CN108182367A - A kind of encrypted data chunk client De-weight method for supporting data update - Google Patents

A kind of encrypted data chunk client De-weight method for supporting data update Download PDF

Info

Publication number
CN108182367A
CN108182367A CN201711347947.XA CN201711347947A CN108182367A CN 108182367 A CN108182367 A CN 108182367A CN 201711347947 A CN201711347947 A CN 201711347947A CN 108182367 A CN108182367 A CN 108182367A
Authority
CN
China
Prior art keywords
node
clear text
text file
block
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711347947.XA
Other languages
Chinese (zh)
Other versions
CN108182367B (en
Inventor
刘茂珍
杨超
杨力
张俊伟
马建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201711347947.XA priority Critical patent/CN108182367B/en
Publication of CN108182367A publication Critical patent/CN108182367A/en
Application granted granted Critical
Publication of CN108182367B publication Critical patent/CN108182367B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of encrypted data chunk client De-weight methods for supporting data update, utilize convergent encryption algorithm, so that identical cryptograph files block is mapped as after identical clear text file block encryption, novel dynamic equilibrium skip list is built as File Ownership authentication structures, it carries out server to interact with the File Ownership certification between the subsequent uploader of file, realizes encrypted data chunk client duplicate removal.The method for proposing dynamic equilibrium skip list self-balancing, the dynamic operation instruction uploaded according to user and the authentication value of clear text file block to be updated, it modifies, be inserted into and delete operation to dynamic equilibrium skip list interior joint, the present invention not only increases server duplicate removal ratio and utilization ratio of storage resources, save user bandwidth and uplink time, and support data block update, realize servers' data elastic management.

