CN108664814B - Group data integrity verification method based on agent - Google Patents

Group data integrity verification method based on agent Download PDF

Info

Publication number
CN108664814B
CN108664814B CN201810469246.1A CN201810469246A CN108664814B CN 108664814 B CN108664814 B CN 108664814B CN 201810469246 A CN201810469246 A CN 201810469246A CN 108664814 B CN108664814 B CN 108664814B
Authority
CN
China
Prior art keywords
data
proxy
key
signature
tpa
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810469246.1A
Other languages
Chinese (zh)
Other versions
CN108664814A (en
Inventor
万长胜
袁梦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201810469246.1A priority Critical patent/CN108664814B/en
Publication of CN108664814A publication Critical patent/CN108664814A/en
Application granted granted Critical
Publication of CN108664814B publication Critical patent/CN108664814B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a group data integrity verification method based on an agent, which comprises the following steps: the method comprises an initialization stage, a data outsourcing stage, an integrity verification stage and a group user member updating stage. The invention helps to calculate the data block signature for each group user (data owner and data user) by introducing the Proxy into the system model, and TPA can carry out integrity verification only by using the public key of the Proxy without any identity information of the group user when carrying out data integrity verification, thereby effectively ensuring the identity privacy of the group user. Because the group users calculate the data block signature through the Proxy and do not know the private key of the Proxy, even if the data block signature originally uploaded by the revoked group member is still legal, the data block signature does not need to be calculated again through other group legal members, the expense is reduced, and the dynamic group can be efficiently supported.

Description

Group data integrity verification method based on agent
Technical Field
The invention belongs to the technical field of data security, relates to a cloud group security technology, and particularly relates to a group data integrity verification method based on an agent.
Background
Nowadays, with the rapid development of cloud storage technology, data sharing under multiple users becomes increasingly common. Group sharing data generally means that a data owner initially outsources a data file to a storage server, and then a plurality of data users join the group to share the outsourced data file, and both the data owner and the data users are members of the group users. Since multiple users share (access, modify, delete) data files simultaneously, a data integrity verification protocol that accommodates group shared data needs to be designed to ensure that data stored on a remote server has not been tampered with or lost by an attacker.
At present, data integrity verification is mostly researched how to protect integrity verification of personal cloud data, however, in practice, as the requirement for sharing data by multiple users is increasing, a group data integrity verification protocol needs to be considered. Unlike the data integrity verification scenario under a single user, the group data integrity verification scenario has many unique security problems.
For groups that share data, the group user members are typically dynamically changing. Unfortunately, current data integrity verification schemes do not efficiently support dynamic groups. The group user has the right to access, modify or delete the remotely stored data file, and the group user needs to update the data block signature by using the own secret key while modifying the remote data file. If a group user no longer shares remote data, the data block signature calculated by the user is no longer legal, and another group user is required to download the data block again, calculate the legal data block signature and upload the legal data block signature to the storage server. Such a process would consume a large amount of computational and communication overhead and cannot be effectively applied to practice.
On the other hand, as the group users continue to use the shared data, different data blocks will have different group users computing data block signatures. When the TPA performs integrity verification, it needs to determine that each data block is signed by the group of users, so that it can determine which user's public key is used when verifying the proof. However, the identity privacy of the group users may be revealed by the process, and the TPA may determine which data blocks store important information according to different users of the data block signatures, thereby performing a heavy attack.
A practical group data integrity verification protocol should meet the following requirements: (1) and (4) correctness. The protocol ensures that the verifier can correctly verify the integrity of the data stored in the storage server within a limited time. (2) It is not forgeable. It is not possible for the storage server to pass the integrity verification request by forging a legitimate block signature or forging a verification proof. (3) Identity privacy. The verifier cannot obtain the identity privacy information of the group user in the process of data integrity verification. (4) Dynamic groups are supported. The method can effectively support the addition or the revocation of the group user members, and does not introduce excessive computing overhead and communication overhead.
Obviously, designing a group data integrity verification protocol capable of supporting identity privacy and dynamic groups is an important task, because a verifier may obtain attack information from identity privacy data, and huge computation overhead and communication overhead may be introduced in the process of group revocation. The current scheme can satisfy the requirements (1) and (2), however, the requirements (3) and (4) are widely ignored, which results in that the current group data integrity verification scheme cannot be well applied to practice. More importantly, in focusing on this research topic, we have found that no cryptographic primitives can be directly applied to solve all the above problems.
Disclosure of Invention
In order to solve the problems of safety and efficiency in the prior art, the invention provides a group data integrity verification method based on an agent, which can efficiently support a dynamic group.
In order to achieve the purpose, the invention provides the following technical scheme:
a group data integrity verification method based on agent includes the following steps:
an initialization stage: the method comprises the steps that a system initializes public parameters, a data owner generates own private key, public key and other key parameters and sends the key parameters to a TPA and a data user, a Proxy generates own key parameters, the data owner divides a data file to be outsourced into a plurality of data blocks, and the data owner and the data user are members of a group user;
and (3) data outsourcing stage: the data owner performs blinding processing on each data block, then sends the blinded data block to the Proxy, the Proxy calculates the blind signature of the received blinded data block and sends the blind signature to the data owner, the data owner recovers the signature content of the original data block from the received blind signature, and then calculates the label for storing the group user list; finally, the data owner uploads the data file, the signature set and the name list label to a storage server for storage, and uploads the name list label to a Proxy and a TPA; the Proxy provides blind signature service for the data user according to the group user list;
and an integrity verification stage: the TPA initiates a data integrity verification request to the storage server, the storage server replies a corresponding verification evidence, and the TPA judges whether the storage server correctly stores the data file or not through the validity of the verification evidence;
group user member updating stage: and the data owner calculates a list signature according to the updated group user list and sends the list signature to the Proxy, the storage server and the TPA, and the Proxy receives the updated group user list and provides blind signature service for the group users.
Further, in the initialization phase, the data owner generates the public key parameter pub using the initialization algorithm { pub } ← InitSys (), which includes the specific steps of:
(1) creating bilinear map pair e G → GTWherein G is a cyclic multiplicative group with the order of p, and G belongs to G as a generator;
(2) randomly selecting u belongs to G, and determining a hash function H (·) of {0,1} according to the condition that u is not a unit element of the cyclic multiplication group G*→ZpH (·) is an anti-collision one-way hash function;
(3) the system derives the public key parameter pub ═ G, GT,e,p,g,u,H(·)}。
Further, in the initialization phase, the data owner and the Proxy use the algorithm { key }DO,keyDU,keyTPA}←GenKey(pub,1k) Generating a data owner's own keyDOKey of data userDUAnd a key of TPATPAThe method comprises the following specific steps:
(1) the data owner randomly selects x, Z belongs to ZpWhere the data owner's own private key is skDOX, computing the data owner public key pkDO=gxE is G, and then the data owner sends the key z to a third party audit TPA and a data user through a pre-established safety channel;
(2) proxy randomly selects y e to ZpAs its own private key skproxyComputing the public key as pkproxy=gy∈G;
(3) Data owner holds key parameter keyDO=(skDO,pkDO,z,pkproxy) The data user holds a keyDU=(z,pkDO,pkproxy) Third party audit TPA holding key parameter keyTPA=(z,pkDO,pkproxy) The Proxy holds a keyProxy=(y,pkDO,pkproxy)。
Further, in the data outsourcing stage, the data owner uses a data block blinding algorithm
Figure BDA0001662705540000031
Figure BDA0001662705540000032
The blind processing is carried out, and the specific steps are as follows:
(1) the data owner selects a random number r ∈ ZpAs a blind factor, then calculate
Figure BDA0001662705540000033
Wherein metaiUniquely identifying a data block m (name | | i)i,name∈ZpIs a unique identifier of the data file, i is a block index in the data file,
Figure BDA0001662705540000034
the data block content after the blinding is obtained;
(2) the data owner will blindly display the data block content
Figure BDA0001662705540000035
And sending to the Proxy.
Further, in the data outsourcing stage, the Proxy receives the blinded data block
Figure BDA0001662705540000036
Thereafter, a blind signature generation algorithm is used
Figure BDA0001662705540000037
The blind signature is calculated and,
Figure BDA0001662705540000038
Figure BDA0001662705540000039
the Proxy then will blind sign-on
Figure BDA00016627055400000310
And sending to the data owner.
Further, in the data outsourcing stage, the data owner receives the blind signature
Figure BDA00016627055400000311
Then, the specific steps of recovering the original data block signature are as follows:
(1) firstly, the data owner verifies the blind signature calculated by Proxy before
Figure BDA00016627055400000312
Is equal to
Figure BDA00016627055400000313
Figure BDA00016627055400000314
If the signature is valid, the blind signature calculated by the Proxy is legal, otherwise, the blind signature is illegal, and the data owner has the right to abandon the blind signature and requires the Proxy to regenerate a legal data block signature;
(2) after the data owner obtains the legal blind signature, the blind signature removing algorithm is used
Figure BDA00016627055400000315
The original data block signature is obtained and,
Figure BDA00016627055400000316
further, in the data outsourcing stage, the data owner uses the group user list generation algorithm (Ω) ← UpdateUL (key) according to the current group user list ULDOAnd, UL) a computation tag,
Figure BDA00016627055400000317
Figure BDA0001662705540000041
wherein name is belonged to ZpIs a unique identifier of the data file and,
Figure BDA0001662705540000042
it is the data owner that utilizes the private key skDOAn encrypted digital signature.
Go toIn the integrity verification stage, the verification request sent by TPA is composed of block index i and random investigation value c in data filei∈ZqIs composed of (i, c) chal { { i, c { }i}i∈IWhere I is the set of all block indices selected by the TPA and q is a prime number much smaller than p.
Further, in the integrity verification phase, the storage server uses the evidence generation algorithm (P) ← GenProof (M, Φ, chal) to form evidence P ═ μ, δ }, there is
Figure BDA0001662705540000043
And sending the proof of verification to the TPA verification, where Φ is the data block signature set of the data file M.
Further, in the integrity verification stage, after the TPA receives the verification evidence P, it runs a verification algorithm (TRUE, FALSE) ← V erifyprofof (key) on the evidence PTPAP, chal), if the equation is
Figure BDA0001662705540000044
Figure BDA0001662705540000045
It indicates that the integrity verification is passed and outputs TRUE, otherwise it indicates that the integrity verification is not passed and outputs FALSE.
Further, the group user member update stage specifically includes the following steps:
if there is a data user joining or withdrawing the group, the data owner according to the new group user list UL 'and using the group user list update algorithm (Ω') ← update UL (key)DOUL') calculating a new tag,
Figure BDA0001662705540000046
Figure BDA0001662705540000047
wherein name is belonged to ZpIs a unique identifier of the data file and,
Figure BDA0001662705540000048
