CN110457922A - A kind of data integrity verification method under cloud environment - Google Patents

A kind of data integrity verification method under cloud environment Download PDF

Info

Publication number
CN110457922A
CN110457922A CN201910712550.9A CN201910712550A CN110457922A CN 110457922 A CN110457922 A CN 110457922A CN 201910712550 A CN201910712550 A CN 201910712550A CN 110457922 A CN110457922 A CN 110457922A
Authority
CN
China
Prior art keywords
data
vector
plaintext
binary tree
inquiry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910712550.9A
Other languages
Chinese (zh)
Inventor
林亚平
许舟
周军海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN201910712550.9A priority Critical patent/CN110457922A/en
Publication of CN110457922A publication Critical patent/CN110457922A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to data-privacy protection, safe rangies to inquire field; disclose the data integrity verification method under a kind of cloud environment; include the following steps; data owner constructs plaintext balanced binary tree index; traverse the plaintext balanced binary tree index; each node of plaintext balanced binary tree index is encrypted, obtains ciphertext balanced binary tree index, and ciphertext balanced binary tree index is uploaded into Cloud Server;Data consumer will inquire after boundary value encryption and initiate inquiry request to Cloud Server;Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;The result that data consumer returns to Cloud Server is decrypted;Data consumer constructs the integrality of vector neighborhood chain and revene lookup result data.The present invention realizes the purpose realized data-privacy safety with the computing cost of lightweight and with the calculating of lightweight and memory space data are carried out with integrity verification, enables the invention to be applied in mobile device.

Description

A kind of data integrity verification method under cloud environment
Technical field
The invention belongs to data-privacy protection, safe rangies to inquire field, and in particular, to the data under a kind of cloud environment Integrity verification method.
Background technique
It with the rapid development of cloud computing and is widely used, cloud has attracted crowd by feat of its powerful storage and computing capability The concern of multi-user, people are increasingly utilized cloud and carry out online data storage, and are examined anywhere or anytime by query service Rope data;Simultaneously as the portability and flexibility of mobile device, people are higher and higher to the degree of dependence of mobile device, move Dynamic cloud receives more and more attention.But under mobile cloud environment or there is data-privacy safety, in order to protect Data-privacy, data encryption first would generally be uploaded to Cloud Server by user again, but data encryption often reduces data Availability can also bring more difficulties to data query.It mainly include two sides for the Safety query of data under cloud environment Face: first is that can search for encrypting, i.e., still can carry out relevant calculation to ciphertext data after being encrypted to data and correctly look into It askes;Second is that whether the query result that query result integrity verification, i.e. verifying cloud service return is correct and complete.
Currently, mainly having isotonic function encryption and homomorphic cryptography for the technology that can search for encryption.Isotonic function encrypts energy Guarantee that the size order before and after data encryption is consistent, but this method is easy to be influenced by the attack based on statistical analysis.Together After the calculated result decryption of state encryption as calculated result when unencryption, but this method need huge computing cost and Storage overhead.Mainly there are Merkle Hash tree technology and chain technology for the technology of data integrity validation.Merkle Hash tree Need the cryptographic Hash of calculate node;Chain technology generally requires to store twice data, therefore these methods require excessively additionally Computing cost and memory space expense.
Above-mentioned some defects in the prior art, so that they may not apply to computing resource and memory space all compares has In the mobile device of limit.Wherein, it can search for encryption method to be difficult to obtain good balance between safety and computation complexity; And the extra resource expense that data integrity verification method needs is big, has certain limitation.
Summary of the invention
The object of the present invention is to provide the data integrity verification methods under a kind of cloud environment, with the computing cost of lightweight It realizes data-privacy safety, integrity verification is carried out to query result with the calculating of lightweight and memory space, so that of the invention It is applicable in mobile device.
To achieve the goals above, the present invention provides the data integrity verification method under a kind of cloud environment, including as follows Step,
A) data owner constructs plaintext balanced binary tree index;
B) data owner traverses the plaintext balanced binary tree index, to each of plaintext balanced binary tree index Node is encrypted, and ciphertext balanced binary tree index is obtained;
C) ciphertext balanced binary tree index is uploaded to Cloud Server by data owner;
D) data consumer will inquire after boundary value encryption and initiate inquiry request to Cloud Server;
E) Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;
F) result that data consumer returns to Cloud Server is decrypted;
G) data consumer constructs the integrality of vector neighborhood chain and revene lookup result data.
Further, in the step A) in, the construction process of the plaintext balanced binary tree index includes the following steps,
A01) from a data optional in the data set D comprising n data item be inserted into tree T in, and by this data from It is deleted in the data set D, data volume subtracts 1 in the data set D;
A02 it) is lighted from the data section being currently inserted into and finds first unbalanced node upwards;
A03) uneven node if it does not exist, then without being made any adjustments to tree T;Uneven point if it exists, then pass through phase The adjustment to tree T answered is so that all node balances;
A04) circulation executes the step A01) arrive the step A03), the end loop when the data set D is empty is returned The tree T is returned to index as complete plaintext balanced binary tree.
Further, in the step B) in, the plaintext balanced binary tree index is traversed, by the plaintext balanced binary Tree index is encrypted to vector form, includes the following steps,
B01) data owner sets vector length l (l >=5), sets length as the basis vector of l-2;
B02 the node for) accessing the plaintext balanced binary tree index sets current plaintext number for current accessed node According to the position p in the vector1, setting inquiry boundary value is in corresponding position p2, setting noise data is at remaining l-2 Single data values are converted to the primary vector that length is l by position;
B03 a positive integer factor-alpha) is randomly choosed, is multiplied with the primary vector that the length is l;
B04) length is that the primary vector of l is multiplied with the cipher key matrix of a l × l, is converted to a new length Constant vector;
B05 the plaintext balanced binary tree index) is traversed, step B02 is carried out to each node) arrive step B04), The key assignments of all nodes is encrypted to vector form.
Further, in the step B02) in, in position p1It is embedded in clear data, in position p2It is embedded in numerical value -1, In Optional two positions are respectively embedded into the left neighbours and right neighbours of current clear data in l-2 position;Left neighbours and described Right neighbours are the left side numerical value and the right numerical value that current clear data is concentrated in the clear data of ascending sort;And noise data group At noise vector it is orthogonal with basis vector.
Further, in step D), to inquiry boundary value encryption, include the following steps,
D01) data owner is by the vector length l, the basis vector and the data positional information (p1, p2) hair Give data consumer;
D02 an integer β) is selected at random, and the noise bits of the l-2 in vector are embedded into after being multiplied with β with basis vector It sets, in the p1Position insertion number 1, in the p2Upper dividing value is inquired in position insertion;
D03 an integer β) is selected at random, and the noise bits of the l-2 in vector are embedded into after being multiplied with β with basis vector It sets, in the p1Position insertion number 1, in the p2Position insertion inquiry floor value;
D04) inquiry Margin Vector is multiplied with the cipher key matrix of a l × l, be converted to respectively new length it is constant to Amount.
Further, in the step E) in, pass through data cyphertext vector in Cloud Server and the inquiry boundary value Dot product calculated result between cyphertext vector judges that the data in the Cloud Server and the size of the inquiry boundary value are closed System.
Further, the method for the judgement data and the size relation for inquiring boundary value is as follows, if the cloud service The dot product calculated result between data cyphertext vector and the inquiry boundary value cyphertext vector in device is greater than 0, then it represents that described Clear data value is greater than inquiry boundary value;If data cyphertext vector in the Cloud Server and the inquiry boundary value ciphertext to Dot product result between amount is less than 0, then it represents that the clear data value is less than inquiry boundary value;If the number in the Cloud Server It is equal to 0 according to the dot product calculated result between cyphertext vector and the inquiry boundary value cyphertext vector, then it represents that the clear data Value is equal to inquiry boundary value.
Further, in the step F) in, in decrypting process, decruption key includes the cipher key matrix, the original Location information and insertion location information as the neighbor data of noise data of the beginning data in vector.
Further, in the step G) in, clear data is extracted from the plaintext vector, and according to ascending order It is ranked up;The neighbor data of each clear data is extracted from the corresponding position of the plaintext vector, so that The clear data and its described neighbor data constitute a neighborhood vector.
Further, in the vector neighborhood chain that the neighborhood vector is constituted, clear data described in current vector Left neighbours' noise is the clear data of a upper vector, and right neighbours' noise is the clear data of next vector.
The advantages of above-mentioned technical proposal through the invention, data integrity verification method under cloud environment of the invention, exists In:
(1) present invention utilizes the encryption of the complete paired data of operation based on vector sum matrix correlation, with the calculating of lightweight Expense realizes data-privacy safety;
(2) present invention is believed in the data integrity validation stage using the noise information in data encryption process as verifying Breath is realized and is carried out completely with the calculating of lightweight and memory space to query result by way of constructing vector neighborhood chain Property verifying purpose, allow the invention to be applied in mobile device.
The other feature and advantage of the embodiment of the present invention will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is to further understand for providing to the embodiment of the present invention, and constitute part of specification, under The specific embodiment in face is used to explain the present invention embodiment together, but does not constitute the limitation to the embodiment of the present invention.Attached In figure:
Fig. 1 is a kind of flow chart of specific embodiment of the data integrity verification method under cloud environment of the invention.
Fig. 2 is a kind of construction balance of specific embodiment of the data integrity verification method under cloud environment of the invention The change procedure figure of binary tree.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the embodiment of the present invention.It should be understood that this Locate described specific embodiment and be merely to illustrate and explain the present invention embodiment, is not intended to restrict the invention embodiment.
As shown in Figure 1, one embodiment of the data integrity verification method under cloud environment of the present invention includes the following steps,
S1 data owner constructs plaintext balanced binary tree index;
S2 data owner traverses balanced binary tree index, encrypts, obtains to each node of balanced binary tree index It is indexed to comprising ciphertext balanced binary tree;
S3 data owner will upload to Cloud Server comprising ciphertext balanced binary tree index;
S4 data consumer will inquire boundary value encryption, initiate inquiry request to Cloud Server;
S5 Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;
The result that S6 data consumer returns to Cloud Server is decrypted;
S7 data consumer constructs the integrality of vector neighborhood chain and revene lookup result.
In one particular embodiment of the present invention, in step sl, the balanced binary tree of the clear data indexes Construction process includes the following steps that S101 is inserted into tree T from a data optional in the data set D comprising n data item, and This data is deleted from the data set D, data volume subtracts 1 in the data set D;S102 is from the back end being currently inserted into It rises and finds first unbalanced node upwards;S103 uneven node if it does not exist, then without being made any adjustments to tree;If depositing In uneven point, then by adjustment accordingly so that all node balances;S104 circulation executes the step S101 to the step Rapid S103, the end loop when the data set D is empty return to the tree T and index as complete plaintext balanced binary tree.Structure Making balanced binary tree is in order to construct data directory, so as to improve search efficiency.
In one embodiment of the present of invention, step S2 includes: S201 data owner setting vector length l (l >=5), if Measured length is the basis vector of l-2;S202 accesses the node of the balanced binary tree, and for current accessed node, setting is current Position p of the clear data in the vector1, setting inquiry boundary value is in corresponding position p2, noise data is set at remaining L-2 position, optional two positions are respectively embedded into the left neighbours and right neighbours of current clear data in l-2 position;It is described Left neighbours and the right neighbours are the left side numerical value and the right numerical value that current clear data is concentrated in the clear data of ascending sort; And the noise vector of noise data composition is orthogonal with basis vector;Single data values are converted to the primary vector that length is l; S203 randomly chooses a positive integer factor-alpha, is multiplied with the primary vector that the length is l;Length described in S204 is the primary of l Vector is multiplied with the cipher key matrix of a l × l, is converted to the constant vector of new length;The S205 traversal balance two Fork tree, is carried out step S202 to step S204 to each node, the key assignments of all nodes is encrypted to vector form.In In step S203, introducing positive integer factor-alpha is to obscure data value and inquiry when doing vector dot in the query processing stage Specific difference between boundary value;And positive integer factor-alpha will not influence after being multiplied with primary vector data and boundary value it Between size relation judgement.For single data value, vector form is converted it by way of adding noise vector, and And in order to realize correct inquiry, to data carry out the noise vector that adds during vectorization be orthogonal to inquiry boundary into The noise vector added during row vector.
In one embodiment of the present of invention, step S4 includes: S401 data owner by the vector length l, the base Data positional information (p described in plinth vector sum1, p2) it is sent to data consumer;S402 selectes an integer β at random, with β and base It is embedded into the noise position of the l-2 in vector after plinth multiplication of vectors, in the p1Position insertion number 1, in the p2Position is embedding Enter and inquires upper dividing value;S403 selectes an integer β at random, and making an uproar for the l-2 in vector is embedded into after being multiplied with β with basis vector Sound position, in the p1Position insertion number 1, in the p2Position insertion inquiry floor value;S404 will inquire Margin Vector and one The cipher key matrix of a l × l is multiplied, and is converted to the constant vector of new length respectively, and data value and primary in final vector Data value in vector is completely different, achievees the purpose that encryption.
In one embodiment of the invention, in S5 step, pass through the data cyphertext vector and inquiry in Cloud Server Dot product between boundary value cyphertext vector calculates to judge the data in Cloud Server and inquire the size relation of boundary value, if cloud The dot product calculated result between data cyphertext vector and the inquiry boundary value cyphertext vector in server is greater than 0, then it represents that Clear data value is greater than inquiry boundary value;If between the data cyphertext vector in Cloud Server and inquiry boundary value cyphertext vector Dot product result is less than 0, then it represents that the clear data value is less than inquiry boundary value;If data cyphertext vector in Cloud Server with The dot product calculated result inquired between boundary value cyphertext vector is equal to 0, then it represents that the clear data value is equal to inquiry boundary value.
Judge that data whether in given range, then will by comparing data and the size relation of inquiry boundary value Data in range return to user (being exactly that cyphertext vector is returned to user for ciphertext angle).
The specific algorithm for indexing lookup identifying object based on balanced binary tree is as follows:
In one embodiment of the present of invention, in the step S6, in decrypting process, decruption key includes the key The location information of location information and insertion as the neighbor data of noise data of matrix, the initial data in vector.
In one embodiment of the present of invention, in the step S7, clear data is extracted from the plaintext vector Come, and is ranked up according to ascending order;By the neighbor data of each clear data from the corresponding position of the plaintext vector It extracts, so that the clear data and its described neighbor data constitute a neighborhood vector.
In the vector neighborhood chain that the neighborhood vector is constituted, left neighbours' noise of clear data described in current vector is The clear data of a upper vector, right neighbours' noise are the clear datas of next vector.Construction vector neighborhood chain can be verified The integrality of query result, whether have data be tampered, if having the data of gaps and omissions, to realize safety if checking in query result Range query.
Embodiment
Initial setting, data set D include data item { 3,5,6,8,9 }, which is 1, the upper bound 11.Especially say Bright, bound is not included within data set;Query context is [4,7];Cyphertext vector length l is set as 5, then length is L-2, as 3 basis vector are (- 2,3,1).Second position is p in the vector that length is 51, third position is p2, Other positions are the position where noise data.
The data integrity verification method under cloud environment through the invention,
S1 data owner constructs plaintext balanced binary tree index, and steps are as follows:
S101 is inserted into tree T from a data optional in the data set D comprising 5 data item, if selection 5, will count It is deleted from the data set D according to 5, data volume subtracts 1 in the data set D, becomes 4;
S102 is lighted from the data section being currently inserted into and is found first unbalanced node upwards;
S103 uneven node if it does not exist, without being made any adjustments to tree;Uneven point if it exists, then by corresponding Adjustment is so that all node balances;
S104 circulation executes step S101 to step S103.As shown in Fig. 2, the variation of construction plaintext balanced binary tree Journey.
S2 data owner traverses balanced binary tree index, encrypts, obtains to each node of balanced binary tree index It is indexed to comprising ciphertext balanced binary tree, steps are as follows;
It is assumed to be inorder traversal: 3,5,6,8,9, data set lower bound is 1, the upper bound 11.
S201 data owner sets vector length l as 5, sets length as l-2.As 3 basis vector be (- 2,3, 1)。
It is clear data position p that S202, which is set in second position in the vector that length is 5,1, third position is Inquire boundary value position p2(during encrypting to clear data, which is numerical value -1), other positions are to make an uproar Position where sound data, wherein selecting the first two position to be respectively embedded into current clear data in noise data position Left neighbours and right neighbours, and the noise vector that the length of noise data composition is 3 is orthogonal with given basis vector.Therefore right In the clear data 3 currently traversed, primary vector form is converted it into are as follows: (1,3, -1,5, -13).It should be noted that It (1,5, -13) is noise vector, and 1,5 be respectively the left neighbours and right neighbours of current clear data 3, and (1,5, -13) and base Plinth vector (- 2,3,1) is orthogonal.
S203 randomly chooses positive integer factor-alpha=2, and the primary vector for being 5 with the length is multiplied, become (2,6 ,- 2,10, -26).
The primary vector that length described in S204 is 5 is multiplied with one 5 × 5 cipher key matrix, is converted to a new length Constant vector, it is assumed that cipher key matrix is
It illustrates, which is the inverse matrix of this following original matrix:
And the transposed matrix of this original matrix above are as follows:
Then, final cyphertext vector encrypted to clear data 3 be (3404, -11446,11838,4998, - 13090)。
Similarly, successively other clear datas 5,6,8,9 are encrypted, and assumes randomly selected positive integer factor-alpha difference It is 3,4,2,6.Key message is only listed below:
The primary vector of clear data 5 are as follows: (3,5, -1,6, -12)
Final cyphertext vector are as follows: (5946, -19986,20670,8727, -22857)
The primary vector of clear data 6 are as follows: (5,6, -1,8, -14)
Final cyphertext vector are as follows: (9352, -31436,32512,13728, -35952)
The primary vector of clear data 8 are as follows: (6,8, -1,9, -15)
Final cyphertext vector are as follows: (5530, -18586,19222,8116, -21256)
The primary vector of clear data 9 are as follows: (8,9, -1,11, -17)
Final cyphertext vector are as follows: (18726, -62940,65094,27486, -71982)
S3 data owner will upload to Cloud Server comprising ciphertext balanced binary tree index;It here will be in plaintext index tree The clear data of each node is substituted for the corresponding cyphertext vector of the clear data.
S4 data consumer will inquire boundary value encryption, to Cloud Server initiate inquiry request (assuming that query context be [2, 10]),
S401 data owner is by the vector length l, the basis vector and the data positional information (p1, p2) hair Data consumer is given, i.e. vector length l is 5, and the basis vector that length is 3 is (- 2,3,1).The in the vector that length is 5 Two positions are clear data position p1(being numerical value 1 to process position of inquiry boundary value encryption), third Position is inquiry boundary value position p2, position of the other positions where noise data, and the length of noise data composition Degree is conllinear with given basis vector for 3 noise vector, i.e., numerically proportional.
S402 selectes integer β=2 at random, and the noise of the l-2 in vector is embedded into after being multiplied with β with basis vector Position, in the p1Position is embedded in numerical value 1, in the p2Upper dividing value is inquired in position insertion, that is, inquires the primary vector shape in the upper bound 7 Formula are as follows: (- 4,1,7,6,2).
S403 selectes another integer β=3 at random, and making an uproar for the l-2 in vector is embedded into after being multiplied with β with basis vector Sound position, in the p1Position insertion number 1, in the p2Position insertion inquiry floor value, that is, inquire the primary vector of lower bound 4 Form are as follows: (- 6, Isosorbide-5-Nitrae, 9,3).
S404 is multiplied Margin Vector is inquired with one 5 × 5 cipher key matrix, be converted to respectively new length it is constant to Amount, and the data value in the data value and primary vector in final vector is completely different, achievees the purpose that encryption.It needs to illustrate , should be to the cipher key matrix that uses of inquiry boundary value encryption be original corresponding to the matrix that uses to clear data encryption The transposed matrix of matrix, that is, three matrixes have been sequentially listed in front, it is inverse matrix, original matrix, transposed matrix respectively.Cause This cipher key matrix used herein is
Then, the final cyphertext vector form in the upper bound 7 is inquired are as follows: (31,41,83,5,53);Inquire the final close of lower bound 4 Literary vector form are as follows: (24,54,74,8,29).
S5 Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;Here pass through number It is calculated according to the dot product between cyphertext vector and inquiry boundary value cyphertext vector to judge the data in Cloud Server and inquiry boundary The size relation of value, if the data cyphertext vector and the dot product inquired between boundary value cyphertext vector in Cloud Server calculate As a result it is greater than 0, then it represents that clear data value is greater than inquiry boundary value;If data cyphertext vector and inquiry boundary in Cloud Server It is worth the dot product result between cyphertext vector less than 0, then it represents that the clear data value is less than inquiry boundary value;If in Cloud Server Data cyphertext vector and inquiry boundary value cyphertext vector between dot product calculated result be equal to 0, then it represents that the clear data Value is equal to inquiry boundary value.
Give one example explanation: with the cyphertext vector form of clear data 5 (5946, -19986,20670,8727, - 22857) respectively with inquiry the upper bound 7 cyphertext vector (31,41,83,5,53) and inquiry lower bound 4 cyphertext vector (24,54,74, 8,29) dot product calculating is done, calculated result is respectively -6,3.Because -6 less than 0, illustrate that 5 are less than the upper bound 7;Because 3 are greater than 0, explanation 5 are greater than lower bound 4.As a result correct!
Identifying object is substantially maximum one right neighbour in query result set.For query context [4,7], inquiry Results set is { 5,6 }, and it is 8 that maximum one, which is 6,6 right neighbours, in the set, therefore 8 be identifying object.Likewise, In From the point of view of ciphertext angle, cyphertext vector corresponding to 8 is exactly identifying object.
The result that S6 data consumer returns to Cloud Server is decrypted;According to the above process, Cloud Server can will be close Literary vector (5946, -19986,20670,8727, -22857) and (9352, -31436,32512,13728, -35952), which are used as, to be looked into It askes result to return, cyphertext vector (5530, -18586,19222,8116, -21256) is returned as identifying object.
In decrypting process, decruption key includes the location information of the cipher key matrix, the initial data in vector And location information of the insertion as the neighbor data of noise data.It should be strongly noted that decruption key matrix here It should be mentioned-above original matrix, i.e.,
By in query result set cyphertext vector (5946, -19986,20670,8727, -22857) and (9352, - 31436,32512,13728, -35952) respectively with decryption matrix multiple, obtain result be (9,15, -3,18, -36) and (20, 24, -4,32, -56), then according to second position of location information be clear data position, third position be count It is worth -1 position, then learns that α is 3,4 respectively, then obtaining primary vector form divided by α respectively is (3,5, -1,6, -12) (5,6, -1,8, -14).
By identifying object (5530, -18586,19222,8116, -21256) and decryption matrix multiple, obtain obtaining for (12,16, -2,18, -30) can learn that α is 2, and then obtaining primary vector form is (6,8, -1,9, -15).
S7 data consumer constructs the integrality of vector neighborhood chain and revene lookup result.
In the step S7, clear data is extracted from the plaintext vector, and is ranked up according to ascending order; The neighbor data of each clear data is extracted from the corresponding position of the plaintext vector, so that the plaintext number A neighborhood vector is constituted according to neighbor data described in its.Then vector neighborhood chain can be constructed are as follows: (3,5,6) (5,6,8) (6, 8,9).It can be seen that the element in three vectors constitutes the structure of chain, i.e. clear data in first vector is 5, its right side Neighbours are the clear datas of next vector;Clear data in second vector is 6, its left neighbours are previous vectors Clear data, its right neighbours are the clear datas of next vector;Clear data in third vector is 8, its left neighbour Residence is the clear data of previous vector.
It is possible thereby to which the clear data for including in revene lookup result is 5 and 6, meet query context [4,7], identifying object The clear data for including is 8, and not in range [4,7], this part is correct.In addition by first vector in chain it is found that bright The left neighbours of literary data 5 are 3,3 not in given query context, the left neighbours of clear data 8 known to identifying object be 6,6 In given query context, this part is also correct.In conclusion the query result returned all meets query context, and chain Continuity illustrate query result be also it is complete, do not miss some data for meeting query context.
As can be seen from the above description, the advantages of data integrity verification method under cloud environment of the invention, is, this hair Data integrity verification method under bright cloud environment utilizes the encryption of the complete paired data of operation based on vector sum matrix correlation, Data-privacy safety is realized with the computing cost of lightweight;Also, the data integrity verification method under cloud environment of the invention Pass through construction vector neighbour using the noise information in data encryption process as verification information in the data integrity validation stage The mode of domain chain realizes the purpose for carrying out integrity verification to query result with the calculating of lightweight and memory space, so that The present invention is applicable in mobile device.
The optional embodiment of the embodiment of the present invention is described in detail in conjunction with attached drawing above, still, the embodiment of the present invention is simultaneously The detail being not limited in above embodiment can be to of the invention real in the range of the technology design of the embodiment of the present invention The technical solution for applying example carries out a variety of simple variants, these simple variants belong to the protection scope of the embodiment of the present invention.
It is further to note that specific technical features described in the above specific embodiments, in not lance In the case where shield, it can be combined in any appropriate way.In order to avoid unnecessary repetition, the embodiment of the present invention pair No further explanation will be given for various combinations of possible ways.
In addition, any combination can also be carried out between a variety of different embodiments of the embodiment of the present invention, as long as it is not The thought of the embodiment of the present invention is violated, equally should be considered as disclosure of that of the embodiment of the present invention.

Claims (10)

1. the data integrity verification method under a kind of cloud environment, which is characterized in that the data integrity under the cloud environment is tested Card method includes the following steps,
A) data owner constructs plaintext balanced binary tree index;
B) data owner traverses the plaintext balanced binary tree index, to each node of plaintext balanced binary tree index It is encrypted, obtains ciphertext balanced binary tree index;
C) ciphertext balanced binary tree index is uploaded to Cloud Server by data owner;
D) data consumer will inquire after boundary value encryption and initiate inquiry request to Cloud Server;
E) Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;
F) result that data consumer returns to Cloud Server is decrypted;
G) data consumer constructs the integrality of vector neighborhood chain and revene lookup result data.
2. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step A) In, the construction process of the plaintext balanced binary tree index includes the following steps,
A01 it) is inserted into tree T from a data optional in the data set D comprising n data item, and by this data from described It is deleted in data set D, data volume subtracts 1 in the data set D;
A02 it) is lighted from the data section being currently inserted into and finds first unbalanced node upwards;
A03) uneven node if it does not exist, then without being made any adjustments to tree T;Uneven point if it exists, then by corresponding To tree T adjustment so that all node balances;
A04) circulation executes the step A01) arrive the step A03), the end loop when the data set D is empty returns to institute Tree T is stated to index as complete plaintext balanced binary tree.
3. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step B) In, the plaintext balanced binary tree index is traversed, plaintext balanced binary tree index is encrypted to vector form, including following Step,
B01) data owner sets vector length l (l >=5), sets length as the basis vector of l-2;
B02 the node for) accessing the plaintext balanced binary tree index sets current clear data and exists for current accessed node Position p in the vector1, setting inquiry boundary value is in corresponding position p2, setting noise data in remaining l-2 position, Single data values are converted to the primary vector that length is l;
B03 a positive integer factor-alpha) is randomly choosed, is multiplied with the primary vector that the length is l;
B04) length is that the primary vector of l is multiplied with the cipher key matrix of a l × l, and it is constant to be converted to a new length Vector;
B05 the plaintext balanced binary tree index) is traversed, step B02 is carried out to each node) to step B04), by institute There is the key assignments of node to be encrypted to vector form.
4. the data integrity verification method under cloud environment according to claim 3, which is characterized in that in the step B02 in), in position p1It is embedded in clear data, in position p2It is embedded in numerical value -1, optional two positions difference is embedding in l-2 position Enter the left neighbours and right neighbours of current clear data;
The left neighbours and the right neighbours be current clear data in the left side numerical value concentrated of clear data of ascending sort and The right numerical value;
And the noise vector of noise data composition is orthogonal with basis vector.
5. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in step D), Encryption to inquiry boundary value, includes the following steps,
D01) data owner is by the vector length l, the basis vector and the data positional information (p1, p2) be sent to Data consumer;
D02 an integer β) is selected at random, and the noise position of the l-2 in vector, In are embedded into after being multiplied with β with basis vector The p1Position insertion number 1, in the p2Upper dividing value is inquired in position insertion;
D03 an integer β) is selected at random, and the noise position of the l-2 in vector, In are embedded into after being multiplied with β with basis vector The p1Position insertion number 1, in the p2Position insertion inquiry floor value;
D04 inquiry Margin Vector is multiplied with the cipher key matrix of a l × l), is converted to the constant vector of new length respectively.
6. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step E) In, sentenced by the dot product calculated result between the data cyphertext vector and the inquiry boundary value cyphertext vector in Cloud Server The size relation of the data and the inquiry boundary value broken in the Cloud Server.
7. the data integrity verification method under cloud environment according to claim 6, which is characterized in that the judgement data It is as follows with the method for the size relation of inquiry boundary value, if data cyphertext vector and the inquiry boundary in the Cloud Server The dot product calculated result being worth between cyphertext vector is greater than 0, then it represents that the clear data value is greater than inquiry boundary value;If the cloud The dot product result between data cyphertext vector and the inquiry boundary value cyphertext vector in server is less than 0, then it represents that described Clear data value is less than inquiry boundary value;If data cyphertext vector in the Cloud Server and the inquiry boundary value ciphertext to Dot product calculated result between amount is equal to 0, then it represents that the clear data value is equal to inquiry boundary value.
8. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step F) In, in decrypting process, decruption key includes location information in vector of the cipher key matrix, the initial data and embedding Enter the location information of the neighbor data as noise data.
9. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step G) In, clear data is extracted from the plaintext vector, and is ranked up according to ascending order;By each clear data Neighbor data is extracted from the corresponding position of the plaintext vector, so that the clear data and its described neighbor data structure At a neighborhood vector.
10. the data integrity verification method under cloud environment according to claim 9, which is characterized in that in the neighborhood In the vector neighborhood chain that vector is constituted, left neighbours' noise of clear data described in current vector is the plaintext number of a upper vector According to right neighbours' noise is the clear data of next vector.
CN201910712550.9A 2019-08-02 2019-08-02 A kind of data integrity verification method under cloud environment Withdrawn CN110457922A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910712550.9A CN110457922A (en) 2019-08-02 2019-08-02 A kind of data integrity verification method under cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910712550.9A CN110457922A (en) 2019-08-02 2019-08-02 A kind of data integrity verification method under cloud environment

Publications (1)

Publication Number Publication Date
CN110457922A true CN110457922A (en) 2019-11-15

Family

ID=68484748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910712550.9A Withdrawn CN110457922A (en) 2019-08-02 2019-08-02 A kind of data integrity verification method under cloud environment

Country Status (1)

Country Link
CN (1) CN110457922A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111258295A (en) * 2020-01-15 2020-06-09 重庆长安汽车股份有限公司 System and method for verifying big data acquisition and uploading accuracy

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018031940A1 (en) * 2016-08-12 2018-02-15 ALTR Solutions, Inc. Fragmenting data for the purposes of persistent storage across multiple immutable data structures
CN109190653A (en) * 2018-07-09 2019-01-11 四川大学 Malicious code family homology analysis technology based on semi-supervised Density Clustering
CN109495446A (en) * 2018-10-02 2019-03-19 复旦大学 Order-preserving Encryption Algorithm based on balanced sorting tree storage organization

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018031940A1 (en) * 2016-08-12 2018-02-15 ALTR Solutions, Inc. Fragmenting data for the purposes of persistent storage across multiple immutable data structures
CN109190653A (en) * 2018-07-09 2019-01-11 四川大学 Malicious code family homology analysis technology based on semi-supervised Density Clustering
CN109495446A (en) * 2018-10-02 2019-03-19 复旦大学 Order-preserving Encryption Algorithm based on balanced sorting tree storage organization

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
XU ZHOU等: ""A lightweight privacy and integrity preserving range query scheme for mobile cloud computing"", 《COMPUTERS & SECURITY》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111258295A (en) * 2020-01-15 2020-06-09 重庆长安汽车股份有限公司 System and method for verifying big data acquisition and uploading accuracy

Similar Documents

Publication Publication Date Title
CN108632032B (en) Safe multi-keyword sequencing retrieval system without key escrow
Chen et al. BL-MLE: Block-level message-locked encryption for secure large file deduplication
Paulet et al. Privacy-preserving and content-protecting location based queries
Ng et al. Private data deduplication protocols in cloud storage
CN109450935B (en) Verifiable semantic security multi-keyword search method in cloud storage
KR101679156B1 (en) Secure private database querying with content hiding bloom filters
CN105610793B (en) A kind of outsourcing data encryption storage and cryptogram search system and its application process
CN107256248A (en) Encryption method can search for based on asterisk wildcard in cloud storage safety
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN106330865A (en) Property base keyword searching method supporting efficient revocation in cloud environment
Van Rompay et al. Multi-user searchable encryption in the cloud
CN113364600A (en) Certificateless public auditing method for integrity of cloud storage data
CN110166466A (en) It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system
Yang et al. Privacy-preserving k nearest neighbor query with authentication on road networks
CN108021677A (en) The control method of cloud computing distributed search engine
CN109889332A (en) Equation testing encryption method based on certificate
CN110390203A (en) A kind of hiding attribute base encryption method of the strategy can verify that decrypted rights
Nasiraee et al. Privacy-preserving distributed data access control for cloudiot
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
CN111159352B (en) Encryption and decryption method supporting multi-keyword weighted retrieval and result ordering and capable of being verified
CN105721146A (en) Big data sharing method for cloud storage based on SMC
CN110457922A (en) A kind of data integrity verification method under cloud environment
Xu et al. An efficient and privacy-preserving route matching scheme for carpooling services
Lv et al. Efficient multi-client order-revealing encryption and its applications
CN116827670A (en) Intelligent medical data security sharing method based on national cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20191115