Description

A kind of encrypted data chunk client De-weight method for supporting data update
Technical field
The invention belongs to field of computer technology, further to a kind of support data in field of information security technology more New encrypted data chunk client De-weight method.The present invention can be used for supporting encrypted data chunk duplicate removal and newer cloud storage system System, can not only improve duplicate removal ratio, save the uploading bandwidth of user and the memory space of server, also support user to blocks of files Update operation, realize data elastic management.
Background technology
Cloud storage data deduplication technology, which is widely used in data backup, reduces network and storage overhead.The technology can be with Data redundancy is eliminated, leaves behind a physical copy, the data copy without retaining multiple identical contents.Data deduplication technology Based on different duplicate removal strategies, client server duplicate removal, file-level or blocks of files grade duplicate removal etc. can be divided into.Client is gone Weight is compared to server end duplicate removal, it is possible to reduce user bandwidth and uplink time are saved in the upload of repeated data, are brought preferably User experience.Blocks of files grade duplicate removal can realize more fine-grained duplicate removal, improve duplicate removal ratio and deposit compared to file-level duplicate removal Store up resource utilization.Therefore, encrypted data chunk duplicate removal technology or encryption data client duplicate removal technology obtain cloud storage service The affirmative of supplier and support.But in actual life, people generally require to propose high in the clouds backup file update request, therefore, Elastic management of the server to data is realized in update of the data deduplication technical support user to high in the clouds data, has great show Real demand.
Patent document " a kind of safe data de-duplication method " (Shen that Beijing Safe-Code Technology Co., Ltd. applies at it Please number:201310736892.7 publication number:CN 103731423A) in disclose a kind of method of data de-duplication.The party The specific steps of method include:The file that client stores needs is encrypted to ciphertext with the different Encryption Algorithm of same key; Server judges whether to store this document by the cryptographic Hash of file first;Client is decrypted by the ciphertext that server returns Go out key, then encrypted with another Encryption Algorithm;Server is encrypted twice by documents with same Encryption Algorithm to be judged whether Carry out data de-duplication.Shortcoming is existing for this method:Key in this method is randomly generated by user, it is impossible to The content spoofing attack initiated by file first place uploader is resisted, safety is relatively low, and this method does not support blocks of files grade to go Weight, duplicate removal granularity is small, and duplicate removal ratio is low.
Paper " the BL-MLE that Chen R, Mu Y and Yang G et al. are delivered at it:Block-Level Message- Locked Encryption for Secure Large File Deduplication”(IEEE Transactions on Information Forensics Security,2015,10(12):2643-2652.) a kind of encryption blocks of files is proposed in De-weight method.This method is encrypted blocks of files based on convergent encryption algorithm, realizes blocks of files grade duplicate removal.This method Specific steps:Client recycles the cryptographic Hash of file in blocks of files using the cryptographic Hash encryption blocks of files of blocks of files Hold and carry out exponent arithmetic, generate blocks of files label.Server judges to whether there is phase in different files by Bilinear map equation Same blocks of files deletes and repeats encryption blocks of files, so as to fulfill blocks of files grade duplicate removal.Shortcoming is existing for this method:It uses Bilinear algorithm and exponent arithmetic, computation complexity is high, and efficiency is low;User cannot be supported to operate the update of blocks of files, if with Family is wanted to update high in the clouds backup file, then needs to upload updated entire file, and is not only to need newer blocks of files, from And waste user's uploading bandwidth and uplink time.
Paper " the DeyPoS that He K, Chen J, Du R et al. is delivered at it:Deduplicatable Dynamic Proof of Storage for Multi-User Environments”(IEEE Transactions on Computers, 2016,65(12):3631-3645.) it is proposed in and the newer file of dynamic is supported to own under a kind of cloud storage data deduplication environment The method for weighing certification and integrity verification.This method devises a kind of new File Ownership authentication structures --- homomorphism certification Tree, it can support three kinds of update operations, can meet user and upgrade demand to blocks of files.The calculating of each node in homomorphism certification tree Using homomorphic algorithm, certification of the server based on the structure subsequent uploader progress File Ownership to file.The program exists Shortcoming be:Large-scale be inserted into can lead to the unbalance of homomorphism authentication structures with delete operation, so as to lose binary chop High efficiency;This method does not support encryption blocks of files duplicate removal, and duplicate removal ratio is low.
Paper " the Updatable Block-Level that Zhao, Yongjun, and S.S.M.Chow are delivered at it Message-Locked Encryption[C]”(ACM Asia Conference on Computer and Communications Security.ACM, 2017.) a kind of renewable data based on convergent encryption algorithm are proposed in Block De-weight method.The specific steps of this method:User encrypts blocks of files using the cryptographic Hash of blocks of files, before blocks of files cryptographic Hash After be connected to new clear text file block, the cryptographic Hash of new clear text file block is recycled to encrypt corresponding new clear text file block, until Generate the last one clear text file block, the master key of the cryptographic Hash of the clear text file block as file, for file encryption and Update;Server establishes Merkle Tree based on above-mentioned encryption blocks of files, for depositing for blocks of files and blocks of files key connection value Storage and update.Shortcoming is existing for this method:It does not propose safe and efficient File Ownership authentication method, causes a large amount of The upload of duplicate file block wastes user bandwidth;Using iteration convergence Encryption Algorithm calculation document block ciphertext so that blocks of files is close The decrypting process efficiency of text is low;Merkle Tree only support the modification update of leaf node, not because the structure of itself limits Leaf node is supported to be inserted into and delete update, is upgraded demand it is thus impossible to fully meet user to blocks of files.
Invention content
The purpose of the present invention is in view of the above shortcomings of the prior art, propose a kind of encrypted data chunk for supporting data update Client De-weight method.
In order to which the concrete thought for realizing the object of the invention is:The method that encryption blocks of files is calculated using convergent encryption algorithm, Identical cryptograph files block is mapped as after ensuring identical clear text file block encryption, realizes going for same file block in different files Weight protects data privacy, improves the duplicate removal ratio and utilization ratio of storage resources of server end.Based on efficient on skip list probability It searches and supports the characteristic of update operation, propose that the novel dynamic equilibrium skip list with binary chop advantage owns as file The authentication structures of power and new authentication method are realized that server is interacted with the File Ownership certification of the subsequent uploader of file, are kept away Exempt from identical block to repeat to upload, save user bandwidth and uplink time.Finally, it is special to use for reference balanced binary tree constitutional balance Property, it proposes the method that the update of dynamic equilibrium skip list operates self-balancing, is instructed according to the dynamic operation that user uploads and to be updated Clear text file block authentication value, realize dynamic equilibrium skip list interior joint modification, insertion and delete operation, to support high in the clouds Servers' data elastic management is realized in the update of blocks of files.
The specific steps of the present invention include as follows:
(1) data block is encrypted in file first place uploader:
(1a) file first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates The key of clear text file using the key of clear text file as input, calculates the label of clear text file;
(1b) file first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
(1c) file first place uploader utilize 256 secure hash algorithm SHA256, using each clear text file block as Input calculates the key of each clear text file block, is made with being connected before and after each clear text file block and clear text file block key For input, the authentication value of each clear text file block is calculated;
(1d) file first place uploader uses clear text file using the Encryption Algorithm in 256 Advanced Encryption Standard AES256 The key encrypting plaintext blocks of files of block, obtains cryptograph files block, with the company of the key encrypting plaintext blocks of files key of clear text file Ad valorem obtains the connection value ciphertext of clear text file block key;
(1e) file first place uploader is by the label of clear text file, the authentication value of clear text file block, cryptograph files block and bright The connection value ciphertext of literary blocks of files key is uploaded to server;
(2) the novel dynamic equilibrium skip list of server construction:
(2a) is corresponding bright according to clear text file block authentication value by the corresponding base level nodes of each clear text file block authentication value The tandem of literary blocks of files connects into a single linked list;
(2b) generates father's section since first node on the left of current chained list, using each two node as child node Point;If current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node;
(2c) using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to Child node or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by Hash connection value Cryptographic Hash is assigned to the cryptographic Hash of each father node;
(2d) by child node each in each father node up to base level nodes number and be assigned to the reachable of each father node Base level nodes number;The number of nodes generated used in each father node is assigned to the son node number of each father node;
(2e) is directed toward the position of first child node on the left of the node with the lower pointer of each father node, and the father of generation is saved Point is linked into father chain's table according to the sequencing of generation;
(2f) deletes the pointer between different father node child nodes;
Whether (2g) is judged only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root Node performs step (3) after obtaining dynamic equilibrium skip list;Otherwise, step is performed after using father chain's table of generation as current chained list Suddenly (2b);
(3) server carries out deduplication operation to encrypted data chunk:
256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate cryptograph files block Label, delete the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk for completing server end goes It operates again;
(4) the subsequent uploader of file carries out File Ownership certification interaction with server:
(4a) server by utilizing random function at random generation two positive integers, by two positive integers be sent to file it is subsequent on Biography person;
The subsequent uploader of (4b) file is using one in two positive integers as random seed, generation and another positive integer Equal multiple random numbers are as by the index value of challenge blocks of files;
The subsequent uploader of (4c) file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
The subsequent uploader of (4d) file utilizes 256 secure hash algorithm SHA256, calculates by the index of challenge blocks of files The corresponding authentication value by challenge blocks of files of value, sends it to server;
(5) server determines whether the subsequent uploader is file owner:
(5a) server is using one in two positive integers as random seed, more equal with another positive integer of generation A random number is as by the index value of challenge blocks of files;
(5b) in dynamic equilibrium skip list, the father of whois lookup base level nodes corresponding to challenge blocks of files index value The brotgher of node of class node and class node;
(5c) utilizes 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node and the quilt received The authentication value of blocks of files is challenged, recalculates the cryptographic Hash of dynamic equilibrium skip list root node;
(5d) judges the cryptographic Hash of dynamic equilibrium skip list root node and the root node cryptographic Hash that server local is stored Whether equal, if so, File Ownership certification passes through, server performs step after follow-up uploader is labeled as file owner Suddenly (6);Otherwise, File Ownership authentification failure;
(6) the cryptograph files block at file owner's download server end:
The label of clear text file and download request are sent to server by (6a) file owner;
(6b) server is by the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection value Ciphertext is sent to file owner;
(7) file owner decrypts the cryptograph files block of server end:
File owner is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, with the key solution of clear text file The connection value ciphertext of close clear text file block key, obtains the connection value of clear text file block key, with the key solution of clear text file block Close cryptograph files block, obtains clear text file block;
(8) new clear text file block is encrypted in file owner:
The label of clear text file and update request are sent to server by (8a) file owner;
The ciphertext of blocks of files key connection value is sent to file owner by (8b) server;
(8c) using the decipherment algorithm in 256 Advanced Encryption Standard AES256, file owner's clear text file it is close The ciphertext of key decrypted plaintext blocks of files key connection value, obtains the connection value of clear text file block key;
(8d) calculates the key of new clear text file respectively using 256 secure hash algorithm SHA256, file owner, The label of new clear text file, the to be modified or key of clear text file block being inserted into and clear text file that is to be modified or being inserted into The authentication value of block;
(8e) file owner utilizes the index value of clear text file block to be modified or be inserted into and its clear text file block The connection value of key updating clear text file block key obtains the connection value of new clear text file block key;
(8f) using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or to be inserted The key of the clear text file block entered encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new The key of clear text file encrypt the connection value of new clear text file block key, obtain the connection value of new clear text file block key Ciphertext;
(8g) file owner is by the connection value ciphertext, dynamic of the label of new clear text file, new clear text file block key State operational order, it is to be modified or be inserted into or the index value of blocks of files to be deleted, it is to be modified or be inserted into cryptograph files block, treat It changes the authentication value of clear text file block being inserted into and is sent to server;
(9) server carries out deduplication operation to new cryptograph files block:
256 secure hash algorithm SHA256 of server by utilizing calculate the mark of cryptograph files block that is to be modified or being inserted into Label delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server end Make;
(10) base level nodes in server modification dynamic equilibrium skip list:
The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brother of class node Node, using 256 secure hash algorithm SHA256, the authentication value of server clear text file block to be modified and the brotgher of node Authentication value updates the authentication value of class node;
(11) server is inserted into the base level nodes in dynamic equilibrium skip list:
The index value that (11a) whois lookup is inserted into blocks of files corresponds to the class nodes of base level nodes, generates a base Node layer is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and is inserted into node 1 is assigned a value of up to base level nodes number, the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into and is inserted into blocks of files Index value corresponding to base level nodes backpointer position;
The son node number of the class node of lowermost layer is added 1 by (11b), using the class node of lowermost layer as present node;
(11c) judges whether the son node number of present node is equal to 3, if so, performing step (11d);Otherwise, step is performed Suddenly (11e);
(11d) updates the cryptographic Hash of present node, up to base level nodes numbers using each child node of present node, Perform step (11f);
(11e) utilizes first, the left side child node of present node and the Hash of second sub- node updates present node Value, reachable base level nodes number and son node number;It is generated using the left side third child node of present node and the 4th child node The node of generation is inserted into the backpointer position of present node by another node, by the child node of the father node of present node Number plus 1;
(11f) judges whether present node is root node, if so, performing step (12);Otherwise, with last layer parent section Point performs step (11c) as present node;
(12) server deletes the base level nodes in dynamic equilibrium skip list:
The index value of (12a) whois lookup blocks of files to be deleted corresponds to the class node of base level nodes, deletes to be deleted Base level nodes corresponding to the index value of blocks of files;
The son node number of the class node of lowermost layer is subtracted 1 by (12b), using the class node of lowermost layer as present node;
(12c) judges whether the son node number of present node is equal to 2, if so, performing step (12d);Otherwise, step is performed Suddenly (12e);
(12d) updates the cryptographic Hash of present node, up to base level nodes numbers using each child node of present node, Perform step (12l);
(12e) judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing step (12f);It is no Then, step (12i) is performed;
(12f) judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so, Perform step (12g);Otherwise, step (12h) is performed;
(12g) is using first, the left side child node of the backpointer meaning brotgher of node of present node as a left side for present node The child node of side second, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and Son node number utilizes the Kazakhstan of the remaining two sub- node updates brotgher of node of the brotgher of node of the backpointer meaning of present node Uncommon value, reachable base level nodes number and son node number, perform step (12l);
(12h) is using unique child node of present node as first, the left side of the present node backpointer meaning brotgher of node Child node utilizes the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, reachable Base level nodes number and son node number delete present node, step are performed after subtracting 1 by the son node number of last layer class node (12l);
(12i) judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing step Suddenly (12j);Otherwise, step (12k) is performed;
(12j) is using the left side third child node of the previous brotgher of node as first, the left side son section of present node Point, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, utilization The cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of present node, reachable base level nodes number And son node number, perform step (12l);
(12k) is using unique child node of present node as the left side third height of the previous brotgher of node of present node Node, using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to base Number of nodes and son node number delete present node, subtract 1 by the son node number of last layer class node;
(12l) judges whether present node is root node, if so, performing step (13);Otherwise, with the parent section of last layer Point performs step (12c) as present node;
(13) dynamic equilibrium skip list update finishes.
Compared with the prior art, the present invention has the following advantages:
First, since the present invention according to the authentication value of clear text file block constructs a novel dynamic equilibrium skip list, and Using the dynamic equilibrium skip list as the authentication structures for uploading File Ownership, the upper transmitting file between user and server is realized Ownership certification interacts, and overcomes the prior art in the presence of the defects of cannot supporting blocks of files client duplicate removal so that present invention tool Identical block is avoided to repeat to upload, saves user bandwidth and uplink time, improves the excellent of server stores resources utilization rate Point.
Second, since the present invention proposes a kind of method of dynamic equilibrium skip list update self-balancing, uploaded according to user Dynamic operation instruction and clear text file block to be updated authentication value, changing, inserting for node is carried out to dynamic equilibrium skip list Enter and delete operation, the defects of user efficiently updates high in the clouds Backup Data cannot be met in the prior art by overcoming so that this hair It is bright that there is the advantages of supporting data block update, realizing servers' data elastic management.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Fig. 2 is the schematic diagram of the novel dynamic equilibrium skip list step of server construction of the present invention.
Fig. 3 is the flow chart that new clear text file block is encrypted in the bright file owner of this law;
Fig. 4 is the schematic diagram that the bright server of this law changes base level nodes in dynamic equilibrium skip list;
Fig. 5 is the schematic diagram that the bright server of this law is inserted into base level nodes in dynamic equilibrium skip list;
Fig. 6 is the schematic diagram that the bright server of this law deletes base level nodes in dynamic equilibrium skip list;
Fig. 7 is the flow chart that the bright server of this law deletes the base level nodes in dynamic equilibrium skip list;
Specific embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
The step of 1 couple of present invention realizes below in conjunction with the accompanying drawings is described in further detail.
Step 1, data block is encrypted in file first place uploader.
File first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates in plain text The key of file using the key of clear text file as input, calculates the label of clear text file.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
File first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks.
File first place uploader utilizes 256 secure hash algorithm SHA256, using each clear text file block as input, The key of each clear text file block is calculated, it is defeated to be connected to before and after each clear text file block and clear text file block key Enter, calculate the authentication value of each clear text file block.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
File first place uploader is using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, with clear text file block Key encrypting plaintext blocks of files, obtains cryptograph files block, with the connection value of the key encrypting plaintext blocks of files key of clear text file, Obtain the connection value ciphertext of clear text file block key.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses, Wherein, the length of key is the Advanced Encryption Standard of 256.
File first place uploader is literary by the label of clear text file, the authentication value of clear text file block, cryptograph files block and plaintext The connection value ciphertext of part block key is uploaded to server.
Step 2, the novel dynamic equilibrium skip list of server construction.
The step of 2 pairs of server construction dynamic equilibrium skip lists are described in further detail below in conjunction with the accompanying drawings.
A, B, C, D represent four base level nodes in Fig. 2, and E represents the father node of node A and node B, and F represents node C and section The father node of point D, R represent the father node of node E and node F, while also illustrate that the root node of entire dynamic equilibrium skip list.
It is literary according to the corresponding plaintext of clear text file block authentication value by the corresponding base level nodes of each clear text file block authentication value The tandem of part block connects into a single linked list.
The base level nodes refer to, positioned at the node of dynamic equilibrium skip list bottom.
(2b) generates father's section since first node on the left of current chained list, using each two node as child node Point;If current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node.
The node refers to, forms the basic unit of dynamic equilibrium skip list, and each node is made of a five-tuple, First group membership is respectively node cryptographic Hash, node up to base level nodes number, son node number, backpointer and lower pointer.
Using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to sub- section Point or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by the Hash of Hash connection value Value is assigned to the cryptographic Hash of each father node.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
By child node each in each father node up to reachable base that is base level nodes number and being assigned to each father node Node layer number;The number of nodes generated used in each father node is assigned to the son node number of each father node.
The position of first child node on the left of the node is directed toward with the lower pointer of each father node, the father node of generation is pressed Father chain's table is linked into according to the sequencing of generation.
Delete the pointer between different father node child nodes.
Judge whether only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root node, Step 3 is performed after obtaining dynamic equilibrium skip list;Otherwise, step (2b) is performed after using father chain's table of generation as current chained list.
Father chain's table refers to, the single linked list being made of multiple father nodes.
Step 3, server carries out deduplication operation to encrypted data chunk.
256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate cryptograph files block Label, delete the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk for completing server end goes It operates again.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
Step 4, the subsequent uploader of file carries out File Ownership certification interaction with server.
Server by utilizing random function generates two positive integers at random, and two positive integers are sent to the subsequent upload of file Person.
The subsequent uploader of file generates equal with another positive integer using one in two positive integers as random seed Multiple random numbers as by the index value of challenge blocks of files.
The subsequent uploader of file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks.
The subsequent uploader of file utilizes 256 secure hash algorithm SHA256, calculates by the index value institute of challenge blocks of files The corresponding authentication value by challenge blocks of files sends it to server.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
Step 5, server determines whether the subsequent uploader is file owner.
Server using one in two positive integers as random seed, generation it is equal with another positive integer it is multiple with Machine number is as by the index value of challenge blocks of files.
In dynamic equilibrium skip list, the parent section of whois lookup base level nodes corresponding to challenge blocks of files index value The brotgher of node of point and class node.
The class node refers to, in the node being accessed from root node to the search procedure of some base level nodes Meet the node for including the base level nodes up to node, not including base level nodes in itself.
The brotgher of node refers to, the general designation of other nodes in same single linked list.
Using 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node is challenged with what is received The authentication value of blocks of files recalculates the cryptographic Hash of dynamic equilibrium skip list root node.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
Judge the cryptographic Hash of dynamic equilibrium skip list root node and whether root node cryptographic Hash that server local is stored Equal, if so, File Ownership certification passes through, server is by follow-up uploader labeled as execution step 6 after file owner; Otherwise, File Ownership authentification failure.
Step 6, the cryptograph files block at file owner's download server end.
The label of clear text file and download request are sent to server by file owner.
Server is by the ciphertext of the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection value It is sent to file owner.
Step 7, file owner decrypts the cryptograph files block of server end.
File owner is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, with the key solution of clear text file The connection value ciphertext of close clear text file block key, obtains the connection value of clear text file block key, with the key solution of clear text file block Close cryptograph files block, obtains clear text file block.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses, Wherein, the length of key is the Advanced Encryption Standard of 256.
Step 8, new clear text file block is encrypted in file owner.
The step of 3 pairs of new clear text file block encryptions are described in further detail below in conjunction with the accompanying drawings.
The label of clear text file and update request are sent to server by file owner.
The ciphertext of blocks of files key connection value is sent to file owner by server.
Using the decipherment algorithm in 256 Advanced Encryption Standard AES256, the key solution of file owner's clear text file The ciphertext of close clear text file block key connection value, obtains the connection value of clear text file block key.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses, Wherein, the length of key is the Advanced Encryption Standard of 256.
Using 256 secure hash algorithm SHA256, file owner calculates the key of new clear text file respectively, new The label of clear text file, the to be modified or key of clear text file block that is inserted into and to be modified or the clear text file block that is inserted into Authentication value.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
File owner utilizes the index value of clear text file block that is to be modified or being inserted into and its key of clear text file block The connection value of clear text file block key is updated, obtains the connection value of new clear text file block key.
Using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or be inserted into The key of clear text file block encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new bright The key of file encrypts the connection value of new clear text file block key, and the connection value for obtaining new clear text file block key is close Text.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses, Wherein, the length of key is the Advanced Encryption Standard of 256.
File owner grasps the label of new clear text file, the connection value ciphertext of new clear text file block key, dynamic It instructs, is to be modified or be inserted into or the index value of blocks of files to be deleted, the to be modified or cryptograph files block, to be modified that is inserted into The authentication value of clear text file block being inserted into is sent to server.
Step 9, server carries out deduplication operation to new cryptograph files block.
256 secure hash algorithm SHA256 of server by utilizing calculate the mark of cryptograph files block that is to be modified or being inserted into Label delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server end Make.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
Step 10, the base level nodes in server modification dynamic equilibrium skip list.
4 pairs of servers change the step of base level nodes on some position in dynamic equilibrium skip list bottom below in conjunction with the accompanying drawings Suddenly it is described in further detail.
Fig. 4 (a) is the dynamic equilibrium skip list of storage before server modification operation, after Fig. 4 (b) is server modification operation Dynamic equilibrium skip list.
A, B, C, D represent four base level nodes in Fig. 4 (a), and E represents the father node of node A and node B, and F represents node C With the father node of node D, R represents the father node of node E and node F, while also illustrates that the root section of entire dynamic equilibrium skip list Point.
C in Fig. 4 (b) represents the base level nodes of modification, and R, F represent the class node of node C, and E, D represent class node The brotgher of node, wherein E represents the brotgher of node of node F, and D represents the brotgher of node of node C.
The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brother of class node Node, using 256 secure hash algorithm SHA256, the authentication value of server clear text file block to be modified and the brotgher of node Authentication value updates the authentication value of class node.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two The message of system position.
Step 11, server is inserted into the base level nodes in dynamic equilibrium skip list.
5 pairs of servers are in one base level nodes of some position of dynamic equilibrium skip list bottom insertion below in conjunction with the accompanying drawings Step is described in further detail.
Fig. 5 (a) is that server is inserted into the dynamic equilibrium skip list stored before node G operations, and (b) is inserted into base for server Dynamic equilibrium skip list after node G operations, (c) are that server is inserted into the dynamic equilibrium skip list stored before node H operations, (d) the dynamic equilibrium skip list after base level nodes H operations is inserted into for server;
A, B, C, D represent four base level nodes in Fig. 5 (a), and E represents the father node of node A and node B, and F represents node C With the father node of node D, R represents the father node of node E and node F, while also illustrates that the root section of entire dynamic equilibrium skip list Point.
The base level nodes that G expressions are inserted into Fig. 5 (b), R, F represent the class node of node G, and E, C, D represent parent section The brotgher of node of point, wherein E represent the brotgher of node of node F, and C, D represent the brotgher of node of node G.
A, B, G, C, D represent five base level nodes in Fig. 5 (c), and E represents the father node of node A and node B, and F represents node G, the father node of node C and node D, R represent the father node of node E and node F, while also illustrate that entire dynamic equilibrium skip list Root node.
The base level nodes that H expressions are inserted into Fig. 5 (d), R, F represent the class node of node H, and E, G, C, D represent parent The brotgher of node of node, wherein E represent the brotgher of node of node F, and G, C, D represent the brotgher of node of node H;In renewal process In, it generates new inode and is inserted into F node backpointers position.
1st step, the index value that whois lookup is inserted into blocks of files correspond to the class nodes of base level nodes, generate a base Node layer is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and is inserted into node 1 is assigned a value of up to base level nodes number, the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into and is inserted into blocks of files Index value corresponding to base level nodes backpointer position.
The son node number of the class node of lowermost layer is added 1, using the class node of lowermost layer as present node by the 2nd step.
3rd step, judges whether the son node number of present node is equal to 3, if so, performing the 4th step;Otherwise, the 5th is performed Step.
4th step using each child node of present node, updates the cryptographic Hash of present node, reachable base level nodes number, Perform the 6th step.
5th step utilizes first, the left side child node of present node and the Hash of second sub- node updates present node Value, reachable base level nodes number and son node number;It is generated using the left side third child node of present node and the 4th child node The node of generation is inserted into the backpointer position of present node by another node, by the child node of the father node of present node Number plus 1.
6th step judges whether present node is root node, if so, performing step 12;Otherwise, with last layer parent section Point performs the 3rd step as present node.
Step 12, server deletes the base level nodes in dynamic equilibrium skip list.
The flow chart of 6 schematic diagram and attached drawing 7 below in conjunction with the accompanying drawings to server in dynamic equilibrium skip list bottom, is deleted Except being described in further detail the step of base level nodes on some position.
Fig. 6 (a) is that server deletes the dynamic equilibrium skip list stored before base level nodes G operations, and (b) is deleted for server Dynamic equilibrium skip list after base level nodes G operations, (c) are that server deletes the dynamic equilibrium stored before base level nodes C operations Skip list, (d) are that server deletes the dynamic equilibrium skip list after base level nodes C operations;
A, B, G, C, D represent five base level nodes in Fig. 6 (a), and E represents the father node of node A and node B, and F represents node G, the father node of node C and node D, R represent the father node of node E and node F, while also illustrate that entire dynamic equilibrium skip list Root node.
G represents deleted base level nodes in Fig. 6 (b), and R, F represent the class node of node G, and E, C, D represent parent section The brotgher of node of point, wherein E represent the brotgher of node of node F, and C, D represent the brotgher of node of node G.
A, B, C, D represent four base level nodes in Fig. 6 (c), and E represents the father node of node A and node B, and F represents node C With the father node of node D, R represents the father node of node E and node F, while also illustrates that the root section of entire dynamic equilibrium skip list Point.
C represents deleted base level nodes in Fig. 6 (d), and R, F represent the class node of node C, and E, D represent class node The brotgher of node, wherein E represents the brotgher of node of node F, and D represents the brotgher of node of node C;At no point in the update process, F nodes quilt It deletes, D nodes are in the position for being moved to B node backpointer.
1st step, the index value of whois lookup blocks of files to be deleted correspond to the class node of base level nodes, delete to be deleted Base level nodes corresponding to the index value of blocks of files.
The son node number of the class node of lowermost layer is subtracted 1, using the class node of lowermost layer as present node by the 2nd step.
3rd step, judges whether the son node number of present node is equal to 2, if so, performing the 4th step;Otherwise, the 5th is performed Step.
4th step using each child node of present node, updates the cryptographic Hash of present node, reachable base level nodes number, Perform the 12nd step.
5th step, judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing the 6th step;Otherwise, Perform the 9th step.
6th step, judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so, Perform the 7th step;Otherwise, the 8th step is performed.
7th step, using first, the left side child node of the backpointer meaning brotgher of node of present node as present node Second, left side child node, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number And son node number, utilize remaining two sub- node updates brotghers of node of the brotgher of node of the backpointer meaning of present node Cryptographic Hash, reachable base level nodes number and son node number, perform the 12nd step.
8th step, using unique child node of present node as the left side first of the present node backpointer meaning brotgher of node A child node, using the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, can Up to base level nodes number and son node number, present node is deleted, the 12nd is performed after subtracting 1 by the son node number of last layer class node Step.
9th step, judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing the 10 steps;Otherwise, the 11st step is performed.
10th step, using the left side third child node of the previous brotgher of node as first, the left side son section of present node Point, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, utilization The cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of present node, reachable base level nodes number And son node number, perform the 12nd step.
11st step, using unique child node of present node as the left side third of the previous brotgher of node of present node Child node, using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to base Node layer number and son node number delete present node, subtract 1 by the son node number of last layer class node.
12nd step judges whether present node is root node, if so, performing step 13;Otherwise, with the parent section of last layer Point performs the 3rd step as present node.
Step 13, dynamic equilibrium skip list update finishes.

Claims (8)

1. a kind of encrypted data chunk client De-weight method for supporting data update, which is characterized in that include the following steps:
(1) data block is encrypted in file first place uploader:
(1a) file first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates in plain text The key of file using the key of clear text file as input, calculates the label of clear text file;
(1b) file first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
(1c) file first place uploader utilizes 256 secure hash algorithm SHA256, using each clear text file block as input, The key of each clear text file block is calculated, it is defeated to be connected to before and after each clear text file block and clear text file block key Enter, calculate the authentication value of each clear text file block;
(1d) file first place uploader is using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, with clear text file block Key encrypting plaintext blocks of files, obtains cryptograph files block, with the connection value of the key encrypting plaintext blocks of files key of clear text file, Obtain the connection value ciphertext of clear text file block key;
(1e) file first place uploader is literary by the label of clear text file, the authentication value of clear text file block, cryptograph files block and plaintext The connection value ciphertext of part block key is uploaded to server;
(2) the novel dynamic equilibrium skip list of server construction:
(2a) by the corresponding base level nodes of each clear text file block authentication value, according to the corresponding plaintext text of clear text file block authentication value The tandem of part block connects into a single linked list;
(2b) generates a father node since first node on the left of current chained list, using each two node as child node;If When current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node;
(2c) using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to sub- section Point or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by the Hash of Hash connection value Value is assigned to the cryptographic Hash of each father node;
(2d) is by child node each in each father node up to reachable base that is base level nodes number and being assigned to each father node Node layer number;The number of nodes generated used in each father node is assigned to the son node number of each father node;
(2e) is directed toward the position of first child node on the left of the node with the lower pointer of each father node, and the father node of generation is pressed Father chain's table is linked into according to the sequencing of generation;
(2f) deletes the pointer between different father node child nodes;
Whether (2g) is judged only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root node, Step (3) is performed after obtaining dynamic equilibrium skip list;Otherwise, step is performed after using father chain's table of generation as current chained list (2b);
(3) server carries out deduplication operation to encrypted data chunk:
256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate the mark of cryptograph files block Label delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server end Make;
(4) the subsequent uploader of file carries out File Ownership certification interaction with server:
(4a) server by utilizing random function generates two positive integers at random, and two positive integers are sent to the subsequent upload of file Person;
The subsequent uploader of (4b) file generates equal with another positive integer using one in two positive integers as random seed Multiple random numbers as by the index value of challenge blocks of files;
The subsequent uploader of (4c) file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
The subsequent uploader of (4d) file utilizes 256 secure hash algorithm SHA256, calculates by the index value institute of challenge blocks of files The corresponding authentication value by challenge blocks of files sends it to server;
(5) server determines whether the subsequent uploader is file owner:
(5a) server using one in two positive integers as random seed, generation it is equal with another positive integer it is multiple with Machine number is as by the index value of challenge blocks of files;
(5b) in dynamic equilibrium skip list, the parent section of whois lookup base level nodes corresponding to challenge blocks of files index value The brotgher of node of point and class node;
(5c) is challenged using 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node with what is received The authentication value of blocks of files recalculates the cryptographic Hash of dynamic equilibrium skip list root node;
Whether the root node cryptographic Hash that (5d) judges the cryptographic Hash of dynamic equilibrium skip list root node and server local is stored Equal, if so, File Ownership certification passes through, server performs step after follow-up uploader is labeled as file owner (6);Otherwise, File Ownership authentification failure;
(6) the cryptograph files block at file owner's download server end:
The label of clear text file and download request are sent to server by (6a) file owner;
(6b) server is by the ciphertext of the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection value It is sent to file owner;
(7) file owner decrypts the cryptograph files block of server end:
File owner is bright with the secret key decryption of clear text file using the decipherment algorithm in 256 Advanced Encryption Standard AES256 The connection value ciphertext of literary blocks of files key, obtains the connection value of clear text file block key, and the secret key decryption with clear text file block is close Literary blocks of files obtains clear text file block;
(8) new clear text file block is encrypted in file owner:
The label of clear text file and update request are sent to server by (8a) file owner;
The ciphertext of blocks of files key connection value is sent to file owner by (8b) server;
(8c) is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, the key solution of file owner's clear text file The ciphertext of close clear text file block key connection value, obtains the connection value of clear text file block key;
(8d) calculates the key of new clear text file respectively using 256 secure hash algorithm SHA256, file owner, new The label of clear text file, the to be modified or key of clear text file block that is inserted into and to be modified or the clear text file block that is inserted into Authentication value;
(8e) file owner utilizes the index value of clear text file block that is to be modified or being inserted into and its key of clear text file block The connection value of clear text file block key is updated, obtains the connection value of new clear text file block key;
(8f) using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or be inserted into The key of clear text file block encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new bright The key of file encrypts the connection value of new clear text file block key, and the connection value for obtaining new clear text file block key is close Text;
(8g) file owner grasps the label of new clear text file, the connection value ciphertext of new clear text file block key, dynamic It instructs, is to be modified or be inserted into or the index value of blocks of files to be deleted, the to be modified or cryptograph files block, to be modified that is inserted into The authentication value of clear text file block being inserted into is sent to server;
(9) server carries out deduplication operation to new cryptograph files block:
256 secure hash algorithm SHA256 of server by utilizing calculate the label of cryptograph files block that is to be modified or being inserted into, delete Except the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk deduplication operation of server end is completed;
(10) base level nodes in server modification dynamic equilibrium skip list:
The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brotgher of node of class node, Using 256 secure hash algorithm SHA256, the server authentication value of clear text file block to be modified and the certification of the brotgher of node Value updates the authentication value of class node;
(11) server is inserted into the base level nodes in dynamic equilibrium skip list:
The index value that (11a) whois lookup is inserted into blocks of files corresponds to the class nodes of base level nodes, generates base's section Point is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and it is reachable to be inserted into node Base level nodes number is assigned a value of 1, and the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into the rope for being inserted into blocks of files Draw the backpointer position of base level nodes corresponding to value;
The son node number of the class node of lowermost layer is added 1 by (11b), using the class node of lowermost layer as present node;
(11c) judges whether the son node number of present node is equal to 3, if so, performing step (11d);Otherwise, step is performed (11e);
(11d) is updated the cryptographic Hash of present node, up to base level nodes number, is performed using each child node of present node Step (11f);
(11e) using first, the left side child node of present node and the cryptographic Hash of second sub- node updates present node, can Up to base level nodes number and son node number;Another is generated using the left side third child node of present node and the 4th child node The node of generation, is inserted into the backpointer position of present node by node, and the son node number of the father node of present node is added 1;
(11f) judges whether present node is root node, if so, performing step (12);Otherwise, made with last layer class node For present node, step (11c) is performed;
(12) server deletes the base level nodes in dynamic equilibrium skip list:
The index value of (12a) whois lookup blocks of files to be deleted corresponds to the class node of base level nodes, deletes file to be deleted Base level nodes corresponding to the index value of block;
The son node number of the class node of lowermost layer is subtracted 1 by (12b), using the class node of lowermost layer as present node;
(12c) judges whether the son node number of present node is equal to 2, if so, performing step (12d);Otherwise, step is performed (12e);
(12d) is updated the cryptographic Hash of present node, up to base level nodes number, is performed using each child node of present node Step (12l);
(12e) judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing step (12f);Otherwise, Perform step (12i);
(12f) judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so, performing Step (12g);Otherwise, step (12h) is performed;
(12g) is using first, the left side child node of the backpointer meaning brotgher of node of present node as the left side of present node Two child nodes are saved using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son Points, utilize the Hash of the remaining two sub- node updates brotgher of node of the brotgher of node of the backpointer meaning of present node Value, reachable base level nodes number and son node number, perform step (12l);
(12h) is using unique child node of present node as first, the left side son section of the present node backpointer meaning brotgher of node Point, using the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, up to base Number of nodes and son node number delete present node, and step (12l) is performed after subtracting 1 by the son node number of last layer class node;
(12i) judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing step (12j);Otherwise, step (12k) is performed;
(12j) is using the left side third child node of the previous brotgher of node as first, the left side child node of present node, profit With the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, using current The cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of node, reachable base level nodes number and son Number of nodes performs step (12l);
(12k) is using unique child node of present node as the left side third height section of the previous brotgher of node of present node Point is saved using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to base Points and son node number delete present node, subtract 1 by the son node number of last layer class node;
(12l) judges whether present node is root node, if so, performing step (13);Otherwise, made with the class node of last layer For present node, step (12c) is performed;
(13) dynamic equilibrium skip list update finishes.
2. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:Step (1a), step (1c), step (2c), step (3), step (4d), step (5c), step (8d), step (9), step (10) 256 secure hash algorithm SHA256 described in refer to:The Federal Information of American National Standard technical research institute publication 256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3, suitable for of length no more than 264Two into The message of position processed.
3. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:Step (1d), step (7), step (8c), 256 Advanced Encryption Standard AES256 described in step (8f) refer to:The U.S. A kind of block encryption standard that federal government uses, wherein, the length of key is the Advanced Encryption Standard of 256.
4. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:Base level nodes described in step (2a) refer to, positioned at the node of dynamic equilibrium skip list bottom.
5. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:Node described in step (2b) refers to, forms the basic unit of dynamic equilibrium skip list, each node is by a five-tuple It forms, first group membership is respectively node cryptographic Hash, node up to base level nodes number, son node number, backpointer and lower pointer.
6. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:Father chain's table described in step (2g) refers to, the single linked list being made of multiple father nodes.
7. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:Class node described in step (5b) refers to, is accessed from root node to the search procedure of some base level nodes Meet the node for including the base level nodes up to node in node, not including base level nodes in itself.
8. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist In:The brotgher of node described in step (5b) refers to, the general designation of other nodes in same single linked list.
CN201711347947.XA 2017-12-15 2017-12-15 A kind of encrypted data chunk client De-weight method for supporting data to update Active CN108182367B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711347947.XA CN108182367B (en) 2017-12-15 2017-12-15 A kind of encrypted data chunk client De-weight method for supporting data to update

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711347947.XA CN108182367B (en) 2017-12-15 2017-12-15 A kind of encrypted data chunk client De-weight method for supporting data to update

Publications (2)

Publication Number Publication Date
CN108182367A true CN108182367A (en) 2018-06-19
CN108182367B CN108182367B (en) 2019-11-15

Family

ID=62546160

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711347947.XA Active CN108182367B (en) 2017-12-15 2017-12-15 A kind of encrypted data chunk client De-weight method for supporting data to update

Country Status (1)

Country Link
CN (1) CN108182367B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109657497A (en) * 2018-12-21 2019-04-19 北京思源互联科技有限公司 Secure file system and its method
CN109995505A (en) * 2019-03-07 2019-07-09 西安电子科技大学 A kind of mist calculates data safety machining system and method, cloud storage platform under environment
CN110677429A (en) * 2019-10-10 2020-01-10 青岛大学 File storage method and system, cloud device and terminal device
CN111914280A (en) * 2020-08-17 2020-11-10 南京珥仁科技有限公司 File self-encryption and decryption method
CN112231309A (en) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN112231308A (en) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 Method, device, equipment and medium for removing weight of horizontal federal modeling sample data
CN112764783A (en) * 2021-02-02 2021-05-07 杭州雅观科技有限公司 Upgrading method of smart home equipment
CN113347189A (en) * 2021-06-09 2021-09-03 福州大学 Updatable and data ownership transferable message self-locking encryption system and method
CN113568571A (en) * 2021-06-28 2021-10-29 西安电子科技大学 Image de-duplication method based on residual error neural network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140032925A1 (en) * 2012-07-25 2014-01-30 Ankur Panchbudhe System and method for combining deduplication and encryption of data
WO2016101153A1 (en) * 2014-12-23 2016-06-30 Nokia Technologies Oy Method and apparatus for duplicated data management in cloud computing
CN107147615A (en) * 2017-03-29 2017-09-08 西安电子科技大学 Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140032925A1 (en) * 2012-07-25 2014-01-30 Ankur Panchbudhe System and method for combining deduplication and encryption of data
WO2016101153A1 (en) * 2014-12-23 2016-06-30 Nokia Technologies Oy Method and apparatus for duplicated data management in cloud computing
CN107147615A (en) * 2017-03-29 2017-09-08 西安电子科技大学 Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109657497A (en) * 2018-12-21 2019-04-19 北京思源互联科技有限公司 Secure file system and its method
CN109995505A (en) * 2019-03-07 2019-07-09 西安电子科技大学 A kind of mist calculates data safety machining system and method, cloud storage platform under environment
CN109995505B (en) * 2019-03-07 2021-08-10 西安电子科技大学 Data security duplicate removal system and method in fog computing environment and cloud storage platform
CN110677429A (en) * 2019-10-10 2020-01-10 青岛大学 File storage method and system, cloud device and terminal device
CN111914280A (en) * 2020-08-17 2020-11-10 南京珥仁科技有限公司 File self-encryption and decryption method
CN111914280B (en) * 2020-08-17 2024-05-17 南京珥仁科技有限公司 File self-encryption and decryption method
CN112231308B (en) * 2020-10-14 2024-05-03 深圳前海微众银行股份有限公司 Method, device, equipment and medium for de-duplication of transverse federal modeling sample data
CN112231309A (en) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN112231308A (en) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 Method, device, equipment and medium for removing weight of horizontal federal modeling sample data
CN112231309B (en) * 2020-10-14 2024-05-07 深圳前海微众银行股份有限公司 Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN112764783A (en) * 2021-02-02 2021-05-07 杭州雅观科技有限公司 Upgrading method of smart home equipment
CN112764783B (en) * 2021-02-02 2022-04-29 杭州雅观科技有限公司 Upgrading method of smart home equipment
CN113347189A (en) * 2021-06-09 2021-09-03 福州大学 Updatable and data ownership transferable message self-locking encryption system and method
CN113568571A (en) * 2021-06-28 2021-10-29 西安电子科技大学 Image de-duplication method based on residual error neural network
CN113568571B (en) * 2021-06-28 2024-06-04 西安电子科技大学 Image de-duplication method based on residual neural network

Also Published As

Publication number Publication date
CN108182367B (en) 2019-11-15

Similar Documents

Publication Publication Date Title
CN108182367B (en) A kind of encrypted data chunk client De-weight method for supporting data to update
Namasudra et al. Securing multimedia by using DNA-based encryption in the cloud computing environment
Itani et al. Energy-efficient incremental integrity for securing storage in mobile cloud computing
CN106254324B (en) A kind of encryption method and device of storage file
Kumar et al. Data integrity proofs in cloud storage
EP3375129B1 (en) Method for re-keying an encrypted data file
CN109379182B (en) Efficient data re-encryption method and system supporting data deduplication and cloud storage system
US8892866B2 (en) Secure cloud storage and synchronization systems and methods
CN106453612B (en) A kind of storage of data and shared system
CN104363215B (en) A kind of encryption method and system based on attribute
CN108377237A (en) The data deduplication system and its data duplicate removal method with ownership management for the storage of high in the clouds ciphertext
CN105320896A (en) Cloud storage encryption and ciphertext retrieval methods and systems
CN106612320A (en) Encrypted data dereplication method for cloud storage
CN109670826B (en) Anti-quantum computation block chain transaction method based on asymmetric key pool
Yan et al. A scheme to manage encrypted data storage with deduplication in cloud
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN106452748A (en) Multiple users-based outsourcing database audit method
Khan et al. A study of incremental cryptography for security schemes in mobile cloud computing environments
WO2016132547A1 (en) Data storage device, data update system, data processing method, and data processing program
CN103607278A (en) Safe data cloud storage method
CN110245511A (en) A kind of file encryption storage method based on block chain
CN114036240A (en) Multi-service provider private data sharing system and method based on block chain
CN112732695A (en) Cloud storage data security deduplication method based on block chain
Ma et al. CP‐ABE‐Based Secure and Verifiable Data Deletion in Cloud
CN109670827B (en) Anti-quantum computation blockchain transaction method based on symmetric key pool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant