CN110035067B - Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage - Google Patents

Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage Download PDF

Info

Publication number
CN110035067B
CN110035067B CN201910189946.XA CN201910189946A CN110035067B CN 110035067 B CN110035067 B CN 110035067B CN 201910189946 A CN201910189946 A CN 201910189946A CN 110035067 B CN110035067 B CN 110035067B
Authority
CN
China
Prior art keywords
attribute
data
key
cloud
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910189946.XA
Other languages
Chinese (zh)
Other versions
CN110035067A (en
Inventor
马华
谢莹
王剑锋
田国华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201910189946.XA priority Critical patent/CN110035067B/en
Publication of CN110035067A publication Critical patent/CN110035067A/en
Application granted granted Critical
Publication of CN110035067B publication Critical patent/CN110035067B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of cloud computing and information security, and discloses an attribute encryption method for supporting efficient data deduplication and attribute revocation in cloud storage, wherein an attribute authority is introduced between a cloud server and a data owner, the attribute authority finds a specific prime number corresponding to an outsourced data label through mapping, the cloud server can judge whether corresponding outsourced data exists in the cloud or not only by performing simple division operation on the prime number, and the problem of low efficiency of searching for duplicated data in the current deduplication scheme is solved; the method requires the private cloud to complete ciphertext updating according to the updating key issued by the attribute authority, and solves the problem that the current duplication elimination scheme cannot revoke unauthorized users; in addition, the method supports the function of ciphertext outsourcing decryption, and reduces the calculation burden of a user.

Description

Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
Technical Field
The invention belongs to the technical field of cloud computing and information security, and particularly relates to an attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage.
Background
Currently, the current state of the art commonly used in the industry is such that: with the rapid development of the internet, cloud computing brings huge revolution to various social fields. More and more businesses or individuals enjoy enjoying high quality services such as data storage, data sharing, and outsourcing of computing by means of cloud computing. For data privacy, the data owner encrypts sensitive data. However, conventional cryptographic primitives are not compatible with fine-grained data sharing. For example, a data owner may want multiple clients to access data and encrypt the data using the recipient's public key and then outsource it to a cloud server. The user receives the ciphertext and then decrypts it using its private key to obtain the data. Attribute encryption, which is one of the cryptographic primitives used for fine-grained access control in one-to-many communications, can satisfy this requirement.
In commercial cloud computing, mass data poses a huge challenge to the storage capacity and computing power of cloud servers. How to manage data efficiently and securely is a problem to be solved. Deduplication (also known as single instance storage) has been used as a method to maximize stored data. In particular, deduplication methods can discriminate duplicate files, storing only a single copy of the file, regardless of how many times the data is uploaded. Most existing deduplication schemes are designed based on message-locked encryption primitives, and the design experience can be used as reference for attribute-based encryption methods. The treetop and the like design a promising attribute encryption method supporting deduplication, and data sharing is achieved while efficient utilization of resources in the cloud is guaranteed. However, in their solutions, the heavy computational cost and the search delay of the repeated data result in inefficient de-duplication of their solutions. In particular, if a search-by-search method is employed, the time complexity of the repeated data search increases linearly with the number of ciphertexts in the cloud. This places a heavy computational burden on the cloud server. Therefore, it is a considerable problem to explore efficient deduplication methods.
In addition, there are several problems when the most advanced attribute encryption method is directly applied to practical applications. For users who violate rules or leave the system, the conventional ABE scheme cannot prevent them from accessing files. Revocation is a particularly challenging problem in attribute encryption schemes, since a single attribute is shared by multiple people. This means that revocation of any attribute or any single user may affect other users possessing a common attribute. For example, in a corporate system, Alice and Bob have common attributes, but Bob has irregular operation. Some of the corresponding files will not be accessible to them. Therefore, how to revoke the access right of the user after leaving the system is a problem.
In summary, the problems of the prior art are as follows:
(1) the existing method for supporting deduplication has low efficiency of searching repeated data, and causes longer service delay.
(2) The existing method cannot be compatible with two functions of data deduplication and attribute revocation due to respective specific structures.
The difficulty and significance for solving the technical problems are as follows:
1. the key to efficient deduplication is that the cloud server efficiently determines whether there is duplicate data in the cloud according to the tag. The existing supported deduplication methods improve deduplication efficiency through a deduplication decision tree, but the time complexity of the methods is linear, and the problem is not solved well. The prime number basic operation provides a possibility for solving the problem, but the key point is how to design a proper interaction mode, so that the private cloud can judge whether the same data exists in the cloud or not by using less operations. If this problem is solved, the data outsourcing service process can reduce service delay while ensuring data privacy.
2. In the commercial cloud storage, the privacy of data is an important issue, however, the prior related art only supports data deduplication or attribute revocation, and in the attribute encryption method supporting deduplication, if a user leaves the system or a key is lost, a great challenge is brought to the data security in the system. The attribute revocation causes the problem of data updating, so the key for realizing the attribute revocation in the attribute encryption method supporting deduplication lies in a reasonable interaction, storage and updating mechanism, the attribute revocation is realized in the attribute encryption method at a low cost as far as possible, the data security can be ensured, and the resource saving rate is further improved. In the attribute encryption method, the key of simultaneously realizing data deduplication and attribute revocation is that a data owner encrypts data by using an access strategy of the data owner, and the same plaintext data generates different ciphertexts, so that a private cloud needs to re-encrypt the ciphertexts stored in the cloud, and a user in an access right set by the data owner can access the ciphertexts. The existing attribute revocation method specifically includes that an attribute authority generates an attribute public key and a version key, and a data owner encrypts the data by using the attribute public key corresponding to the attribute. How to re-encrypt the original ciphertext in the cloud under the new access policy and implement the attribute revocation is a problem to be solved.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an attribute encryption method for supporting efficient data deduplication and attribute revocation in cloud storage.
The invention is realized in such a way that an attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage comprises the following steps:
a duplication removing protocol, wherein a data owner sends a file label to an attribute authority before uploading data, and the attribute authority maps the file label into a unique prime number and sends the unique prime number to a private cloud; the private cloud only needs to carry out division operation to judge whether the same data exist in the cloud;
in a re-encryption stage, the private cloud re-encrypts data by using a trapdoor key in a ciphertext; when a user leaves the system, the attribute authority updates the attribute public key corresponding to the attribute and distributes an update key for revoking the attribute to the private cloud; and the private cloud updates the attribute agent key of the non-revoked user and updates the ciphertext at the same time.
Further, the attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage specifically includes:
step one, an attribute authority inputs a safety parameter lambda to obtain a public parameter PP and a master key MSK, and a version key { VK ] is generated for each attributex}x∈UAnd attribute public key PKx}x∈U
Step two, the attribute authority inputs the master key MSK, the attribute set A corresponding to the user and the version key { VKx}x∈AObtaining an attribute proxy key SK of a private cloud1And a user private key SK2
Step three, the data owner randomly selects a secret key KF∈GTEncrypting the data F by means of a symmetric encryption algorithm and encrypting K by means of a key derived from the dataF(ii) a To realize the numberAccording to the sharing, the data owner inputs the public parameter PP, the attribute public key PKx}x∈UEstablishing corresponding access strategy (M, rho) and then encrypting KFSimultaneously generating a file label T for the file;
step four, sending a duplication elimination request, sending (ID, T) to the attribute authority by the data owner, and mapping the file label to a unique prime number p by the attribute authorityiAnd sending the prime number to the private cloud;
step five, repeating data search, and receiving the prime number p corresponding to the file label by the private cloudiPerforming a division operation piIf yes, judging whether repeated data exist in the cloud;
step six, file verification is carried out, and if repeated data exist in the cloud, ownership verification is carried out on the data owner and the private cloud; the private cloud sends a part of ciphertext to the data owner, and if the data owner really owns the data, the random key corresponding to the data can be obtained, and the ciphertext is generated; the private cloud carries out verification according to the ciphertext stored in the cloud and the new ciphertext generated by the user;
step seven, re-encryption, inputting public parameters PP and attribute public keys PK into the private cloudx}x∈UObtaining a new ciphertext CT ' by the new access policy (M ', rho ') and the ciphertext CT stored in the cloud;
step eight, data decryption and verification, wherein the private cloud decrypts the ciphertext by using the attribute proxy key distributed by the attribute authority; then the data user utilizes the private key SK distributed by the attribute authority2Decrypting the data to obtain F; finally, the data owner verifies the data by using the label in the ciphertext, and if the data passes the verification, the ciphertext is accepted; otherwise, rejecting the ciphertext;
step nine, attribute revocation, when the user leaves the system, the attribute authority generates the renewal key
Figure GDA0002093885690000041
Distributing to a private cloud; and the private cloud updates the attribute proxy key and the ciphertext of the non-revoked user.
Further, in the system initialization of the first step, after the attribute authority inputs a security parameter λ, the following operations are performed:
(1) randomly selecting linear groups G and GTOne linear pair e (G, G) → GTHere G and GTIs a cyclic group of prime order p, G is a generator of G;
(2) four collision resistant hash functions were randomly generated:
H:{0,1}n→G,H0:M→Zp,H1:G1→Zp,H2:{0,1}*→{0,1}n
(3) randomly selecting alpha, h epsilon to ZpAnd calculate ga,e(g,g)αThe public parameter PP and master key MSK are obtained as follows:
PP=(p,g,h,H,H0,H1,H2,ga,e(g,g)α),MSK=α;
(4) for each attribute x ∈ U, a random index v is chosenx∈ZpAs version key VKxAnd calculate
Figure GDA0002093885690000051
As an attribute public key;
(5) publishing public parameters PP and attribute public keys PKxSecret master key MSK and version key VKx
Further, in the key generation of the second step, the attribute authority inputs the public parameter PP, the master key MSK, the attribute set a and the version key { VK) corresponding to the attribute setx}x∈ARandomly selecting t, Z ∈ ZpAnd calculates an attribute proxy key SK1And a user private key SK2The following were used:
Figure GDA0002093885690000052
further, in the data initialization process of the third step, the data owner utilizes the symmetric key KF∈GTEncrypting the data F to obtain C0 1And calculating K0H (F), usingK0Encryption KFObtaining C0 2(ii) a Let C be C0 1||C0 2(ii) a The data owner then encrypts KF:Encrypt(PP,KF,(M,ρ),{PKx}x∈U) → (CT', TK); to generate the ciphertext, the data owner enters a common parameter PP, a random key KFOne access policy (M, ρ), and an attribute public key { PKx}x∈UThen, the following operations are performed:
(1) randomly selecting a secret value s ∈ Zp
(2) Selecting a vector
Figure GDA0002093885690000053
(3) For j 1
Figure GDA0002093885690000054
And randomly select r1,...,rl∈Zp
(4) The ciphertext is output as follows:
Figure GDA0002093885690000055
D=KF·e(g,g)αs
Figure GDA0002093885690000056
TK=(ga)s
(5) calculating T ═ H2(K0) As a file label; the trapdoor key TK is a key used for re-encryption by a private cloud in a re-encryption stage; finally, the data owner obtains the ciphertext CT ═ (B, L, C, D, TK, { Cj,Dj}j∈[1,l]) And a file tag T.
Further, in the process of sending the request in the fourth step, the data owner sends the deduplication request (ID, T) to the attribute authority; then the attribute authority maps the file label into a unique prime number and distributes the prime number to the private cloud;
in the repeated data search of the fifth step, the text is searchedPrime number p corresponding to piece tag TiPrivate cloud performs division operation pi| p, where p is the product of prime numbers corresponding to file tags in the cloud; if not, the data owner is regarded as a first data uploader, and then private cloud computing is carried out
Figure GDA0002093885690000061
And requesting the data owner to upload the ciphertext; otherwise, the data owner and the private cloud perform ownership verification.
Further, in the file verification process in the seventh step, if data in the cloud is repeated, the private cloud and the data owner perform ownership verification:
(1) the private cloud sends a portion of ciphertext C to the data owner0 2
(2) Data owner utilization K0H (f) decrypting it, thereby obtaining a random key KF
(3) Calculating C0 1'=Enc(F,KF) And phi (C)0 1');
(4) Private cloud comparison phi (C)0 1') whether or not to be equal to phi (C)0 1) Equal; if the data owner is the same as the private cloud, the ownership is verified successfully, and the private cloud requests an access policy from the data owner; otherwise, the verification fails;
in the step seven of re-encryption, after ownership verification is successful, the private cloud inputs the public parameter PP and the attribute public key { PKx}x∈UOriginal ciphertext CT and a new access policy (M ', p '), M ' being a matrix of l ' x n ', and randomly selected
Figure GDA0002093885690000062
To represent
Figure GDA0002093885690000063
Figure GDA0002093885690000064
Outputting a new ciphertext:
Figure GDA0002093885690000065
Figure GDA0002093885690000066
private cloud computing C even if s is unknownj′' the following:
Figure GDA0002093885690000067
the data downloading of the step eight is divided into a pre-decryption stage executed by the private cloud and a decryption stage executed by the user:
(1)Pre.Decrypt(CT,SK1) → CT' private cloud input ciphertext CT, Attribute surrogate Key SK1(ii) a The attribute set satisfies the access policy such that the constant wj∈ZpCan be calculated and satisfies sigmaj∈IwjAj1, (1, 0., 0), where I ═ j ═ ρ (j) ∈ a }; the calculation process is as follows:
Figure GDA0002093885690000071
(2)C.Decrypt(CT”,SK2) → F user inputs the partially decrypted ciphertext CT' and the private key SK2And calculate
Figure GDA0002093885690000072
Finally, recovering the data F by using a symmetric decryption algorithm;
(3) the user verifies the integrity of the downloaded data. If it is not
Figure GDA0002093885690000073
The user accepts the ciphertext, otherwise, the ciphertext is rejected;
in the attribute revocation of the step eight, when the attribute of the user is revoked, the attribute authority generates the update key. The private cloud generates a new attribute proxy key and a new ciphertext for the non-revoke user;
generation of update keys
Figure GDA0002093885690000074
Version key VK corresponding to attribute authority input revocation attributejRandomly selecting a new version key
Figure GDA0002093885690000075
And calculate
Figure GDA0002093885690000076
Attribute authority distribution
Figure GDA0002093885690000077
Giving the private cloud; the attribute authority updates the attribute public key of the revocation attribute as
Figure GDA0002093885690000078
Updating attribute proxy keys for non-revoked users
Figure GDA0002093885690000079
When the private cloud receives the update key of the non-revoked user distributed by the attribute authority, the attribute agent key SK of the non-revoked user is updated1Generating a new attribute proxy key
Figure GDA00020938856900000710
The following were used:
Figure GDA00020938856900000711
ciphertext update
Figure GDA00020938856900000712
When the private cloud receives the update key distributed by the attribute authority
Figure GDA00020938856900000713
The update cryptogram is calculated as follows:
Figure GDA00020938856900000714
another object of the present invention is to provide an attribute encryption system supporting efficient data deduplication and attribute revocation in cloud storage, which implements an attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage, where the attribute encryption system supporting efficient data deduplication and attribute revocation in cloud storage includes: the system comprises an attribute authority module, a cloud server module, a data owner module and a user module.
Another object of the present invention is to provide a cloud storage information processing system using an attribute encryption method supporting efficient data deduplication and attribute revocation in the cloud storage.
Another object of the present invention is to provide an information security processing system using the attribute encryption method supporting efficient data deduplication and attribute revocation in the cloud storage.
In summary, the advantages and positive effects of the invention are: according to the attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage, the cloud server can efficiently search the repeated data, and meanwhile, the method can simultaneously support data deduplication and attribute revocation, so that the working pressure of the cloud server can be relieved, the system safety is improved, the service cost and the file access delay can be reduced, and the user service experience is improved.
The invention provides a novel deduplication protocol based on the characteristic that repeated data cannot be searched efficiently in the deduplication scheme. Whether the file is initially uploaded or subsequently uploaded, the data owner needs to interact with the attribute authority to send the file label and the identity, and the attribute authority maps the file label into a corresponding prime number and sends the prime number to the private cloud. In this way, whether the same data exists in the cloud can be efficiently determined by executing one division operation, so that the service delay is reduced.
The invention supports multifunctional attribute encryption: an improved attribute encryption scheme is proposed such that both data deduplication and attribute revocation are supported. The method has the advantages that the high-efficiency cloud storage resource utilization rate is achieved, and meanwhile, the access authority of the user leaving the system can be cancelled, so that the data safety is guaranteed.
Drawings
Fig. 1 is a flowchart of an attribute encryption method for supporting efficient data deduplication and attribute revocation in cloud storage according to an embodiment of the present invention.
Fig. 2 is a model schematic diagram of an attribute encryption method for supporting efficient data deduplication and attribute revocation in cloud storage according to an embodiment of the present invention.
Fig. 3 is a flowchart of an implementation of an attribute encryption method for supporting efficient data deduplication and attribute revocation in cloud storage according to an embodiment of the present invention.
FIG. 4 is a comparison of the time of searching for duplicate data provided by Jiang et al and our method in accordance with an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problem that the repeated data searching efficiency in the existing duplication removing supporting scheme is low, the proposed scheme comprises an efficient duplication removing protocol. And sending a file label to the attribute authority before the data owner uploads the data, and mapping the file label to be a unique prime number by the attribute authority and sending the file label to the private cloud. The private cloud can determine whether the same data exists in the cloud by only performing one division operation.
Aiming at the problem that the existing duplication-removing supporting scheme can not realize attribute revocation, a variant of the attribute encryption scheme is provided, so that the attribute-removing encryption scheme can simultaneously support data duplication removal and attribute revocation. In the re-encryption stage, the private cloud re-encrypts the data using the trapdoor key in the ciphertext. When a user leaves the system, the attribute authority updates the attribute public key corresponding to the attribute, and distributes an update key for revoking the attribute to the private cloud. And the private cloud updates the attribute agent key of the non-revoked user and updates the ciphertext at the same time.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, an attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage according to an embodiment of the present invention includes the following steps:
s101: initializing a system, and generating public parameters, a master key, an attribute public key and a version key of the system by an attribute authority;
s102: an attribute proxy key and a user private key in an attribute authority computing system;
s103: a data owner generates a file ciphertext, a ciphertext of a random key and a file tag;
s104: sending a deduplication request to an attribute authority;
s105: the private cloud judges whether the cloud has repeated data;
s106: verifying the file;
s107: the private cloud re-encrypts the ciphertext stored in the cloud;
s108: data decryption and verification;
s109: and (4) attribute revocation.
The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.
The system model of the attribute encryption method for supporting efficient data deduplication and attribute revocation by cloud storage provided by the embodiment of the invention is shown in fig. 2 and comprises three types of entities: 1. cloud service module (Cloud); 2. an attribute authority module (AtturbuteAuthority); 3. a Data Owner module (Data Owner); 4. a user module (Client). The cloud server has enough storage space and computing capacity. The method comprises the following steps that Public cloud (Public cloud) and Private cloud (Private cloud) are included, the Public cloud is not trusted and can be in collusion with users, and the Public cloud is mainly responsible for storing data; the Private cluster is semi-trusted and will not collude with the user, and performs the search of duplicate data, the maintenance of tags and the re-encryption of data. Attribute Authority is a fully trusted party, and is mainly responsible for generating a user key, and besides, a file label is mapped into a unique prime number. The Data owner has a large amount of outsourced Data and can formulate a corresponding access policy. The Client includes a plurality of general users and is an entity using the data outsourcing/retrieval service.
To reduce storage and bandwidth waste, the data owner should not upload more than one encrypted data of the same content and should delete the data from local storage.
As shown in fig. 3, the attribute encryption method for supporting efficient data deduplication and attribute revocation in cloud storage according to the embodiment of the present invention includes the following steps:
step one, system initialization:
(1.1) the attribute authority inputs a safety parameter lambda;
(1.2) random selection of Linear groups G and GTOne linear pair e (G, G) → GTHere G and GTIs a cyclic group of prime order p, G is a generator of G;
(1.3) randomly generating four collision-resistant hash functions H: {0,1}n→G,H0:M→Zp,H1:G1→Zp,H2:{0,1}*→{0,1}n
(1.4) randomly selecting alpha, h epsilon, ZpAnd calculate ga,e(g,g)αThe public parameter PP and master key MSK are obtained as follows:
PP=(p,g,h,H,H0,H1,H2,ga,e(g,g)α),MSK=α.
(1.5) for each attribute x ∈ U, the attribute authority selects a random index vx∈ZpAs version key VKxAnd calculate
Figure GDA0002093885690000111
As an attribute public key;
and (1.6) publishing public parameter and attribute public keys, and keeping secret a master key and a version key.
Step two, generating a key:
(2.1) the attribute authority inputs the public parameter PP, the master key MSK, the attribute set A and the version key VK corresponding to the attribute setx
(2.2) randomly selecting t, Z ∈ Zp
(2.3) calculating the user private key as follows:
Figure GDA0002093885690000112
step three, data initialization:
(3.1) symmetric Key K for data ownerF∈GTEncrypting the data F to obtain C0 1
(3.2) calculation of K0=H(F);
(3.3) Using K0Encrypting a random key KFObtaining C0 2Let C be C ═ C0 1||C0 2
(3.4) data owner encryption KF。Encrypt(PP,KF,(M,ρ),{PKx}x∈U) → (CT', TK) to generate ciphertext, the data owner performs the following operations;
(3.4.1) inputting an access policy (M, rho), public parameter PP, attribute public key PKx}x∈UAnd a random key KF
(3.4.2) randomly selecting a secret value s ∈ Zp
(3.4.3) selecting a vector
Figure GDA0002093885690000113
(3.4.4) for j ═ 1.., l, calculate
Figure GDA0002093885690000114
And randomly select r1,...,rl∈Zp
(3.4.5) output ciphertext as follows:
Figure GDA0002093885690000115
Figure GDA0002093885690000116
(3.4.6) calculation of T ═ H2(K0) As a file label;
wherein the trap key TK is a re-encryption key; finally, the data owner obtains the ciphertext CT ═ (B, L, C, D, TK, { Cj,Dj}j∈[1,l]) And a file tag T.
Step four, sending a deduplication request:
(4.1) the data owner sends a deduplication request (ID, T) to the attribute authority;
and (4.2) mapping the attribute authority mapping file tag to be a unique prime number, and sending the prime number to the private cloud.
Step five, repeated data searching:
(5.1) for the prime numbers corresponding to the file labels, the private cloud carries out division operation piP, wherein p is the product of prime numbers corresponding to the file labels;
(5.2) if not divided, regarding the data owner as a first data uploader, and then carrying out private cloud computing
Figure GDA0002093885690000121
And requesting the data owner to upload the ciphertext; otherwise, the data owner and the private cloud perform ownership verification.
Step six, file verification:
if the data in the cloud is repeated, the private cloud and the data owner carry out ownership verification:
(6.1) the private cloud sends a portion of ciphertext C to the data owner0 2
(6.2) data owner utilization of K0H (f) decrypting it yields a random key KF
(6.3) calculation of C0 1'=Enc(F,KF) And calculating phi (C)0 1');
(6.4) private cloud comparison φ (C)0 1')=φ(C0 1) Whether the result is true or not; if yes, the ownership verification is successful, and the data owner is requested to visitInquiring the strategy; otherwise, the verification fails.
Step seven, re-encryption:
when the ownership verification is successful, the private cloud performs the following operations:
(7.1) private cloud input original ciphertext CT, a public parameter PP, attribute public key { PKx}x∈UAnd a new access policy (M ', ρ '), where M ' is a matrix of l ' x n ';
(7.2) random selection
Figure GDA0002093885690000122
To represent
Figure GDA0002093885690000123
Herein, the
Figure GDA0002093885690000124
(7.3) outputting a new ciphertext:
Figure GDA0002093885690000125
Figure GDA0002093885690000131
step eight, data downloading:
in order to reduce the computational burden on resource-limited users, a pre-decryption phase performed by the private cloud and a decryption phase performed by the user are separated.
(8.1)Pre.Decrypt(CT,SK1) → CT' private cloud input ciphertext CT, Attribute surrogate Key SK1. Assume that the set of attributes satisfies the access policy, such that the constant wj∈ZpCan be calculated and satisfies sigmaj∈IwjAjWhere I ═ j ═ ρ (j) ∈ a }. The calculation process is as follows:
Figure GDA0002093885690000132
(8.2)C.Decrypt(CT”,SK2) → F user input partially decrypted ciphertext CT' and user private key SK2And calculate
Figure GDA0002093885690000133
Finally, data F is recovered using a symmetric decryption algorithm.
(8.3) the user can verify the integrity of the downloaded data. If it is not
Figure GDA0002093885690000134
The user accepts the ciphertext and rejects the ciphertext otherwise.
Step nine, attribute revocation:
(9.1) Generation of update Key
Figure GDA0002093885690000135
Version key VK corresponding to attribute authority input revocation attributej
(9.1.1) randomly selecting a new version key
Figure GDA0002093885690000136
(9.1.2) calculation
Figure GDA0002093885690000137
Distribution of
Figure GDA0002093885690000138
Giving the private cloud;
(9.1.3) Attribute public Key for Attribute Authority update revocation Attribute
Figure GDA0002093885690000139
(9.2) updating Attribute proxy keys for non-revoked users
Figure GDA00020938856900001310
When the private cloud receives the updating key distributed by the attribute authority, the attribute agent key SK of the non-revoked user is updated1Calculating the update key
Figure GDA00020938856900001311
The following were used:
Figure GDA0002093885690000141
(9.3) ciphertext update
Figure GDA0002093885690000142
When the private cloud receives the update key distributed by the attribute authority
Figure GDA0002093885690000143
The update cryptogram is calculated as follows:
Figure GDA0002093885690000144
the following simulation experiments describe the application effect of the present invention in detail.
The present invention performs simulation experiments on the time consumption of repetitive data searches and compares it with the scheme of Jiang et al. Assuming 1000 files in the cloud, we randomly generated 1000 prime numbers and simulated the experiment using language C #. In fig. 4, the abscissa represents the number of files in the cloud, and the ordinate represents the time consumption required to search for duplicate data. Obviously, regardless of whether the same data exists in the cloud, the scheme only needs a very short time, even reaching to a millisecond, so that the embodiment of the invention is very efficient, the duplicate removal efficiency is greatly improved, and the service delay is reduced.
For each algorithm of the attribute encryption method, the invention carries out simulation experiments, and the experimental results are shown in table 1. In the key generation stage, when the number of the attributes is 10, 87.9749ms is consumed by the attribute authority, 288.272ms is consumed by the attribute number of 40; in the data encryption stage, when the number of attributes is 10, 236.8555ms is consumed by a data owner, and 838ms is consumed by 40 attributes; in the re-encryption stage, when the number of the attributes is 10, the private cloud needs to consume 216.5536ms, and the number of the attributes consumes 817.888ms when the number of the attributes is 40; in the decryption stage, the decryption time consumption of the data user is unrelated to the complexity in the access strategy, and only 1 exponential operation time is needed; in the key update and ciphertext update stages, m exponent operations are required, for example, when the number of attributes is 10, the time consumed by the attribute authority in the key update and ciphertext update stages is 69.69ms and 65.56ms, respectively. And the time consumption and the attribute number of each stage are linearly related, so that the embodiment of the invention ensures the diversity of functions and the high efficiency of efficiency. A
Table 1 is a schematic table of simulation experiment results provided in the embodiment of the present invention.
Figure GDA0002093885690000151
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (5)

1. An attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage is characterized by comprising the following steps:
a duplication removing protocol, wherein a data owner sends a file label to an attribute authority before uploading data, and the attribute authority maps the file label into a unique prime number and sends the unique prime number to a private cloud; the private cloud can judge whether the same data exist in the cloud or not only by executing one division operation;
in a re-encryption stage, the private cloud re-encrypts data by using a trapdoor key in a ciphertext; when a user leaves the system, the attribute authority updates the attribute public key corresponding to the attribute and distributes an update key for revoking the attribute to the private cloud; the private cloud updates the attribute agent key of the non-revoked user and updates the ciphertext at the same time;
the attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage specifically comprises the following steps:
step one, system initialization, attribute authority inputs a safety parameter lambda to obtain a public parameter PP and a master key MSK, and a version key { VK ] is generated for each attributex}x∈UAnd attribute public key PKx}x∈U
Step two, generating a key, inputting a master key MSK, an attribute set A corresponding to the user and a version key { VK corresponding to the attribute by an attribute authorityx}x∈AObtaining an attribute proxy key SK of a private cloud1And a user private key SK2
Step three, data initialization, data owner random selection key KF∈GT,GTIs a cyclic group of prime order p, data F is encrypted using a symmetric encryption algorithm and a data-derived key encryption KF(ii) a The data owner then enters the public parameter PP, attribute public key PKx}x∈UEstablishing corresponding access strategy (M, rho) and then encrypting KFSimultaneously generating a file label T for the file;
step four, sending a duplication elimination request, sending (ID, T) to the attribute authority by the data owner, and mapping the file label to a unique prime number p by the attribute authorityiAnd sending the prime number to the private cloud;
step five, repeating data search, and receiving the prime number p corresponding to the file label by the private cloudiPerforming a division operation piJudging whether repeated data exist in the cloud or not after | p; p is the product of prime numbers corresponding to the file labels;
step six, file verification is carried out, and if the same data exist in the cloud, ownership verification is carried out on the data owner and the private cloud; the private cloud sends a part of ciphertext to the data owner, and if the data owner really owns the data, the random key corresponding to the data can be obtained, and the ciphertext is generated; the private cloud carries out verification according to the ciphertext in the cloud and the new ciphertext generated by the user;
step seven, re-encryption, inputting public parameters PP and attribute public keys PK into the private cloudx}x∈UNew access policy (M ', ρ '), M ' is l ' x n 'The matrix and the ciphertext CT stored in the cloud to obtain a new ciphertext CT';
step eight, data decryption and verification, wherein the private cloud decrypts the ciphertext by using the attribute proxy key distributed by the attribute authority; then the data user utilizes the private key SK distributed by the attribute authority2Decrypting the data to obtain F; finally, the data owner verifies the data by using the label in the ciphertext, and if the data passes the verification, the ciphertext is accepted; otherwise, rejecting the ciphertext;
step nine, attribute revocation, when the user leaves the system, the attribute authority generates the renewal key
Figure FDA0003509355260000021
Distributing to a private cloud; and the private cloud updates the attribute proxy key and the ciphertext of the non-revoked user.
2. The method for encrypting the attribute of the cloud storage supporting the efficient data deduplication and the attribute revocation according to claim 1, wherein in the system initialization of the first step, after the attribute authority inputs a security parameter λ, the following operations are performed:
(1) randomly selecting linear groups G and GTOne linear pair e (G, G) → GTHere G and GTIs a cyclic group of prime order p, G is a generator of G;
(2) four collision resistant hash functions were randomly generated:
H:{0,1}n→G,H0:M→Zp,H1:G1→Zp,H2:{0,1}*→{0,1}n
(3) randomly selecting alpha, h epsilon to ZpAnd calculate ga,e(g,g)αThe public parameter PP and master key MSK are obtained as follows:
PP=(p,g,h,H,H0,H1,H2,ga,e(g,g)α),MSK=α;
(4) for each attribute, a random index v is selectedx∈ZpAs version key VKxAnd calculate
Figure FDA0003509355260000022
As an attribute public key;
(5) publishing public parameters PP and attribute public keys PKxSecret master key MSK and version key VKx
In the second step of key generation, the attribute authority inputs the public parameter PP, the master key MSK, the attribute set A and the version key { VK) corresponding to the attribute setx}x∈ARandomly selecting t, Z ∈ ZpAnd calculates an attribute proxy key SK1And a user private key SK2The following were used:
Figure FDA0003509355260000031
in the data initialization process of the third step, the data owner utilizes the symmetric key KF∈GTEncrypting the data F to obtain C0 1And calculating K0By K (H) (F)0Encryption KFObtaining C0 2(ii) a Let C be C0 1||C0 2(ii) a The data owner then encrypts KF:Encrypt(PP,KF,(M,ρ),{PKx}x∈U) → (CT', TK); to generate the ciphertext, the data owner enters an access policy (M, ρ), a public parameter PP, and a public attribute key { PK }x}x∈UAnd a random key KFThen, the following operations are performed:
(1) randomly selecting a secret value s ∈ Zp
(2) Selecting a vector
Figure FDA0003509355260000032
(3) For j 1
Figure FDA0003509355260000033
And randomly select r1,...,rl∈Zp
(4) The ciphertext is output as follows:
Figure FDA0003509355260000034
D=KF·e(g,g)αs
Figure FDA0003509355260000035
TK=(ga)s
(5) calculating T ═ H2(K0) As a file label; the trapdoor key TK is a key used for re-encryption by a private cloud in a re-encryption stage; finally, the data owner obtains the ciphertext CT ═ (B, L, C, D, TK, { Cj,Dj}j∈[1,l]) And a file tag T.
3. The method for encrypting the attribute of the cloud storage supporting the efficient data deduplication and the attribute revocation in the cloud storage according to claim 1, wherein in the sending request process of the fourth step, a data owner sends a deduplication request (ID, T) to an attribute authority; the attribute authority maps the file label as a unique prime number, and sends the prime number to the private cloud;
in the repeated data search of the fifth step, the prime number p corresponding to the file label TiPrivate cloud division operation piP, wherein p is the product of prime numbers corresponding to the storage file tags in the cloud; if not, the data owner is regarded as a first data uploader, and then private cloud computing is carried out
Figure FDA0003509355260000036
And requesting the data owner to upload the ciphertext; otherwise, the data owner and the private cloud perform ownership verification.
4. The method for encrypting the attribute of the cloud storage supporting the efficient data deduplication and the attribute revocation as claimed in claim 2, wherein the file verification process of the sixth step is that if the data in the cloud is repeated, the proprietary cloud and the data owner perform ownership verification:
(1) the private cloud sends a portion of ciphertext C to the data owner0 2
(2) Data owner utilization K0H (f) decrypting it yields a random key KF
(3) Calculating C0 1'=Enc(F,KF) And phi (C)0 1');
(4) Private cloud comparison phi (C)0 1') whether or not to be equal to phi (C)0 1) Equal; if the data owner is the same as the data owner, the ownership verification is successful, and the private cloud requests an access strategy of the data owner; otherwise, the verification fails;
in the re-encryption of the seventh step, after ownership verification is successful, the private cloud inputs the original ciphertext CT, the public parameter PP and the attribute public key { PKx}x∈UAnd a new access policy (M ', ρ '), M ' being a matrix of l ' x n ', and randomly selected
Figure FDA0003509355260000041
To represent
Figure FDA0003509355260000042
Wherein
Figure FDA0003509355260000043
Outputting a new ciphertext:
Figure FDA0003509355260000044
Figure FDA0003509355260000045
private cloud computing C even if s is unknownj’' the following:
Figure FDA0003509355260000046
the data downloading of the step eight is divided into a pre-decryption stage executed by the private cloud and a decryption stage executed by the user:
(1)Pre.Decrypt(CT,SK1) → CT' private cloud input ciphertext CT, Attribute surrogate Key SK1(ii) a The attribute set satisfies the access policy such that the constant wj∈ZpCan be calculated and satisfies sigmaj∈IwjAj1, (1, 0., 0), where I ═ j ═ ρ (j) ∈ a }; the calculation process is as follows:
Figure FDA0003509355260000047
(2)C.Decrypt(CT”,SK2) → F user inputs the partially decrypted ciphertext CT' and the private key SK2And calculate
Figure FDA0003509355260000048
Recovering the data F by using a symmetric decryption algorithm;
(3) the user verifies the integrity of the downloaded data; if it is not
Figure FDA0003509355260000051
The user accepts the data F, otherwise rejects the data;
in the attribute revocation of the step eight, when the attribute of the user is revoked, the attribute authority generates an update key; the private cloud generates a new attribute proxy key and a new ciphertext for the non-revoke user;
generation of update keys
Figure FDA0003509355260000052
Version key VK corresponding to attribute authority input revocation attributejRandomly selecting a new version key
Figure FDA0003509355260000053
And calculate
Figure FDA0003509355260000054
Attribute authority distribution
Figure FDA0003509355260000055
Giving the private cloud; the attribute authority updates the attribute public key of the revocation attribute as
Figure FDA0003509355260000056
Updating attribute proxy keys for non-revoked users
Figure FDA0003509355260000057
When the private cloud receives the update key of the non-revoked user distributed by the attribute authority, the attribute agent key SK of the non-revoked user is updated1Generating a new attribute proxy key
Figure FDA0003509355260000058
The following were used:
Figure FDA0003509355260000059
ciphertext update
Figure FDA00035093552600000510
When the private cloud receives the update key distributed by the attribute authority
Figure FDA00035093552600000511
The update cryptogram is calculated as follows:
Figure FDA00035093552600000512
5. an attribute encryption system supporting efficient data deduplication and attribute revocation in cloud storage, implementing the attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage of claim 1, wherein the attribute encryption system supporting efficient data deduplication and attribute revocation in cloud storage comprises: the system comprises an attribute authority module, a cloud server module, a data owner module and a user module.
CN201910189946.XA 2019-03-13 2019-03-13 Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage Active CN110035067B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910189946.XA CN110035067B (en) 2019-03-13 2019-03-13 Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910189946.XA CN110035067B (en) 2019-03-13 2019-03-13 Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage

Publications (2)

Publication Number Publication Date
CN110035067A CN110035067A (en) 2019-07-19
CN110035067B true CN110035067B (en) 2022-03-25

Family

ID=67235981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910189946.XA Active CN110035067B (en) 2019-03-13 2019-03-13 Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage

Country Status (1)

Country Link
CN (1) CN110035067B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901320B (en) * 2020-07-16 2021-05-11 西南交通大学 Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack
CN112383391B (en) * 2020-11-12 2024-03-19 北京安御道合科技有限公司 Data security protection method based on data attribute authorization, storage medium and terminal
CN112822009B (en) * 2021-01-26 2022-07-22 西安邮电大学 Attribute ciphertext efficient sharing system supporting ciphertext deduplication
CN113177053A (en) * 2021-05-21 2021-07-27 滨州职业学院 Computer data updating method and related device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN102938767A (en) * 2012-11-13 2013-02-20 西安电子科技大学 Efficient verified fuzzy key word searching method based on cloud data subcontract system
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN105049430A (en) * 2015-06-30 2015-11-11 河海大学 Ciphertext-policy attribute-based encryption method having efficient user revocation capability
CN106330865A (en) * 2016-08-12 2017-01-11 安徽大学 Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment
CN108200172A (en) * 2018-01-03 2018-06-22 西安电子科技大学 A kind of cloud storage system and method supported secure data duplicate removal and deleted
CN109379182A (en) * 2018-09-04 2019-02-22 西安电子科技大学 Support efficient data re-encryption method and system, the cloud storage system of data deduplication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9021269B2 (en) * 2012-07-18 2015-04-28 TapLink, Inc. Blind hashing
US10509733B2 (en) * 2017-03-24 2019-12-17 Red Hat, Inc. Kernel same-page merging for encrypted memory

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546161A (en) * 2010-12-08 2012-07-04 索尼公司 Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same
CN102938767A (en) * 2012-11-13 2013-02-20 西安电子科技大学 Efficient verified fuzzy key word searching method based on cloud data subcontract system
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN105049430A (en) * 2015-06-30 2015-11-11 河海大学 Ciphertext-policy attribute-based encryption method having efficient user revocation capability
CN106330865A (en) * 2016-08-12 2017-01-11 安徽大学 Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment
CN108200172A (en) * 2018-01-03 2018-06-22 西安电子科技大学 A kind of cloud storage system and method supported secure data duplicate removal and deleted
CN109379182A (en) * 2018-09-04 2019-02-22 西安电子科技大学 Support efficient data re-encryption method and system, the cloud storage system of data deduplication

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Scalable and reliable key management for secure deduplication in cloud storage;Kwon, H.;《2017 IEEE 10th international conference on cloud computing (CLOUD)》;20170630;第391-398页 *
云环境下外包数据的高效检索及安全审计技术研究;王剑锋;《中国博士学位论文全文数据库信息科技辑(月刊 )》;20170215;第I138-20页 *
基于属性加密的高效密文去重和审计方案;马华 等;《电子与信息学报》;20190228;第355-361页 *

Also Published As

Publication number Publication date
CN110035067A (en) 2019-07-19

Similar Documents

Publication Publication Date Title
CN112019591B (en) Cloud data sharing method based on block chain
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
Xu et al. Secure fine-grained access control and data sharing for dynamic groups in the cloud
CN108833393B (en) Revocable data sharing method based on fog computing
US7715565B2 (en) Information-centric security
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
Xu et al. Fine-grained and heterogeneous proxy re-encryption for secure cloud storage
CN107547530A (en) On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
Sumathi et al. A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography
CN111556048B (en) Attribute-based secure communication method and system supporting ciphertext mode matching
WO2022025822A1 (en) Cloud data sharing systems and methods for sharing data using the systems
CN114640458A (en) Fine-grained multi-user secure searchable encryption method in cloud-edge collaborative environment
CN109783456B (en) Duplication removing structure building method, duplication removing method, file retrieving method and duplication removing system
Sandhia et al. Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography
Park et al. PKIS: practical keyword index search on cloud datacenter
Zhang et al. A lattice-based searchable encryption scheme with the validity period control of files
Salman et al. A homomorphic cloud framework for big data analytics based on elliptic curve cryptography
CN116318784B (en) Identity authentication method, identity authentication device, computer equipment and storage medium
Yan et al. Secure and efficient big data deduplication in fog computing
CN108494552B (en) Cloud storage data deduplication method supporting efficient convergence key management
WO2022213577A1 (en) Method and apparatus for querying spatial text

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant