CN110457922A - A kind of data integrity verification method under cloud environment - Google Patents
A kind of data integrity verification method under cloud environment Download PDFInfo
- Publication number
- CN110457922A CN110457922A CN201910712550.9A CN201910712550A CN110457922A CN 110457922 A CN110457922 A CN 110457922A CN 201910712550 A CN201910712550 A CN 201910712550A CN 110457922 A CN110457922 A CN 110457922A
- Authority
- CN
- China
- Prior art keywords
- data
- vector
- plaintext
- binary tree
- inquiry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2246—Trees, e.g. B+trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to data-privacy protection, safe rangies to inquire field; disclose the data integrity verification method under a kind of cloud environment; include the following steps; data owner constructs plaintext balanced binary tree index; traverse the plaintext balanced binary tree index; each node of plaintext balanced binary tree index is encrypted, obtains ciphertext balanced binary tree index, and ciphertext balanced binary tree index is uploaded into Cloud Server;Data consumer will inquire after boundary value encryption and initiate inquiry request to Cloud Server;Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;The result that data consumer returns to Cloud Server is decrypted;Data consumer constructs the integrality of vector neighborhood chain and revene lookup result data.The present invention realizes the purpose realized data-privacy safety with the computing cost of lightweight and with the calculating of lightweight and memory space data are carried out with integrity verification, enables the invention to be applied in mobile device.
Description
Technical field
The invention belongs to data-privacy protection, safe rangies to inquire field, and in particular, to the data under a kind of cloud environment
Integrity verification method.
Background technique
It with the rapid development of cloud computing and is widely used, cloud has attracted crowd by feat of its powerful storage and computing capability
The concern of multi-user, people are increasingly utilized cloud and carry out online data storage, and are examined anywhere or anytime by query service
Rope data;Simultaneously as the portability and flexibility of mobile device, people are higher and higher to the degree of dependence of mobile device, move
Dynamic cloud receives more and more attention.But under mobile cloud environment or there is data-privacy safety, in order to protect
Data-privacy, data encryption first would generally be uploaded to Cloud Server by user again, but data encryption often reduces data
Availability can also bring more difficulties to data query.It mainly include two sides for the Safety query of data under cloud environment
Face: first is that can search for encrypting, i.e., still can carry out relevant calculation to ciphertext data after being encrypted to data and correctly look into
It askes;Second is that whether the query result that query result integrity verification, i.e. verifying cloud service return is correct and complete.
Currently, mainly having isotonic function encryption and homomorphic cryptography for the technology that can search for encryption.Isotonic function encrypts energy
Guarantee that the size order before and after data encryption is consistent, but this method is easy to be influenced by the attack based on statistical analysis.Together
After the calculated result decryption of state encryption as calculated result when unencryption, but this method need huge computing cost and
Storage overhead.Mainly there are Merkle Hash tree technology and chain technology for the technology of data integrity validation.Merkle Hash tree
Need the cryptographic Hash of calculate node;Chain technology generally requires to store twice data, therefore these methods require excessively additionally
Computing cost and memory space expense.
Above-mentioned some defects in the prior art, so that they may not apply to computing resource and memory space all compares has
In the mobile device of limit.Wherein, it can search for encryption method to be difficult to obtain good balance between safety and computation complexity;
And the extra resource expense that data integrity verification method needs is big, has certain limitation.
Summary of the invention
The object of the present invention is to provide the data integrity verification methods under a kind of cloud environment, with the computing cost of lightweight
It realizes data-privacy safety, integrity verification is carried out to query result with the calculating of lightweight and memory space, so that of the invention
It is applicable in mobile device.
To achieve the goals above, the present invention provides the data integrity verification method under a kind of cloud environment, including as follows
Step,
A) data owner constructs plaintext balanced binary tree index;
B) data owner traverses the plaintext balanced binary tree index, to each of plaintext balanced binary tree index
Node is encrypted, and ciphertext balanced binary tree index is obtained;
C) ciphertext balanced binary tree index is uploaded to Cloud Server by data owner;
D) data consumer will inquire after boundary value encryption and initiate inquiry request to Cloud Server;
E) Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;
F) result that data consumer returns to Cloud Server is decrypted;
G) data consumer constructs the integrality of vector neighborhood chain and revene lookup result data.
Further, in the step A) in, the construction process of the plaintext balanced binary tree index includes the following steps,
A01) from a data optional in the data set D comprising n data item be inserted into tree T in, and by this data from
It is deleted in the data set D, data volume subtracts 1 in the data set D;
A02 it) is lighted from the data section being currently inserted into and finds first unbalanced node upwards;
A03) uneven node if it does not exist, then without being made any adjustments to tree T;Uneven point if it exists, then pass through phase
The adjustment to tree T answered is so that all node balances;
A04) circulation executes the step A01) arrive the step A03), the end loop when the data set D is empty is returned
The tree T is returned to index as complete plaintext balanced binary tree.
Further, in the step B) in, the plaintext balanced binary tree index is traversed, by the plaintext balanced binary
Tree index is encrypted to vector form, includes the following steps,
B01) data owner sets vector length l (l >=5), sets length as the basis vector of l-2;
B02 the node for) accessing the plaintext balanced binary tree index sets current plaintext number for current accessed node
According to the position p in the vector1, setting inquiry boundary value is in corresponding position p2, setting noise data is at remaining l-2
Single data values are converted to the primary vector that length is l by position;
B03 a positive integer factor-alpha) is randomly choosed, is multiplied with the primary vector that the length is l;
B04) length is that the primary vector of l is multiplied with the cipher key matrix of a l × l, is converted to a new length
Constant vector;
B05 the plaintext balanced binary tree index) is traversed, step B02 is carried out to each node) arrive step B04),
The key assignments of all nodes is encrypted to vector form.
Further, in the step B02) in, in position p1It is embedded in clear data, in position p2It is embedded in numerical value -1, In
Optional two positions are respectively embedded into the left neighbours and right neighbours of current clear data in l-2 position;Left neighbours and described
Right neighbours are the left side numerical value and the right numerical value that current clear data is concentrated in the clear data of ascending sort;And noise data group
At noise vector it is orthogonal with basis vector.
Further, in step D), to inquiry boundary value encryption, include the following steps,
D01) data owner is by the vector length l, the basis vector and the data positional information (p1, p2) hair
Give data consumer;
D02 an integer β) is selected at random, and the noise bits of the l-2 in vector are embedded into after being multiplied with β with basis vector
It sets, in the p1Position insertion number 1, in the p2Upper dividing value is inquired in position insertion;
D03 an integer β) is selected at random, and the noise bits of the l-2 in vector are embedded into after being multiplied with β with basis vector
It sets, in the p1Position insertion number 1, in the p2Position insertion inquiry floor value;
D04) inquiry Margin Vector is multiplied with the cipher key matrix of a l × l, be converted to respectively new length it is constant to
Amount.
Further, in the step E) in, pass through data cyphertext vector in Cloud Server and the inquiry boundary value
Dot product calculated result between cyphertext vector judges that the data in the Cloud Server and the size of the inquiry boundary value are closed
System.
Further, the method for the judgement data and the size relation for inquiring boundary value is as follows, if the cloud service
The dot product calculated result between data cyphertext vector and the inquiry boundary value cyphertext vector in device is greater than 0, then it represents that described
Clear data value is greater than inquiry boundary value;If data cyphertext vector in the Cloud Server and the inquiry boundary value ciphertext to
Dot product result between amount is less than 0, then it represents that the clear data value is less than inquiry boundary value;If the number in the Cloud Server
It is equal to 0 according to the dot product calculated result between cyphertext vector and the inquiry boundary value cyphertext vector, then it represents that the clear data
Value is equal to inquiry boundary value.
Further, in the step F) in, in decrypting process, decruption key includes the cipher key matrix, the original
Location information and insertion location information as the neighbor data of noise data of the beginning data in vector.
Further, in the step G) in, clear data is extracted from the plaintext vector, and according to ascending order
It is ranked up;The neighbor data of each clear data is extracted from the corresponding position of the plaintext vector, so that
The clear data and its described neighbor data constitute a neighborhood vector.
Further, in the vector neighborhood chain that the neighborhood vector is constituted, clear data described in current vector
Left neighbours' noise is the clear data of a upper vector, and right neighbours' noise is the clear data of next vector.
The advantages of above-mentioned technical proposal through the invention, data integrity verification method under cloud environment of the invention, exists
In:
(1) present invention utilizes the encryption of the complete paired data of operation based on vector sum matrix correlation, with the calculating of lightweight
Expense realizes data-privacy safety;
(2) present invention is believed in the data integrity validation stage using the noise information in data encryption process as verifying
Breath is realized and is carried out completely with the calculating of lightweight and memory space to query result by way of constructing vector neighborhood chain
Property verifying purpose, allow the invention to be applied in mobile device.
The other feature and advantage of the embodiment of the present invention will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is to further understand for providing to the embodiment of the present invention, and constitute part of specification, under
The specific embodiment in face is used to explain the present invention embodiment together, but does not constitute the limitation to the embodiment of the present invention.Attached
In figure:
Fig. 1 is a kind of flow chart of specific embodiment of the data integrity verification method under cloud environment of the invention.
Fig. 2 is a kind of construction balance of specific embodiment of the data integrity verification method under cloud environment of the invention
The change procedure figure of binary tree.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the embodiment of the present invention.It should be understood that this
Locate described specific embodiment and be merely to illustrate and explain the present invention embodiment, is not intended to restrict the invention embodiment.
As shown in Figure 1, one embodiment of the data integrity verification method under cloud environment of the present invention includes the following steps,
S1 data owner constructs plaintext balanced binary tree index;
S2 data owner traverses balanced binary tree index, encrypts, obtains to each node of balanced binary tree index
It is indexed to comprising ciphertext balanced binary tree;
S3 data owner will upload to Cloud Server comprising ciphertext balanced binary tree index;
S4 data consumer will inquire boundary value encryption, initiate inquiry request to Cloud Server;
S5 Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;
The result that S6 data consumer returns to Cloud Server is decrypted;
S7 data consumer constructs the integrality of vector neighborhood chain and revene lookup result.
In one particular embodiment of the present invention, in step sl, the balanced binary tree of the clear data indexes
Construction process includes the following steps that S101 is inserted into tree T from a data optional in the data set D comprising n data item, and
This data is deleted from the data set D, data volume subtracts 1 in the data set D;S102 is from the back end being currently inserted into
It rises and finds first unbalanced node upwards;S103 uneven node if it does not exist, then without being made any adjustments to tree;If depositing
In uneven point, then by adjustment accordingly so that all node balances;S104 circulation executes the step S101 to the step
Rapid S103, the end loop when the data set D is empty return to the tree T and index as complete plaintext balanced binary tree.Structure
Making balanced binary tree is in order to construct data directory, so as to improve search efficiency.
In one embodiment of the present of invention, step S2 includes: S201 data owner setting vector length l (l >=5), if
Measured length is the basis vector of l-2;S202 accesses the node of the balanced binary tree, and for current accessed node, setting is current
Position p of the clear data in the vector1, setting inquiry boundary value is in corresponding position p2, noise data is set at remaining
L-2 position, optional two positions are respectively embedded into the left neighbours and right neighbours of current clear data in l-2 position;It is described
Left neighbours and the right neighbours are the left side numerical value and the right numerical value that current clear data is concentrated in the clear data of ascending sort;
And the noise vector of noise data composition is orthogonal with basis vector;Single data values are converted to the primary vector that length is l;
S203 randomly chooses a positive integer factor-alpha, is multiplied with the primary vector that the length is l;Length described in S204 is the primary of l
Vector is multiplied with the cipher key matrix of a l × l, is converted to the constant vector of new length;The S205 traversal balance two
Fork tree, is carried out step S202 to step S204 to each node, the key assignments of all nodes is encrypted to vector form.In
In step S203, introducing positive integer factor-alpha is to obscure data value and inquiry when doing vector dot in the query processing stage
Specific difference between boundary value;And positive integer factor-alpha will not influence after being multiplied with primary vector data and boundary value it
Between size relation judgement.For single data value, vector form is converted it by way of adding noise vector, and
And in order to realize correct inquiry, to data carry out the noise vector that adds during vectorization be orthogonal to inquiry boundary into
The noise vector added during row vector.
In one embodiment of the present of invention, step S4 includes: S401 data owner by the vector length l, the base
Data positional information (p described in plinth vector sum1, p2) it is sent to data consumer;S402 selectes an integer β at random, with β and base
It is embedded into the noise position of the l-2 in vector after plinth multiplication of vectors, in the p1Position insertion number 1, in the p2Position is embedding
Enter and inquires upper dividing value;S403 selectes an integer β at random, and making an uproar for the l-2 in vector is embedded into after being multiplied with β with basis vector
Sound position, in the p1Position insertion number 1, in the p2Position insertion inquiry floor value;S404 will inquire Margin Vector and one
The cipher key matrix of a l × l is multiplied, and is converted to the constant vector of new length respectively, and data value and primary in final vector
Data value in vector is completely different, achievees the purpose that encryption.
In one embodiment of the invention, in S5 step, pass through the data cyphertext vector and inquiry in Cloud Server
Dot product between boundary value cyphertext vector calculates to judge the data in Cloud Server and inquire the size relation of boundary value, if cloud
The dot product calculated result between data cyphertext vector and the inquiry boundary value cyphertext vector in server is greater than 0, then it represents that
Clear data value is greater than inquiry boundary value;If between the data cyphertext vector in Cloud Server and inquiry boundary value cyphertext vector
Dot product result is less than 0, then it represents that the clear data value is less than inquiry boundary value;If data cyphertext vector in Cloud Server with
The dot product calculated result inquired between boundary value cyphertext vector is equal to 0, then it represents that the clear data value is equal to inquiry boundary value.
Judge that data whether in given range, then will by comparing data and the size relation of inquiry boundary value
Data in range return to user (being exactly that cyphertext vector is returned to user for ciphertext angle).
The specific algorithm for indexing lookup identifying object based on balanced binary tree is as follows:
In one embodiment of the present of invention, in the step S6, in decrypting process, decruption key includes the key
The location information of location information and insertion as the neighbor data of noise data of matrix, the initial data in vector.
In one embodiment of the present of invention, in the step S7, clear data is extracted from the plaintext vector
Come, and is ranked up according to ascending order;By the neighbor data of each clear data from the corresponding position of the plaintext vector
It extracts, so that the clear data and its described neighbor data constitute a neighborhood vector.
In the vector neighborhood chain that the neighborhood vector is constituted, left neighbours' noise of clear data described in current vector is
The clear data of a upper vector, right neighbours' noise are the clear datas of next vector.Construction vector neighborhood chain can be verified
The integrality of query result, whether have data be tampered, if having the data of gaps and omissions, to realize safety if checking in query result
Range query.
Embodiment
Initial setting, data set D include data item { 3,5,6,8,9 }, which is 1, the upper bound 11.Especially say
Bright, bound is not included within data set;Query context is [4,7];Cyphertext vector length l is set as 5, then length is
L-2, as 3 basis vector are (- 2,3,1).Second position is p in the vector that length is 51, third position is p2,
Other positions are the position where noise data.
The data integrity verification method under cloud environment through the invention,
S1 data owner constructs plaintext balanced binary tree index, and steps are as follows:
S101 is inserted into tree T from a data optional in the data set D comprising 5 data item, if selection 5, will count
It is deleted from the data set D according to 5, data volume subtracts 1 in the data set D, becomes 4;
S102 is lighted from the data section being currently inserted into and is found first unbalanced node upwards;
S103 uneven node if it does not exist, without being made any adjustments to tree;Uneven point if it exists, then by corresponding
Adjustment is so that all node balances;
S104 circulation executes step S101 to step S103.As shown in Fig. 2, the variation of construction plaintext balanced binary tree
Journey.
S2 data owner traverses balanced binary tree index, encrypts, obtains to each node of balanced binary tree index
It is indexed to comprising ciphertext balanced binary tree, steps are as follows;
It is assumed to be inorder traversal: 3,5,6,8,9, data set lower bound is 1, the upper bound 11.
S201 data owner sets vector length l as 5, sets length as l-2.As 3 basis vector be (- 2,3,
1)。
It is clear data position p that S202, which is set in second position in the vector that length is 5,1, third position is
Inquire boundary value position p2(during encrypting to clear data, which is numerical value -1), other positions are to make an uproar
Position where sound data, wherein selecting the first two position to be respectively embedded into current clear data in noise data position
Left neighbours and right neighbours, and the noise vector that the length of noise data composition is 3 is orthogonal with given basis vector.Therefore right
In the clear data 3 currently traversed, primary vector form is converted it into are as follows: (1,3, -1,5, -13).It should be noted that
It (1,5, -13) is noise vector, and 1,5 be respectively the left neighbours and right neighbours of current clear data 3, and (1,5, -13) and base
Plinth vector (- 2,3,1) is orthogonal.
S203 randomly chooses positive integer factor-alpha=2, and the primary vector for being 5 with the length is multiplied, become (2,6 ,-
2,10, -26).
The primary vector that length described in S204 is 5 is multiplied with one 5 × 5 cipher key matrix, is converted to a new length
Constant vector, it is assumed that cipher key matrix is
It illustrates, which is the inverse matrix of this following original matrix:
And the transposed matrix of this original matrix above are as follows:
Then, final cyphertext vector encrypted to clear data 3 be (3404, -11446,11838,4998, -
13090)。
Similarly, successively other clear datas 5,6,8,9 are encrypted, and assumes randomly selected positive integer factor-alpha difference
It is 3,4,2,6.Key message is only listed below:
The primary vector of clear data 5 are as follows: (3,5, -1,6, -12)
Final cyphertext vector are as follows: (5946, -19986,20670,8727, -22857)
The primary vector of clear data 6 are as follows: (5,6, -1,8, -14)
Final cyphertext vector are as follows: (9352, -31436,32512,13728, -35952)
The primary vector of clear data 8 are as follows: (6,8, -1,9, -15)
Final cyphertext vector are as follows: (5530, -18586,19222,8116, -21256)
The primary vector of clear data 9 are as follows: (8,9, -1,11, -17)
Final cyphertext vector are as follows: (18726, -62940,65094,27486, -71982)
S3 data owner will upload to Cloud Server comprising ciphertext balanced binary tree index;It here will be in plaintext index tree
The clear data of each node is substituted for the corresponding cyphertext vector of the clear data.
S4 data consumer will inquire boundary value encryption, to Cloud Server initiate inquiry request (assuming that query context be [2,
10]),
S401 data owner is by the vector length l, the basis vector and the data positional information (p1, p2) hair
Data consumer is given, i.e. vector length l is 5, and the basis vector that length is 3 is (- 2,3,1).The in the vector that length is 5
Two positions are clear data position p1(being numerical value 1 to process position of inquiry boundary value encryption), third
Position is inquiry boundary value position p2, position of the other positions where noise data, and the length of noise data composition
Degree is conllinear with given basis vector for 3 noise vector, i.e., numerically proportional.
S402 selectes integer β=2 at random, and the noise of the l-2 in vector is embedded into after being multiplied with β with basis vector
Position, in the p1Position is embedded in numerical value 1, in the p2Upper dividing value is inquired in position insertion, that is, inquires the primary vector shape in the upper bound 7
Formula are as follows: (- 4,1,7,6,2).
S403 selectes another integer β=3 at random, and making an uproar for the l-2 in vector is embedded into after being multiplied with β with basis vector
Sound position, in the p1Position insertion number 1, in the p2Position insertion inquiry floor value, that is, inquire the primary vector of lower bound 4
Form are as follows: (- 6, Isosorbide-5-Nitrae, 9,3).
S404 is multiplied Margin Vector is inquired with one 5 × 5 cipher key matrix, be converted to respectively new length it is constant to
Amount, and the data value in the data value and primary vector in final vector is completely different, achievees the purpose that encryption.It needs to illustrate
, should be to the cipher key matrix that uses of inquiry boundary value encryption be original corresponding to the matrix that uses to clear data encryption
The transposed matrix of matrix, that is, three matrixes have been sequentially listed in front, it is inverse matrix, original matrix, transposed matrix respectively.Cause
This cipher key matrix used herein is
Then, the final cyphertext vector form in the upper bound 7 is inquired are as follows: (31,41,83,5,53);Inquire the final close of lower bound 4
Literary vector form are as follows: (24,54,74,8,29).
S5 Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;Here pass through number
It is calculated according to the dot product between cyphertext vector and inquiry boundary value cyphertext vector to judge the data in Cloud Server and inquiry boundary
The size relation of value, if the data cyphertext vector and the dot product inquired between boundary value cyphertext vector in Cloud Server calculate
As a result it is greater than 0, then it represents that clear data value is greater than inquiry boundary value;If data cyphertext vector and inquiry boundary in Cloud Server
It is worth the dot product result between cyphertext vector less than 0, then it represents that the clear data value is less than inquiry boundary value;If in Cloud Server
Data cyphertext vector and inquiry boundary value cyphertext vector between dot product calculated result be equal to 0, then it represents that the clear data
Value is equal to inquiry boundary value.
Give one example explanation: with the cyphertext vector form of clear data 5 (5946, -19986,20670,8727, -
22857) respectively with inquiry the upper bound 7 cyphertext vector (31,41,83,5,53) and inquiry lower bound 4 cyphertext vector (24,54,74,
8,29) dot product calculating is done, calculated result is respectively -6,3.Because -6 less than 0, illustrate that 5 are less than the upper bound 7;Because 3 are greater than 0, explanation
5 are greater than lower bound 4.As a result correct!
Identifying object is substantially maximum one right neighbour in query result set.For query context [4,7], inquiry
Results set is { 5,6 }, and it is 8 that maximum one, which is 6,6 right neighbours, in the set, therefore 8 be identifying object.Likewise, In
From the point of view of ciphertext angle, cyphertext vector corresponding to 8 is exactly identifying object.
The result that S6 data consumer returns to Cloud Server is decrypted;According to the above process, Cloud Server can will be close
Literary vector (5946, -19986,20670,8727, -22857) and (9352, -31436,32512,13728, -35952), which are used as, to be looked into
It askes result to return, cyphertext vector (5530, -18586,19222,8116, -21256) is returned as identifying object.
In decrypting process, decruption key includes the location information of the cipher key matrix, the initial data in vector
And location information of the insertion as the neighbor data of noise data.It should be strongly noted that decruption key matrix here
It should be mentioned-above original matrix, i.e.,
By in query result set cyphertext vector (5946, -19986,20670,8727, -22857) and (9352, -
31436,32512,13728, -35952) respectively with decryption matrix multiple, obtain result be (9,15, -3,18, -36) and (20,
24, -4,32, -56), then according to second position of location information be clear data position, third position be count
It is worth -1 position, then learns that α is 3,4 respectively, then obtaining primary vector form divided by α respectively is (3,5, -1,6, -12)
(5,6, -1,8, -14).
By identifying object (5530, -18586,19222,8116, -21256) and decryption matrix multiple, obtain obtaining for
(12,16, -2,18, -30) can learn that α is 2, and then obtaining primary vector form is (6,8, -1,9, -15).
S7 data consumer constructs the integrality of vector neighborhood chain and revene lookup result.
In the step S7, clear data is extracted from the plaintext vector, and is ranked up according to ascending order;
The neighbor data of each clear data is extracted from the corresponding position of the plaintext vector, so that the plaintext number
A neighborhood vector is constituted according to neighbor data described in its.Then vector neighborhood chain can be constructed are as follows: (3,5,6) (5,6,8) (6,
8,9).It can be seen that the element in three vectors constitutes the structure of chain, i.e. clear data in first vector is 5, its right side
Neighbours are the clear datas of next vector;Clear data in second vector is 6, its left neighbours are previous vectors
Clear data, its right neighbours are the clear datas of next vector;Clear data in third vector is 8, its left neighbour
Residence is the clear data of previous vector.
It is possible thereby to which the clear data for including in revene lookup result is 5 and 6, meet query context [4,7], identifying object
The clear data for including is 8, and not in range [4,7], this part is correct.In addition by first vector in chain it is found that bright
The left neighbours of literary data 5 are 3,3 not in given query context, the left neighbours of clear data 8 known to identifying object be 6,6
In given query context, this part is also correct.In conclusion the query result returned all meets query context, and chain
Continuity illustrate query result be also it is complete, do not miss some data for meeting query context.
As can be seen from the above description, the advantages of data integrity verification method under cloud environment of the invention, is, this hair
Data integrity verification method under bright cloud environment utilizes the encryption of the complete paired data of operation based on vector sum matrix correlation,
Data-privacy safety is realized with the computing cost of lightweight;Also, the data integrity verification method under cloud environment of the invention
Pass through construction vector neighbour using the noise information in data encryption process as verification information in the data integrity validation stage
The mode of domain chain realizes the purpose for carrying out integrity verification to query result with the calculating of lightweight and memory space, so that
The present invention is applicable in mobile device.
The optional embodiment of the embodiment of the present invention is described in detail in conjunction with attached drawing above, still, the embodiment of the present invention is simultaneously
The detail being not limited in above embodiment can be to of the invention real in the range of the technology design of the embodiment of the present invention
The technical solution for applying example carries out a variety of simple variants, these simple variants belong to the protection scope of the embodiment of the present invention.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, it can be combined in any appropriate way.In order to avoid unnecessary repetition, the embodiment of the present invention pair
No further explanation will be given for various combinations of possible ways.
In addition, any combination can also be carried out between a variety of different embodiments of the embodiment of the present invention, as long as it is not
The thought of the embodiment of the present invention is violated, equally should be considered as disclosure of that of the embodiment of the present invention.
Claims (10)
1. the data integrity verification method under a kind of cloud environment, which is characterized in that the data integrity under the cloud environment is tested
Card method includes the following steps,
A) data owner constructs plaintext balanced binary tree index;
B) data owner traverses the plaintext balanced binary tree index, to each node of plaintext balanced binary tree index
It is encrypted, obtains ciphertext balanced binary tree index;
C) ciphertext balanced binary tree index is uploaded to Cloud Server by data owner;
D) data consumer will inquire after boundary value encryption and initiate inquiry request to Cloud Server;
E) Cloud Server retrieves data according to inquiry request, and query result and identifying object are returned;
F) result that data consumer returns to Cloud Server is decrypted;
G) data consumer constructs the integrality of vector neighborhood chain and revene lookup result data.
2. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step A)
In, the construction process of the plaintext balanced binary tree index includes the following steps,
A01 it) is inserted into tree T from a data optional in the data set D comprising n data item, and by this data from described
It is deleted in data set D, data volume subtracts 1 in the data set D;
A02 it) is lighted from the data section being currently inserted into and finds first unbalanced node upwards;
A03) uneven node if it does not exist, then without being made any adjustments to tree T;Uneven point if it exists, then by corresponding
To tree T adjustment so that all node balances;
A04) circulation executes the step A01) arrive the step A03), the end loop when the data set D is empty returns to institute
Tree T is stated to index as complete plaintext balanced binary tree.
3. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step B)
In, the plaintext balanced binary tree index is traversed, plaintext balanced binary tree index is encrypted to vector form, including following
Step,
B01) data owner sets vector length l (l >=5), sets length as the basis vector of l-2;
B02 the node for) accessing the plaintext balanced binary tree index sets current clear data and exists for current accessed node
Position p in the vector1, setting inquiry boundary value is in corresponding position p2, setting noise data in remaining l-2 position,
Single data values are converted to the primary vector that length is l;
B03 a positive integer factor-alpha) is randomly choosed, is multiplied with the primary vector that the length is l;
B04) length is that the primary vector of l is multiplied with the cipher key matrix of a l × l, and it is constant to be converted to a new length
Vector;
B05 the plaintext balanced binary tree index) is traversed, step B02 is carried out to each node) to step B04), by institute
There is the key assignments of node to be encrypted to vector form.
4. the data integrity verification method under cloud environment according to claim 3, which is characterized in that in the step
B02 in), in position p1It is embedded in clear data, in position p2It is embedded in numerical value -1, optional two positions difference is embedding in l-2 position
Enter the left neighbours and right neighbours of current clear data;
The left neighbours and the right neighbours be current clear data in the left side numerical value concentrated of clear data of ascending sort and
The right numerical value;
And the noise vector of noise data composition is orthogonal with basis vector.
5. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in step D),
Encryption to inquiry boundary value, includes the following steps,
D01) data owner is by the vector length l, the basis vector and the data positional information (p1, p2) be sent to
Data consumer;
D02 an integer β) is selected at random, and the noise position of the l-2 in vector, In are embedded into after being multiplied with β with basis vector
The p1Position insertion number 1, in the p2Upper dividing value is inquired in position insertion;
D03 an integer β) is selected at random, and the noise position of the l-2 in vector, In are embedded into after being multiplied with β with basis vector
The p1Position insertion number 1, in the p2Position insertion inquiry floor value;
D04 inquiry Margin Vector is multiplied with the cipher key matrix of a l × l), is converted to the constant vector of new length respectively.
6. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step E)
In, sentenced by the dot product calculated result between the data cyphertext vector and the inquiry boundary value cyphertext vector in Cloud Server
The size relation of the data and the inquiry boundary value broken in the Cloud Server.
7. the data integrity verification method under cloud environment according to claim 6, which is characterized in that the judgement data
It is as follows with the method for the size relation of inquiry boundary value, if data cyphertext vector and the inquiry boundary in the Cloud Server
The dot product calculated result being worth between cyphertext vector is greater than 0, then it represents that the clear data value is greater than inquiry boundary value;If the cloud
The dot product result between data cyphertext vector and the inquiry boundary value cyphertext vector in server is less than 0, then it represents that described
Clear data value is less than inquiry boundary value;If data cyphertext vector in the Cloud Server and the inquiry boundary value ciphertext to
Dot product calculated result between amount is equal to 0, then it represents that the clear data value is equal to inquiry boundary value.
8. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step F)
In, in decrypting process, decruption key includes location information in vector of the cipher key matrix, the initial data and embedding
Enter the location information of the neighbor data as noise data.
9. the data integrity verification method under cloud environment according to claim 1, which is characterized in that in the step G)
In, clear data is extracted from the plaintext vector, and is ranked up according to ascending order;By each clear data
Neighbor data is extracted from the corresponding position of the plaintext vector, so that the clear data and its described neighbor data structure
At a neighborhood vector.
10. the data integrity verification method under cloud environment according to claim 9, which is characterized in that in the neighborhood
In the vector neighborhood chain that vector is constituted, left neighbours' noise of clear data described in current vector is the plaintext number of a upper vector
According to right neighbours' noise is the clear data of next vector.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910712550.9A CN110457922A (en) | 2019-08-02 | 2019-08-02 | A kind of data integrity verification method under cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910712550.9A CN110457922A (en) | 2019-08-02 | 2019-08-02 | A kind of data integrity verification method under cloud environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110457922A true CN110457922A (en) | 2019-11-15 |
Family
ID=68484748
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910712550.9A Withdrawn CN110457922A (en) | 2019-08-02 | 2019-08-02 | A kind of data integrity verification method under cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110457922A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111258295A (en) * | 2020-01-15 | 2020-06-09 | 重庆长安汽车股份有限公司 | System and method for verifying big data acquisition and uploading accuracy |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018031940A1 (en) * | 2016-08-12 | 2018-02-15 | ALTR Solutions, Inc. | Fragmenting data for the purposes of persistent storage across multiple immutable data structures |
CN109190653A (en) * | 2018-07-09 | 2019-01-11 | 四川大学 | Malicious code family homology analysis technology based on semi-supervised Density Clustering |
CN109495446A (en) * | 2018-10-02 | 2019-03-19 | 复旦大学 | Order-preserving Encryption Algorithm based on balanced sorting tree storage organization |
-
2019
- 2019-08-02 CN CN201910712550.9A patent/CN110457922A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018031940A1 (en) * | 2016-08-12 | 2018-02-15 | ALTR Solutions, Inc. | Fragmenting data for the purposes of persistent storage across multiple immutable data structures |
CN109190653A (en) * | 2018-07-09 | 2019-01-11 | 四川大学 | Malicious code family homology analysis technology based on semi-supervised Density Clustering |
CN109495446A (en) * | 2018-10-02 | 2019-03-19 | 复旦大学 | Order-preserving Encryption Algorithm based on balanced sorting tree storage organization |
Non-Patent Citations (1)
Title |
---|
XU ZHOU等: ""A lightweight privacy and integrity preserving range query scheme for mobile cloud computing"", 《COMPUTERS & SECURITY》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111258295A (en) * | 2020-01-15 | 2020-06-09 | 重庆长安汽车股份有限公司 | System and method for verifying big data acquisition and uploading accuracy |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108632032B (en) | Safe multi-keyword sequencing retrieval system without key escrow | |
Chen et al. | BL-MLE: Block-level message-locked encryption for secure large file deduplication | |
Paulet et al. | Privacy-preserving and content-protecting location based queries | |
CN109450935B (en) | Verifiable semantic security multi-keyword search method in cloud storage | |
Ng et al. | Private data deduplication protocols in cloud storage | |
KR101679156B1 (en) | Secure private database querying with content hiding bloom filters | |
CN105610793B (en) | A kind of outsourcing data encryption storage and cryptogram search system and its application process | |
CN107256248A (en) | Encryption method can search for based on asterisk wildcard in cloud storage safety | |
CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
CN106330865A (en) | Property base keyword searching method supporting efficient revocation in cloud environment | |
Van Rompay et al. | Multi-user searchable encryption in the cloud | |
Yang et al. | Privacy-preserving k nearest neighbor query with authentication on road networks | |
CN110166466A (en) | It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system | |
CN108021677A (en) | The control method of cloud computing distributed search engine | |
CN109889332A (en) | Equation testing encryption method based on certificate | |
CN110390203A (en) | A kind of hiding attribute base encryption method of the strategy can verify that decrypted rights | |
Nasiraee et al. | Privacy-preserving distributed data access control for cloudiot | |
Qin et al. | Simultaneous authentication and secrecy in identity-based data upload to cloud | |
CN111159352B (en) | Encryption and decryption method supporting multi-keyword weighted retrieval and result ordering and capable of being verified | |
Huang et al. | Multi-client secure and efficient dpf-based keyword search for cloud storage | |
CN105721146A (en) | Big data sharing method for cloud storage based on SMC | |
CN114244838A (en) | Encryption method and system, decryption method, device and equipment for block chain data | |
CN110457922A (en) | A kind of data integrity verification method under cloud environment | |
Xu et al. | An efficient and privacy-preserving route matching scheme for carpooling services | |
Lv et al. | Efficient multi-client order-revealing encryption and its applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20191115 |