CN107566118A - The cloud auditing method that lightweight user Dynamic Revocable and data can dynamically update - Google Patents

Abstract

The present invention proposes a cloud audit method in which light-weight users can be dynamically revoked and data can be dynamically updated: first, users can achieve efficient dynamic revocation (including changing public and private keys), and in the user revocation stage, multiple one-way proxy re-signatures are used technology, new users only need to calculate the re-signature key, and do not need to download data from the cloud to re-sign and then upload to the cloud; secondly, it can ensure real-time dynamic update of data (insert, delete, modify), and introduce Virtual index, when the data is dynamically updated, only the ID code of the updated data block changes, and the ID codes of the rest of the data blocks remain unchanged; finally, in the re-signature phase, the cloud server replaces the new user to re-sign, and in the audit stage, the third-party audit center replaces the current user to verify the integrity of the data stored in the cloud, which greatly reduces the computing overhead of the end user and the communication overhead of the system; the present invention is efficient and safe.

Description

A cloud auditing method with lightweight users that can be dynamically revoked and data that can be dynamically updated

technical field

The invention belongs to the remote cloud storage data open audit technology, in particular to a public cloud audit method in which lightweight users can dynamically revoke and stored data can be dynamically updated.

Background technique

Cloud storage is a system composed of network devices, storage devices, servers, application software, public access interfaces, access networks, and clients. Highly concentrated computing resources make cloud storage face serious security challenges. In recent years, the security storage issues exposed by major cloud operators have aroused widespread concern and concern. For example, in March 2011, Google's Gmail mailbox failed, and this failure caused the data loss of about 150,000 users. In August 2013, Shanda Cloud, a domestic cloud provider, lost part of the customer data due to a physical server disk failure in the computer room. It can be seen that the research on data security issues in remote cloud storage is of great significance.

Usually, the user stores the original data (unencrypted data) directly on the remote cloud server. In order to save storage resources, the data copy is not saved locally, so the user may face the following three behaviors of data damage: ①Data loss due to software failure or hardware damage , this damage is a small probability event; ②The data stored in the cloud may be maliciously damaged by other users, among them, the literature Ristenpart T, Tromer E, Shacham H, et al.Hey, you, get off of my cloud:exploring information leakage in third-party compute clouds[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, 2009: 199-212. Taking Amazon EC2 storage service as an example, pointing out that malicious users can Other virtual machines on the host launch attacks and damage the data of other users; ③The cloud service provider may not comply with the service level agreement (SLAs), and for economic benefits, delete some data that users do not frequently access, or take offline storage. Way.

In recent years, Wang et al. have implemented a PDP mechanism that supports full dynamic operation. The mechanism uses a Merkle hash tree to ensure the correctness of the location of the data block, while the value of the data block is ensured by the BLS signature mechanism. In order to reduce the burden on users, this mechanism also introduces an independent third-party TPA to replace users to verify the integrity of data in the cloud, but there is a risk of user privacy leakage in this way. In response to this defect, Wang et al. proposed another privacy-protecting data integrity verification mechanism, which effectively hides the data information in the certificate returned by the cloud server through random masking technology, making it impossible for TPA to obtain the authenticity of the data. The content ensures the confidentiality of the data.

Subsequently, relevant scholars proposed a series of classic cloud storage data public audit schemes with data privacy protection functions, but it was found that these schemes were limited to users (enterprises and individuals) in the process of using cloud storage systems, users and their public and private keys. It is always the same, and it cannot efficiently update the data in real time and dynamically. First of all, the reason why the user remains unchanged is that the data integrity verification tag in the cloud storage server is closely related to the user's private key. If the user and his public-private key pair have been replaced, but the cloud server still retains the data verification label signed with the original private key, TPA cannot complete the audit task. However, in practical applications, there are obviously situations where users and their public-private keys are replaced. For example: in the cloud service storage system (i) the user’s public-private key pair may be updated for some reason after a period of time; (ii) the user may Is a manager of company data, he may leave his job for some reasons, such as the expiration of his term of office or job hopping. Secondly, the authentication tag of the data block in these schemes contains the real index of the data block. In this case, the dynamic update efficiency of cloud data is not high. If a data block is inserted or deleted, the indexes of all data blocks after this data block Even if the content of these data blocks has not changed, users still have to recalculate their authentication tags for the data blocks that change the index, resulting in very inefficient data dynamic updates. Therefore, a cloud audit solution that supports efficient and dynamic revocation by users and real-time dynamic update of stored data is more suitable for practical applications.

Wang et al. first introduced the shared cloud storage audit problem, and proposed a user-revocable self-audit scheme based on group signatures, and some shared cloud user-revocable public audit schemes based on dynamic broadcast re-signature schemes and two-way proxy signatures. Subsequently, Yuan et al. proposed a public integrity check scheme using a similar group signature technique. Since the above-mentioned schemes all involve group signature and broadcast encryption technology, the efficiency of the user revocable audit scheme is too low to meet the actual application requirements. In 2015, Wang et al. proposed an efficient user-revocable public audit scheme Panda: Wang B, Li B, Li H. Panda: Public Auditing for Shared Data with EfficientUser Revocation in the Cloud[J]. IEEE Transactions on Services Computing, 2015,8(1):92-106. With the help of proxy re-signature technology, this scheme converts the data block signatures of different users into the current user signature form, which satisfies the user's revocable cloud storage data audit requirements. In 2017, Wang et al. proposed Panda Plus based on the original Panda solution: Wang B, Li B, Li H. Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud[C]//OnlineInternationalConference on Green Engineering and Technologies. IEEE,2017:2904-2912. This scheme reduces the number of re-signature key calculations, supports multi-task simultaneous auditing, greatly improves the efficiency of public auditing, and is currently the best solution to this type of problem. However, their scheme has certain limitations: (1) The collusion between the cloud server and the revoked user may cause the leakage of the current user's private key; (2) The collusion between the third-party audit TPA and the revoked user may cause the TPA to steal the user's data privacy. In 2016, Zhang et al. proposed a cloud storage data public audit scheme that supports user revocation based on proxy resignature: Zhang Xinpeng, Xu Chunxiang, Zhang Xinyan, et al., Proxy resignature support user revocable cloud storage data public audit scheme [J]. Computer Applications, 2016, 36(7): 1816-1821, but this solution does not satisfy the user's dynamic revocation and real-time dynamic update of stored data.