it is the data owner that utilizes the private key skDOAn encrypted digital signature; finally, the data owner sends the new label to the Proxy, the storage server and the TPA; and the Proxy provides blind signature service according to the new group user list.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the invention helps to calculate the data block signature for each group user (data owner and data user) by introducing the Proxy into the system model, and TPA can carry out integrity verification only by using the public key of the Proxy without any identity information of the group user when carrying out data integrity verification, thereby effectively ensuring the identity privacy of the group user. Because the group users calculate the data block signature through the Proxy and do not know the private key of the Proxy, even if the data block signature originally uploaded by the revoked group member is still legal, the data block signature does not need to be calculated again through other group legal members, the expense is reduced, and the dynamic group can be efficiently supported.
Drawings
FIG. 1 is a system model of a group data integrity method provided by the present invention;
FIG. 2 is a flow chart of an initialization phase of the present invention;
FIG. 3 is a flow chart of the outsourcing phase of the present invention;
fig. 4 is an integrity phase flow diagram of the present invention.
Detailed Description
The technical solutions provided by the present invention will be described in detail below with reference to specific examples, and it should be understood that the following specific embodiments are only illustrative of the present invention and are not intended to limit the scope of the present invention.
The data integrity verification protocol system model, as shown in fig. 1, includes four entities: group users (data owners and data users), storage servers, Proxy, and third party auditing TPA.
The invention comprises four major contents: the method comprises an initialization stage, a data outsourcing stage, an integrity verification stage and a group user member updating stage.
The process of the initialization stage is shown in fig. 2, the system initializes public parameters at first, the data owner generates its own private key, public key and other key parameters, and sends the key parameters to the TPA and data users, the Proxy generates its own key parameters, the data owner divides the data file to be outsourced into a plurality of data blocks, and both the data owner and the data users are members of the group users. The specific operation is as follows:
step 101: the data owner generates the public parameter pub using the initialization algorithm { pub }. No. </InitSys (), first creates a bilinear map pair e: GXG → GTWherein G is an addition group with the order p, and G belongs to G and is a generator; then randomly selecting u belongs to G, and at the same time u is not the unit element of cyclic multiplication group G, determining hash function H (·) {0,1}*→ZpH (·) is an anti-collision one-way hash function; finally, public parameters pub ═ G, G are obtainedT,e,p,g,u,H(·)}。
Step 102: data owner and Proxy use algorithm { key }DO,keyDU,keyTPA}←GenKey(pub,1k) Generating a data owner's own keyDOKey of data userDUAnd a key of TPATPA. The data owner randomly selects x, Z belongs to ZpPrivate key sk of data ownerDoX, computing the data owner public key pkDO=gxE.G, sending the key z to a third party audit TPA and data users through a pre-established safe channel. Proxy randomly selects y e to ZpAs its own private key skproxyComputing the public key as pkproxy=gyE.g. G. Thus, the data owner keyDO=(skDO,pkDO,z,pkproxy) Data user keyDU=(z,pkDO,pkproxy) Third party audits TPA keyTPA=(z,pkDO,pkproxy) Proxy keyProxy=(y,pkDO,pkproxy)。
Step 103: data ofThe owner divides the data file M needing outsourcing into blocks M ═ MiI is more than or equal to 1 and less than or equal to n, wherein n is the number of the divided data blocks.
The flow of the data outsourcing stage is as shown in fig. 3, the data owner performs blinding processing on each data block, then sends the blinded data block to the Proxy, the Proxy calculates the blind signature of the blinded data block and sends the blind signature to the data owner, and after the data owner verifies that the received blind signature is legal, the signature content of the original data block can be recovered from the blind signature, and then the label for storing the group user list is calculated. And finally, the data owner uploads the data file, the signature set and the list label to a storage server for storage, and uploads the list label to the Proxy and the TPA. The Proxy provides blind signature service for data users according to the group user list. The specific operation is as follows:
step 201: data owner using data block blinding algorithm
Figure BDA0001662705540000061
For data block miBlinding, selecting random number r E to Z by group userpAs a blind factor, then calculate
Figure BDA0001662705540000062
Figure BDA0001662705540000063
Wherein metaiUniquely identifying a data block m (name | | i)i,name∈ZpIs a unique identifier of the data file, i is a block index in the data file,
Figure BDA0001662705540000064
the content of the data block after the blinding. Data block content blinded by data owner
Figure BDA0001662705540000065
And sending to the Proxy.
Step 202: proxy receives blinded data blocks
Figure BDA0001662705540000066
Thereafter, a blind signature generation algorithm is used
Figure BDA0001662705540000067
Figure BDA0001662705540000068
Calculating blind signatures:
Figure BDA0001662705540000069
the Proxy then will blind sign-on
Figure BDA00016627055400000610
And sending to the data owner.
Step 203: the data owner receives the blind signature
Figure BDA00016627055400000611
Thereafter, the blind signature computed by the Proxy is first validated
Figure BDA00016627055400000612
Is equal to
Figure BDA00016627055400000613
If the signature is valid, the blind signature calculated by the Proxy is legal, otherwise, the blind signature is illegal, and the data owner has the right to abandon the blind signature and requires the Proxy to regenerate the legal data block signature.
Step 204: the data owner gets a legitimate blind signature
Figure BDA00016627055400000614
Thereafter, a de-blinding algorithm is used
Figure BDA00016627055400000615
The original data block signature is obtained and,
Figure BDA00016627055400000616
step 205:after the data owner obtains all signature sets Φ of the outsourced data file M, the data owner uses the group user list generation algorithm (Ω) ← GenUL (key) according to the current group user list ULDOAnd, UL) a computation tag,
Figure BDA00016627055400000617
Figure BDA00016627055400000618
wherein name is belonged to ZpIs a unique identifier of the data file and,
Figure BDA00016627055400000619
it is the data owner that utilizes the private key skDOAn encrypted digital signature.
And the data owner sends the data file M, the signature set phi and the name list label omega to a storage server for storage. Meanwhile, the data owner also needs to send the label omega to the Proxy and TPA to inform its current group user. The Proxy provides blind signature service according to the group user list, and the specific process is the same as the process of calculating the data block signature by the data owner by using the Proxy.
The integrity stage is as shown in fig. 4, the TPA initiates an integrity verification request, the storage server replies a verification evidence according to the verification request information of the TPA, and the TPA judges whether the storage server correctly stores the user data file according to the verification evidence. The specific operation is as follows:
step 301: TPA sends integrity verification request chal { { i, c to storage serveri}i∈IWhere i is the data file block index, ci∈ZqIs a random value corresponding to I, which is the set of all block indices selected by the TPA.
Step 302: after receiving the validation request chal, the storage server generates evidence using an evidence generation algorithm (P) ← GenProof (M, Φ, chal)
Figure BDA00016627055400000620
And sends back proof P to TPA for verification, where Φ is the data Block signature set of data File MAnd (6) mixing.
Step 303: TPA receives evidence P, then runs verification algorithm (TRUE, FALSE) ← VerifyProof (k) on evidence PTPAP, chal), calculate
Figure BDA0001662705540000071
Then the input is verified and TRUE is output, otherwise the input is not verified and FALSE is output.
Whether the storage server correctly and completely stores the data file outsourced by the data source can be judged through the integrity verification stage.
In the updating stage of the group user members, when the group user members change, the data owner calculates list signatures according to the updated group user lists and sends the list signatures to the Proxy, the storage server and the TPA, and the Proxy receives the updated group user lists and provides blind signature services for the group users. The specific operation is as follows:
step 401: if there is a data user joining or withdrawing the group, the data owner has a new group user list UL 'and uses the group user list update algorithm (Ω') ← Up date UL (key)DOUL') calculating a new tag,
Figure BDA0001662705540000072
Figure BDA0001662705540000073
wherein name is belonged to ZpIs a unique identifier of the data file and,
Figure BDA0001662705540000074
it is the data owner that utilizes the private key skDOAn encrypted digital signature.
Step 402: the data owner sends the new label to the Proxy, the storage server and the TPA.
After the update stage of the group user member, the Proxy and other entities already obtain the current list of the group user member, the Proxy provides blind signature service for the group user according to the latest list of the group user member, and the storage server can also judge whether the user is one member in the group sharing data according to the latest list of the group user member.
As can be seen from the above, in the data outsourcing stage, the data owner firstly outsources the data file and the signature set to the storage server, and simultaneously sends the group user list tag to the Proxy, the storage server and the TPA. During the subsequent shared data usage process, the Proxy provides blind signatures for group users (data owners and data users), who do not use their own keys to compute data block signatures. Therefore, when the group revokes the member, the original data block signature is still legal and does not need to be updated. When the group members are changed, the data owner calculates a new list label by using a group user list updating algorithm and sends the new list label to the Proxy and other entities. Therefore, the invention can support the dynamic group efficiently.
From the above, in the integrity stage, the TPA only needs to Proxy the public key of the Proxy when running the authentication algorithm, and the authentication evidence sent by the storage server does not contain any identity information of the group user. Therefore, the method and the device can effectively ensure that the verifying party cannot acquire any identity privacy information of the group user when performing integrity verification again.
The technical means disclosed in the invention scheme are not limited to the technical means disclosed in the above embodiments, but also include the technical scheme formed by any combination of the above technical features. It should be noted that those skilled in the art can make various improvements and modifications without departing from the principle of the present invention, and such improvements and modifications are also considered to be within the scope of the present invention.

Claims (1)

1. A group data integrity verification method based on an agent is characterized by comprising the following steps:
an initialization stage: the method comprises the steps that a system initializes public parameters, a data owner generates own private key, public key and secret key parameters and sends the secret key parameters to a TPA and a data user, a Proxy generates own secret key parameters, the data owner divides a data file needing outsourcing into a plurality of data blocks, and the data owner and the data user are members of a group user;
in the initialization phase, the data owner generates the public key parameter pub using the initialization algorithm { pub } ← InitSys (), which includes the specific steps of:
(1) creating bilinear map pair e G → GTWherein G is a cyclic multiplicative group with the order of p, and G belongs to G as a generator;
(2) randomly selecting u belongs to G, and determining a hash function H (·) of {0,1} according to the condition that u is not a unit element of the cyclic multiplication group G*→ZpH (·) is an anti-collision one-way hash function;
(3) the system derives the public key parameter pub ═ G, GT,e,p,g,u,H(·)};
The data owner and Proxy use an algorithm { key }DO,keyDU,keyTPA}←GenKey(pub,1k) Generating a data owner's own keyDOKey of data userDUAnd a key of TPATPAThe method comprises the following specific steps:
(1) the data owner randomly selects x, Z belongs to ZpWhere the data owner's own private key is skDOX, computing the data owner public key pkDO=gxE is G, and then the data owner sends the key z to a third party audit TPA and a data user through a pre-established safety channel;
(2) proxy randomly selects y e to ZpAs its own private key skproxyComputing the public key as pkproxy=gy∈G;
(3) Data owner holds key parameter keyDo=(skDO,pkDO,z,pkproxy) The data user holds a keyDU=(z,pkDO,pkproxy) Third party audit TPA holding key parameter keyTPA=(z,pkDO,pkproxy) The Proxy holds a keyProxy=(y,pkDO,pkproxy);
And (3) data outsourcing stage: the data owner performs blinding processing on each data block, then sends the blinded data block to the Proxy, the Proxy calculates the blind signature of the received blinded data block and sends the blind signature to the data owner, the data owner recovers the signature content of the original data block from the received blind signature, and then calculates the label for storing the group user list; finally, the data owner uploads the data file, the signature set and the name list label to a storage server for storage, and uploads the name list label to a Proxy and a TPA; the Proxy provides blind signature service for the data user according to the group user list;
in the data outsourcing stage, the data owner performs blinding processing by using a data block blinding algorithm, which specifically comprises the following steps:
(1) the data owner selects a random number r ∈ ZpAs a blind factor, then calculate
Figure FDA0003297393290000011
Wherein metaiUniquely identifying a data block m (name | | i)i,name∈ZpIs a unique identifier of the data file, i is a block index in the data file,
Figure FDA0003297393290000021
the data block content after the blinding is obtained;
(2) the data owner will blindly display the data block content
Figure FDA0003297393290000022
Sending the information to a Proxy;
the Proxy receives the blinded data block
Figure FDA0003297393290000023
Thereafter, a blind signature generation algorithm is used
Figure FDA0003297393290000024
Figure FDA0003297393290000025
Computing blind signatures, computing
Figure FDA0003297393290000026
The Proxy then will blind sign-on
Figure FDA0003297393290000027
Sending to the data owner;
the data owner receives the blind signature
Figure FDA0003297393290000028
Then, the specific steps of recovering the original data block signature are as follows:
(1) firstly, the data owner verifies the blind signature calculated by Proxy before
Figure FDA0003297393290000029
Is equal to
Figure FDA00032973932900000210
Figure FDA00032973932900000211
If the signature is valid, the blind signature calculated by the Proxy is legal, otherwise, the blind signature is illegal, and the data owner abandons the blind signature and requires the Proxy to regenerate a legal data block signature;
(2) after the data owner obtains the legal blind signature, the blind signature removing algorithm is used
Figure FDA00032973932900000212
The original data block signature is obtained and,
Figure FDA00032973932900000213
the data owner uses a group user list generation algorithm (Ω) ← UpdateUL (key) according to the current group user list ULDOAnd, UL) a computation tag,
Figure FDA00032973932900000214
wherein name is belonged to ZpIs a unique identifier of the data file and,
Figure FDA00032973932900000215
it is the data owner that utilizes the private key skDOAn encrypted digital signature;
and an integrity verification stage: the TPA initiates a data integrity verification request to the storage server, the storage server replies a corresponding verification evidence, and the TPA judges whether the storage server correctly stores the data file or not through the validity of the verification evidence;
in the integrity verification stage, the verification request sent by the TPA is composed of a block index i and a random value c in the data filei∈ZqIs composed of (i, c) chal { { i, c { }i}i∈IWhere I is the set of all block indices selected by TPA and q is a prime number;
the storage server uses an evidence generating algorithm (P) ← GenProof (M, Φ, chal) to form evidence P ═ μ, δ }, some of which are
Figure FDA00032973932900000216
Figure FDA00032973932900000217
Sending the verification evidence to TPA verification, wherein phi is a data block signature set of the data file M;
after receiving the verification evidence P, the TPA runs a verification algorithm (TRUE, FALSE) ← VerifyProof (key) on the evidence PTPAP, chal), if the equation is
Figure FDA00032973932900000218
If the integrity verification is passed, outputting TRUE, otherwise, outputting FALSE;
group user member updating stage: the data owner calculates a list signature according to the updated group user list and sends the list signature to the Proxy, the storage server and the TPA, and the Proxy receives the updated group user list and provides blind signature service for the group users;
the group user member updating stage specifically comprises the following steps:
if there is a data user joining or withdrawing the group, the data owner according to the new group user list UL 'and using the group user list update algorithm (Ω') ← update UL (key)DOUL') calculating a new tag,
Figure FDA0003297393290000031
Figure FDA0003297393290000032
wherein name is belonged to ZpIs a unique identifier of the data file and,
Figure FDA0003297393290000033
it is the data owner that utilizes the private key skDOAn encrypted digital signature; finally, the data owner sends the new label to the Proxy, the storage server and the TPA; and the Proxy provides blind signature service according to the new group user list.
CN201810469246.1A 2018-05-16 2018-05-16 Group data integrity verification method based on agent Active CN108664814B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810469246.1A CN108664814B (en) 2018-05-16 2018-05-16 Group data integrity verification method based on agent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810469246.1A CN108664814B (en) 2018-05-16 2018-05-16 Group data integrity verification method based on agent

Publications (2)

Publication Number Publication Date
CN108664814A CN108664814A (en) 2018-10-16
CN108664814B true CN108664814B (en) 2021-12-28

Family

ID=63779900

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810469246.1A Active CN108664814B (en) 2018-05-16 2018-05-16 Group data integrity verification method based on agent

Country Status (1)

Country Link
CN (1) CN108664814B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743327B (en) * 2019-01-16 2021-08-03 福建师范大学 Certificateless cloud storage based integrity public verification method for shared data
CN111460524B (en) * 2020-03-27 2023-07-18 鹏城实验室 Method, apparatus and computer readable storage medium for detecting data integrity
CN112560071B (en) * 2020-12-28 2022-06-14 杭州趣链科技有限公司 Data sharing method with functions of auditing and designating verifier

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539428B (en) * 2014-12-30 2017-11-21 成都三零瑞通移动通信有限公司 Dynamic reconfiguration method in a kind of cluster coded communication
CN105871424B (en) * 2016-04-05 2018-11-13 菏泽学院 RFID groups verification method based on ECC
CN106713349B (en) * 2017-01-18 2020-10-16 郑州埃文计算机科技有限公司 Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN107800688B (en) * 2017-09-28 2020-04-10 南京理工大学 Cloud data deduplication and integrity auditing method based on convergence encryption

Also Published As

Publication number Publication date
CN108664814A (en) 2018-10-16

Similar Documents

Publication Publication Date Title
US11620387B2 (en) Host attestation
Liu et al. A Survey of Public Auditing for Shared Data Storage with User Revocation in Cloud Computing.
US7516321B2 (en) Method, system and device for enabling delegation of authority and access control methods based on delegated authority
CN106341232B (en) A kind of anonymous entity discrimination method based on password
CN110365469B (en) Data integrity verification method in cloud storage supporting data privacy protection
EP3394848A1 (en) Method for storing data on a storage entity
CN110971411B (en) SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology
Yu et al. Comments on “public integrity auditing for dynamic data sharing with multiuser modification”
JP2008545353A (en) Establishing a reliable relationship between unknown communicating parties
CN106487786B (en) Cloud data integrity verification method and system based on biological characteristics
CN108664814B (en) Group data integrity verification method based on agent
WO2014068427A1 (en) Reissue of cryptographic credentials
WO2017140381A1 (en) Method for storing data on a storage entity
Bellare et al. Deterring certificate subversion: efficient double-authentication-preventing signatures
WO2013090881A1 (en) Combined digital certificate
CN111161075B (en) Blockchain transaction data proving and supervising method, system and related equipment
CN110719172A (en) Signature method, signature system and related equipment in block chain system
CN116566626A (en) Ring signature method and apparatus
CN113919008A (en) Traceable attribute-based signature method and system with fixed signature length
CN107360252B (en) Data security access method authorized by heterogeneous cloud domain
CN109743327B (en) Certificateless cloud storage based integrity public verification method for shared data
CN111314059B (en) Processing method, device and equipment for account authority proxy and readable storage medium
CN111245594A (en) Homomorphic operation-based collaborative signature method and system
CN114257374B (en) Verifiable secure outsourcing calculation method and system for identifying cryptosystem
CN111539031B (en) Data integrity detection method and system for privacy protection of cloud storage tag

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant