operation
Increment type CIBF structures realize effective index of database data, however directly in refresh counter field to It is very poorly efficient that amount, which is promised to undertake,.Insertion operation is such as performed in unit x, then for all x≤j≤q, it is necessary to update its counting Device and hash value field.Wherein, counter field is bj←bj+ 1 updates operation, and hashing value field then needs to be held by client OKIn q-x+1 exponentiations computing cost.
Here, solving this problem using division hash (Hash Splitting).Make herein in counter field Promise to undertake operation (i.e. VC (f (b1),...,f(b2),...,f(bq))) be:Counter field after then updating Promise is defined as:So havingThis If sample, removeMiddle q-x+1 is multiplied outer, it is only necessary to 1 power operation.In addition, in order to reduce client computing cost,Value can calculate in advance as common parameter.Therefore, client can be efficiently corresponding to refresh counter field Commitment value.
The ordinary circumstance of refresh counter field is considered now.Note, DB original count device field be (1,1 ..., 1) Bloom filter, therefore incrementally is expressed as (1,2 ..., q).Assuming that counter field (the b after updating1,b2,..., bq), we can calculate commitment value with recursionTherefore, client can be according to x, bx- x and phase It is b that the information such as the checking authority answered, which calculate the counting section updated required for unit x,x
The full database authentication process for updating operation is supported to include following 4 stages:
(1) configuration phase:By client to can verify that database (VDB) carries out initialization operation Setup (1k, DB), it is fixed Adopted common parameter PP, calculates vector and promises to undertake CCAnd CR, generation certificate parameter (public key PK, database coding S and private key SK), and will Relevant information is together uploaded to server together with database, is inquired about for subsequent user in data procedures to data base integrity Checking.The stage, main calculated by user terminal completed.Wherein, configuration function Setup (1k, DB) in k represent security parameter, DB tables Show operated database, i.e. DB=(x, vx),1≤x≤q.Concrete configuration process is as follows:
1) common parameter PP is defined
OrderWithPrime Orders p circulation multiplication group is represented, possesses bilinearity corresponding relationG tables ShowGenerating function,Represent cryptographic Hash function.
From prime number spaceQ element (i.e. Database size) of middle selectionAnd calculate 1≤i, j≤q and i ≠ j.
Generate common parameterWherein message space
2) calculate vector and promise to undertake CC, generate subsequent authentication parameter
According to common parameter PP, count field (1,2 ..., vector promise q)And data Record (v1,v2,...,vq) vector promise
Client randomly chooses 1 elementGenerate Y=gy, then calculateAnd by H0 It is sent to server end.Wherein, T represents counter and initial value is 0.
If H0Legal, server is by (H0,CC,CR, T) and information is added in auxiliary information aux.
After the completion of calculating, following certificate parameter is configured:Make public key PK=(PP, Y, CC,CR), database coding S=(PP, Aux, DB), private key SK=y.
So far, database authentication configuration is completed, the integrality that client can be in follow-up query process to database Verified.
(2) inquiry phase:Client submits inquiry requestDatabase-located client inquires about number According to, and checking authority is calculated according to common parameter, then issue client together with data.Inquiry operationIn, PK represents public key, and S representation databases are encoded,Represent the index of client query data.
Assuming that current count Field Count is (b1,b2,...,bq), whereinDefinitionThen haveAnd
Given search indexServer determining unit index 1≤x≤q, and meeting first (define b0=0).
Then server is calculatedAndGenerate validating documents
Validating documents and data are together returned to client by server.
(3) Qualify Phase:Client is verified to credential serverThe legal output of checking is looked into Ask data;Otherwise validation failure is exported.
Information of the client in credential server, calculates e (H respectively0, g) and WithWith e (πx,g);And verify whether three below condition is full Foot:
1)e(H0, g) it is equal to
2)It is equal to
3)Equal to e (πx,g)。
When three above condition is met simultaneously, show that database is not tampered with, be verified.Client according toObtain The data to be accessed
(4) the more new stage:When replacement, deletion and insertion operation (updating operation) occur for client, servers' data Storehouse is updated, while by client Collaboration Server amendment certificate parameter.
1) replacement operation
In order to replace indexRecord, client first from server obtain current recordThat is client is from server Obtaining proves τ, and is verified.
Then, T=T+1 is updated,Meanwhile, client calculates CC'=CC,WithClient willIt is sent to server.
If tx' legal, server is usedCarry out the data stored in replacement data storehouse in data cell x, i.e.,Meanwhile, server update public key PK=(PP, Y, CC′,CR'), and database is encoded into the auxiliary information in S (H0,CC,CR, T) and it is updated to (tx′,CC′,CR′,T)。
So far, replacement operation data and certificate parameter, which update, completes, and new certificate parameter is by follow-up data access Used.
2) deletion action
The renewal process of deletion action is basically identical with replacing, and is v in replacement operationx'=φ situation.
3) insertion operation
When client is in data cell xData v is inserted afterwards*, i.e.,
Then, T=T+1 is updated;Meanwhile, client is calculatedWithClient willIt is sent to server.
If tx' legal, server is usedCarry out the data stored in replacement data storehouse in data cell x, i.e.,Meanwhile, in server update Bloom filter after data cell x all unit i (x≤i≤q) counting word Section, i.e. bi=bi+1.Last server update public key PK=(PP, Y, CC′,CR'), and database is encoded into the auxiliary information in S (H0,CC,CR, T) and it is updated to (tx′,CC′,CR′,T)。
So far, insertion operation data and certificate parameter, which update, completes, and new certificate parameter is by follow-up data access Used.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention Any modifications, equivalent substitutions and improvements made within refreshing and principle etc., should be included in the scope of the protection.

Claims (10)

1. the reversible Bloom filter that a kind of band is promised to undertake, it is characterised in that the reversible Bloom filter definition that the band is promised to undertake is such as Under:
OrderFor two random Hash functions;Define in each CIBF unit Bs [i] comprising three fields:1≤ i≤q;
" count " field, initial value is 0:1≤i of quantity of all elements in counter field, wherein memory cell B [i]≤ q;The insertion or deletion of element x are equal to B [i] .count plus or minus ones in B [i];
" idHash " field, with initial value χ (0):Value field is promised to undertake, it stores the hashed value χ of all Sequential Elements in B [i] (·);
Define before B [q+1] .count and B [q+1] .idHash fields difference representation database the f (count) of q item datas and IdHash vector promise, i.e. B [q+1] .count=VC (f (B [0] .count) ..., f (B [q] .count)), B [q+1] .idHash=VC (χ (B [0] .count) ..., χ (B [q] .count)).
2. a kind of reversible Bloom filter that band as claimed in claim 1 is promised to undertake, it is characterised in that the reversible cloth that the band is promised to undertake Grand filtering implement body expanded definition is as follows:
DefinitionIt is increasing sequence (b by " count " field definition1,b2,...,bq);The index of data Process is as follows:
1) for search index Server first determining unit index x, 1≤x≤q and
2) server is by bx-1And bxInformation and corresponding checking authority give client;
3) if checking authority is legal, client determines indexIt is l-th of element in xth unit, i.e., Wherein
3. a kind of database authentication method using as claimed in claim 1 with the reversible Bloom filter promised to undertake, its feature exists In the database authentication method includes:
(1) configuration phase:By client to can verify that database carries out initialization operation Setup (1k, DB), define common parameter PP, calculates vector and promises to undertake CC, generation certificate parameter (public key PK, database coding S and private key SK), and by relevant information together with number Server is together uploaded to according to storehouse, the checking in data procedures to data base integrity is inquired about for subsequent user;Configuration function Setup(1k, DB) in k represent security parameter, DB represents operated database, i.e. DB=(x, vx),1≤x≤q;
(2) inquiry phase:Client submits inquiry requestDatabase-located client inquires about data, and Checking authority is calculated according to certificate parameter, then client is issued together with data;Inquiry operationIn, PK represents public key, and S representation databases are encoded,Represent the index of client query data;
(3) Qualify Phase:Client is verified to credential serverNumber is inquired about in the legal output of checking According to;Otherwise validation failure is exported;
(4) the more new stage:When replacement, deletion and insertion operation occur for client, server-side database is updated, simultaneously By client Collaboration Server amendment certificate parameter.
4. database authentication method as claimed in claim 3, it is characterised in that (1) the concrete configuration process is as follows:
1) common parameter PP is defined
OrderWithRepresent that Prime Orders p circulation multiplication group possesses bilinearity corresponding relationG is represented's Generating function,Represent cryptographic Hash function;
From prime number spaceQ element of middle random selectionAnd calculate1≤i, j≤q and i≠j;
Generate common parameterWherein message space
2) calculate vector and promise to undertake CC, generate subsequent authentication parameter
According to common parameter PP, count field (1,2 ..., vector promise q)And data record (v1,v2,...,vq) vector promise
Client randomly chooses 1 elementGenerate Y=gy, then calculateAnd by H0Send To server end;Wherein, T represents counter and initial value is 0;
If H0Legal, server is by (H0,CC,CR, T) and information is added in auxiliary information aux;
After the completion of calculating, following certificate parameter is configured:Public key PK=(PP, Y, CC,CR), database coding S=(PP, aux, DB), Private key SK=y.
