CN112532650A - Block chain-based multi-backup safe deletion method and system - Google Patents
Block chain-based multi-backup safe deletion method and system Download PDFInfo
- Publication number
- CN112532650A CN112532650A CN202011466673.8A CN202011466673A CN112532650A CN 112532650 A CN112532650 A CN 112532650A CN 202011466673 A CN202011466673 A CN 202011466673A CN 112532650 A CN112532650 A CN 112532650A
- Authority
- CN
- China
- Prior art keywords
- cloud server
- evidence
- user
- data owner
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012217 deletion Methods 0.000 title claims abstract description 111
- 230000037430 deletion Effects 0.000 title claims abstract description 110
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000006870 function Effects 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 7
- 238000012163 sequencing technique Methods 0.000 claims description 4
- 230000001174 ascending effect Effects 0.000 claims description 3
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 230000008520 organization Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 7
- 230000006399 behavior Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
- G06F16/137—Hash-based
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/162—Delete operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention discloses a block chain-based multi-backup safe deletion method and a block chain-based multi-backup safe deletion system, which comprise the following steps of: after system initialization and key generation, the cloud server sets the backup number and the corresponding backup address to be sent to a data owner, and a pre-deletion sequence is generated; encrypting the file by using different keys to generate a plurality of ciphertext backups, and generating an index according to the keywords in the file; generating a preliminary copy integrity and deletion evidence by a data owner; in the ciphertext query stage, a user calculates a trap door and uploads the trap door to an intelligent contract, and the intelligent contract calculates a corresponding decryption key and a query file number; the cloud server sends a ciphertext backup to the user according to the file number, and the user decrypts the ciphertext by using the decryption key; in the deleting stage, a deleting request is sent to the cloud server, the cloud server deletes all backups of the corresponding files according to the request, generates deleting evidence, sends the evidence to a data owner and stores the evidence into the block chain; and the data owner verifies whether the cloud server deletes the evidence or not according to the received evidence, and can track the corresponding responsibilities of the cloud server and the user according to the evidence of the evidence chain. The cloud data sharing method and the cloud data sharing system can well meet the requirements of cloud data sharing and safe deletion, and provide searchable encryption for legal users.
Description
Technical Field
The invention belongs to the technical field of information security, and relates to a searchable encryption multi-backup secure deletion method related to a block chain, which can provide searchable encryption, multi-backup verifiable secure deletion and responsibility traceability of cloud server ciphertext data.
Background
Cloud computing is a new service mode, and data storage and data sharing are more convenient and economical. Users can access the configurable shared pool of computing and storage resources anytime and anywhere. Due to the characteristics of low management overhead, instant access and the like, more and more people are willing to store data in the cloud and enjoy the convenience brought by cloud service. There are many new problems and challenges still facing the cloud environment, especially in terms of security and usability.
First, due to problems such as natural disasters and uncertain failures of cloud storage devices, data owners backup data for multiple times in order to improve data availability, and in addition, from the perspective of cloud service providers, providing a non-destructive and continuously available multi-backup storage service is essential to improve their reputations and social recognition. Therefore, both the data owner and the cloud service provider need a multi-backup associative storage scheme for outsourcing data. Secondly, outsourced data ownership in the cloud is separated from the management right, which causes security risks such as data loss, data leakage and data tampering, and most of the existing storage solutions use an encryption technology to protect outsourced data. If all data is encrypted with the same key, the risk of data leakage is increased, so it is more secure that data should be encrypted using different keys, but this leads to a lot of encryption key management problems. In addition, secure deletion is also a major issue for cloud storage. The data owner stores a plurality of backup ciphertexts in the cloud server, and the cloud server is required to delete the backup ciphertexts to prevent data from being leaked or illegally used. However, the conventional cloud server deletion scheme is constructed based on a one-bit return protocol, i.e., in a case where the server is assumed to be trusted, the data owner sends a request to let the cloud server delete data from the physical medium, and then receives a bit response (success/failure) indicating the result of the deletion operation. However, these schemes are all based on the current encryption technology, and the purpose is to ensure that data outsourced to the cloud server cannot be recovered, but the ciphertext is still in the cloud, and with the rapid development of various technologies, it cannot be guaranteed that the data in the cloud cannot be cracked in the future. The data owner desires the cloud server to perform a thorough, verifiable, traceable delete operation and provide the corresponding delete data. Finally, the cloud server is generally considered as an untrusted entity, and searchable encryption is also required in order to perform a secure retrieval function of encrypted data under an untrusted cloud condition.
The invention relates to a block chain-based searchable encryption multi-backup safe deletion scheme designed based on the problems encountered by cloud safe storage and deletion, which provides a multi-backup associated deletion characteristic, achieves the characteristics of safe deletion, responsibility tracking and the like by using a Mercker hash tree, a block chain and the like, and provides the characteristics of searchable encryption and the like for solving the problem of cloud server untrustworthiness.
Disclosure of Invention
The present invention is directed to solving the above problems of the prior art. A block chain-based multi-backup safe deletion method and system are provided. The technical scheme of the invention is as follows:
a block chain-based multi-backup safe deletion method comprises the following steps:
after system initialization and key generation, the cloud server sends the set number of copies and corresponding backup addresses to a data owner according to the received file-related information, and the data owner generates a pre-deletion sequence after receiving the backup addresses;
the data owner encrypts the file by using different keys to generate a plurality of ciphertext backups, generates indexes according to keywords in the file, respectively uploads the backup ciphertexts to the cloud server, and the indexes are uploaded to the intelligent contract;
a data owner pre-generates backup integrity and deletion evidence;
in the ciphertext query stage, a user calculates a trapdoor and uploads the trapdoor to an intelligent contract, the intelligent contract calculates a corresponding decryption key and a query file number according to the trapdoor, the decryption key and the query file number are respectively sent to the user, and the file number is sent to a cloud server;
the cloud server sends a ciphertext backup to the user according to the file number, and the user decrypts the ciphertext by using the decryption key;
in the deleting stage, a data owner sends a deleting request to a cloud server, the cloud server deletes all backups of corresponding files according to the request, generates deleting evidence, sends the evidence to the data owner and stores the evidence into a block chain;
and in the verification stage, the data owner verifies whether the cloud server deletes the evidence or not according to the received evidence, and can track the corresponding responsibilities of the cloud server and the user according to the evidence of the evidence chain.
Further, the user system initialization and key generation specifically include the steps of:
101. initialization algorithm, GTIs two cyclic groups, G is the generator of group G, G1Is an element of group G, a is a random parameter,G×G→GTis a non-degenerate bilinear map that can be computed efficiently, let g2=ga,g2Denotes an intermediate value, the meaning being disclosed asThe user uses his own identity IDuserRegistering an account at the intelligent contract, wherein a shared key between the cloud server and the block chain is k;
102. generating a secret key, and selecting a unique file number num for a file by a data ownerF∈Zp,ZpRepresenting an integer field of order p, generating a master key K ═ h1(PW||numF) Where PW is the private password of the data owner, h1Is a hash function of collision resistance; the cloud server public and private key pair is (spk, ssk), spk, ssk respectively represent the public key and the private key of the cloud server, and the user public and private key pair is (upk, usk), upk, usk respectively represent the public key and the private key of the user. Public and private key pairThe same calculation method, optionallyThe calculation of V-G is carried out,represents a positive integer field of order r, ζ represents a field of order rThe positive integer selected in the method is used for storing zeta as a private key in a private way and V as a public key in a public way.
Further, the cloud server sends the number of backup addresses and the corresponding backup address to the data owner according to the received file related information, and the data owner generates a pre-deletion sequence by using the backup address after receiving the backup address, which specifically includes:
103. setting the number of backup copies and creating a multi-backup association table, and enabling a data owner to identify the ID of the data ownerDOFile number numFInformation F for evaluating file backup quantity for cloud servermateSending to the cloud server, information FmateThe method comprises the steps of file size, file type and file creation time, wherein a backup number n is set after the cloud server receives data, and n addresses (addr) are selected1,addr2,...,addrn) Storing copies, where n represents both the number of copies and the number of addresses, both being equal, and dividing the n addresses (addr)1,addr2,...,addrn) Sending the data to a data owner;
104. generating a pre-deletion sequence, generating n unequal numbers as deletion control numbers by a data owner, and binding the n unequal numbers with n backup addresses to form a (backup address, deletion control number) format: (copy address, deletion number), and arranged in ascending order according to the size of the deletion control number: (addr)1,num1),(addr2,num2),...,(addrn,numn) And finally, connecting the sequences to generate a Delssequence pre-deleted sequence.
Further, the data owner encrypts the file by using different keys to generate a plurality of ciphertext backups, generates indexes according to keywords in the file, respectively uploads the backup ciphertexts to the cloud server, and uploads the indexes to the intelligent contract, and the method specifically comprises the following steps:
105. generating a ciphertext backup, and continuously hashing the data owner by using a main key K to generate a data key: k1,K2,...,KnIn which K is1=h2(K),K2=h2(K1),...,Kn=h2(Kn-1) Here h is2Representing a collision-resistant hash function, obtained by encrypting each backup with a data keyThe deleted sequence DelseQuence is encrypted by the master key K to obtain { DelseQuence }KThe data owner will dataSending the data to a cloud server;
106. generating a key index, data owner from integer field Z of ppIn the method, random number r is randomly selected, and h is calculated3(w), where w is a keyword in file F, h3(w) represents the hashed value of key w, resulting in an index: K1、h3(w)rare all intermediate parameters, and the index I and the file number numFAnd sending the intelligent contract to the block chain.
Further, the pre-generating backup integrity and deletion evidence by the data owner specifically includes:
107. pre-generating backup integrity and deletion evidence, and generating n hash values by data ownerThen the n hash values are sequenced according to Delssence to obtain n integrity evidences,the ranking value is expressed asWill be provided withA leaf node of the merkel hash tree MHT forms an MHT (chinese: merkel hash tree), and a root node thereof is a root node of the Droot, and the data owner locally stores a private password, a root node value, a shared key of the data owner and the cloud server: { PW, Droot, k }, k denotes the shared key of the data owner with the cloud server.
Further, in the ciphertext query stage, the user calculates the trapdoor and uploads the trapdoor to the intelligent contract, the intelligent contract calculates the corresponding decryption key and queries the file number according to the trapdoor, the decryption key is respectively sent to the user, and the file number is sent to the cloud server, which specifically includes:
108. the trapdoor is encrypted and uploaded, and a user calculates the hash value h of the file keyword3(wi) Randomly selecting random number t ∈ ZpAnd calculating the trapdoorTrap door by private key uskUser identity IDuserEncrypted generationThe user will finallySending the contract to an intelligent contract;
109. verifying trapdoors, smart contracts receive messagesThereafter, the user identity ID is checkeduserIf it is a registered user, if so, it is decrypted by the public key of the userAnd IDuserAnd checking whether it is transmittedAnd IDuserAnd if the user is not a legal user, terminating. Reusable trap doorAnd index I calculationIf w ═ wiThen obtain the data key K1And recording the corresponding file number num by the intelligent contractF。
Further, the cloud server sends a ciphertext backup to the user according to the file number, and the user decrypts the ciphertext by using the decryption key, which specifically includes:
110. the intelligent contract numbers num all files meeting the user keyword requestFWith user identity IDuserSending to the cloud server, the smart contract uses the user public key upk to send the key K1The encryption is { K1}upkThen, the message { numF,{K1}upkSending the message to a user, and receiving a message num by the cloud serverF,IDuserAfter that, choose a corresponding backup informationThe method comprises the steps of sending the information to a user, and after the user receives information from cloud service and intelligent contracts, firstly verifying num sent by the intelligent contractsFNum sent from cloud serverFIf they are the same, then decrypt K with its own private key ssk1}upkUsing decrypted K1Hash (i-1) times in succession to obtain KiThe corresponding file F can be decrypted.
Further, in the deletion stage, the data owner sends a deletion request to the cloud server, the cloud server deletes all backups of the corresponding file according to the request, generates a deletion evidence, sends the evidence to the data owner, and stores the deletion evidence in the block chain, which specifically includes:
111. delete request, data owner IDDONumber num of file to be searchedFRequesting deletion of information requestdelSending the file to a server, and selecting one of backup information according to the file number after the server receives the deletion requestSending the data to a data owner, and calculating a master key K h by the data owner by using a private password PW1(PW||numF) And recovering Delseqence by using K, and encrypting the connection Delseqence I ID of the deletion sequence and the user identity information by using a shared secret key K of the data owner and the cloud serviceDOIs { Delseequence | | | IDDO}kAfter decrypting the DelseResequence, the cloud server deletes corresponding backups in sequence according to data in the DelseResequence;
112. and generating a deletion certificate, decrypting the Delseq by the cloud server, deleting the corresponding backup, and respectively calculatingh4、h5Represents two different collision-resistant hash functions, denoted Representing the deletion evidence of i backups of the file generated by the cloud server, i is more than or equal to 1 and less than or equal to n, and then usingGenerating MHT and calculating root node Crootj. And then the cloud server private key ssk is used for CrootjIs signed asThe cloud server publishes the signature and the MHT; cloud server will delete feedbackSending to the data owner and generating a deletion evidenceAfter the cloud server generates the deleted evidence, the deleted evidence is delivered to the super node of the affiliated organization, the super node adds the evidence into an evidence chain, and the adding process is as follows: supernode computing proofjHash value of (proof) h (proof)j) As leaf nodes and generating evidence MHT, the root of which is RnObtaining the current timestamp tsnCalculating Hn=h6(Hn-1||Rn||tsn) Add it into the nth block of the chain of evidence, where Hn-1Is the hash value of the (n-1) th block.
Further, in the verification stage, the data owner verifies whether the evidence is deleted from the cloud server according to the received evidence, and can track the corresponding responsibilities of the cloud server and the user according to the evidence of the evidence chain, which specifically includes:
113. the data owner verifies the evidence, and after receiving the evidence tau, the data owner verifies the evidence by using the public key of the cloud serverWhether or not to match the received CrootjIf the two match, then Croot is performedjLocal DrootjComparing whether the data are equal or not, and if the data are still equal, the data owner believes that the cloud server deletes the corresponding data as required;
114. responsibility tracking can be carried out if a data owner finds that the data which requires to be deleted by the cloud server is leaked, and the data owner can carry out responsibility tracking according to a deletion proofjAnd evidence Merckel hash tree and related auxiliary node calculable rootThe data owner requests evidence chain evidence from the cloud server and utilizes the data deletion evidence chain to verifyWherein HmPublishing the hash value for the evidence chain newly, if the equation is established, the cloud server does promise to delete the evidence, and data leakage behavior exists, wherein Hu-1Hash value, h, for the u-1 th block in the chain of evidence6Representing a hash function against collisions.
A multi-backup secure erase system employing the method, comprising:
data owner: after a file number and a master key are generated, encrypting and uploading a file which needs to be uploaded to a cloud server to the cloud server, extracting a file keyword, calculating the file keyword as a file index and uploading the file index to an intelligent contract; in the deleting stage, the data owner can send a deleting request to the cloud server, and the cloud server can receive deleting feedback after deleting; and in the verification stage, the data owner can verify and delete according to the deletion feedback sent by the cloud server.
Cloud server: and receiving the backup ciphertext transmitted by the data owner, managing, storing the file and deleting the ciphertext. In the inquiry stage, a file cipher text can be sent for a legal file requesting user according to the file number sent by the intelligent contract; and in the deleting stage, the corresponding ciphertext backup can be deleted according to the deleting request of the data owner, a deleting evidence is generated and sent to the data owner, and the deleting evidence is stored in the block chain.
And a block chain, wherein the intelligent contract of the block chain and the storage of the block chain are mainly utilized, and the function cannot be changed. The intelligent contract can calculate a decryption key according to a file index transmitted by a data owner and a trapdoor of a user and transmits the decryption key to a legal user, and a corresponding file number is transmitted to a cloud server; in the deletion stage, the cloud server stores the deletion certificate on the block chain, so that the purpose of public verification can be achieved.
The user: the user initially needs to register at the smart contract and then the user can send a keyword trapdoor to the smart contract to query for files that match the keyword.
The invention has the following advantages and beneficial effects:
the invention relates to a block chain-based searchable encryption multi-backup safe deletion scheme designed based on existing challenges of cloud safe storage and deletion, which provides a multi-backup associated data deletion characteristic not considered by most safe deletion papers, achieves the characteristics of safe deletion, responsibility tracking, public verification and the like by using a Mercker hash tree, a block chain technology and the like, and provides searchable encryption and other characteristics for solving the problem of cloud server untrustworthiness. The cloud security storage and deletion method can well resist the challenges of cloud security storage and deletion.
The invention binds each backup address with an unequal number based on claim 2, and arranges the unequal numbers to generate a pre-deletion sequence. The cloud server cannot know the pre-deletion sequence before the data owner makes a deletion request, the cloud server needs to generate a deletion evidence according to the pre-deletion sequence, once the cloud server knows the pre-deletion sequence, the data owner cannot deny that the data owner has sent the deletion request, and accordingly responsibility traceability of the data owner is achieved. The data key in the right 3 is obtained by hashing the master key for multiple times, so that backups can be encrypted by different keys, the situation that a server only encrypts and stores one backup but illegally stores a plurality of backups is prevented, and a data owner only stores the master key and saves storage space. The data owner of the claim 4 pre-generates integrity and deletion evidence, stores the integrity and deletion evidence into the Mercker hash tree, enables the evidence to have integrity, and serves as a reference for the cloud server to delete the evidence. The verification trapdoor is based on the bilinear pairing characteristic of the right 5, and the intelligent contract can calculate a data key and send the data key to a legal user. The key and the ciphertext of the user decrypted ciphertext in the claim 6 are respectively sent by the intelligent contract and the cloud server, so that the cloud server can be prevented from decrypting the stored ciphertext. In the deleting process of claim 7, the cloud server can delete the corresponding data and generate the evidence only if the data owner proposes that the deleting request contains the pre-deleting sequence, and the data generated by the evidence is stored in the block chain in order to achieve responsibility traceability. The deletion verification in the claim 8 is divided into two cases, and when disputes do not occur, a data owner only needs to verify whether a root node of a Mercker hash tree formed by evidence generated by a cloud server is consistent with a root node stored locally; after dispute occurs, evidence stored on the block chain can be verified in a public mode, wherein the evidence comprises a signature of the cloud server, and responsibility tracking can be conducted. The two cases can improve the verification efficiency without frequently accessing the block chain.
Finally, compared with the existing scheme, the invention provides the characteristic of deleting the multi-backup associated data which is not considered by most of safe deletion papers, achieves the characteristics of safe deletion, responsibility tracking, public verification and the like by using a Mercker hash tree, a block chain technology and the like, and provides the characteristics of searchable encryption and the like for solving the problem that the cloud server is not trusted. The cloud security storage and deletion method can well resist the challenges of cloud security storage and deletion.
Drawings
FIG. 1 is a block diagram of a system in accordance with the present invention;
FIG. 2 is a flow chart of the method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described in detail and clearly with reference to the accompanying drawings. The described embodiments are only some of the embodiments of the present invention.
The technical scheme for solving the technical problems is as follows:
the frame of the system is described below in conjunction with fig. 1.
(1) Data owner: after a file number and a master key are generated, encrypting and uploading a file which needs to be uploaded to a cloud server to the cloud server, extracting a file keyword, calculating the file keyword as a file index and uploading the file index to an intelligent contract; in the deleting stage, the data owner can send a deleting request to the cloud server, and the cloud server can receive deleting feedback after deleting; and in the verification stage, the data owner can verify and delete according to the deletion feedback sent by the cloud server.
(2) Cloud server: and receiving the backup ciphertext transmitted by the data owner, managing, storing the file and deleting the ciphertext. In the inquiry stage, a file cipher text can be sent for a legal file requesting user according to the file number sent by the intelligent contract; and in the deleting stage, the corresponding ciphertext backup can be deleted according to the deleting request of the data owner, a deleting evidence is generated and sent to the data owner, and the deleting evidence is stored in the block chain.
(3) And a block chain, wherein the intelligent contract of the block chain and the storage of the block chain are mainly utilized, and the function cannot be changed. The intelligent contract can calculate a decryption key according to a file index transmitted by a data owner and a trapdoor of a user and transmits the decryption key to a legal user, and a corresponding file number is transmitted to a cloud server; in the deletion stage, the cloud server stores the deletion certificate on the block chain, so that the purpose of public verification can be achieved.
(4) The user: the user initially needs to register at the smart contract and then the user can send a keyword trapdoor to the smart contract to query for files that match the keyword.
The invention is described in further detail below with reference to fig. 2. The invention mainly comprises the following steps:
(1) initialization
G,GTIs two cyclic groups, G is the generator of group G, G1Is an element of group G, a is a random parameter,G×G→GTis a non-degenerate bilinear map that can be computed efficiently. Let g2=gaWith the disclosure parameter beingThe user uses his own identity IDuserAn account is registered at the smart contract, and a shared key k is between the cloud server and the blockchain.
(2) Key generation
The data owner selects a unique file number num for the fileF∈Zp,ZpRepresenting an integer field of order p, generating a master key K ═ h1(PW||numF) Where PW is the private password of the data owner, h1Is a hash function of collision resistance; the cloud server public and private key pair is (spk, ssk), spk, ssk respectively represent the public key and the private key of the cloud server, and the user public and private key pair is (upk, usk), upk, usk respectively represent the public key and the private key of the user. The public and private key pair generation algorithms are the same, and the method is optionalThe calculation of V-G is carried out,represents a positive integer field of order r, ζ represents a field of order rThe positive integer selected in the method is used for storing zeta as a private key in a private way and V as a public key in a public way.
(3) Setting the number of backup copies and creating a multi-backup association table
The data owner sends the identity ID of the data ownerDOFile number numFInformation F for evaluating file backup quantity for cloud servermateSending to the cloud server, information FmateThe method comprises the steps of file size, file type and file creation time, wherein a backup number n is set after the cloud server receives data, and n addresses (addr) are selected1,addr2,...,addrn) Storing copies (where n represents both the number of copies and the number of addresses, both being equal) and dividing the n addresses (addr)1,addr2,...,addrn) To the data owner.
(4) Generating pre-delete sequences
The data owner generates n unequal numbers (the number of backup copies is equal to the number of addresses is equal to the number of unequal numbers is equal to n) as the deletion control number, and binds the n unequal numbers with the backup addresses to form a format (backup address, deletion control number): (copy address, deletion number), and arranged in ascending order according to the size of the deletion control number: (addr)1,num1),(addr2,num2),...,(addrn,numn) And finally, connecting the sequences to generate a Delssequence pre-deleted sequence.
(5) Generating ciphertext backups
The data owner continuously hashes the master key K to generate a data key: k1,K2,...,KnIn which K is1=h2(K),K2=h2(K1),...,Kn=h2(Kn-1) Here h is2Representing a collision-resistant hash function, obtained by encrypting each backup with a data keyThe deleted sequence DelseQuence is encrypted by the master key K to obtain { DelseQuence }KThe data owner will dataAnd sending the data to the cloud server.
(6) Generating a keyword index
Generating a key index, data owner from integer field Z of ppIn the method, random number r is randomly selected, and h is calculated3(w), where w is a keyword in file F, h3(w) represents the hashed value of key w, resulting in an index: K1、h3(w)rrespectively representing intermediate parameters, and respectively connecting the index I and the file number numFAnd sending the intelligent contract to the block chain.
(7) Pre-generating backup integrity and deletion evidence
Data owner generates n hash valuesAnd sequencing the n hash values according to Delssence to obtain n integrity evidences (wherein n corresponds to all n above one to one), and expressing the sequencing values asWill be provided withThe leaf nodes of the Merkel hash tree MHT form an MHT Merkel hash tree, the root node of the MHT Merkel hash tree MHT is a root node of the Droot, and the data owner stores a private port locallyOrder, root node value, data owner and cloud server shared key: { PW, Droot, k }. k denotes a shared key of the data owner with the cloud server.
(8) Trapdoor encryption uploading
Hash value h of file keyword calculated by user3(wi) Randomly selecting random number t ∈ ZpAnd calculating the trapdoorTrap door by private key uskUser identity IDuserEncrypted generationThe user will finallyAnd sending the intelligent contract.
(9) Verification trapdoor
User is receiving FDiSent data ζiThen, firstly, extracting the query matching degree value sigmaiAnd decrypting, when the intelligent contract receives the messageThereafter, the user identity ID is checkeduserIf it is a registered user, if so, it is decrypted by the public key of the userAnd IDuserAnd checking whether it is transmittedAnd IDuserAnd if the user is not a legal user, terminating. Reusable trap doorAnd index I calculationIf w ═ wiThen obtain the data key K1And recording the corresponding file number num by the intelligent contractF。
(10) User parsed ciphertext
The intelligent contract numbers num all files meeting the user keyword requestFWith user identity IDuserSending to the cloud server, the smart contract uses the user public key upk to send the key K1The encryption is { K1}upkThen, the message { numF,{K1}upkSending the message to a user, and receiving a message num by the cloud serverF,IDuserAfter that, choose a corresponding backup informationThe method comprises the steps of sending the information to a user, and after the user receives information from cloud service and intelligent contracts, firstly verifying num sent by the intelligent contractsFNum sent from cloud serverFIf they are the same, then decrypt K with its own private key ssk1}upkUsing decrypted K1Hash (i-1) times in succession to obtain KiThe corresponding file F can be decrypted.
(11) Delete request
The data owner IDDONumber num of file to be searchedFRequesting deletion of information requestdelSending the file to a server, and selecting one of backup information according to the file number after the server receives the deletion requestSending the data to a data owner, and calculating a master key K h by the data owner by using a private password PW1(PW||numF) And recovering Delseqence by using K. Connection Delssequence I ID of deletion sequence and user identity information is encrypted by using shared key k of data owner and cloud serviceDOIs { Delseequence | | | IDDO}kAnd after decrypting the DelseResequence, the cloud server deletes corresponding backups in sequence according to the data in the DelseResequence.
(12) Deletion attestation generation
After the cloud server decrypts the Delseq and deletes the corresponding backup, the Delseq and the corresponding backup are respectively calculatedh4、h5Represents two different collision-resistant hash functions, denoted Representing the deletion evidence of i backups of the file generated by the cloud server, i is more than or equal to 1 and less than or equal to n, and then usingGenerating MHT and calculating root node Crootj. And then the cloud server private key ssk is used for CrootjIs signed asThe cloud server publishes the signature and the MHT; cloud server will delete feedbackSending to the data owner and generating a deletion evidenceAfter the cloud server generates the deleted evidence, the deleted evidence is delivered to the super node of the affiliated organization, the super node adds the evidence into an evidence chain, and the adding process is as follows: supernode computing proofjHash value of (proof) h (proof)j) As leaf nodes and generating evidence MHT, the root of which is RnObtaining the current timestamp tsnCalculating Hn=h6(Hn-1||Rn||tsn) Add it into the nth block of the chain of evidence, where Hn-1Is the hash value of the (n-1) th block.
(13) Proof of data owner verification
After the data owner receives the evidence tau, the data owner uses the public key of the cloud server to verifyWhether or not to match the received CrootjIf the two match, then Croot is performedjLocal DrootjAnd comparing whether the data are equal or not, and if the data are still equal, the data owner believes that the cloud server deletes the corresponding data as required.
(14) Responsibility tracking
If the data owner finds that the data which is required to be deleted by the cloud server is leaked, responsibility tracking can be carried out. Data owner proof of deletionjAnd evidence Merckel hash tree and related auxiliary node calculable rootThe data owner requests evidence chain evidence from the cloud server and utilizes the data deletion evidence chain to verifyWherein HmPublishing a hash value for an evidence chain newly, if an equation is established, the cloud server does promise to delete the evidence, if a data leakage behavior exists, if a data owner finds that the data requiring the cloud server to delete is leaked, responsibility tracking can be carried out, and the data owner can publish according to the deletion evidence proofjAnd evidence Merckel hash tree and related auxiliary node calculable rootThe data owner requests evidence chain evidence from the cloud server and utilizes the data deletion evidence chain to verifyWherein HmPublishing the hash value for the evidence chain newly, if the equation is established, the cloud server does promise to delete the evidence, and data leakage behavior exists, wherein Hu-1Hash value, h, for the u-1 th block in the chain of evidence6Representing a hash function against collisions.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above examples are to be construed as merely illustrative and not limitative of the remainder of the disclosure. After reading the description of the invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.
Claims (10)
1. A block chain-based multi-backup safe deletion method is characterized by comprising the following steps:
after system initialization and key generation, the cloud server sends the set number of copies and corresponding backup addresses to a data owner according to the received file-related information, and the data owner generates a pre-deletion sequence after receiving the backup addresses;
the data owner encrypts the file by using different keys to generate a plurality of ciphertext backups, generates indexes according to keywords in the file, respectively uploads the backup ciphertexts to the cloud server, and the indexes are uploaded to the intelligent contract;
a data owner pre-generates backup integrity and deletion evidence;
in the ciphertext query stage, a user calculates a trapdoor and uploads the trapdoor to an intelligent contract, the intelligent contract calculates a corresponding decryption key and a query file number according to the trapdoor, the decryption key and the query file number are respectively sent to the user, and the file number is sent to a cloud server;
the cloud server sends a ciphertext backup to the user according to the file number, and the user decrypts the ciphertext by using the decryption key;
in the deleting stage, a data owner sends a deleting request to a cloud server, the cloud server deletes all backups of corresponding files according to the request, generates deleting evidence, sends the evidence to the data owner and stores the evidence into a block chain;
and in the verification stage, the data owner verifies whether the cloud server deletes the evidence or not according to the received evidence, and can track the corresponding responsibilities of the cloud server and the user according to the evidence of the evidence chain.
2. The method for multi-backup secure deletion based on a block chain according to claim 1, wherein the user system initialization and key generation specifically comprise the steps of:
101. initialization algorithm, GTIs two cyclic groups, G is the generator of group G, G1Is an element of group G, a is a random parameter,is a non-degenerate bilinear map that can be computed efficiently, let g2=ga,g2Denotes an intermediate value, the meaning being disclosed asThe user uses his own identity IDuserRegistering an account at the intelligent contract, wherein a shared key between the cloud server and the block chain is k;
102. generating a secret key, and selecting a unique file number num for a file by a data ownerF∈Zp,ZpRepresenting an integer field of order p, generating a master key K ═ h1(PW||numF) Where PW is the private password of the data owner, h1Is a hash function of collision resistance; the cloud server public and private key pair is (spk, ssk), spk, ssk respectively represent the public key and the private key of the cloud server, and the user public and private key pair is (upk, usk), upk, usk respectively represent the public key and the private key of the user. The public and private key pair generation algorithms are the same, and the method is optionalThe calculation of V-G is carried out,represents a positive integer field of order r, ζ represents a field of order rThe positive integer selected in the method is used for storing zeta as a private key in a private way and V as a public key in a public way.
3. The method according to claim 2, wherein the cloud server sends the number of the backup addresses and the corresponding backup number of the device information to the data owner according to the received file-related information, and the data owner generates the pre-deletion sequence by using the backup addresses after receiving the backup addresses, specifically comprising:
103. setting the number of backup copies and creating a multi-backup association table, and enabling a data owner to identify the ID of the data ownerDOFile number numFInformation F for evaluating file backup quantity for cloud servermateSending to the cloud server, information FmateThe method comprises the steps of file size, file type and file creation time, wherein a backup number n is set after the cloud server receives data, and n addresses (addr) are selected1,addr2,...,addrn) Storing copies, where n represents both the number of copies and the number of addresses, both being equal, and dividing the n addresses (addr)1,addr2,...,addrn) Sending the data to a data owner;
104. generating a pre-deletion sequence, generating n unequal numbers as deletion control numbers by a data owner, and binding the n unequal numbers with n backup addresses to form a (backup address, deletion control number) format: (copy address, deletion number), and arranged in ascending order according to the size of the deletion control number: (addr)1,num1),(addr2,num2),...,(addrn,numn) And finally, connecting the sequences to generate a Delssequence pre-deleted sequence.
4. The block chain-based multi-backup security deletion method according to claim 3, wherein the data owner encrypts the file using different keys to generate a plurality of ciphertext backups, generates an index according to a keyword in the file, respectively uploads the backup ciphertext to the cloud server, and the index is uploaded to the intelligent contract, specifically comprising the steps of:
105. generating a ciphertext backup, and continuously hashing the data owner by using a main key K to generate a data key: k1,K2,...,KnIn which K is1=h2(K),K2=h2(K1),...,Kn=h2(Kn-1) Here h is2Representing a collision-resistant hash function, obtained by encrypting each backup with a data keyThe deleted sequence DelseQuence is encrypted by the master key K to obtain { DelseQuence }KThe data owner will dataSending the data to a cloud server;
106. generating a key index, data owner from integer field Z of ppIn the method, random number r is randomly selected, and h is calculated3(w), where w is a keyword in file F, h3(w) represents the hashed value of key w, resulting in an index:K1、h3(w)rare all intermediate parameters, and the index I and the file number numFAnd sending the intelligent contract to the block chain.
5. The method according to claim 4, wherein the pre-generating backup integrity and deletion evidence by the data owner comprises:
107. pre-generating backup integrity and deletion evidence, and generating n hash values by data ownerAnd sequencing the n hash values according to Delseq to obtain n integrity evidences, wherein the sequencing value is expressed asWill be provided withLeaf nodes that are MHT of the merkel hash tree form one MHT (chinese:merkel hash tree) and its root node is a root node of Droot, the data owner locally stores a private password, a root node value, a shared key of the data owner and the cloud server: { PW, Droot, k }, k denotes the shared key of the data owner with the cloud server.
6. The method according to claim 5, wherein in the ciphertext query phase, the user calculates a trapdoor and uploads the trapdoor to an intelligent contract, the intelligent contract calculates a corresponding decryption key and queries a file number according to the trapdoor, the decryption key is respectively sent to the user, and the file number is sent to the cloud server, specifically including:
108. the trapdoor is encrypted and uploaded, and a user calculates the hash value h of the file keyword3(wi) Randomly selecting random number t ∈ ZpAnd calculating the trapdoorTrap door by private key uskUser identity IDuserEncrypted generationThe user will finallySending the contract to an intelligent contract;
109. verifying trapdoors, smart contracts receive messagesThereafter, the user identity ID is checkeduserIf it is a registered user, if so, it is decrypted by the public key of the userAnd IDuserAnd checking whether it is transmittedAnd IDuserAnd if the user is not a legal user, terminating. Reusable trap doorAnd index I calculationIf w ═ wiThen obtain the data key K1And recording the corresponding file number num by the intelligent contractF。
7. The method for safely deleting multiple backups based on the blockchain according to claim 6, wherein the cloud server sends a ciphertext backup to the user according to the file number, and the user decrypts the ciphertext by using a decryption key, specifically comprising:
110. the intelligent contract numbers num all files meeting the user keyword requestFWith user identity IDuserSending to the cloud server, the smart contract uses the user public key upk to send the key K1The encryption is { K1}upkThen, the message { numF,{K1}upkSending the message to a user, and receiving a message num by the cloud serverF,IDuserAfter that, choose a corresponding backup informationThe method comprises the steps of sending the information to a user, and after the user receives information from cloud service and intelligent contracts, firstly verifying num sent by the intelligent contractsFNum sent from cloud serverFIf they are the same, then decrypt K with its own private key ssk1}upkUsing decrypted K1Hash (i-1) times in succession to obtain KiThe corresponding file F can be decrypted.
8. The safe deletion method of multiple backups based on a block chain according to claim 7, characterized in that in the deletion phase, a data owner sends a deletion request to the cloud server, the cloud server deletes all backups of corresponding files according to the request, generates a deletion evidence, sends the evidence to the data owner, and stores the evidence in the block chain, specifically comprising:
111. delete request, data owner IDDONumber num of file to be searchedFRequesting deletion of information requestdelSending the file to a server, and selecting one of backup information according to the file number after the server receives the deletion requestSending the data to a data owner, and calculating a master key K h by the data owner by using a private password PW1(PW||numF) And recovering Delseqence by using K, and encrypting the connection Delseqence I ID of the deletion sequence and the user identity information by using a shared secret key K of the data owner and the cloud serviceDOIs { Delseequence | | | IDDO}kAfter decrypting the DelseResequence, the cloud server deletes corresponding backups in sequence according to data in the DelseResequence;
112. and generating a deletion certificate, decrypting the Delseq by the cloud server, deleting the corresponding backup, and respectively calculatingh4、h5Represents two different collision-resistant hash functions, denoted Representing the deletion evidence of i backups of the file generated by the cloud server, i is more than or equal to 1 and less than or equal to n, and then usingGenerating MHT and calculating root node Crootj. And then the cloud server private key ssk is used for CrootjIs signed asThe cloud server publishes the signature and the MHT; cloud server will delete feedbackSending to the data owner and generating a deletion evidenceAfter the cloud server generates the deleted evidence, the deleted evidence is delivered to the super node of the affiliated organization, the super node adds the evidence into an evidence chain, and the adding process is as follows: supernode computing proofjHash value of (proof) h (proof)j) As leaf nodes and generating evidence MHT, the root of which is RnObtaining the current timestamp tsnCalculating Hn=h6(Hn-1||Rn||tsn) Add it into the nth block of the chain of evidence, where Hn-1Is the hash value of the (n-1) th block.
9. The block chain-based multi-backup security deletion method according to claim 8, wherein in the verification stage, a data owner verifies whether the cloud server deletes the evidence according to the received evidence, and can track the responsibilities of the cloud server and the user according to the evidence of the evidence chain, and the method specifically includes:
113. the data owner verifies the evidence, and after receiving the evidence tau, the data owner verifies the evidence by using the public key of the cloud serverWhether or not to match the received CrootjIf the two match, then Croot is performedjLocal DrootjComparing whether the data are equal or not, and if the data are still equal, the data owner believes that the cloud server deletes the corresponding data as required;
114. responsibility tracking can be carried out if a data owner finds that data which requires to be deleted by the cloud server is leakedData owner according to the proof of deletion proofjAnd evidence Merckel hash tree and related auxiliary node calculable rootThe data owner requests evidence chain evidence from the cloud server and utilizes the data deletion evidence chain to verifyWherein HmPublishing the hash value for the evidence chain newly, if the equation is established, the cloud server does promise to delete the evidence, and data leakage behavior exists, wherein Hu-1Hash value, h, for the u-1 th block in the chain of evidence6Representing a hash function against collisions.
10. A multi-backup secure erase system using the method of claims 1-8, comprising:
data owner: after a file number and a master key are generated, encrypting and uploading a file which needs to be uploaded to a cloud server to the cloud server, extracting a file keyword, calculating the file keyword as a file index and uploading the file index to an intelligent contract; in the deleting stage, the data owner can send a deleting request to the cloud server, and the cloud server can receive deleting feedback after deleting; and in the verification stage, the data owner can verify and delete according to the deletion feedback sent by the cloud server.
Cloud server: and receiving the backup ciphertext transmitted by the data owner, managing, storing the file and deleting the ciphertext. In the inquiry stage, a file cipher text can be sent for a legal file requesting user according to the file number sent by the intelligent contract; and in the deleting stage, the corresponding ciphertext backup can be deleted according to the deleting request of the data owner, a deleting evidence is generated and sent to the data owner, and the deleting evidence is stored in the block chain.
And a block chain, wherein the intelligent contract of the block chain and the storage of the block chain are mainly utilized, and the function cannot be changed. The intelligent contract can calculate a decryption key according to a file index transmitted by a data owner and a trapdoor of a user and transmits the decryption key to a legal user, and a corresponding file number is transmitted to a cloud server; in the deletion stage, the cloud server stores the deletion certificate on the block chain, so that the purpose of public verification can be achieved.
The user: the user initially needs to register at the smart contract and then the user can send a keyword trapdoor to the smart contract to query for files that match the keyword.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011466673.8A CN112532650A (en) | 2020-12-14 | 2020-12-14 | Block chain-based multi-backup safe deletion method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011466673.8A CN112532650A (en) | 2020-12-14 | 2020-12-14 | Block chain-based multi-backup safe deletion method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112532650A true CN112532650A (en) | 2021-03-19 |
Family
ID=74999527
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011466673.8A Pending CN112532650A (en) | 2020-12-14 | 2020-12-14 | Block chain-based multi-backup safe deletion method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112532650A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113535803A (en) * | 2021-06-15 | 2021-10-22 | 复旦大学 | Block chain efficient retrieval and reliability verification method based on keyword index |
CN114629661A (en) * | 2022-04-27 | 2022-06-14 | 中国科学技术大学 | Encrypted information processing method and device |
CN114827212A (en) * | 2022-06-27 | 2022-07-29 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN116127538A (en) * | 2023-04-17 | 2023-05-16 | 北京中超伟业信息安全技术股份有限公司 | Block chain-based data security destruction method and system and electronic equipment |
CN116489224A (en) * | 2023-06-19 | 2023-07-25 | 中国联合网络通信集团有限公司 | Multi-cloud container scheduling method, device, equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418796A (en) * | 2018-01-30 | 2018-08-17 | 西安电子科技大学 | Method, the cloud storage system of the more copy integrity verifications of cloud data and associated deletion |
CN111428271A (en) * | 2020-04-17 | 2020-07-17 | 上海坤仪金科信息技术有限公司 | Block chain cloud storage user data security solution method |
-
2020
- 2020-12-14 CN CN202011466673.8A patent/CN112532650A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418796A (en) * | 2018-01-30 | 2018-08-17 | 西安电子科技大学 | Method, the cloud storage system of the more copy integrity verifications of cloud data and associated deletion |
CN111428271A (en) * | 2020-04-17 | 2020-07-17 | 上海坤仪金科信息技术有限公司 | Block chain cloud storage user data security solution method |
Non-Patent Citations (3)
Title |
---|
刘忆宁等: "基于区块链的云数据删除验证协议", 《计算机研究与发展》 * |
杜瑞忠等: "基于区块链的公钥可搜索加密方案", 《通信学报》 * |
都林: "《云环境下多副本关联删除技术及其应用研究》", 《万方学位论文库》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113535803A (en) * | 2021-06-15 | 2021-10-22 | 复旦大学 | Block chain efficient retrieval and reliability verification method based on keyword index |
CN113535803B (en) * | 2021-06-15 | 2023-03-10 | 复旦大学 | Block chain efficient retrieval and reliability verification method based on keyword index |
CN114629661A (en) * | 2022-04-27 | 2022-06-14 | 中国科学技术大学 | Encrypted information processing method and device |
CN114629661B (en) * | 2022-04-27 | 2024-02-23 | 中国科学技术大学 | Encryption information processing method and device |
CN114827212A (en) * | 2022-06-27 | 2022-07-29 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN114827212B (en) * | 2022-06-27 | 2022-09-16 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN116127538A (en) * | 2023-04-17 | 2023-05-16 | 北京中超伟业信息安全技术股份有限公司 | Block chain-based data security destruction method and system and electronic equipment |
CN116127538B (en) * | 2023-04-17 | 2023-07-07 | 北京中超伟业信息安全技术股份有限公司 | Block chain-based data security destruction method and system and electronic equipment |
CN116489224A (en) * | 2023-06-19 | 2023-07-25 | 中国联合网络通信集团有限公司 | Multi-cloud container scheduling method, device, equipment and storage medium |
CN116489224B (en) * | 2023-06-19 | 2023-08-22 | 中国联合网络通信集团有限公司 | Multi-cloud container scheduling method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022007889A1 (en) | Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption | |
Aujla et al. | SecSVA: secure storage, verification, and auditing of big data in the cloud environment | |
CN112765650B (en) | Attribute-based searchable encrypted blockchain medical data sharing method | |
Michalas | The lord of the shares: Combining attribute-based encryption and searchable encryption for flexible data sharing | |
CN112532650A (en) | Block chain-based multi-backup safe deletion method and system | |
CN110602099B (en) | Privacy protection method based on verifiable symmetric searchable encryption | |
CN109995505A (en) | A kind of mist calculates data safety machining system and method, cloud storage platform under environment | |
CN103607405A (en) | Ciphertext search authentication method oriented towards cloud storage | |
CN114826703B (en) | Block chain-based data search fine granularity access control method and system | |
Mukundan et al. | Efficient integrity verification of replicated data in cloud using homomorphic encryption | |
CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
CN112685753B (en) | Method and equipment for storing encrypted data | |
CN108021677A (en) | The control method of cloud computing distributed search engine | |
CN108632385A (en) | Multiway tree data directory structure cloud storage method for secret protection based on time series | |
Wen et al. | BDO-SD: An efficient scheme for big data outsourcing with secure deduplication | |
Periasamy et al. | Efficient hash function–based duplication detection algorithm for data Deduplication deduction and reduction | |
Rashid et al. | Secure enterprise data deduplication in the cloud | |
CN109783456B (en) | Duplication removing structure building method, duplication removing method, file retrieving method and duplication removing system | |
Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
CN110851848B (en) | Privacy protection method for symmetric searchable encryption | |
CN108632257B (en) | Method and system for acquiring encrypted health record supporting hierarchical search | |
Chen et al. | Adjacency-hash-table based public auditing for data integrity in mobile cloud computing | |
CN113342802A (en) | Method and device for storing block chain data | |
Abraham et al. | Proving possession and retrievability within a cloud environment: A comparative survey | |
Venkatesh et al. | Secure authorised deduplication by using hybrid cloud approach |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210319 |