CN107707354A - A kind of cloud storage data verification method and system based on elliptic curve cryptography - Google Patents
A kind of cloud storage data verification method and system based on elliptic curve cryptography Download PDFInfo
- Publication number
- CN107707354A CN107707354A CN201710960350.6A CN201710960350A CN107707354A CN 107707354 A CN107707354 A CN 107707354A CN 201710960350 A CN201710960350 A CN 201710960350A CN 107707354 A CN107707354 A CN 107707354A
- Authority
- CN
- China
- Prior art keywords
- user
- data block
- evidence
- data
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
The invention discloses a kind of cloud storage data verification method based on elliptic curve cryptography and system, method to include:The private key of user and the public key of user are produced by the key schedule based on elliptic curve;Tag set is generated according to the private key of the data file of input and user, and the public key of tag set, the data file of input and user is sent to Cloud Server;Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge and gathers and be sent to Cloud Server;After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generates evidence set and return to verifier;Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the result of evidence and returns to user.The present invention has the advantages of safety and efficiency high, can be widely applied to cloud storage field.
Description
Technical field
The present invention relates to cloud storage technical field, especially a kind of cloud storage data verification based on elliptic curve cryptography
Method and system.
Background technology
With flourishing for computer technology, the application of cloud computing is more and more extensive.User stores data in cloud clothes
It is engaged on device, not only alleviates the storage burden for being locally stored and bringing, also allow data to be accessed whenever and wherever possible by user.With this
Meanwhile the security of the data on Cloud Server also becomes user and uses cloud storage concern the most.Cloud service provides
Business is half believable, even if can provide security higher equipment, it is also possible to occurs being distorted by unauthorized third party malice, steals
Situations such as taking the storage data at family or causing corrupted data because of the faulty operation of keeper.Therefore, the integrality of data is tested
Card is particularly important.
Current data integrity verification method both domestic and external is broadly divided into the method for supporting private checking and supports open test
The method of card.The former computing cost is low than the latter, but because data verification person's itself is insincere, is not particularly suited for existing
Real data verification scene.The latter introduces trusted third party (trusted third party, abbreviation TTP) checking data, will add
Close algorithm is combined with Bilinear map technology so that TTP completes to verify and return result to use in the case where that can not obtain data
Family.In actual applications, the selection of AES will directly affect the efficiency of data verification.
In summary, a kind of new cloud storage data verification scheme is needed badly in the industry at present, with while security is ensured
The efficiency of checking is improved to greatest extent.
The content of the invention
In order to solve the above technical problems, it is an object of the invention to:The bent based on ellipse of a kind of safety and efficiency high is provided
The cloud storage data verification method and system of line enciphered method.
The first technical scheme for being taken of the present invention is:
A kind of cloud storage data verification method based on elliptic curve cryptography, comprises the following steps:
The private key of user and the public key of user are produced by the key schedule based on elliptic curve;
Tag set is generated according to the private key of the data file of input and user, and the data of tag set, input are literary
Part and the public key of user are sent to Cloud Server;
Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge collection
Merging is sent to Cloud Server;
After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generation card
Verifier is returned to according to collection merging;
Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the checking knot of evidence
Fruit simultaneously returns to user.
Further, the key schedule by based on elliptic curve produce user private key and user public key this
One step, is specifically included:
User randomly chooses sk=x ∈ ZpAs private key, wherein, ZpFor integer mould p residue class set, x is zpIt is random
Number, p is prime number;
This 4 points of A, A ', B and B ' are selected to generate public key pk from elliptic curve E (Fq) according to private key sk, the pk's
Expression formula is:Pk=(p, q, E (Fq), A, B, A ', B ') wherein, q=pd, q is Big prime, and d is integer, A=xB, A '=
XB ', A and B are addition cyclic group G1Generation member, A ' and B ' are addition cyclic group G2Generation member, G1And G2It is E
(Fq) on exponent number be p addition cyclic group, G1≠G2And G1And G2Meet bilinear map e:G1×G2→GT, GTFor rank on E (Fq)
Number is p multiplicative cyclic group.
Further, the private key of the data file and user according to input generates tag set, and by tag set, defeated
The step for data file and the public key of user entered is sent to Cloud Server, specifically includes:
The data file F of input is divided into n isometric data block F=(m1,m2…mn), the n data being divided into
I-th of data block m in blockiM is formed by s elementi=(mi1,mi2…mis);
Data block m is calculated according to the private key key sk of useriSign ti, the signature tiExpression formula be:Wherein, h () is hash function, the independent variable w of hash functioni=fid | | i, fid are
File identification, i are blocks number, | | it is attended operation, mi,jFor data block miJ-th of element, α ∈ Zp;
By n data block signature tiForm tag set T={ ti}i∈[1,n], and by tag set T, user public key pk and
The data file F of input is sent to Cloud Server.
Further, the verifier receives the data file of the challenge request that user sends, combination tag set and input,
The step for challenge is gathered and is sent to Cloud Server is produced, is specifically included:
Verifier receives the fileinfo F for including the challenge request of userinfo;
Verifier is according to fileinfo FinfoExtracted from F n data block several data chunks into challenge set Q,
And the data block m each to be challengediGenerate corresponding random value vi∈Zp, finally give challenge set Q={ i, vi};
Verifier is sent to Cloud Server by set Q is challenged.
Further, after the Cloud Server is connected to challenge set, combination tag set, the data file of input and user
Public key, the step for generating evidence set and return to verifier, specifically include:
Cloud Server calculates first according to challenge set Q, tag set T, the data file F of input and the public key pk of user
Evidence TP and the second evidence DP, the expression formula of the first evidence TP are:TP=e (∑si∈Qvitj, A '), the second evidence DP
Expression formula be:DP=h (wi)e(∑i∈Qmi,jvj), wherein, j is element mi,jIn data block miIn numbering, e (∑si∈Qvitj,
A ') represent ∑i∈QvitjWith A ' in GTIn it is corresponding generation member, e (∑si∈Qmi,jvj) it is GTMiddle ∑i∈Qmi,jvjCorresponding generation member;
The evidence set P={ TP, DP } being made up of the first evidence TP and the second evidence DP is returned into verifier.
Further, the verifier carries out evidence verification according to the public key of evidence set, challenge set and user, is demonstrate,proved
According to the result and the step for return to user, be specially:
Verifier according to evidence set P, challenge set Q and public key pk after verifyWhether
Set up, if so, then showing that evidence is true, now return to 1 and give user;Conversely, then showing that evidence is false, now return to 0 and give user,
Wherein,RepresentWith B ' in GTIn it is corresponding generation member.
Further, in addition to the data block in the data file of input and its corresponding concordance list Mobile state renewal is entered
Step.
Further, the data block in the data file of described pair of input and its corresponding concordance list enter the step of Mobile state renewal
Suddenly, specifically include:
The data file F of input is divided into n data block F=(m1,m2…mn), in n data block being then divided into
I-th of data block is designated as mi, and by data block miCorresponding concordance list is recorded as a four-tuple<Index,Bi,Vi,Ti>, its
In, Index, Bi、ViAnd TiRespectively data block miIndex, numbering, version number and timestamp in concordance list;
Mobile state renewal is entered according to the type of dynamic renewal:
If desired new data block is insertedThe request of insertion data block is then sent to Cloud ServerNow, user is generated newly using label generating algorithm first
Data blockCorresponding label t*, then basisThe position of insertion willCorresponding index Index is revised as miWith mi+1Rope
Draw the half of sum and keep numberingVersion numberAnd timestampIt is constant, obtainNew concordance list after insertionLast Cloud Server is directly in mi+1New data block is inserted beforeAnd corresponding label t*, wherein,
miWith mi+1For with2 adjacent data blocks before and after the position of insertion;
If desired block is updated the data, then the request for updating the data block is sent to Cloud ServerNow, user uses label generating algorithm to be new first
Data blockLabel t corresponding to generation*, request request is then sent to Cloud Server, and Cloud Server is according to request
Data block in requestIndex Index find and need the data block that updates, and with new data blockWith corresponding mark
Sign t*And version number new in request is asked to replace the corresponding contents in the data block for needing to update;
If desired data block is deleted, then the request for deleting data block is sent to Cloud ServerNow, Cloud Server receive request request after according to index
Index directly delete corresponding to data block and corresponding label.
The second technical scheme for being taken of the present invention is:
A kind of cloud storage data verification system based on elliptic curve cryptography, including:
Key production module, for producing by key schedule based on elliptic curve private key and the user of user
Public key;
Tag generation module, tag set is generated for the private key of the data file according to input and user, and by label
The public key of set, the data file of input and user is sent to Cloud Server;
Module is challenged, the challenge request sent for verifier reception user, the data text of combination tag set and input
Part, produce challenge and gather and be sent to Cloud Server;
Evidence generation module, for Cloud Server be connected to challenge set after, combination tag set, input data file and
The public key of user, generate evidence set and return to verifier;
Evidence correction verification module, evidence verification is carried out according to the public key of evidence set, challenge set and user for verifier,
Obtain the result of evidence and return to user.
Further, in addition to for entering Mobile state more to the data block in the data file of input and its corresponding concordance list
New dynamic update module.
The 3rd technical scheme taken of the present invention is:
A kind of cloud storage data verification system based on elliptic curve cryptography, including:
Memory, for storage program;
Processor, elliptic curve cryptography is based on to perform one kind as described in the first technical scheme for loading described program
The cloud storage data verification method of method.
The beneficial effects of the invention are as follows:A kind of cloud storage data verification method based on elliptic curve cryptography of the present invention and
System, have chosen elliptic curve cryptography as encryption algorithm, make use of elliptic curve cryptography Bilinear map technology and
Random mask technology to carry out integrity verification to cloud storage data, is highly resistant to the malicious attack of server, safer,
And communication overhead can be reduced relative to existing verification method, the solution of the present invention, avoid exponent arithmetic and improve to calculate
Efficiency.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of the cloud storage data verification method based on elliptic curve cryptography of the present invention;
Fig. 2 is the integrity verification system model schematic of the present invention.
Embodiment
A kind of reference picture 1, cloud storage data verification method based on elliptic curve cryptography, comprises the following steps:
The private key of user and the public key of user are produced by the key schedule based on elliptic curve;
Tag set is generated according to the private key of the data file of input and user, and the data of tag set, input are literary
Part and the public key of user are sent to Cloud Server;
Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge collection
Merging is sent to Cloud Server;
After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generation card
Verifier is returned to according to collection merging;
Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the checking knot of evidence
Fruit simultaneously returns to user.
Preferred embodiment is further used as, it is described to produce user's by the key schedule based on elliptic curve
The step for private key and the public key of user, specifically include:
User randomly chooses sk=x ∈ ZpAs private key, wherein, ZpFor integer mould p residue class set, x is zpIt is random
Number, p is prime number;
This 4 points of A, A ', B and B ' are selected to generate public key pk from elliptic curve E (Fq) according to private key sk, the pk's
Expression formula is:Pk=(p, q, E (Fq), A, B, A ', B ') wherein, q=pd, q is Big prime, and d is integer, A=xB, A '=
XB ', A and B are addition cyclic group G1Generation member, A ' and B ' are addition cyclic group G2Generation member, G1And G2It is E
(Fq) on exponent number be p addition cyclic group, G1≠G2And G1And G2Meet bilinear map e:G1×G2→GT, GTFor rank on E (Fq)
Number is p multiplicative cyclic group.
Preferred embodiment is further used as, it is described that tally set is generated according to the data file of input and the private key of user
The step for closing, and the public key of tag set, the data file of input and user is sent into Cloud Server, specifically includes:
The data file F of input is divided into n isometric data block F=(m1,m2…mn), the n data being divided into
I-th of data block m in blockiM is formed by s elementi=(mi1,mi2…mis);
Data block m is calculated according to the private key key sk of useriSign ti, the signature tiExpression formula be:Wherein, h () is hash function, the independent variable w of hash functioni=fid | | i, fid are
File identification, i are blocks number, | | it is attended operation, mi,jFor data block miJ-th of element, α ∈ Zp;
By n data block signature tiForm tag set T={ ti}i∈[1,n], and by tag set T, user public key pk and
The data file F of input is sent to Cloud Server.
Preferred embodiment is further used as, the verifier receives the challenge request that user sends, combination tag collection
Close and the data file of input, generation are challenged the step for gathering and being sent to Cloud Server, specifically included:
Verifier receives the fileinfo F for including the challenge request of userinfo;
Verifier is according to fileinfo FinfoExtracted from F n data block several data chunks into challenge set Q,
And the data block m each to be challengediGenerate corresponding random value vi∈Zp, finally give challenge set Q={ i, vi};
Verifier is sent to Cloud Server by set Q is challenged.
Preferred embodiment is further used as, after the Cloud Server is connected to challenge set, combination tag set, input
Data file and user public key, generate evidence set and the step for return to verifier, specifically include:
Cloud Server calculates first according to challenge set Q, tag set T, the data file F of input and the public key pk of user
Evidence TP and the second evidence DP, the expression formula of the first evidence TP are:TP=e (∑si∈Qvitj, A '), the second evidence DP
Expression formula be:DP=h (wi)e(∑i∈Qmi,jvj), wherein, j is element mi,jIn data block miIn numbering, e (∑si∈Qvitj,
A ') represent ∑i∈QvitjWith A ' in GTIn it is corresponding generation member, e (∑si∈Qmi,jvj) it is GTMiddle ∑i∈Qmi,jvjCorresponding generation member;
The evidence set P={ TP, DP } being made up of the first evidence TP and the second evidence DP is returned into verifier.
Preferred embodiment is further used as, the verifier gathers according to evidence set, challenge and the public key of user
Evidence verification is carried out, the step for obtaining the result of evidence and return to user, is specially:
Verifier according to evidence set P, challenge set Q and public key pk after verifyWhether
Set up, if so, then showing that evidence is true, now return to 1 and give user;Conversely, then showing that evidence is false, now return to 0 and give user,
Wherein,RepresentWith B ' in GTIn it is corresponding generation member.
Preferred embodiment is further used as, in addition to the data block in the data file of input and its corresponding rope
Draw the step of table enters Mobile state renewal.
It is further used as preferred embodiment, data block and its corresponding index in the data file of described pair of input
Table enters the step of Mobile state renewal, specifically includes:
The data file F of input is divided into n data block F=(m1,m2…mn), in n data block being then divided into
I-th of data block is designated as mi, and by data block miCorresponding concordance list is recorded as a four-tuple<Index,Bi,Vi,Ti>, its
In, Index, Bi、ViAnd TiRespectively data block miIndex, numbering, version number and timestamp in concordance list;
Mobile state renewal is entered according to the type of dynamic renewal:
If desired new data block is insertedThe request of insertion data block is then sent to Cloud ServerNow, user is generated newly using label generating algorithm first
Data blockCorresponding label t*, then basisThe position of insertion willCorresponding index Index is revised as miWith mi+1Rope
Draw the half of sum and keep numberingVersion numberAnd timestampIt is constant, obtainNew concordance list after insertionLast Cloud Server is directly in mi+1New data block is inserted beforeAnd corresponding label t*, wherein,
miWith mi+1For with2 adjacent data blocks before and after the position of insertion;
If desired block is updated the data, then the request for updating the data block is sent to Cloud ServerNow, user uses label generating algorithm to be new first
Data blockLabel t corresponding to generation*, request request is then sent to Cloud Server, and Cloud Server is according to request
Data block in requestIndex Index find and need the data block that updates, and with new data blockWith corresponding mark
Sign t*And version number new in request is asked to replace the corresponding contents in the data block for needing to update;
If desired data block is deleted, then the request for deleting data block is sent to Cloud ServerNow, Cloud Server receive request request after according to index
Index directly delete corresponding to data block and corresponding label.
The present invention enters the step of Mobile state renewal to the data block in the data file of input and its corresponding concordance list, leads to
Crossing concordance list Dynamic Updating Mechanism realizes dynamic authentication, more flexibly and real-time it is more preferable.
It is corresponding with Fig. 1 method, a kind of cloud storage data verification system based on elliptic curve cryptography of the present invention, bag
Include:
Key production module, for producing by key schedule based on elliptic curve private key and the user of user
Public key;
Tag generation module, tag set is generated for the private key of the data file according to input and user, and by label
The public key of set, the data file of input and user is sent to Cloud Server;
Module is challenged, the challenge request sent for verifier reception user, the data text of combination tag set and input
Part, produce challenge and gather and be sent to Cloud Server;
Evidence generation module, for Cloud Server be connected to challenge set after, combination tag set, input data file and
The public key of user, generate evidence set and return to verifier;
Evidence correction verification module, evidence verification is carried out according to the public key of evidence set, challenge set and user for verifier,
Obtain the result of evidence and return to user.
Preferred embodiment is further used as, in addition to for the data block in the data file of input and its correspondingly
Concordance list enter Mobile state renewal dynamic update module.
It is corresponding with Fig. 1 method, a kind of cloud storage data verification system based on elliptic curve cryptography of the present invention, bag
Include:
Memory, for storage program;
Processor, deposited for loading described program with performing a kind of cloud based on elliptic curve cryptography as shown in Figure 1
Store up data verification method.
The specific embodiment of the present invention proposes a kind of cloud storage data integrity based on ECC (elliptic curve cryptography)
Verification method and system, computing cost is reduced while open authentication function is realized.
As shown in Fig. 2 cloud storage data integrity validation system model of this specific embodiment based on ECC, model master
Will be including this three parts of user, Cloud Server and verifier.
In this specific embodiment, data file F is divided into n isometric data block F=(m by user1,m2…mn), wherein mi
M is formed by s elementi=(mi1,mi2…mis)。
Elliptic curve E (the F that user's selection is generated by point A ∈ E (Fq)q), the point set (x, y) of the elliptic curve forms
One Abel's module, x are zpRandom number.Assuming that G1、G2Be exponent number be prime number p addition cyclic group, GTIt is that exponent number is element
Number p multiplicative cyclic group, bilinear map is thus formed to e:G1×G2→GT, it possesses following property:
(1) efficient algorithm e be present;
(2) assume that P is G1Generation member, P ' is G2Generation member, then e (P, P ') is GTGeneration member, and e (P, P ') ≠
1;
(3) for arbitrary P1,P2∈G1,P1′,P2′∈G2Have:
For all P ' ∈ G2Have:e(P1+P2, P ') and=e (P1,P′)·e(P2,P′)
For all P ∈ G1Have:e(P,P1′+P2')=e (P, P1′)·e(P,P2′)。
A kind of cloud storage data integrity verification method based on ECC of this specific embodiment includes 5 following steps:
Step 1:User performs KeyGen algorithms (i.e. key schedule) generation private key and public key to (sk, pk), i.e.,
KeyGen(λ)→(sk,pk)。
The KeyGen algorithms are performed by user, are inputted as security parameter λ.Randomly choose sk=x ∈ ZpAs private key, point A,
A ', B and B ' are the point on elliptic curve E (Fq), and A=xB, A '=xB ', then pk=(p, q, E (Fq), A, B, A ',
B′).Export as private key sk and public key pk.
Step 2:It is that cloud storage data generate corresponding tally set that user, which performs TagGen algorithms (i.e. label generating algorithm),
Close T:TagGen (F, sk, pk) → T, and data file F and tag set T are sent to Cloud Server.
The algorithm is performed by user, is inputted as data file F, private key sk, public key pk.If wi=fid | | i, calculate data
Block miSignature:Then output is tag set T={ ti}i∈[1,n]。
Step 3:Verifier receives user and challenged after request, performs (the i.e. challenge collection symphysis of Challenge algorithms
Into algorithm) produce challenge set Q:Challenge(Finfo) → Q, and challenge set Q and will be sent to Cloud Server to throw down the gauntlet
Address inquires to.
The algorithm is performed by verifier, is inputted as fileinfo Finfo, after verifier receives the inquiry requirement of user, from F
N data block in randomly select partial data block composition challenge collection Q and for the data block m that is each challengediGeneration is corresponding
Random value vi∈Zp, export to challenge set Q={ i, vi}i∈I, I is the set of data blocks randomly selected from F n data block
Close.
Step 4:Cloud Server performs Prove algorithms (i.e. evidence generating algorithm) generation evidence P after being connected to challenge set:
Prove (F, T, Q, pk) → P, and evidence P is returned into verifier.
The algorithm is performed by Cloud Server, is inputted as data file F, tag set T, challenge set Q, public key pk.Cloud takes
Business device calculates TP=e (∑si∈Qvitj, A '), DP=h (wi)e(∑i∈Qmi,jvj), export as evidence set P={ TP, DP }.
Step 5:Verifier performs Verify algorithms (i.e. evidence checking algorithm) and examines evidence P, and evidence is very then to return to 1
To user, 0 is otherwise returned:Verify(P,Q,pk)→ture/false.
The algorithm is performed by verifier, is inputted as evidence set P, challenge set Q, public key pk.
Verifier verifies after receiving evidence PWhether set up, if set up, output 1;
Otherwise 0 is exported.
In addition, in order to realize dynamic authentication, this specific embodiment also proposed the dynamic updating method of Indexing Mechanism.
Assuming that data file F=(m1,m2…mn) in data block miCorresponding concordance list is designated as a four-tuple<Index,
Bi,Vi,Ti>, wherein Index is data block miIndex in concordance list, BiFor numbering, ViFor version number, TiFor timestamp.Rope
Draw the operation that the dynamic renewal of mechanism mainly includes following 3 type:
1) data block is inserted
The request of insertion data block is represented byInsert
Insertion data block is represented, TagGen algorithms generation label t is first carried out in user*If data block will be inserted into miWith mi+1Between, then
Index Index is changed into miWith mi+1Index the half of sum, index entry belowIt need not change.This operation cloud clothes
Device be engaged in directly in mi+1New data block is inserted beforeWith corresponding label t*。
2) data block updates
The request for updating the data block is represented by
Modify represents data block renewal, and user is first label corresponding to new data block generation, is transmit a request to after more new version number
Cloud Server, Cloud Server find the data block for needing to update according to index Index and are replaced.This operation Cloud Server is used
New data blockWith corresponding label t*It substituted for oldWith t*, and have updated corresponding version number.
3) data block is deleted
Deleting the request of data block can be expressed asDelete generations
List data block is deleted, and Cloud Server receives after request request the data block and correspondingly according to corresponding to directly being deleted index Index
Label.
From above-mentioned content, the present invention a kind of cloud storage data integrity verification method and system based on ECC, profit
Data integrity validation is carried out with ECC Bilinear map technology to realize open checking, and the random mask technology for employing ECC is come
The security of raising method, and more newly arrived by the dynamic of concordance list mechanism and realize dynamic authentication.Actual safety analysis with
Performance evaluation shows that the solution of the present invention is highly resistant to the malicious attack of server, compared with other existing proof schemes,
Communication overhead can be reduced, avoids exponent arithmetic, improves computational efficiency.
Above is the preferable implementation to the present invention is illustrated, but the present invention is not limited to the embodiment, ripe
A variety of equivalent variations or replacement can also be made on the premise of without prejudice to spirit of the invention by knowing those skilled in the art, this
Equivalent deformation or replacement are all contained in the application claim limited range a bit.
Claims (10)
- A kind of 1. cloud storage data verification method based on elliptic curve cryptography, it is characterised in that:Comprise the following steps:The private key of user and the public key of user are produced by the key schedule based on elliptic curve;According to the private key of the data file of input and user generate tag set, and by tag set, input data file and The public key of user is sent to Cloud Server;Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge collection and merges It is sent to Cloud Server;After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, evidence collection is generated Merging returns to verifier;Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the result of evidence simultaneously Return to user.
- 2. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 1, its feature exist In:The key schedule by based on elliptic curve produce user private key and user public key the step for, specifically Including:User randomly chooses sk=x ∈ ZpAs private key, wherein, ZpFor integer mould p residue class set, x is zpRandom number, p is Prime number;This 4 points of A, A ', B and B ' are selected to generate public key pk, the expression of the pk from elliptic curve E (Fq) according to private key sk Formula is:Pk=(p, q, E (Fq), A, B, A ', B ') wherein, q=pd, q is Big prime, and d is integer, A=xB, A′=xB′, A It is addition cyclic group G with B1Generation member, A ' and B ' are addition cyclic group G2Generation member, G1And G2It is rank on E (Fq) Count the addition cyclic group for p, G1≠G2And G1And G2Meet bilinear map e:G1×G2→GT, GTIt is p's for exponent number on E (Fq) Multiplicative cyclic group.
- 3. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 2, its feature exist In:The private key of the data file and user according to input generates tag set, and by tag set, the data file of input The step for being sent to Cloud Server with the public key of user, specifically includes:The data file F of input is divided into n isometric data block F=(m1, m2…mn), in the n data block being divided into I-th of data block miM is formed by s elementi=(mi1, mi2…mis);Data block m is calculated according to the private key key sk of useriSign ti, the signature tiExpression formula be:Wherein, h () is hash function, the independent variable w of hash functioni=fid | | i, fid are File identification, i are blocks number, | | it is attended operation, mi,jFor data block miJ-th of element, α ∈ Zp;By n data block signature tiForm tag set T={ ti}i∈[1,n], and by tag set T, the public key pk of user and input Data file F be sent to Cloud Server.
- 4. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 3, its feature exist In:The verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge set And the step for being sent to Cloud Server, specifically include:Verifier receives the fileinfo F for including the challenge request of userinfo;Verifier is according to fileinfo FinfoSeveral data chunks are extracted from F n data block into challenge set Q, and are every The individual data block m challengediGenerate corresponding random value vi∈Zp, finally give challenge set Q={ i, vi};Verifier is sent to Cloud Server by set Q is challenged.
- 5. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 4, its feature exist In:After the Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generation card The step for returning to verifier according to collection merging, specifically includes:Cloud Server calculates the first evidence according to challenge set Q, tag set T, the data file F of input and the public key pk of user TP and the second evidence DP, the expression formula of the first evidence TP are:TP=e (∑si∈Qvitj, A '), the table of the second evidence DP It is up to formula:DP=h (wi)e(∑i∈Qmi,jvj), wherein, j is element mi,jIn data block miIn numbering, e (∑si∈Qvitj,A′) Represent ∑i∈QvitjWith A ' in GTIn it is corresponding generation member, e (∑si∈Qmi,jvj) it is GTMiddle ∑i∈Qmi,jvjCorresponding generation member;The evidence set P={ TP, DP } being made up of the first evidence TP and the second evidence DP is returned into verifier.
- 6. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 5, its feature exist In:The verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the result of evidence And the step for returning to user, it is specially:Verifier according to evidence set P, challenge set Q and public key pk after verifyWhether set up, If so, then showing that evidence is true, now return to 1 and give user;Conversely, then showing that evidence is false, now return to 0 and give user, wherein,RepresentWith B ' in GTIn it is corresponding generation member.
- 7. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 1, its feature exist In:The step of also including entering the data block in the data file of input and its corresponding concordance list Mobile state renewal.
- 8. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 7, its feature exist In:Data block and its corresponding concordance list in the data file of described pair of input enter the step of Mobile state renewal, specifically include:The data file F of input is divided into n data block F=(m1, m2…mn), i-th in n data block being then divided into Individual data block is designated as mi, and by data block miCorresponding concordance list is recorded as a four-tuple<Index,Bi, Vi, Ti>, wherein, Index、Bi、ViAnd TiRespectively data block miIndex, numbering, version number and timestamp in concordance list;Mobile state renewal is entered according to the type of dynamic renewal:If desired new data block is insertedThe request of insertion data block is then sent to Cloud ServerNow, user is generated newly using label generating algorithm first Data blockCorresponding label t*, then basisThe position of insertion willCorresponding index Index is revised as miWith mi+1Rope Draw the half of sum and keep numberingVersion numberAnd timestampIt is constant, obtainNew concordance list after insertionLast Cloud Server is directly in mi+1New data block is inserted beforeAnd corresponding label t*, wherein, miWith mi+1For with2 adjacent data blocks before and after the position of insertion;If desired block is updated the data, then the request for updating the data block is sent to Cloud ServerNow, user uses label generating algorithm to be new first Data blockLabel t corresponding to generation*, request request is then sent to Cloud Server, and Cloud Server is according to request Data block in requestIndex Index find and need the data block that updates, and with new data blockWith corresponding mark Sign t*And version number new in request is asked to replace the corresponding contents in the data block for needing to update;If desired data block is deleted, then the request for deleting data block is sent to Cloud ServerNow, Cloud Server receive request request after according to index Index directly delete corresponding to data block and corresponding label.
- A kind of 9. cloud storage data verification system based on elliptic curve cryptography, it is characterised in that:Including:Key production module, for producing the private key of user and the public affairs of user by the key schedule based on elliptic curve Key;Tag generation module, for the private key of the data file according to input and user generate tag set, and by tag set, The data file of input and the public key of user are sent to Cloud Server;Module is challenged, the challenge request sent for verifier reception user, the data file of combination tag set and input, production Raw challenge is gathered and is sent to Cloud Server;Evidence generation module, after being connected to challenge set for Cloud Server, combination tag set, the data file of input and user Public key, generation evidence set simultaneously returns to verifier;Evidence correction verification module, evidence verification is carried out according to the public key of evidence set, challenge set and user for verifier, obtained The result of evidence simultaneously returns to user.
- A kind of 10. cloud storage data verification system based on elliptic curve cryptography, it is characterised in that:Including:Memory, for storage program;Processor, added for loading described program with performing one kind as described in claim any one of 1-8 based on elliptic curve The cloud storage data verification method of close method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710960350.6A CN107707354A (en) | 2017-10-16 | 2017-10-16 | A kind of cloud storage data verification method and system based on elliptic curve cryptography |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710960350.6A CN107707354A (en) | 2017-10-16 | 2017-10-16 | A kind of cloud storage data verification method and system based on elliptic curve cryptography |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107707354A true CN107707354A (en) | 2018-02-16 |
Family
ID=61183871
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710960350.6A Pending CN107707354A (en) | 2017-10-16 | 2017-10-16 | A kind of cloud storage data verification method and system based on elliptic curve cryptography |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707354A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600201A (en) * | 2018-04-09 | 2018-09-28 | 东华大学 | A kind of telesecurity replacing options of the data label of cloud storage integrity verification |
CN108965258A (en) * | 2018-06-21 | 2018-12-07 | 河南科技大学 | A kind of cloud environment data integrity verification method based on full homomorphic cryptography |
CN110061994A (en) * | 2019-04-24 | 2019-07-26 | 青岛大学 | A kind of cryptograph files set correctness verification method, system and relevant apparatus |
CN111339547A (en) * | 2020-03-27 | 2020-06-26 | 苏州链原信息科技有限公司 | Method for generating data tag, electronic device and computer storage medium |
CN111444541A (en) * | 2020-03-27 | 2020-07-24 | 苏州链原信息科技有限公司 | Method, apparatus and storage medium for generating data mean zero knowledge proof |
CN111526146A (en) * | 2020-04-24 | 2020-08-11 | 天津易维数科信息科技有限公司 | Data holding verification method, data searching method and corresponding system |
CN114244522A (en) * | 2021-12-09 | 2022-03-25 | 山石网科通信技术股份有限公司 | Information protection method and device, electronic equipment and computer readable storage medium |
CN115766263A (en) * | 2022-11-25 | 2023-03-07 | 深圳泓川科技有限公司 | Multi-dimensional power data privacy protection aggregation method and system based on cloud and mist calculation |
CN114244522B (en) * | 2021-12-09 | 2024-05-03 | 山石网科通信技术股份有限公司 | Information protection method, device, electronic equipment and computer readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104993937A (en) * | 2015-07-07 | 2015-10-21 | 电子科技大学 | Method for testing integrity of cloud storage data |
US20170005999A1 (en) * | 2015-07-02 | 2017-01-05 | Convida Wireless, Llc | Content security at service layer |
CN106357701A (en) * | 2016-11-25 | 2017-01-25 | 西安电子科技大学 | Integrity verification method for data in cloud storage |
CN107172071A (en) * | 2017-06-19 | 2017-09-15 | 陕西师范大学 | A kind of cloud Data Audit method and system based on attribute |
US20170286717A1 (en) * | 2016-04-05 | 2017-10-05 | Vchain Technology Limited | Method and system for managing personal information within independent computer systems and digital networks |
-
2017
- 2017-10-16 CN CN201710960350.6A patent/CN107707354A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170005999A1 (en) * | 2015-07-02 | 2017-01-05 | Convida Wireless, Llc | Content security at service layer |
CN104993937A (en) * | 2015-07-07 | 2015-10-21 | 电子科技大学 | Method for testing integrity of cloud storage data |
US20170286717A1 (en) * | 2016-04-05 | 2017-10-05 | Vchain Technology Limited | Method and system for managing personal information within independent computer systems and digital networks |
CN106357701A (en) * | 2016-11-25 | 2017-01-25 | 西安电子科技大学 | Integrity verification method for data in cloud storage |
CN107172071A (en) * | 2017-06-19 | 2017-09-15 | 陕西师范大学 | A kind of cloud Data Audit method and system based on attribute |
Non-Patent Citations (3)
Title |
---|
何凯: "《云存储中数据完整性的聚合盲审计方法》", 《通信学报》 * |
赵文强: "《一种支持动态更新的远程数据完整性验证方法》", 《舰船电子工程》 * |
陈志忠: "《基于椭圆曲线的云存储数据完整性的验证研究》", 《现代电子技术》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600201A (en) * | 2018-04-09 | 2018-09-28 | 东华大学 | A kind of telesecurity replacing options of the data label of cloud storage integrity verification |
CN108965258B (en) * | 2018-06-21 | 2021-07-16 | 河南科技大学 | Cloud environment data integrity verification method based on fully homomorphic encryption |
CN108965258A (en) * | 2018-06-21 | 2018-12-07 | 河南科技大学 | A kind of cloud environment data integrity verification method based on full homomorphic cryptography |
CN110061994A (en) * | 2019-04-24 | 2019-07-26 | 青岛大学 | A kind of cryptograph files set correctness verification method, system and relevant apparatus |
CN110061994B (en) * | 2019-04-24 | 2022-02-25 | 青岛大学 | Ciphertext file set correctness verification method, system and related device |
CN111339547A (en) * | 2020-03-27 | 2020-06-26 | 苏州链原信息科技有限公司 | Method for generating data tag, electronic device and computer storage medium |
CN111444541A (en) * | 2020-03-27 | 2020-07-24 | 苏州链原信息科技有限公司 | Method, apparatus and storage medium for generating data mean zero knowledge proof |
CN111444541B (en) * | 2020-03-27 | 2022-09-09 | 苏州链原信息科技有限公司 | Method, apparatus and storage medium for generating data mean zero knowledge proof |
CN111339547B (en) * | 2020-03-27 | 2024-03-19 | 苏州链原信息科技有限公司 | Method for generating data tag, electronic device and computer storage medium |
CN111526146A (en) * | 2020-04-24 | 2020-08-11 | 天津易维数科信息科技有限公司 | Data holding verification method, data searching method and corresponding system |
CN111526146B (en) * | 2020-04-24 | 2022-05-17 | 天津易维数科信息科技有限公司 | Data holding verification method, data searching method and corresponding system |
CN114244522A (en) * | 2021-12-09 | 2022-03-25 | 山石网科通信技术股份有限公司 | Information protection method and device, electronic equipment and computer readable storage medium |
CN114244522B (en) * | 2021-12-09 | 2024-05-03 | 山石网科通信技术股份有限公司 | Information protection method, device, electronic equipment and computer readable storage medium |
CN115766263A (en) * | 2022-11-25 | 2023-03-07 | 深圳泓川科技有限公司 | Multi-dimensional power data privacy protection aggregation method and system based on cloud and mist calculation |
CN115766263B (en) * | 2022-11-25 | 2024-05-03 | 深圳泓川科技有限公司 | Multidimensional electric power data privacy protection aggregation method and system based on cloud and fog calculation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107707354A (en) | A kind of cloud storage data verification method and system based on elliptic curve cryptography | |
KR100960578B1 (en) | Identity-based key generating methods and devices | |
CN103268460B (en) | A kind of cloud integrity of data stored verification method | |
US8930660B2 (en) | Shared information distributing device, holding device, certificate authority device, and system | |
CN103765809B (en) | The public key of implicit authentication | |
CN104978239B (en) | A kind of method, apparatus and system realizing more Backup Data dynamics and updating | |
CN106503995A (en) | A kind of data sharing method, source node, destination node and system | |
CN106603561B (en) | Block level encryption method and more granularity deduplication methods in a kind of cloud storage | |
CN106612320A (en) | Encrypted data dereplication method for cloud storage | |
CN111641712B (en) | Block chain data updating method, device, equipment, system and readable storage medium | |
CN108039943A (en) | A kind of encryption searching method that can verify that | |
CN106776904A (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
CN109802967A (en) | Block chain information method for tracing and system | |
CN110096903B (en) | Asset verification method based on block chain and block chain network system | |
CN108123934A (en) | A kind of data integrity verifying method towards mobile terminal | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
CN105721156A (en) | General Encoding Functions For Modular Exponentiation Encryption Schemes | |
CN106790311A (en) | Cloud Server stores integrality detection method and system | |
CN108540280A (en) | A kind of the secure data sharing method and system of resource high-efficiency | |
CN103916393B (en) | Cloud data-privacy protection public's auditing method based on symmetric key | |
US20220172180A1 (en) | Method for Storing Transaction that Represents Asset Transfer to Distributed Network and Program for Same | |
CN112199697A (en) | Information processing method, device, equipment and medium based on shared root key | |
CN106611134A (en) | Cloud data integrity verification method | |
Gudeme et al. | Review of remote data integrity auditing schemes in cloud computing: taxonomy, analysis, and open issues | |
Zhao et al. | Fuzzy identity-based dynamic auditing of big data on cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180216 |