5. database authentication method as claimed in claim 3, it is characterised in that (2) detailed process is as follows:
Current count Field Count is (b1,b2,...,bq), whereinDefinition Then haveAnd
Given search indexServer determining unit index 1≤x≤q, and meeting first(definition b0=0);
Then server is calculatedAndGenerate validating documents
Validating documents and data are together returned to client by server.
6. database authentication method as claimed in claim 3, it is characterised in that (3) detailed process is as follows:Client root According to the information in credential server τ, e (H are calculated respectively0, g) and With With e (πx,g);And verify whether three below condition meets:
1)e(H0, g) it is equal to
2)It is equal to
3)Equal to e (πx,g);
When three above condition is met simultaneously, show that database is not tampered with, be verified;Client according toAcquisition is wanted The data of access
7. database authentication method as claimed in claim 3, it is characterised in that replacement operation includes in (4):
Client obtains current record from server firstI.e. client obtains proof τ from server, and is verified;
Then, T=T+1 is updated,Meanwhile, client calculates CC'=CC, WithClient willIt is sent to server;
If tx' legal, server is usedCarry out the data stored in replacement data storehouse in data cell x, i.e., Meanwhile, server update public key PK=(PP, Y, CC′,CR'), and database is encoded into the auxiliary information (H in S0,CC,CR, T) more It is newly (tx′,CC′,CR′,T)。
8. database authentication method as claimed in claim 3, it is characterised in that the renewal process of deletion action in (4) It is v in replacement operationx'=φ situation.
9. database authentication method as claimed in claim 3, it is characterised in that insertion operation includes in (4):
When client is in data cell xData v is inserted afterwards*, i.e.,
Then, T=T+1 is updated;Meanwhile, client is calculatedWith Client willIt is sent to server;
If tx' legal, server is usedCarry out the data stored in replacement data storehouse in data cell x, i.e., Meanwhile, in server update Bloom filter after data cell x all unit i (x≤i≤q) count area, i.e. bi=bi+ 1;Last server update public key PK=(PP, Y, CC′,CR'), and database is encoded into the auxiliary information (H in S0,CC,CR,T) It is updated to (tx′,CC′,CR′,T)。
10. the dynamic data base system with the reversible Bloom filter promised to undertake described in a kind of application claim 1.
CN201710190195.4A 2017-03-27 2017-03-27 Database verification system and method supporting full-update operation Active CN106991148B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710190195.4A CN106991148B (en) 2017-03-27 2017-03-27 Database verification system and method supporting full-update operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710190195.4A CN106991148B (en) 2017-03-27 2017-03-27 Database verification system and method supporting full-update operation

Publications (2)

Publication Number Publication Date
CN106991148A true CN106991148A (en) 2017-07-28
CN106991148B CN106991148B (en) 2020-11-27

Family

ID=59412942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710190195.4A Active CN106991148B (en) 2017-03-27 2017-03-27 Database verification system and method supporting full-update operation

Country Status (1)

Country Link
CN (1) CN106991148B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737069A (en) * 2018-04-18 2018-11-02 西安电子科技大学 A kind of detection method for supporting error logging positioning to can verify that database
CN108874604A (en) * 2018-06-28 2018-11-23 郑州云海信息技术有限公司 A kind of method and system of verifying encryption equipment encryption data authenticity
CN108959035A (en) * 2018-07-10 2018-12-07 佛山伊苏巨森科技有限公司 A kind of method of entry validity in test block chain database data structure
WO2019195989A1 (en) * 2018-04-09 2019-10-17 Huawei Technologies Co., Ltd. Zero-knowledge range proof with reversible commitment
CN114881233A (en) * 2022-04-20 2022-08-09 深圳市魔数智擎人工智能有限公司 Distributed model reasoning service method based on container
CN117134993A (en) * 2023-10-24 2023-11-28 武汉大学 Search ciphertext detectable method and equipment based on accumulated promise verification

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8032529B2 (en) * 2007-04-12 2011-10-04 Cisco Technology, Inc. Enhanced bloom filters
CN103095453A (en) * 2011-07-08 2013-05-08 Sap股份公司 Public-key Encrypted Bloom Filters With Applications To Private Set Intersection
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8032529B2 (en) * 2007-04-12 2011-10-04 Cisco Technology, Inc. Enhanced bloom filters
CN103095453A (en) * 2011-07-08 2013-05-08 Sap股份公司 Public-key Encrypted Bloom Filters With Applications To Private Set Intersection
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JIANFENG WANG 等: "Verifiable Search for Dynamic Outsourced Database in Cloud Computing", 《10TH INTERNATIONAL CONFERENCE ON BROADBAND AND WIRELESS COMPUTING, COMMUNICATION AND APPLICATIONS》 *
MEIXIAMIAO 等: "Publicly verifiable databases with efficient insertion/deletion operations", 《JOURNAL OF COMPUTER AND SYSTEM SCIENCES》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019195989A1 (en) * 2018-04-09 2019-10-17 Huawei Technologies Co., Ltd. Zero-knowledge range proof with reversible commitment
CN108737069A (en) * 2018-04-18 2018-11-02 西安电子科技大学 A kind of detection method for supporting error logging positioning to can verify that database
CN108874604A (en) * 2018-06-28 2018-11-23 郑州云海信息技术有限公司 A kind of method and system of verifying encryption equipment encryption data authenticity
CN108874604B (en) * 2018-06-28 2021-07-06 郑州云海信息技术有限公司 Method and system for verifying authenticity of encrypted data of encryption equipment
CN108959035A (en) * 2018-07-10 2018-12-07 佛山伊苏巨森科技有限公司 A kind of method of entry validity in test block chain database data structure
CN114881233A (en) * 2022-04-20 2022-08-09 深圳市魔数智擎人工智能有限公司 Distributed model reasoning service method based on container
CN117134993A (en) * 2023-10-24 2023-11-28 武汉大学 Search ciphertext detectable method and equipment based on accumulated promise verification
CN117134993B (en) * 2023-10-24 2024-01-05 武汉大学 Search ciphertext detectable method and equipment based on accumulated promise verification

Also Published As

Publication number Publication date
CN106991148B (en) 2020-11-27

Similar Documents

Publication Publication Date Title
CN106991148A (en) It is a kind of to support the full database authentication system and method for updating operation
CN107292181B (en) Database system based on block chain and using method using system
Chen et al. New publicly verifiable databases with efficient updates
Li et al. OPoR: Enabling proof of retrievability in cloud computing with resource-constrained devices
CN103268460B (en) A kind of cloud integrity of data stored verification method
CN106897368B (en) Merkle Hash summation tree and verifiable database updating operation method thereof
CN105760781B (en) The storage method, restoration methods and operating method of large data files can be deduced in order
Giri et al. A survey on data integrity techniques in cloud computing
Meenakshi et al. Cloud server storage security using TPA
Gudeme et al. Review of remote data integrity auditing schemes in cloud computing: taxonomy, analysis, and open issues
Zhang et al. Blockchain-assisted data sharing supports deduplication for cloud storage
Chen et al. A remote data integrity checking scheme for big data storage
Wang et al. A new secure data deduplication approach supporting user traceability
Wang et al. A lightweight data integrity verification with data dynamics for mobile edge computing
Thakur et al. Data integrity techniques in cloud computing: an analysis
Zou et al. Dynamic provable data possession based on ranked Merkle hash tree
Chen et al. Ensuring dynamic data integrity with public auditability for cloud storage
Huang et al. EBD-MLE: enabling block dynamics under BL-MLE for ubiquitous data
Chen et al. Design of safety and integrated disaster prevention system based on big data technology
CN105338004A (en) Public auditing method with privacy protection applicable to low-performance equipment in cloud environment
Wang et al. Data integrity verification scheme with designated verifiers for dynamic outsourced databases
Zhao et al. Privacy-preserving TPA Auditing Scheme Based on Skip List for Cloud Storage.
Tian et al. An efficient auditing scheme with a novel structure for multiple replicas
Zhang et al. An integrity verification scheme for multiple replicas in clouds
Shen et al. Remote data authentication scheme based balance binary sort Merkle hash tree

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant