CN107707354A - A kind of cloud storage data verification method and system based on elliptic curve cryptography - Google Patents

A kind of cloud storage data verification method and system based on elliptic curve cryptography Download PDF

Info

Publication number
CN107707354A
CN107707354A CN201710960350.6A CN201710960350A CN107707354A CN 107707354 A CN107707354 A CN 107707354A CN 201710960350 A CN201710960350 A CN 201710960350A CN 107707354 A CN107707354 A CN 107707354A
Authority
CN
China
Prior art keywords
user
data block
evidence
data
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710960350.6A
Other languages
Chinese (zh)
Inventor
凌捷
吴颖豪
任明峰
罗玉
谢锐
殷启军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Ming Mobile Software Ltd By Share Ltd
Guangdong University of Technology
Original Assignee
Guangzhou Ming Mobile Software Ltd By Share Ltd
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Ming Mobile Software Ltd By Share Ltd, Guangdong University of Technology filed Critical Guangzhou Ming Mobile Software Ltd By Share Ltd
Priority to CN201710960350.6A priority Critical patent/CN107707354A/en
Publication of CN107707354A publication Critical patent/CN107707354A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

The invention discloses a kind of cloud storage data verification method based on elliptic curve cryptography and system, method to include:The private key of user and the public key of user are produced by the key schedule based on elliptic curve;Tag set is generated according to the private key of the data file of input and user, and the public key of tag set, the data file of input and user is sent to Cloud Server;Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge and gathers and be sent to Cloud Server;After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generates evidence set and return to verifier;Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the result of evidence and returns to user.The present invention has the advantages of safety and efficiency high, can be widely applied to cloud storage field.

Description

A kind of cloud storage data verification method and system based on elliptic curve cryptography
Technical field
The present invention relates to cloud storage technical field, especially a kind of cloud storage data verification based on elliptic curve cryptography Method and system.
Background technology
With flourishing for computer technology, the application of cloud computing is more and more extensive.User stores data in cloud clothes It is engaged on device, not only alleviates the storage burden for being locally stored and bringing, also allow data to be accessed whenever and wherever possible by user.With this Meanwhile the security of the data on Cloud Server also becomes user and uses cloud storage concern the most.Cloud service provides Business is half believable, even if can provide security higher equipment, it is also possible to occurs being distorted by unauthorized third party malice, steals Situations such as taking the storage data at family or causing corrupted data because of the faulty operation of keeper.Therefore, the integrality of data is tested Card is particularly important.
Current data integrity verification method both domestic and external is broadly divided into the method for supporting private checking and supports open test The method of card.The former computing cost is low than the latter, but because data verification person's itself is insincere, is not particularly suited for existing Real data verification scene.The latter introduces trusted third party (trusted third party, abbreviation TTP) checking data, will add Close algorithm is combined with Bilinear map technology so that TTP completes to verify and return result to use in the case where that can not obtain data Family.In actual applications, the selection of AES will directly affect the efficiency of data verification.
In summary, a kind of new cloud storage data verification scheme is needed badly in the industry at present, with while security is ensured The efficiency of checking is improved to greatest extent.
The content of the invention
In order to solve the above technical problems, it is an object of the invention to:The bent based on ellipse of a kind of safety and efficiency high is provided The cloud storage data verification method and system of line enciphered method.
The first technical scheme for being taken of the present invention is:
A kind of cloud storage data verification method based on elliptic curve cryptography, comprises the following steps:
The private key of user and the public key of user are produced by the key schedule based on elliptic curve;
Tag set is generated according to the private key of the data file of input and user, and the data of tag set, input are literary Part and the public key of user are sent to Cloud Server;
Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge collection Merging is sent to Cloud Server;
After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generation card Verifier is returned to according to collection merging;
Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the checking knot of evidence Fruit simultaneously returns to user.
Further, the key schedule by based on elliptic curve produce user private key and user public key this One step, is specifically included:
User randomly chooses sk=x ∈ ZpAs private key, wherein, ZpFor integer mould p residue class set, x is zpIt is random Number, p is prime number;
This 4 points of A, A ', B and B ' are selected to generate public key pk from elliptic curve E (Fq) according to private key sk, the pk's Expression formula is:Pk=(p, q, E (Fq), A, B, A ', B ') wherein, q=pd, q is Big prime, and d is integer, A=xB, A '= XB ', A and B are addition cyclic group G1Generation member, A ' and B ' are addition cyclic group G2Generation member, G1And G2It is E (Fq) on exponent number be p addition cyclic group, G1≠G2And G1And G2Meet bilinear map e:G1×G2→GT, GTFor rank on E (Fq) Number is p multiplicative cyclic group.
Further, the private key of the data file and user according to input generates tag set, and by tag set, defeated The step for data file and the public key of user entered is sent to Cloud Server, specifically includes:
The data file F of input is divided into n isometric data block F=(m1,m2…mn), the n data being divided into I-th of data block m in blockiM is formed by s elementi=(mi1,mi2…mis);
Data block m is calculated according to the private key key sk of useriSign ti, the signature tiExpression formula be:Wherein, h () is hash function, the independent variable w of hash functioni=fid | | i, fid are File identification, i are blocks number, | | it is attended operation, mi,jFor data block miJ-th of element, α ∈ Zp
By n data block signature tiForm tag set T={ ti}i∈[1,n], and by tag set T, user public key pk and The data file F of input is sent to Cloud Server.
Further, the verifier receives the data file of the challenge request that user sends, combination tag set and input, The step for challenge is gathered and is sent to Cloud Server is produced, is specifically included:
Verifier receives the fileinfo F for including the challenge request of userinfo
Verifier is according to fileinfo FinfoExtracted from F n data block several data chunks into challenge set Q, And the data block m each to be challengediGenerate corresponding random value vi∈Zp, finally give challenge set Q={ i, vi};
Verifier is sent to Cloud Server by set Q is challenged.
Further, after the Cloud Server is connected to challenge set, combination tag set, the data file of input and user Public key, the step for generating evidence set and return to verifier, specifically include:
Cloud Server calculates first according to challenge set Q, tag set T, the data file F of input and the public key pk of user Evidence TP and the second evidence DP, the expression formula of the first evidence TP are:TP=e (∑si∈Qvitj, A '), the second evidence DP Expression formula be:DP=h (wi)e(∑i∈Qmi,jvj), wherein, j is element mi,jIn data block miIn numbering, e (∑si∈Qvitj, A ') represent ∑i∈QvitjWith A ' in GTIn it is corresponding generation member, e (∑si∈Qmi,jvj) it is GTMiddle ∑i∈Qmi,jvjCorresponding generation member;
The evidence set P={ TP, DP } being made up of the first evidence TP and the second evidence DP is returned into verifier.
Further, the verifier carries out evidence verification according to the public key of evidence set, challenge set and user, is demonstrate,proved According to the result and the step for return to user, be specially:
Verifier according to evidence set P, challenge set Q and public key pk after verifyWhether Set up, if so, then showing that evidence is true, now return to 1 and give user;Conversely, then showing that evidence is false, now return to 0 and give user, Wherein,RepresentWith B ' in GTIn it is corresponding generation member.
Further, in addition to the data block in the data file of input and its corresponding concordance list Mobile state renewal is entered Step.
Further, the data block in the data file of described pair of input and its corresponding concordance list enter the step of Mobile state renewal Suddenly, specifically include:
The data file F of input is divided into n data block F=(m1,m2…mn), in n data block being then divided into I-th of data block is designated as mi, and by data block miCorresponding concordance list is recorded as a four-tuple<Index,Bi,Vi,Ti>, its In, Index, Bi、ViAnd TiRespectively data block miIndex, numbering, version number and timestamp in concordance list;
Mobile state renewal is entered according to the type of dynamic renewal:
If desired new data block is insertedThe request of insertion data block is then sent to Cloud ServerNow, user is generated newly using label generating algorithm first Data blockCorresponding label t*, then basisThe position of insertion willCorresponding index Index is revised as miWith mi+1Rope Draw the half of sum and keep numberingVersion numberAnd timestampIt is constant, obtainNew concordance list after insertionLast Cloud Server is directly in mi+1New data block is inserted beforeAnd corresponding label t*, wherein, miWith mi+1For with2 adjacent data blocks before and after the position of insertion;
If desired block is updated the data, then the request for updating the data block is sent to Cloud ServerNow, user uses label generating algorithm to be new first Data blockLabel t corresponding to generation*, request request is then sent to Cloud Server, and Cloud Server is according to request Data block in requestIndex Index find and need the data block that updates, and with new data blockWith corresponding mark Sign t*And version number new in request is asked to replace the corresponding contents in the data block for needing to update;
If desired data block is deleted, then the request for deleting data block is sent to Cloud ServerNow, Cloud Server receive request request after according to index Index directly delete corresponding to data block and corresponding label.
The second technical scheme for being taken of the present invention is:
A kind of cloud storage data verification system based on elliptic curve cryptography, including:
Key production module, for producing by key schedule based on elliptic curve private key and the user of user Public key;
Tag generation module, tag set is generated for the private key of the data file according to input and user, and by label The public key of set, the data file of input and user is sent to Cloud Server;
Module is challenged, the challenge request sent for verifier reception user, the data text of combination tag set and input Part, produce challenge and gather and be sent to Cloud Server;
Evidence generation module, for Cloud Server be connected to challenge set after, combination tag set, input data file and The public key of user, generate evidence set and return to verifier;
Evidence correction verification module, evidence verification is carried out according to the public key of evidence set, challenge set and user for verifier, Obtain the result of evidence and return to user.
Further, in addition to for entering Mobile state more to the data block in the data file of input and its corresponding concordance list New dynamic update module.
The 3rd technical scheme taken of the present invention is:
A kind of cloud storage data verification system based on elliptic curve cryptography, including:
Memory, for storage program;
Processor, elliptic curve cryptography is based on to perform one kind as described in the first technical scheme for loading described program The cloud storage data verification method of method.
The beneficial effects of the invention are as follows:A kind of cloud storage data verification method based on elliptic curve cryptography of the present invention and System, have chosen elliptic curve cryptography as encryption algorithm, make use of elliptic curve cryptography Bilinear map technology and Random mask technology to carry out integrity verification to cloud storage data, is highly resistant to the malicious attack of server, safer, And communication overhead can be reduced relative to existing verification method, the solution of the present invention, avoid exponent arithmetic and improve to calculate Efficiency.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of the cloud storage data verification method based on elliptic curve cryptography of the present invention;
Fig. 2 is the integrity verification system model schematic of the present invention.
Embodiment
A kind of reference picture 1, cloud storage data verification method based on elliptic curve cryptography, comprises the following steps:
The private key of user and the public key of user are produced by the key schedule based on elliptic curve;
Tag set is generated according to the private key of the data file of input and user, and the data of tag set, input are literary Part and the public key of user are sent to Cloud Server;
Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge collection Merging is sent to Cloud Server;
After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generation card Verifier is returned to according to collection merging;
Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the checking knot of evidence Fruit simultaneously returns to user.
Preferred embodiment is further used as, it is described to produce user's by the key schedule based on elliptic curve The step for private key and the public key of user, specifically include:
User randomly chooses sk=x ∈ ZpAs private key, wherein, ZpFor integer mould p residue class set, x is zpIt is random Number, p is prime number;
This 4 points of A, A ', B and B ' are selected to generate public key pk from elliptic curve E (Fq) according to private key sk, the pk's Expression formula is:Pk=(p, q, E (Fq), A, B, A ', B ') wherein, q=pd, q is Big prime, and d is integer, A=xB, A '= XB ', A and B are addition cyclic group G1Generation member, A ' and B ' are addition cyclic group G2Generation member, G1And G2It is E (Fq) on exponent number be p addition cyclic group, G1≠G2And G1And G2Meet bilinear map e:G1×G2→GT, GTFor rank on E (Fq) Number is p multiplicative cyclic group.
Preferred embodiment is further used as, it is described that tally set is generated according to the data file of input and the private key of user The step for closing, and the public key of tag set, the data file of input and user is sent into Cloud Server, specifically includes:
The data file F of input is divided into n isometric data block F=(m1,m2…mn), the n data being divided into I-th of data block m in blockiM is formed by s elementi=(mi1,mi2…mis);
Data block m is calculated according to the private key key sk of useriSign ti, the signature tiExpression formula be:Wherein, h () is hash function, the independent variable w of hash functioni=fid | | i, fid are File identification, i are blocks number, | | it is attended operation, mi,jFor data block miJ-th of element, α ∈ Zp
By n data block signature tiForm tag set T={ ti}i∈[1,n], and by tag set T, user public key pk and The data file F of input is sent to Cloud Server.
Preferred embodiment is further used as, the verifier receives the challenge request that user sends, combination tag collection Close and the data file of input, generation are challenged the step for gathering and being sent to Cloud Server, specifically included:
Verifier receives the fileinfo F for including the challenge request of userinfo
Verifier is according to fileinfo FinfoExtracted from F n data block several data chunks into challenge set Q, And the data block m each to be challengediGenerate corresponding random value vi∈Zp, finally give challenge set Q={ i, vi};
Verifier is sent to Cloud Server by set Q is challenged.
Preferred embodiment is further used as, after the Cloud Server is connected to challenge set, combination tag set, input Data file and user public key, generate evidence set and the step for return to verifier, specifically include:
Cloud Server calculates first according to challenge set Q, tag set T, the data file F of input and the public key pk of user Evidence TP and the second evidence DP, the expression formula of the first evidence TP are:TP=e (∑si∈Qvitj, A '), the second evidence DP Expression formula be:DP=h (wi)e(∑i∈Qmi,jvj), wherein, j is element mi,jIn data block miIn numbering, e (∑si∈Qvitj, A ') represent ∑i∈QvitjWith A ' in GTIn it is corresponding generation member, e (∑si∈Qmi,jvj) it is GTMiddle ∑i∈Qmi,jvjCorresponding generation member;
The evidence set P={ TP, DP } being made up of the first evidence TP and the second evidence DP is returned into verifier.
Preferred embodiment is further used as, the verifier gathers according to evidence set, challenge and the public key of user Evidence verification is carried out, the step for obtaining the result of evidence and return to user, is specially:
Verifier according to evidence set P, challenge set Q and public key pk after verifyWhether Set up, if so, then showing that evidence is true, now return to 1 and give user;Conversely, then showing that evidence is false, now return to 0 and give user, Wherein,RepresentWith B ' in GTIn it is corresponding generation member.
Preferred embodiment is further used as, in addition to the data block in the data file of input and its corresponding rope Draw the step of table enters Mobile state renewal.
It is further used as preferred embodiment, data block and its corresponding index in the data file of described pair of input Table enters the step of Mobile state renewal, specifically includes:
The data file F of input is divided into n data block F=(m1,m2…mn), in n data block being then divided into I-th of data block is designated as mi, and by data block miCorresponding concordance list is recorded as a four-tuple<Index,Bi,Vi,Ti>, its In, Index, Bi、ViAnd TiRespectively data block miIndex, numbering, version number and timestamp in concordance list;
Mobile state renewal is entered according to the type of dynamic renewal:
If desired new data block is insertedThe request of insertion data block is then sent to Cloud ServerNow, user is generated newly using label generating algorithm first Data blockCorresponding label t*, then basisThe position of insertion willCorresponding index Index is revised as miWith mi+1Rope Draw the half of sum and keep numberingVersion numberAnd timestampIt is constant, obtainNew concordance list after insertionLast Cloud Server is directly in mi+1New data block is inserted beforeAnd corresponding label t*, wherein, miWith mi+1For with2 adjacent data blocks before and after the position of insertion;
If desired block is updated the data, then the request for updating the data block is sent to Cloud ServerNow, user uses label generating algorithm to be new first Data blockLabel t corresponding to generation*, request request is then sent to Cloud Server, and Cloud Server is according to request Data block in requestIndex Index find and need the data block that updates, and with new data blockWith corresponding mark Sign t*And version number new in request is asked to replace the corresponding contents in the data block for needing to update;
If desired data block is deleted, then the request for deleting data block is sent to Cloud ServerNow, Cloud Server receive request request after according to index Index directly delete corresponding to data block and corresponding label.
The present invention enters the step of Mobile state renewal to the data block in the data file of input and its corresponding concordance list, leads to Crossing concordance list Dynamic Updating Mechanism realizes dynamic authentication, more flexibly and real-time it is more preferable.
It is corresponding with Fig. 1 method, a kind of cloud storage data verification system based on elliptic curve cryptography of the present invention, bag Include:
Key production module, for producing by key schedule based on elliptic curve private key and the user of user Public key;
Tag generation module, tag set is generated for the private key of the data file according to input and user, and by label The public key of set, the data file of input and user is sent to Cloud Server;
Module is challenged, the challenge request sent for verifier reception user, the data text of combination tag set and input Part, produce challenge and gather and be sent to Cloud Server;
Evidence generation module, for Cloud Server be connected to challenge set after, combination tag set, input data file and The public key of user, generate evidence set and return to verifier;
Evidence correction verification module, evidence verification is carried out according to the public key of evidence set, challenge set and user for verifier, Obtain the result of evidence and return to user.
Preferred embodiment is further used as, in addition to for the data block in the data file of input and its correspondingly Concordance list enter Mobile state renewal dynamic update module.
It is corresponding with Fig. 1 method, a kind of cloud storage data verification system based on elliptic curve cryptography of the present invention, bag Include:
Memory, for storage program;
Processor, deposited for loading described program with performing a kind of cloud based on elliptic curve cryptography as shown in Figure 1 Store up data verification method.
The specific embodiment of the present invention proposes a kind of cloud storage data integrity based on ECC (elliptic curve cryptography) Verification method and system, computing cost is reduced while open authentication function is realized.
As shown in Fig. 2 cloud storage data integrity validation system model of this specific embodiment based on ECC, model master Will be including this three parts of user, Cloud Server and verifier.
In this specific embodiment, data file F is divided into n isometric data block F=(m by user1,m2…mn), wherein mi M is formed by s elementi=(mi1,mi2…mis)。
Elliptic curve E (the F that user's selection is generated by point A ∈ E (Fq)q), the point set (x, y) of the elliptic curve forms One Abel's module, x are zpRandom number.Assuming that G1、G2Be exponent number be prime number p addition cyclic group, GTIt is that exponent number is element Number p multiplicative cyclic group, bilinear map is thus formed to e:G1×G2→GT, it possesses following property:
(1) efficient algorithm e be present;
(2) assume that P is G1Generation member, P ' is G2Generation member, then e (P, P ') is GTGeneration member, and e (P, P ') ≠ 1;
(3) for arbitrary P1,P2∈G1,P1′,P2′∈G2Have:
For all P ' ∈ G2Have:e(P1+P2, P ') and=e (P1,P′)·e(P2,P′)
For all P ∈ G1Have:e(P,P1′+P2')=e (P, P1′)·e(P,P2′)。
A kind of cloud storage data integrity verification method based on ECC of this specific embodiment includes 5 following steps:
Step 1:User performs KeyGen algorithms (i.e. key schedule) generation private key and public key to (sk, pk), i.e., KeyGen(λ)→(sk,pk)。
The KeyGen algorithms are performed by user, are inputted as security parameter λ.Randomly choose sk=x ∈ ZpAs private key, point A, A ', B and B ' are the point on elliptic curve E (Fq), and A=xB, A '=xB ', then pk=(p, q, E (Fq), A, B, A ', B′).Export as private key sk and public key pk.
Step 2:It is that cloud storage data generate corresponding tally set that user, which performs TagGen algorithms (i.e. label generating algorithm), Close T:TagGen (F, sk, pk) → T, and data file F and tag set T are sent to Cloud Server.
The algorithm is performed by user, is inputted as data file F, private key sk, public key pk.If wi=fid | | i, calculate data Block miSignature:Then output is tag set T={ ti}i∈[1,n]
Step 3:Verifier receives user and challenged after request, performs (the i.e. challenge collection symphysis of Challenge algorithms Into algorithm) produce challenge set Q:Challenge(Finfo) → Q, and challenge set Q and will be sent to Cloud Server to throw down the gauntlet Address inquires to.
The algorithm is performed by verifier, is inputted as fileinfo Finfo, after verifier receives the inquiry requirement of user, from F N data block in randomly select partial data block composition challenge collection Q and for the data block m that is each challengediGeneration is corresponding Random value vi∈Zp, export to challenge set Q={ i, vi}i∈I, I is the set of data blocks randomly selected from F n data block Close.
Step 4:Cloud Server performs Prove algorithms (i.e. evidence generating algorithm) generation evidence P after being connected to challenge set: Prove (F, T, Q, pk) → P, and evidence P is returned into verifier.
The algorithm is performed by Cloud Server, is inputted as data file F, tag set T, challenge set Q, public key pk.Cloud takes Business device calculates TP=e (∑si∈Qvitj, A '), DP=h (wi)e(∑i∈Qmi,jvj), export as evidence set P={ TP, DP }.
Step 5:Verifier performs Verify algorithms (i.e. evidence checking algorithm) and examines evidence P, and evidence is very then to return to 1 To user, 0 is otherwise returned:Verify(P,Q,pk)→ture/false.
The algorithm is performed by verifier, is inputted as evidence set P, challenge set Q, public key pk.
Verifier verifies after receiving evidence PWhether set up, if set up, output 1; Otherwise 0 is exported.
In addition, in order to realize dynamic authentication, this specific embodiment also proposed the dynamic updating method of Indexing Mechanism.
Assuming that data file F=(m1,m2…mn) in data block miCorresponding concordance list is designated as a four-tuple<Index, Bi,Vi,Ti>, wherein Index is data block miIndex in concordance list, BiFor numbering, ViFor version number, TiFor timestamp.Rope Draw the operation that the dynamic renewal of mechanism mainly includes following 3 type:
1) data block is inserted
The request of insertion data block is represented byInsert Insertion data block is represented, TagGen algorithms generation label t is first carried out in user*If data block will be inserted into miWith mi+1Between, then Index Index is changed into miWith mi+1Index the half of sum, index entry belowIt need not change.This operation cloud clothes Device be engaged in directly in mi+1New data block is inserted beforeWith corresponding label t*
2) data block updates
The request for updating the data block is represented by Modify represents data block renewal, and user is first label corresponding to new data block generation, is transmit a request to after more new version number Cloud Server, Cloud Server find the data block for needing to update according to index Index and are replaced.This operation Cloud Server is used New data blockWith corresponding label t*It substituted for oldWith t*, and have updated corresponding version number.
3) data block is deleted
Deleting the request of data block can be expressed asDelete generations List data block is deleted, and Cloud Server receives after request request the data block and correspondingly according to corresponding to directly being deleted index Index Label.
From above-mentioned content, the present invention a kind of cloud storage data integrity verification method and system based on ECC, profit Data integrity validation is carried out with ECC Bilinear map technology to realize open checking, and the random mask technology for employing ECC is come The security of raising method, and more newly arrived by the dynamic of concordance list mechanism and realize dynamic authentication.Actual safety analysis with Performance evaluation shows that the solution of the present invention is highly resistant to the malicious attack of server, compared with other existing proof schemes, Communication overhead can be reduced, avoids exponent arithmetic, improves computational efficiency.
Above is the preferable implementation to the present invention is illustrated, but the present invention is not limited to the embodiment, ripe A variety of equivalent variations or replacement can also be made on the premise of without prejudice to spirit of the invention by knowing those skilled in the art, this Equivalent deformation or replacement are all contained in the application claim limited range a bit.

Claims (10)

  1. A kind of 1. cloud storage data verification method based on elliptic curve cryptography, it is characterised in that:Comprise the following steps:
    The private key of user and the public key of user are produced by the key schedule based on elliptic curve;
    According to the private key of the data file of input and user generate tag set, and by tag set, input data file and The public key of user is sent to Cloud Server;
    Verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge collection and merges It is sent to Cloud Server;
    After Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, evidence collection is generated Merging returns to verifier;
    Verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the result of evidence simultaneously Return to user.
  2. 2. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 1, its feature exist In:The key schedule by based on elliptic curve produce user private key and user public key the step for, specifically Including:
    User randomly chooses sk=x ∈ ZpAs private key, wherein, ZpFor integer mould p residue class set, x is zpRandom number, p is Prime number;
    This 4 points of A, A ', B and B ' are selected to generate public key pk, the expression of the pk from elliptic curve E (Fq) according to private key sk Formula is:Pk=(p, q, E (Fq), A, B, A ', B ') wherein, q=pd, q is Big prime, and d is integer, A=xB, A=xB, A It is addition cyclic group G with B1Generation member, A ' and B ' are addition cyclic group G2Generation member, G1And G2It is rank on E (Fq) Count the addition cyclic group for p, G1≠G2And G1And G2Meet bilinear map e:G1×G2→GT, GTIt is p's for exponent number on E (Fq) Multiplicative cyclic group.
  3. 3. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 2, its feature exist In:The private key of the data file and user according to input generates tag set, and by tag set, the data file of input The step for being sent to Cloud Server with the public key of user, specifically includes:
    The data file F of input is divided into n isometric data block F=(m1, m2…mn), in the n data block being divided into I-th of data block miM is formed by s elementi=(mi1, mi2…mis);
    Data block m is calculated according to the private key key sk of useriSign ti, the signature tiExpression formula be:Wherein, h () is hash function, the independent variable w of hash functioni=fid | | i, fid are File identification, i are blocks number, | | it is attended operation, mi,jFor data block miJ-th of element, α ∈ Zp
    By n data block signature tiForm tag set T={ ti}i∈[1,n], and by tag set T, the public key pk of user and input Data file F be sent to Cloud Server.
  4. 4. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 3, its feature exist In:The verifier receives the data file of the challenge request that user sends, combination tag set and input, produces challenge set And the step for being sent to Cloud Server, specifically include:
    Verifier receives the fileinfo F for including the challenge request of userinfo
    Verifier is according to fileinfo FinfoSeveral data chunks are extracted from F n data block into challenge set Q, and are every The individual data block m challengediGenerate corresponding random value vi∈Zp, finally give challenge set Q={ i, vi};
    Verifier is sent to Cloud Server by set Q is challenged.
  5. 5. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 4, its feature exist In:After the Cloud Server is connected to challenge set, the public key of combination tag set, the data file of input and user, generation card The step for returning to verifier according to collection merging, specifically includes:
    Cloud Server calculates the first evidence according to challenge set Q, tag set T, the data file F of input and the public key pk of user TP and the second evidence DP, the expression formula of the first evidence TP are:TP=e (∑si∈Qvitj, A '), the table of the second evidence DP It is up to formula:DP=h (wi)e(∑i∈Qmi,jvj), wherein, j is element mi,jIn data block miIn numbering, e (∑si∈Qvitj,A′) Represent ∑i∈QvitjWith A ' in GTIn it is corresponding generation member, e (∑si∈Qmi,jvj) it is GTMiddle ∑i∈Qmi,jvjCorresponding generation member;
    The evidence set P={ TP, DP } being made up of the first evidence TP and the second evidence DP is returned into verifier.
  6. 6. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 5, its feature exist In:The verifier carries out evidence verification according to the public key of evidence set, challenge set and user, obtains the result of evidence And the step for returning to user, it is specially:
    Verifier according to evidence set P, challenge set Q and public key pk after verifyWhether set up, If so, then showing that evidence is true, now return to 1 and give user;Conversely, then showing that evidence is false, now return to 0 and give user, wherein,RepresentWith B ' in GTIn it is corresponding generation member.
  7. 7. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 1, its feature exist In:The step of also including entering the data block in the data file of input and its corresponding concordance list Mobile state renewal.
  8. 8. a kind of cloud storage data verification method based on elliptic curve cryptography according to claim 7, its feature exist In:Data block and its corresponding concordance list in the data file of described pair of input enter the step of Mobile state renewal, specifically include:
    The data file F of input is divided into n data block F=(m1, m2…mn), i-th in n data block being then divided into Individual data block is designated as mi, and by data block miCorresponding concordance list is recorded as a four-tuple<Index,Bi, Vi, Ti>, wherein, Index、Bi、ViAnd TiRespectively data block miIndex, numbering, version number and timestamp in concordance list;
    Mobile state renewal is entered according to the type of dynamic renewal:
    If desired new data block is insertedThe request of insertion data block is then sent to Cloud ServerNow, user is generated newly using label generating algorithm first Data blockCorresponding label t*, then basisThe position of insertion willCorresponding index Index is revised as miWith mi+1Rope Draw the half of sum and keep numberingVersion numberAnd timestampIt is constant, obtainNew concordance list after insertionLast Cloud Server is directly in mi+1New data block is inserted beforeAnd corresponding label t*, wherein, miWith mi+1For with2 adjacent data blocks before and after the position of insertion;
    If desired block is updated the data, then the request for updating the data block is sent to Cloud ServerNow, user uses label generating algorithm to be new first Data blockLabel t corresponding to generation*, request request is then sent to Cloud Server, and Cloud Server is according to request Data block in requestIndex Index find and need the data block that updates, and with new data blockWith corresponding mark Sign t*And version number new in request is asked to replace the corresponding contents in the data block for needing to update;
    If desired data block is deleted, then the request for deleting data block is sent to Cloud ServerNow, Cloud Server receive request request after according to index Index directly delete corresponding to data block and corresponding label.
  9. A kind of 9. cloud storage data verification system based on elliptic curve cryptography, it is characterised in that:Including:
    Key production module, for producing the private key of user and the public affairs of user by the key schedule based on elliptic curve Key;
    Tag generation module, for the private key of the data file according to input and user generate tag set, and by tag set, The data file of input and the public key of user are sent to Cloud Server;
    Module is challenged, the challenge request sent for verifier reception user, the data file of combination tag set and input, production Raw challenge is gathered and is sent to Cloud Server;
    Evidence generation module, after being connected to challenge set for Cloud Server, combination tag set, the data file of input and user Public key, generation evidence set simultaneously returns to verifier;
    Evidence correction verification module, evidence verification is carried out according to the public key of evidence set, challenge set and user for verifier, obtained The result of evidence simultaneously returns to user.
  10. A kind of 10. cloud storage data verification system based on elliptic curve cryptography, it is characterised in that:Including:
    Memory, for storage program;
    Processor, added for loading described program with performing one kind as described in claim any one of 1-8 based on elliptic curve The cloud storage data verification method of close method.
CN201710960350.6A 2017-10-16 2017-10-16 A kind of cloud storage data verification method and system based on elliptic curve cryptography Pending CN107707354A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710960350.6A CN107707354A (en) 2017-10-16 2017-10-16 A kind of cloud storage data verification method and system based on elliptic curve cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710960350.6A CN107707354A (en) 2017-10-16 2017-10-16 A kind of cloud storage data verification method and system based on elliptic curve cryptography

Publications (1)

Publication Number Publication Date
CN107707354A true CN107707354A (en) 2018-02-16

Family

ID=61183871

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710960350.6A Pending CN107707354A (en) 2017-10-16 2017-10-16 A kind of cloud storage data verification method and system based on elliptic curve cryptography

Country Status (1)

Country Link
CN (1) CN107707354A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600201A (en) * 2018-04-09 2018-09-28 东华大学 A kind of telesecurity replacing options of the data label of cloud storage integrity verification
CN108965258A (en) * 2018-06-21 2018-12-07 河南科技大学 A kind of cloud environment data integrity verification method based on full homomorphic cryptography
CN110061994A (en) * 2019-04-24 2019-07-26 青岛大学 A kind of cryptograph files set correctness verification method, system and relevant apparatus
CN111339547A (en) * 2020-03-27 2020-06-26 苏州链原信息科技有限公司 Method for generating data tag, electronic device and computer storage medium
CN111444541A (en) * 2020-03-27 2020-07-24 苏州链原信息科技有限公司 Method, apparatus and storage medium for generating data mean zero knowledge proof
CN111526146A (en) * 2020-04-24 2020-08-11 天津易维数科信息科技有限公司 Data holding verification method, data searching method and corresponding system
CN114244522A (en) * 2021-12-09 2022-03-25 山石网科通信技术股份有限公司 Information protection method and device, electronic equipment and computer readable storage medium
CN115766263A (en) * 2022-11-25 2023-03-07 深圳泓川科技有限公司 Multi-dimensional power data privacy protection aggregation method and system based on cloud and mist calculation
CN114244522B (en) * 2021-12-09 2024-05-03 山石网科通信技术股份有限公司 Information protection method, device, electronic equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993937A (en) * 2015-07-07 2015-10-21 电子科技大学 Method for testing integrity of cloud storage data
US20170005999A1 (en) * 2015-07-02 2017-01-05 Convida Wireless, Llc Content security at service layer
CN106357701A (en) * 2016-11-25 2017-01-25 西安电子科技大学 Integrity verification method for data in cloud storage
CN107172071A (en) * 2017-06-19 2017-09-15 陕西师范大学 A kind of cloud Data Audit method and system based on attribute
US20170286717A1 (en) * 2016-04-05 2017-10-05 Vchain Technology Limited Method and system for managing personal information within independent computer systems and digital networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170005999A1 (en) * 2015-07-02 2017-01-05 Convida Wireless, Llc Content security at service layer
CN104993937A (en) * 2015-07-07 2015-10-21 电子科技大学 Method for testing integrity of cloud storage data
US20170286717A1 (en) * 2016-04-05 2017-10-05 Vchain Technology Limited Method and system for managing personal information within independent computer systems and digital networks
CN106357701A (en) * 2016-11-25 2017-01-25 西安电子科技大学 Integrity verification method for data in cloud storage
CN107172071A (en) * 2017-06-19 2017-09-15 陕西师范大学 A kind of cloud Data Audit method and system based on attribute

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
何凯: "《云存储中数据完整性的聚合盲审计方法》", 《通信学报》 *
赵文强: "《一种支持动态更新的远程数据完整性验证方法》", 《舰船电子工程》 *
陈志忠: "《基于椭圆曲线的云存储数据完整性的验证研究》", 《现代电子技术》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600201A (en) * 2018-04-09 2018-09-28 东华大学 A kind of telesecurity replacing options of the data label of cloud storage integrity verification
CN108965258B (en) * 2018-06-21 2021-07-16 河南科技大学 Cloud environment data integrity verification method based on fully homomorphic encryption
CN108965258A (en) * 2018-06-21 2018-12-07 河南科技大学 A kind of cloud environment data integrity verification method based on full homomorphic cryptography
CN110061994A (en) * 2019-04-24 2019-07-26 青岛大学 A kind of cryptograph files set correctness verification method, system and relevant apparatus
CN110061994B (en) * 2019-04-24 2022-02-25 青岛大学 Ciphertext file set correctness verification method, system and related device
CN111339547A (en) * 2020-03-27 2020-06-26 苏州链原信息科技有限公司 Method for generating data tag, electronic device and computer storage medium
CN111444541A (en) * 2020-03-27 2020-07-24 苏州链原信息科技有限公司 Method, apparatus and storage medium for generating data mean zero knowledge proof
CN111444541B (en) * 2020-03-27 2022-09-09 苏州链原信息科技有限公司 Method, apparatus and storage medium for generating data mean zero knowledge proof
CN111339547B (en) * 2020-03-27 2024-03-19 苏州链原信息科技有限公司 Method for generating data tag, electronic device and computer storage medium
CN111526146A (en) * 2020-04-24 2020-08-11 天津易维数科信息科技有限公司 Data holding verification method, data searching method and corresponding system
CN111526146B (en) * 2020-04-24 2022-05-17 天津易维数科信息科技有限公司 Data holding verification method, data searching method and corresponding system
CN114244522A (en) * 2021-12-09 2022-03-25 山石网科通信技术股份有限公司 Information protection method and device, electronic equipment and computer readable storage medium
CN114244522B (en) * 2021-12-09 2024-05-03 山石网科通信技术股份有限公司 Information protection method, device, electronic equipment and computer readable storage medium
CN115766263A (en) * 2022-11-25 2023-03-07 深圳泓川科技有限公司 Multi-dimensional power data privacy protection aggregation method and system based on cloud and mist calculation
CN115766263B (en) * 2022-11-25 2024-05-03 深圳泓川科技有限公司 Multidimensional electric power data privacy protection aggregation method and system based on cloud and fog calculation

Similar Documents

Publication Publication Date Title
CN107707354A (en) A kind of cloud storage data verification method and system based on elliptic curve cryptography
KR100960578B1 (en) Identity-based key generating methods and devices
CN103268460B (en) A kind of cloud integrity of data stored verification method
US8930660B2 (en) Shared information distributing device, holding device, certificate authority device, and system
CN103765809B (en) The public key of implicit authentication
CN104978239B (en) A kind of method, apparatus and system realizing more Backup Data dynamics and updating
CN106503995A (en) A kind of data sharing method, source node, destination node and system
CN106603561B (en) Block level encryption method and more granularity deduplication methods in a kind of cloud storage
CN106612320A (en) Encrypted data dereplication method for cloud storage
CN111641712B (en) Block chain data updating method, device, equipment, system and readable storage medium
CN108039943A (en) A kind of encryption searching method that can verify that
CN106776904A (en) The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment
CN109802967A (en) Block chain information method for tracing and system
CN110096903B (en) Asset verification method based on block chain and block chain network system
CN108123934A (en) A kind of data integrity verifying method towards mobile terminal
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN105721156A (en) General Encoding Functions For Modular Exponentiation Encryption Schemes
CN106790311A (en) Cloud Server stores integrality detection method and system
CN108540280A (en) A kind of the secure data sharing method and system of resource high-efficiency
CN103916393B (en) Cloud data-privacy protection public&#39;s auditing method based on symmetric key
US20220172180A1 (en) Method for Storing Transaction that Represents Asset Transfer to Distributed Network and Program for Same
CN112199697A (en) Information processing method, device, equipment and medium based on shared root key
CN106611134A (en) Cloud data integrity verification method
Gudeme et al. Review of remote data integrity auditing schemes in cloud computing: taxonomy, analysis, and open issues
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180216