Contents of the invention

In order to solve the technical problems that the existing cloud audit method is limited to individuals and enterprises during the whole process of using the cloud storage system, users and their public and private keys remain unchanged, and cloud storage data cannot be dynamically updated in real time, the present invention provides a lightweight A public cloud audit method in which users can dynamically revoke and stored data can be dynamically updated.

Technical solution of the present invention:

A public cloud audit method in which lightweight users can dynamically revoke and stored data can be dynamically updated, including the following steps:

1) Initialization: Input the security parameter λ, assign a value to δ at the same time, and the system outputs public parameters {G ₁ ,G ₂ ,p,g,e,H ₁ ,H ₂ ,h,u,ρ}, where G ₁ , G ₂ is the cyclic multiplication group of prime order p, g is the generator of group G ₁ , e is the bilinear pairing on G ₁ ×G ₁ →G ₂ , and randomly select three safe hashes in the safe Hash function family Function: H ₁ : {0,1} ^* → G ₁ , H ₂ : {0,1} ^* → Z _p , u∈G ₁ is a global constant, ρ=2 ^δ , δ∈N ₊ is determined by the content type of the stored file and the number of users;

every user in the system pick a number at random Calculate the user's private key X _j =sk _j =x _j h(T _j ), public key and tenure certification label And public key pk _j ;

Use U ₀ , U ₁ ,…,U _j to represent users that are dynamically replaced in time order, and T ₀ , T ₁ ,…,T _j to represent the tenure of each user;

2) The initial user interacts with the CSP:

2.1) The initial user generates a signature: the initial user U ₀ blocks the file F, F={m ₁ ,m ₂ ,…,m _n }, each data block m _i ∈ Z _p , where i∈I={1 ,2,...,n}, each file F has a file tag Tag _F , and the file tag Tag _F contains the file name or other attribute characteristics of the file;

The initial user U ₀ inputs its public-private key pair (X ₀ , Y ₀ ), and the initial user U ₀ calculates the authentication label of the data block m _i Wherein id _i ={name||η _i ||ξ _i } is the identification code of data block m _i , name is the file name of file F, η _i =i·ρ is the virtual index of data block m _i , data block m _i corresponds to the virtual index η _i in the manner of ξ _i =H ₂ (m _i ||η _i ); is the set of authentication elements, and the set of authentication elements is the set of all authentication tags;

2.2) The initial user U ₀ sends an authentication storage request to the CSP:

The initial user U ₀ sends {F, Tag _F , Φ ⁽⁰⁾ , t ⁽⁰⁾ } to the CSP, where {Tag _F , Φ ⁽⁰⁾ , t ⁽⁰⁾ } is an authentication message, and the CSP verifies the authentication message:

If the CSP verification is passed, the CSP stores the file F, and the initial user U ₀ deletes the local record file F;

If the CSP verification fails, the CSP notifies the initial user U ₀ of the failure;

3) When the term of user U _j-1 expires and the new user U _j replaces user U _j-1 , the new user U _j performs the operation of re-signing the key, specifically:

User U _j calculates the re-signature key k _j-1→j and sends it to the CSP;

4) After the CSP receives the re-signature key k _j-1→j of the newly appointed user U _j , it calculates the j-level proxy re-signature of the data block m _i . In order to make the subsequent calculation concise, let:

4.1) Calculate the re-signature label from layer j-1 to layer j

4.2) CSP processes the public key and re-signature key of users (U ₀ , U ₁ , ..., U _j-1 ):

4.3) CSP will Re-sign as a layer- _j proxy for data block mi;

5) When the current user U _j verifies the integrity of the data stored on the CSP, the following operations are performed:

5.1) The current user U _j sends a verification request request, the communication time upper limit Δ and the block index set I of the data block to TPA;

5.2) After receiving the information sent by user U _j , TPA randomly selects c block indexes from block index set I and index each block pick a random number The bit length of v _i should be less than |p|, forming a challenge request TPA sends the challenge request chal to CSP, and records the current time CT ₁ ;

6) When CSP receives the challenge request chal from TPA, it generates a certificate, as follows:

6.1) CSP first calculates the data block a linear combination of For blinding μ', CSP picks a random number Calculation: R=u ^r ∈ G ₁ , ψ=h(R), μ=μ'+rψ∈Z _p ^* , then CSP calculation

6.2) CSP returns proof P={σ,μ,R,{α _l } _l∈J ,{β _l } _l∈J } to TPA;

7) When TPA receives the proof P returned by CSP, it records the current time CT ₂ and performs the following verification:

7.1) TPA calculation: Δt=CT ₂ -CT ₁ , if Δt≤Δ, then the TPA output proves that P is legal and proceeds to audit step 7.2); otherwise, the TPA output proves that P is illegal and the audit is suspended;

7.2) TPA verification equation:

e(α _l ,g)=e(α _l+1 ,β _l ), l∈L={0,1,...,j-1}

e(α _j ,g)=e(Y _j ,β _j )

If the above equations are all true, it means that the data stored on the CSP is complete, and the TPA output verification is successful; otherwise, the TPA output verification fails.

After step 4, a step of dynamically updating data is also included, specifically: the data can be dynamically updated to insert data blocks;

Insertion: The current user U _j inserts a new data block m _i ' between data blocks m _i and m _i+1 :

a1 user U _j first calculates the virtual index of data block m _i ' Then calculate the authentication label of data block m _i ': Where id _i '={name||η _i '||ξ' _i '}, ξ _i '=H ₂ (m _i '||η _i ');

a2 User U _j sends insert request and verification information {Tag _F ,id _i ',m _i ',σ _i ' ^(j) ,t ^(j) } of data block m _i ' to CSP,

If the CSP verification passes, the CSP finds the storage location of m _i ' according to the identification code id _i ' of the data block m _i ', and stores the data block m _i ' and its authentication label At the same time, the user U _j deletes the local data record data block m _i ', and the user U _j updates the block index set of the data block of the file F in time, recorded as

If the CSP verification fails, the CSP notifies the user U _j of the failure.

After step 4, a step of dynamically updating data is also included, specifically: data can be dynamically updated to delete data blocks;

Delete: current user U _j deletes data block m _i :

User U _j sends data block m _i deletion request and the identity information {Tag _F ,id _i ,t ^(j) } of data block m _i to CSP,

If the CSP verification passes, the CSP finds the storage location of m _i according to the identification code id _i of the data block m _i , and deletes the data block m _i and its authentication label The user U _j updates the block index set of the data block of the file F in time, denoted as

If the CSP verification fails, the CSP notifies the user U _j of the failure.

After step 4, a step of dynamically updating data is also included, specifically: the data can be dynamically updated to modify data blocks;

Modification: The current user U _j modifies data block m _i to data block m _i ':

c1 User U _j sends modification request and identity information {Tag _F ,id _i ,t ^(j) } of data block m _i to CSP,

If the CSP verification is passed, the CSP finds the storage location of m _i according to the identification code id _i of the data block m _i , and returns the data block m _i to the user U _j ;

If the CSP verification fails, the CSP notifies the user U _j of the failure;

c2 The user U _j modifies the data block m _i , and the modified data block is denoted as m _i ', and the authentication label of the data block m _i ' is calculated:

Where id _i '={name||η _i ||ξ' _i '}, ξ _i '=H ₂ (m _i '||η _i );

c3 User U _j sends verification information of data block m _i ' to CSP,

If the CSP verification passes, the CSP finds the data block m _i according to the identification code id _i of the data block m _i , and sends the data block m _i ' and its authentication label Overwrite the original data block m _i and its authentication tag At the same time, the user U _j deletes the local data record data block m _i ';

If the CSP verification fails, the CSP notifies the user U _j of the failure.

The beneficial effects that the present invention has:

1. The present invention uses the product of the hash value of the user’s tenure and the selected random number as the user’s private key to calculate the signature authentication label of the data block, so that the CSP will not be affected by the previous user’s tenure when re-signing instead of the current user. The previous user can dynamically revoke at any time.

2. The present invention introduces a virtual index in the stage of data dynamic update, which can ensure that all data blocks are sorted in the correct order. In the process of dynamic update, only the virtual index of the updated data block needs to be changed, and the rest of the data blocks Both the virtual index and its authentication label remain unchanged, which improves the efficiency of dynamic update.

3. The calculation method of the re-signature key of the present invention prevents the collusion attack between the revoked user and the CSP, so that the private key of the current user is not leaked; the blinding of the evidence μ' adopts random masking technology and anti The collusion attack of TPA makes it impossible for TPA to obtain the user's data privacy information.

4. Six safe and efficient goals realized by the present invention:

1) User dynamic revocation: Every user can be dynamically revoked safely and efficiently at any time, and the revoked user will not increase the burden on TPA, CSP, and current users in the cloud storage system.

2) Dynamic update of stored data: Every user can dynamically update (insert, delete, and modify) the data stored on the CSP, and the calculation and communication overhead caused by the entire cloud storage system is very small.

3. Public audit: TPA can verify the correctness of data stored in the cloud on behalf of users without adding additional burdens to users.

4) Storage correctness: If and only if the CSP completely saves the user's real data, the audit proof P generated by the CSP can successfully pass the TPA audit.

5) Privacy protection: i) Anti-revoked user and CSP collusion attack, so that the private key of the current user is not leaked; ii) During the audit process, anti-revoked user and TPA collusion attack and use random masking code technology to blind the evidence μ', so that TPA cannot obtain any data information of users, which protects data privacy.

6) Lightweight: In the proxy re-signature stage, CSP acts as a proxy for the user to re-sign; in the audit stage, TPA replaces the user to check the integrity of the data, which reduces the user's computing overhead and the communication overhead of the cloud storage system. Mobile terminals with limited computing power. At the same time, CSP and TPA have much stronger computing power than ordinary users, so the running time of the entire cloud storage system will be effectively reduced.

Description of drawings

Fig. 1 is a system model diagram of the method of the present invention;

Fig. 2 is the flow chart of the cloud auditing method that lightweight users can dynamically revoke and data can be dynamically updated in the present invention;

Fig. 3 is that the present invention introduces the schematic diagram that data can be updated dynamically in the traditional method;

Fig. 4 is a schematic diagram of the process of inserting data blocks in cloud data according to the present invention;

Fig. 5 is a schematic diagram of the process of deleting data blocks in cloud data according to the present invention;

Fig. 6 is a schematic diagram of the process of modifying data blocks in cloud data according to the present invention;

Fig. 7 is a flow chart of the dynamic revocation of the company's marketing manager in Embodiment 6 of the present invention.

detailed description

The system model of the present invention consists of three parts, as shown in Figure 1: user (U _j ): has a large amount of data that needs to be stored on the cloud; cloud service provider (CSP): provides data storage services, a large amount of storage space and computing resources; third-party auditor (TPA): has professional skills and computing power that user U _j does not have, and can perform integrity checks on the data stored in the cloud on behalf of user U _j . User U _j entrusts CSP to store and maintain a large amount of data, and they interact dynamically according to actual needs. Since user U _j does not keep a copy of the data, it is crucial to ensure the integrity of the data stored in the cloud. In order to save computing resources and reduce the burden on user U _j , user U _j entrusts TPA to verify the integrity of their outsourced data. At the same time, during the audit process, it is necessary to prevent data privacy from being stolen by TPA.

Example 1: In a certain period of time, only one user manages the data. When the user's term of office ends, a new user is replaced to continue to manage the data (the dynamic revocation of an individual user can be regarded as the same user changing the public and private keys in different periods right). According to the chronological order, different users are recorded as U ₀ , U ₁ ,…,U _s in turn, and the corresponding terms are recorded as T ₀ , T ₁ ,…,T _s in turn. Initially, the initial user U ₀ blocks the file F and uses its own private key to calculate the authentication labels of all data blocks (It represents the authentication label of the initial user U ₀ to the data block _mi ). When the term of U ₀ ends, U ₁ will replace U ₀ to continue to manage the data, and so on. When U _j-1 is replaced by U _j , U _j will calculate the re-signature key k _j-1→j , and Send it to the CSP, and the CSP will implement proxy re-signature instead of the newly appointed user U _j . During each user's tenure, he can perform real-time dynamic updates (insert, delete, modify, etc.) on the data stored in the cloud. When the user needs to verify the integrity of the data stored on the cloud, U _j sends a request to TPA, and TPA will perform an integrity check on the corresponding data stored on the CSP on behalf of U _j .

Embodiment 2: The present invention involves three parties: cloud service provider CSP, third-party audit TPA, user U (responsible for managing company data and uploading it to CSP), considering that the company's data manager U is unlikely to be in a certain position for a long time There may be personnel changes at any time due to promotion or resignation. In this invention, U ₀ , U ₁ ,..., U _s are used to represent users who are dynamically changed in time sequence, and T ₀ , T ₁ ,..., T _s are used to represent The tenure of each user.

The open cloud auditing method provided by the present invention can be dynamically revoked by lightweight users and dynamically updated in several steps, and specifically includes the following steps:

1) Initialization: Input the security parameter λ, assign a value to δ at the same time, and the system outputs public parameters {G ₁ ,G ₂ ,p,g,e,H ₁ ,H ₂ ,h,u,ρ}, where G ₁ , G ₂ is the cyclic multiplication group of prime order p, g is the generator of group G ₁ , e is the bilinear pairing on G ₁ ×G ₁ →G ₂ , and randomly select three safe hashes in the safe Hash function family Function: H ₁ : {0,1} ^* → G ₁ , H ₂ : {0,1} ^* → Z _p , u∈G ₁ is a global constant, ρ=2 ^δ , δ∈N ₊ is determined by the content type of the stored file and the number of users;

every user in the system pick a number at random Calculate the user's private key X _j =sk _j =x _j h(T _j ), public key and tenure certification label And public key pk _j ;

Use U ₀ , U ₁ ,…,U _j to represent users that are dynamically replaced in time order, and T ₀ , T ₁ ,…,T _j to represent the tenure of each user;

2) The initial user interacts with the CSP:

2.1) The initial user generates a signature: the initial user U ₀ blocks the file F, F={m ₁ ,m ₂ ,…,m _n }, each data block m _i ∈ Z _p , where i∈I={1 ,2,...,n}, each file F has a file tag Tag _F , and the file tag Tag _F contains the file name or other attribute characteristics of the file;

The initial user U ₀ inputs its public-private key pair (X ₀ , Y ₀ ), and the initial user U ₀ calculates the authentication label of the data block m _i Wherein id _i ={name||η _i ||ξ _i } is the identification code of data block m _i , name is the file name of file F, η _i =i·ρ is the virtual index of data block m _i , data block m _i corresponds to the virtual index η _i in the manner of ξ _i =H ₂ (m _i ||η _i ); is the set of authentication elements, and the set of authentication elements is the set of all authentication labels;

2.2) The initial user U ₀ sends an authentication storage request to the CSP:

The initial user U ₀ sends {F,Tag _F ,Φ ⁽⁰⁾ ,t ⁽⁰⁾ } to the CSP, where {Tag _F ,Φ ⁽⁰⁾ ,t ⁽⁰⁾ } is an authentication message, and the CSP verifies the authentication message:

If the CSP verification is passed, the CSP stores the file F, and the initial user U ₀ deletes the local record file F;

If the CSP verification fails, the CSP notifies the initial user U ₀ of the failure;

3) When the term of user U _j-1 expires and the new user U _j replaces user U _j-1 , the new user U _j performs the operation of re-signing the key, specifically:

User U _j calculates the re-signature key k _j-1→j and sends it to the CSP;

4) After the CSP receives the re-signature key k _j-1→j of the newly appointed user U _j , it calculates the j-level proxy re-signature of the data block m _i . In order to make the subsequent calculation concise, let:

4.1) Calculate the re-signature label from layer j-1 to layer j

4.2) CSP processes the public key and re-signature key of users (U ₀ , U ₁ , ..., U _j-1 ):

4.3) CSP will Re-sign as a layer- _j proxy for data block mi;

5) When the current user U _j verifies the integrity of the data stored on the CSP, the following operations are performed:

5.1) The current user U _j sends a verification request request, the communication time upper limit Δ and the block index set I of the data block to TPA;

5.2) After receiving the information sent by user U _j , TPA randomly selects c block indexes from block index set I and index each block Choose a random number v _i ∈ Z _p ^* , the bit length of v _i should be less than p, and form a challenge request TPA sends the challenge request chal to CSP, and records the current time CT ₁ ;

6) When CSP receives the challenge request chal from TPA, it generates a certificate, as follows:

6.1) CSP first calculates the data block a linear combination of For blinding μ', CSP picks a random number Calculation: R=u ^r ∈ G ₁ , ψ=h(R), μ=μ'+rψ∈Z _p ^* , then CSP calculation

6.2) CSP returns proof P={σ,μ,R,{α _l } _l∈J ,{β _l } _l∈J } to TPA;

7) When TPA receives the proof P returned by CSP, it records the current time CT ₂ and performs the following verification:

7.1) TPA calculation: Δt=CT ₂ -CT ₁ , if Δt≤Δ, then the TPA output proves that P is legal and proceeds to audit step 7.2); otherwise, the TPA output proves that P is illegal and the audit is suspended;

7.2) TPA verification equation:

e(α _l ,g)=e(α _l+1 ,β _l ), l∈L={0,1,...,j-1}

e(α _j ,g)=e(Y _j ,β _j )

If the above equations are all true, it means that the data stored on the CSP is complete, and the TPA output verification is successful; otherwise, the TPA output verification fails.

Parameter definition description:

G ₁ and G ₂ are cyclic multiplication groups whose order is a prime number p, g is the generator of the group G ₁ , and the bilinear map e: G ₁ ×G ₁ →G ₂ satisfies the following properties:

Bilinearity: Given an element u∈G ₁ , v∈G ₁ , for any a,b∈Z _p , e(u ^a ,v ^b )=e(u,v) ^ab ;

Non-degenerate: e(g,g)≠1;

Computability: There is an effective algorithm that can efficiently calculate e for any legal input;

Exchangeability: e(u ₁ ·u ₂ ,v)=e(u ₁ ,v)·e(u ₂ ,v), where u ₁ ,u ₂ ,v∈G ₁ .

Embodiment 3: In the traditional method, the authentication label of the data block contains the real index of the data block, and the dynamic update efficiency of the cloud data is not high, as shown in Figure 3 (the left (a) is the inserted data block, and the right figure (b) is to delete a data block), if a data block is inserted or deleted, the index of all data blocks after the data block will change, even if the content of these data blocks has not changed, the user still has to change the index of the data block Recalculate its certification label. In order to reduce the communication overhead, computing overhead and user burden of the system, the present invention introduces a virtual index, which can ensure that all data blocks are sorted in the correct order, for example: if η _i <η _j , then data block m _j is sorted in Behind the data block m _i . Define the initial virtual index of the data block m _i as η _i =i·ρ, ρ=2 ^δ (δ∈N ₊ ), ρ represents the step size, where the selection of δ is related to the file data type, content and the number of users. If a new data block m _i ' is inserted (between data blocks m _i and m _i+1 ), its virtual index is calculated as If a data block m _i is deleted, its virtual index will be deleted directly, and the virtual indexes of other data blocks remain unchanged; if a data block m _i is changed to m _i ', the virtual index of m _i ' remains is the virtual index of the original data block _mi .

After step 4, a step of dynamically updating the stored data is also included, specifically:

Insertion: The current user U _j inserts a new data block m _i ' between data blocks m _i and m _i+1 (as shown in Figure 4):

a1 user U _j first calculates the virtual index of data block m _i ' Then calculate the authentication label of data block m _i ': Where id _i '={name||η _i '||ξ' _i '}, ξ _i '=H ₂ (m _i '||η _i ');

a2 User U _j sends insert request and verification information of data block m _i ' to CSP,

If the CSP verification passes, the CSP finds the storage location of m _i ' according to the identification code id _i ' of the data block m _i ', and stores the data block m _i ' and its authentication label At the same time, the user U _j deletes the local data record data block m _i ', and the user U _j updates the block index set of the data block of the file F in time, recorded as

If the CSP verification fails, the CSP notifies the user U _j of the failure.

Embodiment 4: After step 4, a step of dynamically updating data is also included, specifically: the data can be dynamically updated to delete data blocks;

Delete: current user U _j deletes data block m _i (as shown in Figure 5):

User U _j sends data block m _i deletion request and the identity information {Tag _F ,id _i ,t ^(j) } of data block m _i to CSP,

If the CSP verification passes, the CSP finds the storage location of m _i according to the identification code id _i of the data block m _i , and deletes the data block m _i and its authentication label The user U _j updates the block index set of the data block of the file F in time, denoted as

If the CSP verification fails, the CSP notifies the user U _j of the failure.

Embodiment 5: After step 4, a step of dynamically updating data is also included, specifically: data can be dynamically updated to delete data blocks;

Modification: The current user U _j modifies the data block m _i to data block m _i ' (as shown in Figure 6):

c1 User U _j sends modification request and identity information {Tag _F ,id _i ,t ^(j) } of data block m _i to CSP,

If the CSP verification is passed, the CSP finds the storage location of m _i according to the identification code id _i of the data block m _i , and returns the data block m _i to the user U _j ;

If the CSP verification fails, the CSP notifies the user U _j of the failure;

c2 The user U _j modifies the data block m _i , and the modified data block is denoted as m _i ', and the authentication label of the data block m _i ' is calculated:

Where id _i '={name||η _i ||ξ' _i '}, ξ _i '=H ₂ (m _i '||η _i );

c3 User U _j sends verification information of data block m _i ' to CSP,

If the CSP verification passes, the CSP finds the data block m _i according to the identification code id _i of the data block m _i , and sends the data block m _i ' and its authentication label Overwrite the original data block m _i and its authentication tag At the same time, the user U _j deletes the local data record data block m _i ';

If the CSP verification fails, the CSP notifies the user U _j of the failure.

Embodiment 6:

A company employs A as the first director of the marketing department for a term of 3 years. While A is responsible for the daily work of the marketing department, he is also responsible for the management of relevant data of the department. The specific management is as follows:

Collect, organize and store all the data of the marketing department on the cloud server CSP that cooperates with the company;

Regularly verify (the time interval is half a year) the integrity of the marketing department data stored on the cloud server CSP, and can also perform data integrity verification at any time according to the actual needs of the company;

Dynamically update (insert, delete, modify) the data stored in the cloud server CSP in real time;

The director of the marketing department is responsible for all the data of the marketing department.

After taking office, A will generate his own public-private key pair according to the parameters in the cloud service system under the condition of complying with the company's relevant rules and regulations, and disclose the public key. A carefully organizes a large amount of data from the marketing department and names them in the form of files. Before uploading to the cloud server CSP, A reasonably divides the file into blocks, uses his own private key to generate the authentication tags of all data blocks, the authentication element set, and the authentication tags of A’s term, and then uploads the file tags, all data blocks and The authentication meta set and the authentication label of A's tenure are uploaded to the cloud server CSP storage. At this time, A deletes the local data records to save local resources. Half a year after A stores the data in the cloud server CSP, in order to confirm whether the cloud server CSP stores the data of the marketing department according to the company's requirements, the third-party auditor TPA, which cooperates with the company, verifies the integrity of the data in the cloud server CSP to prevent Loss or tampering of data in cloud servers. The specific operation is as follows:

A sends a verification request and a communication time limit to the third-party auditor TPA;

The third-party auditor TPA sends a challenge request to the cloud server CSP, and records the time CT1 when sending the challenge request;

The cloud server CSP generates a proof P and returns it to the third-party auditor TPA;

The third-party auditor TPA records the time CT2 of receiving the certificate P, and compares it with the upper limit of the communication time after making the difference. After comparison, the time difference is less than the upper limit of the communication time; then, the third-party auditor TPA verifies the certificate P returned by the cloud server CSP ;

The third-party auditor TPA returns to A the audit result: the cloud server CSP completely stores the data of the marketing department.

With the gradual update and accumulation of data in the marketing department, some new data blocks need to be inserted into the original file to make the original file more complete, some data blocks no longer have its meaning of existence and need to be deleted to save storage resources, some data blocks are The mistakes need to be corrected. After discovering these problems, A can dynamically update the data stored on the cloud server CSP in real time. The specific operation is as follows:

Insertion: After A calculates the virtual index, identification code, and authentication label of the new data block, it sends the following information: insert request, file label, new data block and its authentication label, A's tenure label, and identification code to the cloud server CSP, The cloud server CSP stores the new data block and its authentication label according to the identification code.

Deletion: A sends the following information: deletion request, file label, A's tenure label, and the identification code of the data block to be deleted to the cloud server CSP, and the cloud server CSP deletes the data block according to the identification code;

Modification: A sends the following information: modification request, file tag, A's tenure tag, and the identification code of the data block to be modified to the cloud server CSP. The cloud server CSP finds the data block according to the identification code and returns it to A. After modifying the received data block, A sends the following information: file tag, A's tenure tag, the modified data block and its authentication tag, and identification code to the cloud server CSP. The cloud server CSP overwrites the original data block and its authentication label with the modified data block and its authentication label. A deletes local data records to save storage resources.

Due to his hard work and outstanding performance, A was promoted to the general manager of the company after a three-year term. At the same time, the company transferred B to be the director of the marketing department for a three-year term.

According to the company's regulations, the data management of relevant departments is only managed by the head of the department, and other revoked managers no longer have management rights. Each manager is responsible for the data managed during his tenure. After taking office, B will generate his own public-private key pair according to the parameters in the cloud service system under the condition of complying with the company's relevant rules and regulations, and disclose the public key. First, B uses its own private key and A's public key to calculate the re-signature key and send it to the cloud server CSP, and the cloud server CSP replaces B to re-sign the data signed by A; for new data that needs to be stored, B uses The format of the file is named. Before uploading to the cloud server CSP, B reasonably divides the file into blocks, uses its own private key to generate authentication tags for all data blocks, and B cycle authentication tags, and then collects the file tags, all data blocks and authentication elements, The certification label of B's term is uploaded to the cloud server CSP storage, and at this time B deletes the local data records to save local resources. During B's tenure, B can also dynamically update (insert, delete, modify) the data stored in the cloud server CSP and verify the integrity of the data in the cloud server CSP at any time. The specific operation is the same as that of A.

After B took office for two years, B resigned to the company due to personal reasons, and the company hired C as the director of the company's marketing department for a term of 3 years.

After taking office, C will generate his own public-private key pair according to the parameters in the cloud service system and disclose the public key under the condition of complying with the company's relevant rules and regulations. First, C uses its own private key and B's public key to calculate the re-signature key and send it to the cloud server CSP, and the cloud server CSP replaces C to re-sign the signed data block on the CSP; for new data that needs to be stored, C is named in the form of a file. Before uploading to the cloud server CSP, C divides the file into reasonable blocks, uses its own private key to generate authentication tags for all data blocks, and C cycle authentication tags, and then collects the file tags, all data blocks and authentication elements, The certification label of C's term is uploaded to the cloud server CSP for storage, and at this time, C deletes the local data records to save local resources. During C's tenure, C can also dynamically update (insert, delete, modify) the data stored in the cloud server CSP and verify the integrity of the data in the cloud server CSP at any time. The specific operation is the same as that of A, as shown in Figure 7. The marketing manager of the company can dynamically revoke the flowchart.

Claims (4)

1. the cloud auditing method that lightweight user Dynamic Revocable and data can dynamically update, comprises the following steps：

1) initialize：Security parameter λ is inputted, while assigns mono- value of δ, the open parameter { G of system output₁,G₂,p,g,e,H₁,H₂, H, u, ρ }, wherein G₁、G₂It is that Prime Orders p circulation multiplies group, g is group G₁Generation member, e G₁×G₁→G₂On Bilinear map, The hash function of three safety is randomly choosed in safe Hash families of functions：H₁：{0,1}^*→G₁, H₂：{0,1}^*→Z_p,u∈G₁For global constant, ρ=2^δ, δ ∈ N₊Determined by the content type and number of users of storage file；

Each user in systemRandomly select a numberCalculate the private key X of the user_j =sk_j=x_jh(T_j), public keyAnd term of office authenticating tagAnd open public key pk_j；

Use U₀,U₁,…,U_jTo represent the user dynamically changed in time sequencing, T₀,T₁,…,T_jThe term of office at family is often appointed in expression；

2) initial user interacts with CSP：

2.1) initial user generation signature：Initial user U₀Piecemeal, F={ m are carried out to file F₁,m₂,…,m_n, each data Block m_i∈Z_p, wherein i ∈ I={ 1,2 ..., n }, each file F have a file label Tag_F, file label Tag_FIn include File name or file other attributive character；

Initial user U₀Its public and private key is inputted to (X₀,Y₀), initial user U₀Calculate data block m_iAuthenticating tag Wherein id_i=name | | η_i||ξ_iIt is data block m_iIdentity code, name be file F text Part name, η_i=i ρ are data block m_iVirtual index, data block m_iWith virtual index η_iAccording to ξ_i=H₂(m_i||η_i) mode pair Should；Gather for certification member, certification metaset is combined into the set of all authenticating tags；

2.2) initial user U₀Certification storage request is sent to CSP：

Initial user U₀Send { F, Tag_F,Φ⁽⁰⁾,t⁽⁰⁾CSP is given, wherein { Tag_F,Φ⁽⁰⁾,t⁽⁰⁾It is certification message, CSP is verified Certification message：

If CSP is verified, CSP storage file F, while initial user U₀Delete local record file F；

If CSP checkings are not by, CSP to initial user U₀Prompting does not pass through；

3) as user U_j-1Serve one's full term in office, new user U_jSubstitute user U_j-1When, new user U_jCarry out the operation of weight signature key, tool Body is：

User U_jCalculate weight signature key k_j-1→jAnd send it to CSP；

<mrow> <msub> <mi>k</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> <mo>&amp;RightArrow;</mo> <mi>j</mi> </mrow> </msub> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msub> <mi>Y</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>)</mo> </mrow> <mfrac> <mn>1</mn> <msub> <mi>X</mi> <mi>j</mi> </msub> </mfrac> </msup> <mo>=</mo> <msup> <mi>g</mi> <mfrac> <msub> <mi>X</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <msub> <mi>X</mi> <mi>j</mi> </msub> </mfrac> </msup> <mo>;</mo> </mrow>

4) CSP receives incoming user U_jHeavy signature key k_j-1→jAfterwards, data block m is calculated_iJth layer proxy sign again, make：

<mrow> <msub> <mi>&amp;gamma;</mi> <mi>j</mi> </msub> <mo>=</mo> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>0</mn> </msub> <mo>)</mo> </mrow> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mn>...</mn> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>)</mo> </mrow> <mo>=</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>l</mi> <mo>&amp;Element;</mo> <mi>L</mi> </mrow> </munder> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> <mo>,</mo> <mi>L</mi> <mo>=</mo> <mo>{</mo> <mn>0</mn> <mo>,</mo> <mn>1</mn> <mo>,</mo> <mn>...</mn> <mo>,</mo> <mi>j</mi> <mo>-</mo> <mn>1</mn> <mo>}</mo> </mrow>

<mrow> <msub> <mi>&amp;tau;</mi> <mi>j</mi> </msub> <mo>=</mo> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mfrac> <msub> <mi>X</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <msub> <mi>X</mi> <mi>j</mi> </msub> </mfrac> <mo>=</mo> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>)</mo> </mrow> <mfrac> <msub> <mi>x</mi> <mrow> <mi>j</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <msub> <mi>x</mi> <mi>j</mi> </msub> </mfrac> <mo>,</mo> <msub> <mover> <mi>&amp;gamma;</mi> <mo>~</mo> </mover> <mi>j</mi> </msub> <mo>=</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>l</mi> <mo>&amp;Element;</mo> <mi>J</mi> </mrow> </munder> <msub> <mi>&amp;tau;</mi> <mi>l</mi> </msub> <mo>,</mo> <mi>J</mi> <mo>=</mo> <mo>{</mo> <mn>1</mn> <mo>,</mo> <mn>2</mn> <mo>,</mo> <mn>...</mn> <mo>,</mo> <mi>j</mi> <mo>}</mo> <mo>;</mo> </mrow>

4.1) -1 layer of heavy signatures tab for arriving jth layer of jth is calculated

4.2) CSP is to user (U₀, U₁..., U_j-1) public key and weight signature key handled：

<mrow> <msub> <mi>&amp;alpha;</mi> <mi>l</mi> </msub> <mo>=</mo> <mrow> <mo>(</mo> <msub> <mi>Y</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>)</mo> </mrow> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>&amp;theta;</mi> <mo>&amp;Element;</mo> <mi>D</mi> </mrow> </munder> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>&amp;theta;</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mrow> <msub> <mi>x</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>)</mo> </mrow> </mrow> </msup> <mo>)</mo> </mrow> <mrow> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> <mn>...</mn> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> </mrow> </msup> <mo>=</mo> <msub> <mi>Y</mi> <mi>j</mi> </msub> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>&amp;theta;</mi> <mo>&amp;Element;</mo> <mi>D</mi> </mrow> </munder> <msub> <mi>&amp;tau;</mi> <mi>&amp;theta;</mi> </msub> <mo>,</mo> <mi>D</mi> <mo>=</mo> <mo>{</mo> <mi>l</mi> <mo>,</mo> <mi>l</mi> <mo>+</mo> <mn>1</mn> <mo>,</mo> <mn>...</mn> <mo>,</mo> <mi>j</mi> <mo>}</mo> </mrow>

<mrow> <msub> <mi>&amp;beta;</mi> <mi>l</mi> </msub> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msub> <mi>k</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> <mo>&amp;RightArrow;</mo> <mi>l</mi> </mrow> </msub> <mo>)</mo> </mrow> <mrow> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> </mrow> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mfrac> <msub> <mi>X</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <msub> <mi>X</mi> <mi>l</mi> </msub> </mfrac> </msup> <mo>)</mo> </mrow> <mrow> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> </mrow> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mfrac> <mrow> <msub> <mi>x</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mrow> <mi>l</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> <mo>)</mo> </mrow> </mrow> <mrow> <msub> <mi>x</mi> <mi>l</mi> </msub> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> </mrow> </mfrac> </msup> <mo>)</mo> </mrow> <mrow> <mi>h</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mi>l</mi> </msub> <mo>)</mo> </mrow> </mrow> </msup> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>&amp;tau;</mi> <mi>l</mi> </msub> </msup> </mrow>

4.3) CSP willAs to data block m_iJth layer proxy sign again；

5) incumbent user U_jWhen checking is stored in the integrality of data on CSP, following operate is carried out：

5.1) incumbent user U_jSend the block index set I of a checking request request, call duration time upper limit Δ and data block To TPA；

5.2) TPA receives user U_jAfter the information of transmission, c block index is randomly selected from block index set I And each block is indexedChoose a random number v_i∈Z_p ^*, v_iBit length should be less than | p |, composition challenge requestTPA will challenge request chal and be sent to CSP, and record current time CT₁；

6) after CSP, which receives the challenge from TPA, asks chal, generation proves, specific as follows：

6.1) CSP calculates data block firstA linear combinationTo blind μ ', CSP chooses one Random numberCalculate：R=u^r∈G₁, ψ=h (R), μ=μ '+r ψ ∈ Z_p ^*, then CSP calculating

6.2) CSP, which is returned, provesTo TPA；

7) when TPA receives the proof P of CSP returns, current time CT is recorded₂, and verified as follows：

7.1) TPA is calculated：Δ t=CT₂-CT₁If Δ t≤Δ, TPA output prove that P is legal and continues executing with audit steps 7.2)；Otherwise, TPA outputs prove that P is illegal and stops to audit；

7.2) TPA verifies equation：

<mrow> <mi>e</mi> <mrow> <mo>(</mo> <mi>&amp;sigma;</mi> <mo>,</mo> <mi>g</mi> <mo>)</mo> </mrow> <mo>=</mo> <mi>e</mi> <mrow> <mo>(</mo> <msup> <mi>u</mi> <mi>&amp;mu;</mi> </msup> <mo>&amp;CenterDot;</mo> <msup> <mi>R</mi> <mrow> <mo>-</mo> <mi>&amp;psi;</mi> </mrow> </msup> <mo>&amp;CenterDot;</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>&amp;Element;</mo> <mover> <mi>I</mi> <mo>&amp;OverBar;</mo> </mover> </mrow> </munder> <msub> <mi>H</mi> <mn>1</mn> </msub> <msup> <mrow> <mo>(</mo> <mrow> <msub> <mi>id</mi> <mi>i</mi> </msub> </mrow> <mo>)</mo> </mrow> <msub> <mi>v</mi> <mi>i</mi> </msub> </msup> <mo>,</mo> <msub> <mi>&amp;alpha;</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> </mrow>

e(α_j, g) and=e (Y_j,β_j)

If above-mentioned equation is set up, it is complete to illustrate to be stored in the data on CSP, and TPA outputs are proved to be successful；Otherwise, TPA exports authentication failed.

2. the cloud auditing method that lightweight user Dynamic Revocable according to claim 1 and data can dynamically update, its Being characterised by after step 4), which also includes data, can dynamically update step, be specially：Data can dynamically be updated to insert data Block；

Insertion：Incumbent user U_jIn data block m_iAnd m_i+1Between insert a new data block m '_i：

A1 user U_jData block m ' is calculated first_iVirtual indexThen data block m ' is calculated_iAuthenticating tag：Wherein id '_i=name | | η '_i||ξ′_i, ξ '_i=H₂(m′_i||η′_i)；

A2 user U_jSend insertion and ask summed data block m '_iChecking informationTo CSP,

If CSP is verified, CSP is according to data block m '_iIdentity code id '_iFind m '_iStorage location, data storage Block m '_iAnd its authenticating tagUser U simultaneously_jDelete local data records data block m '_i, user U_jUpgrade file F's in time The block index set of data block, is designated as

If CSP checkings are not by, CSP to user U_jPrompting does not pass through.

3. the cloud auditing method that lightweight user Dynamic Revocable according to claim 1 and data can dynamically update, its Being characterised by after step 4), which also includes data, can dynamically update step, be specially：Data can dynamically be updated to delete data Block；

Delete：Incumbent user U_jDelete data block m_i：

User U_jSend data block m_iRemoval request and data block m_iIdentity information { Tag_F,id_i,t^(j)CSP is given,

If CSP is verified, CSP is according to data block m_iIdentity code id_iFind m_iStorage location, delete data block m_i And its authenticating tagUser U_jUpgrade in time file F data block block index set, be designated as

If CSP checkings are not by, CSP to user U_jPrompting does not pass through.

4. the cloud auditing method that lightweight user Dynamic Revocable according to claim 1 and data can dynamically update, its Being characterised by after step 4), which also includes data, can dynamically update step, be specially：Data can dynamically be updated to change data Block；

Modification：Incumbent user U_jBy data block m_iIt is revised as data block m '_i：

C1 user U_jSend modification and ask summed data block m_iIdentity information { Tag_F,id_i,t^(j)CSP is given,

If CSP is verified, CSP is according to data block m_iIdentity code id_iFind m_iStorage location, by data block m_iReturn Back to user U_j；

If CSP checkings are not by, CSP to user U_jPrompting does not pass through；

C2 user U_jTo data block m_iModify, amended data block is designated as m_i', calculate data block m_i' authenticating tag：

Wherein id '_i=name | | η_i||ξ′_i, ξ '_i=H2 (m '_i||η_i)；

C3 user U_jSend data block m '_iChecking informationTo CSP,

If CSP is verified, CSP is according to data block m_iIdentity code id_iFind data block m_i, by data block m '_iAnd it Authenticating tagCover former data block m_iWith its authenticating tagUser U simultaneously_jDelete local data records data block m′_i；

If CSP checkings are not by, CSP to user U_jPrompting does not pass through.