CN113364600B - Certificateless public auditing method for integrity of cloud storage data - Google Patents

Certificateless public auditing method for integrity of cloud storage data Download PDF

Info

Publication number
CN113364600B
CN113364600B CN202110916420.4A CN202110916420A CN113364600B CN 113364600 B CN113364600 B CN 113364600B CN 202110916420 A CN202110916420 A CN 202110916420A CN 113364600 B CN113364600 B CN 113364600B
Authority
CN
China
Prior art keywords
user
integrity
signature
audit
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110916420.4A
Other languages
Chinese (zh)
Other versions
CN113364600A (en
Inventor
张晓均
王鑫
唐伟
王文琛
薛婧婷
刘庆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southwest Petroleum University
Original Assignee
Southwest Petroleum University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Petroleum University filed Critical Southwest Petroleum University
Priority to CN202110916420.4A priority Critical patent/CN113364600B/en
Publication of CN113364600A publication Critical patent/CN113364600A/en
Application granted granted Critical
Publication of CN113364600B publication Critical patent/CN113364600B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Algebra (AREA)
  • Computing Systems (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a certificateless public auditing method for cloud storage data integrity, which comprises the following steps: s1, initializing a system; s2, the user blocks and encrypts the data file to obtain a ciphertext data block, and homomorphic signatures of the ciphertext data block are generated to form a signature set; the user generates integrity audit auxiliary information, sends the ciphertext data block and the signature set to the cloud server, and sends the integrity audit auxiliary information to a third party auditor; s3, a third party auditor generates challenge information, sends the challenge information to a cloud server and generates a pre-calculated value; s4, the cloud server generates audit certificate response information and returns the audit certificate response information to a third party auditor; and S5, verifying the correctness of the audit certification response information by the third party auditor by using the pre-calculated value, the system public parameter, the verification public key of the user and the anonymous identity. The invention is designed based on a certificateless cryptosystem, and can effectively avoid key escrow and complex certificate management.

Description

Certificateless public auditing method for integrity of cloud storage data
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a certificateless public auditing method for cloud storage data integrity.
Background
In the big data age, data is the most valuable resource. Big data can help us to analyze problems, discover laws about the development of things, and use these laws to solve practical problems. However, if we want to make better use of the data, it is necessary firstly to obtain as much data information as possible, and secondly to process the data efficiently. Due to the wide source, variety of types and large amount of data, data acquisition requires many storage devices to store data and sufficient computing power to perform data processing. Although the terminal device is continuously updated and upgraded, the performance is greatly improved, but the storage capacity and the computing power of the terminal device cannot meet the requirements of mass data storage and processing. Cloud computing technology helps terminal devices to get rid of these limitations, and further development is achieved. Cloud computing and cloud storage services have facilitated our lives to be more intelligent and automated.
All data need to be secured at the beginning of creation, but not at the last stage of data storage, only the security measures to strengthen the latter have been proven to be irreparable. The data leakage event may increase by 100% in the coming years unless the data is secured at its source, so that the confidentiality of the data file needs to be guaranteed. These generated data files typically need to be uploaded to the cloud platform in real time within the administrative scope of the owner, and the cloud server may be untrusted, tamper with the outsourced data or return incorrect query results, which may affect the availability of the outsourced data. In order to save storage space, an economically driven cloud server may delete portions of data content that users rarely access while trying to trick users into keeping their data intact. In addition, an adversary may also tamper with the outsourced data for some malicious economic or political purpose. Therefore, the integrity of the data on the cloud server is important on the basis of ensuring the confidentiality of the data on the cloud server. In most cases, the user does not want the real identity of the user to be mastered by others, and the user is always unwilling to upload some data closely related to the real identity of the user, which affects the use of the cloud storage system by the cloud user, and the user tends to use a pseudo identity to use the cloud storage service.
Most of the current typical cloud storage data integrity auditing systems need expensive computing overhead. In practical applications, an auditor generally needs to complete the public integrity verification quickly and notify the user of the audit result as needed. A severe lag may be unacceptable because audit requests may be concentrated within a particular time period. For example, an auditor is assigned to check multiple files simultaneously, which would be advantageous if the computational costs associated with the auditor-side verification could be reduced. Therefore, the identity privacy protection performance is designed, the data confidentiality and integrity are guaranteed, and the light-weight public auditing method for the cloud storage data integrity has important application value.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a certificateless-based public auditing method for cloud storage data integrity.
The purpose of the invention is realized by the following technical scheme: the certificateless public auditing method for the integrity of cloud storage data comprises the following steps:
s1, initializing a system, namely setting password security parameters by a key generation center, wherein the password security parameters comprise bilinear pairwise mapping, multiplication cycle groups and generation elements defined on the multiplication cycle groups; the key generation center sets two collision-resistant hash functions and a homomorphic hash function, and selects a system master private key and a system master public key; a key generation center publishes system public parameters, and the key generation center generates an anonymous identity and a first signature private key for a user; the user generates another part of private key and part of public key; the key generation center publishes system public parameters and sends a first private key of a signature of a user to the user; the user verifies the validity of the anonymous identity and the signature first private key, and after the verification is passed, the user generates a signature second private key for the user and generates a signature private key and a verification public key of the user;
s2, generating a digital signature: a user blocks a data file to obtain a plurality of data file blocks, and a symmetric encryption algorithm is selected to encrypt each data file block to obtain a ciphertext data block; a user generates a certificateless homomorphic signature of each ciphertext data block by using a signature private key and a homomorphic hash function of the user, and a signature set is formed; a user generates integrity audit auxiliary information according to the number of data file blocks; the user sends all the ciphertext data blocks and the signature set to the cloud server for storage, and sends the integrity audit auxiliary information to a third party auditor for storage;
s3, generating challenge information: the third party auditor generates challenge information and sends the challenge information to the cloud server; generating a pre-calculated value by a third party auditor according to the challenge information and the integrity audit auxiliary information before receiving audit certification response information returned by the cloud server;
s4, generating audit certification response information: after receiving the challenge information, the cloud server generates audit certificate response information based on the challenged ciphertext data block and the digital signature, and returns the audit certificate response information to a third party auditor;
s5, integrity audit: and after receiving the audit certificate response information, the third party auditor verifies the correctness of the audit certificate response information by utilizing the pre-calculated value, the system public parameter, the verification public key of the user and the anonymous identity.
Preferably, the S1 includes:
s101, selecting a large prime number q by a key generation center PKG, and setting a bilinear pairwise mapping e to meet the requirement
Figure 789440DEST_PATH_IMAGE001
Wherein, in the step (A),
Figure 441002DEST_PATH_IMAGE002
all are q factorial cyclic groups;
s102, selecting a q factorial method circulation group by a key generation center PKG
Figure 158422DEST_PATH_IMAGE003
A generator ofg, and from q order finite fields
Figure 225735DEST_PATH_IMAGE004
A non-zero random number alpha is selected as a main private key of the system and calculated
Figure 446632DEST_PATH_IMAGE005
Wherein, in the step (A),
Figure 3515DEST_PATH_IMAGE006
is the system master public key;
s103, selecting two anti-collision hash functions by the key generation center PKG
Figure 739390DEST_PATH_IMAGE007
And
Figure 610394DEST_PATH_IMAGE008
wherein, in the step (A),
Figure 13694DEST_PATH_IMAGE009
is a bit string of an arbitrary length,
Figure 679161DEST_PATH_IMAGE010
is of fixed length
Figure 371174DEST_PATH_IMAGE011
A bit string of (a);
s104, the key generation center PKG selects a collision-resistant homomorphic hash function
Figure 842606DEST_PATH_IMAGE012
Wherein
Figure 38095DEST_PATH_IMAGE013
The following homomorphism is satisfied: for any two messages
Figure 202361DEST_PATH_IMAGE014
And scalar coefficients
Figure 116090DEST_PATH_IMAGE015
Equation of
Figure 125634DEST_PATH_IMAGE016
If true;
s105, the public parameter of the PKG publishing system of the key generation center
Figure 441209DEST_PATH_IMAGE017
S106, the key generation center PKG is used for generating a finite field from the q order
Figure 510796DEST_PATH_IMAGE018
A non-zero random number k is selected, and an anonymous identity component one is calculated
Figure 911822DEST_PATH_IMAGE019
S107, the key generation center PKG calculates the anonymous identity component two
Figure 725057DEST_PATH_IMAGE020
Wherein T is the effective use period of the anonymous identity of the user,
Figure 895138DEST_PATH_IMAGE021
is the sign of the exclusive or operation,
Figure 135627DEST_PATH_IMAGE022
is a concatenated symbol that is a symbol of a concatenation,
Figure 23948DEST_PATH_IMAGE023
is the true identity of the user;
s108, the key generation center PKG sets the anonymous identity of the user as
Figure 640874DEST_PATH_IMAGE024
And using the system master private key
Figure 665462DEST_PATH_IMAGE025
And a hash function
Figure 342431DEST_PATH_IMAGE026
Computing a signed first private key
Figure 452470DEST_PATH_IMAGE027
S109. the key generation center PKG will
Figure 341928DEST_PATH_IMAGE028
Sending the data to a user;
s110. user receives
Figure 548919DEST_PATH_IMAGE029
Then, the equation is verified
Figure 334472DEST_PATH_IMAGE030
If the equation is established, the user accepts the anonymous identity ID and the first private key of the signature
Figure 728544DEST_PATH_IMAGE031
Otherwise, the user refuses the anonymous ID and the first private signature key
Figure 687273DEST_PATH_IMAGE032
S111, user limited domain from q order
Figure 686453DEST_PATH_IMAGE033
A non-zero random number x is selected as a second private key of the signature, and a verification public key is calculated
Figure 439645DEST_PATH_IMAGE034
And obtaining the signature private key of the user
Figure 524276DEST_PATH_IMAGE035
Preferably, the S2 includes:
s201, a user divides a data file F into n data file blocks, namely
Figure 286696DEST_PATH_IMAGE036
Wherein the identity of the data file F is
Figure 140382DEST_PATH_IMAGE037
Figure 64476DEST_PATH_IMAGE038
Representing blocks of data files;
s202, a user selects a symmetric encryption algorithm SEA and a symmetric key s to encrypt a data file F, and the data file F is encrypted into a data file
Figure 433140DEST_PATH_IMAGE039
To a
Figure 671355DEST_PATH_IMAGE040
Wherein C represents an encrypted data file,
Figure 707444DEST_PATH_IMAGE041
representing a ciphertext data block;
s203. the user selects the q-order finite field
Figure 536860DEST_PATH_IMAGE042
Four different random coefficients are selected
Figure 596083DEST_PATH_IMAGE043
And deriving n seeds:
Figure 434726DEST_PATH_IMAGE044
user sets integrity audit assistance information
Figure 59742DEST_PATH_IMAGE045
S204. for
Figure 505463DEST_PATH_IMAGE046
The user utilizes the private signature key
Figure 848720DEST_PATH_IMAGE047
Computing each ciphertext data block
Figure 491054DEST_PATH_IMAGE048
Based on certificateless homomorphic signatures
Figure 173839DEST_PATH_IMAGE049
And sets a signature set
Figure 876216DEST_PATH_IMAGE050
S205. user sends
Figure 644451DEST_PATH_IMAGE051
And storing the integrity audit auxiliary information AAI to a cloud server, and sending the integrity audit auxiliary information AAI to a third party auditor TPA for storage.
Preferably, the S3 includes:
s301, after receiving a request of a user for checking the integrity of cloud data, a third party auditor TPA collects the cloud data
Figure 824897DEST_PATH_IMAGE052
Randomly selecting a subset containing c elements
Figure 627768DEST_PATH_IMAGE053
S302. for each subscript
Figure 235467DEST_PATH_IMAGE054
From q order finite fields
Figure 553316DEST_PATH_IMAGE055
In randomly selecting matching coefficient
Figure 475135DEST_PATH_IMAGE056
S303, sending challenge information to third party auditor TPA
Figure 194830DEST_PATH_IMAGE057
Sending the data to a cloud server;
s304, before the third party auditor TPA returns the audit certification response information, the third party auditor TPA generates a pre-calculated value I
Figure 176692DEST_PATH_IMAGE058
And a pre-calculated value of two
Figure 981837DEST_PATH_IMAGE059
Preferably, the S4 includes:
s401, the cloud server receives the challenge information
Figure 707348DEST_PATH_IMAGE060
Then, the cloud server calculates the combined information block of the challenged ciphertext data block
Figure 484811DEST_PATH_IMAGE061
And aggregate signatures
Figure 699891DEST_PATH_IMAGE062
S402, the cloud server sends audit certification response information
Figure 664436DEST_PATH_IMAGE063
And giving the third party auditor TPA.
Preferably, the S5 includes:
s501, third party auditor TPA receives audit certification response information
Figure 990376DEST_PATH_IMAGE064
Then, the pre-calculated value one is used
Figure 419083DEST_PATH_IMAGE065
And a pre-calculated value of two
Figure 742748DEST_PATH_IMAGE066
Checking and validating equation
Figure 256906DEST_PATH_IMAGE067
If the verification formula is established, the TPA of the third-party auditor returns true, otherwise, the TPA of the third-party auditor returns false;
and S502, the third party auditor informs the integrity audit result to the user.
Preferably, in S2, after the user sends all the ciphertext data blocks and the signature sets to the cloud server for storage and sends the integrity audit auxiliary information to the third-party auditor for storage, the user deletes the ciphertext data blocks, the signature sets, and the integrity audit auxiliary information at the local client.
The invention has the beneficial effects that:
(1) the method is designed based on a certificateless cipher system, can effectively avoid key escrow, and does not need complex management of public key infrastructure on public key certificates;
(2) the method of the invention designs a certificateless homomorphic signature by combining with a homomorphic hash function, which is beneficial for a third party auditor to carry out public integrity audit on the data file stored in the cloud;
(3) in the signature generation stage, a user needs to design integrity audit auxiliary information, and according to the characteristic of a homomorphic hash function, all index operations in the subsequent integrity audit stage can be optimized into two index operations, so that the calculation cost of a third party auditor is greatly reduced, and a lightweight performance advantage is formed;
(4) the method of the invention effectively ensures the confidentiality of the user data file and simultaneously realizes the conditional anonymity of the user identity;
(5) when the malicious users abuse the cloud storage system, the system can successfully identify the real identities of the malicious users, and further revoke the access authority and the storage service of the malicious users to the cloud storage system.
Drawings
Fig. 1 is a flowchart of a certificateless public auditing method for cloud storage data integrity.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1, the embodiment provides a certificateless public auditing method for integrity of cloud storage data, including:
s1, initializing a system, namely setting password security parameters by a key generation center, wherein the password security parameters comprise bilinear pairwise mapping, multiplication cycle groups and generation elements defined on the multiplication cycle groups; the key generation center sets two collision-resistant hash functions and a homomorphic hash function, and selects a system master private key and a system master public key; a key generation center publishes system public parameters, and the key generation center generates an anonymous identity and a first signature private key for a user; the user generates another part of private key and part of public key; the key generation center publishes system public parameters and sends a first private key of a signature of a user to the user; and the user verifies the validity of the anonymous identity and the signature first private key, and after the verification is passed, the user generates a signature second private key for the user and generates a signature private key and a verification public key of the user.
Specifically, the S1 includes:
s101, selecting a large prime number q by a key generation center PKG, and setting a bilinear pairwise mapping e to meet the requirement
Figure 589798DEST_PATH_IMAGE001
Wherein, in the step (A),
Figure 873012DEST_PATH_IMAGE002
are all q factorial cyclic groups.
S102, selecting a q factorial method circulation group by a key generation center PKG
Figure 898737DEST_PATH_IMAGE003
And generates a primitive g and a finite field from order q
Figure 634612DEST_PATH_IMAGE004
A non-zero random number alpha is selected as a main private key of the system and calculated
Figure 505616DEST_PATH_IMAGE005
Wherein, in the step (A),
Figure 643336DEST_PATH_IMAGE006
is the system master public key.
S103, selecting two anti-collision hash functions by the key generation center PKG
Figure 371121DEST_PATH_IMAGE007
And
Figure 797554DEST_PATH_IMAGE008
wherein, in the step (A),
Figure 268986DEST_PATH_IMAGE009
is a bit string of an arbitrary length,
Figure 464476DEST_PATH_IMAGE010
is of fixed length
Figure 363161DEST_PATH_IMAGE011
The bit string of (2).
S104, the key generation center PKG selects a collision-resistant homomorphic hash function
Figure 73628DEST_PATH_IMAGE012
Wherein
Figure 20856DEST_PATH_IMAGE013
The following homomorphism is satisfied: for any two messages
Figure 133168DEST_PATH_IMAGE014
And scalar coefficients
Figure 140439DEST_PATH_IMAGE015
Equation of
Figure 603781DEST_PATH_IMAGE016
This is true.
S105, the public parameter of the PKG publishing system of the key generation center
Figure 354699DEST_PATH_IMAGE017
S106, the key generation center PKG is used for generating a finite field from the q order
Figure 321518DEST_PATH_IMAGE018
A non-zero random number k is selected, and an anonymous identity component one is calculated
Figure 562007DEST_PATH_IMAGE019
S107, the key generation center PKG calculates the anonymous identity component two
Figure 247066DEST_PATH_IMAGE020
Wherein T is the effective use period of the anonymous identity of the user,
Figure 801675DEST_PATH_IMAGE021
is the sign of the exclusive or operation,
Figure 888580DEST_PATH_IMAGE022
is a concatenated symbol that is a symbol of a concatenation,
Figure 768811DEST_PATH_IMAGE023
is the true identity of the user.
S108, the key generation center PKG sets the anonymous identity of the user as
Figure 675587DEST_PATH_IMAGE024
And using the system master private key
Figure 768308DEST_PATH_IMAGE025
And a hash function
Figure 975299DEST_PATH_IMAGE026
Computing a signed first private key
Figure 495273DEST_PATH_IMAGE027
S109. the key generation center PKG will
Figure 889345DEST_PATH_IMAGE028
And sending the data to the user.
S110. user receives
Figure 848074DEST_PATH_IMAGE029
Then, the equation is verified
Figure 112833DEST_PATH_IMAGE030
If the equation is established, the user accepts the anonymous identity ID and the first private key of the signature
Figure 69288DEST_PATH_IMAGE031
Otherwise, the user refuses the anonymous ID and the first private signature key
Figure 216235DEST_PATH_IMAGE032
S111, user limited domain from q order
Figure 447497DEST_PATH_IMAGE033
A non-zero random number x is selected as a second private key of the signature, and a verification public key is calculated
Figure 97921DEST_PATH_IMAGE034
And obtaining the signature private key of the user
Figure 490856DEST_PATH_IMAGE035
S2, generating a digital signature: a user blocks a data file to obtain a plurality of data file blocks, and a symmetric encryption algorithm is selected to encrypt each data file block to obtain a ciphertext data block; a user generates a certificateless homomorphic signature of each ciphertext data block by using a signature private key and a homomorphic hash function of the user, and a signature set is formed; a user generates integrity audit auxiliary information according to the number of data file blocks; and the user sends all the ciphertext data blocks and the signature set to the cloud server for storage, and sends the integrity audit auxiliary information to a third party auditor for storage.
Specifically, the S2 includes:
s201, a user divides a data file F into n data file blocks, namely
Figure 859520DEST_PATH_IMAGE036
Wherein the identity of the data file F is
Figure 97735DEST_PATH_IMAGE037
Figure 868245DEST_PATH_IMAGE038
Representing blocks of data files.
S202, a user selects a symmetric encryption algorithm SEA and a symmetric key s to encrypt a data file F, and the data file F is encrypted into a data file
Figure 963240DEST_PATH_IMAGE039
To a
Figure 22463DEST_PATH_IMAGE040
Wherein C represents an encrypted data file,
Figure 861106DEST_PATH_IMAGE041
representing a block of ciphertext data.
S203. the user selects the q-order finite field
Figure 486122DEST_PATH_IMAGE042
Four different random coefficients are selected
Figure 955281DEST_PATH_IMAGE043
And deriving n seeds:
Figure 298537DEST_PATH_IMAGE044
the user finishes settingIntegrity audit assistance information
Figure 940871DEST_PATH_IMAGE045
S204. for
Figure 889236DEST_PATH_IMAGE046
The user utilizes the private signature key
Figure 529296DEST_PATH_IMAGE047
Computing each ciphertext data block
Figure 94269DEST_PATH_IMAGE048
Based on certificateless homomorphic signatures
Figure 274715DEST_PATH_IMAGE049
And sets a signature set
Figure 77586DEST_PATH_IMAGE050
S205. user sends
Figure 685284DEST_PATH_IMAGE051
And storing the integrity audit auxiliary information AAI to a cloud server, and sending the integrity audit auxiliary information AAI to a third party auditor TPA for storage.
In some embodiments, in S2, after the user sends all the ciphertext data blocks and the signature sets to the cloud server for storage and sends the integrity audit auxiliary information to the third-party auditor for storage, the user deletes the ciphertext data blocks, the signature sets, and the integrity audit auxiliary information at the local client, so as to save the local storage space of the user.
S3, generating challenge information: the third party auditor generates challenge information and sends the challenge information to the cloud server; and the third party auditor generates a pre-calculated value according to the challenge information and the integrity audit auxiliary information before receiving the audit certification response information returned by the cloud server.
Specifically, the S3 includes:
s301, after receiving a request of a user for checking the integrity of cloud data, a third party auditor TPA collects the cloud data
Figure 3133DEST_PATH_IMAGE052
Randomly selecting a subset containing c elements
Figure 924953DEST_PATH_IMAGE053
S302. for each subscript
Figure 644647DEST_PATH_IMAGE054
From q order finite fields
Figure 626510DEST_PATH_IMAGE055
In randomly selecting matching coefficient
Figure 431655DEST_PATH_IMAGE056
S303, sending challenge information to third party auditor TPA
Figure 953903DEST_PATH_IMAGE057
To the cloud server.
S304, before the third party auditor TPA returns the audit certification response information, the third party auditor TPA generates a pre-calculated value I
Figure 465787DEST_PATH_IMAGE058
And a pre-calculated value of two
Figure 415288DEST_PATH_IMAGE059
S4, generating audit certification response information: and after receiving the challenge information, the cloud server generates audit certificate response information based on the challenged ciphertext data block and the digital signature, and returns the audit certificate response information to the third-party auditor.
Specifically, the S4 includes:
s401, the cloud server receives the challenge information
Figure 442150DEST_PATH_IMAGE060
Then, the cloud server calculates the combined information block of the challenged ciphertext data block
Figure 971352DEST_PATH_IMAGE061
And aggregate signatures
Figure 400059DEST_PATH_IMAGE062
S402, the cloud server sends audit certification response information
Figure 723724DEST_PATH_IMAGE063
And giving the third party auditor TPA.
S5, integrity audit: and after receiving the audit certificate response information, the third party auditor verifies the correctness of the audit certificate response information by utilizing the pre-calculated value, the system public parameter, the verification public key of the user and the anonymous identity.
Specifically, the S5 includes:
s501, third party auditor TPA receives audit certification response information
Figure 237882DEST_PATH_IMAGE064
Then, the pre-calculated value one is used
Figure 367512DEST_PATH_IMAGE065
And a pre-calculated value of two
Figure 588409DEST_PATH_IMAGE066
Checking and validating equation
Figure 145292DEST_PATH_IMAGE067
And if the verification formula is established, the TPA of the third party auditor returns true, otherwise, the TPA of the third party auditor returns false.
And S502, the third party auditor informs the integrity audit result to the user.
The correctness derivation process of this embodiment is as follows:
because of the fact that
Figure 146746DEST_PATH_IMAGE069
And
Figure DEST_PATH_IMAGE070
the integrity audit correctly pushes the process to:
Figure 322529DEST_PATH_IMAGE071
the foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (7)

1. Public auditing method for integrity of cloud storage data based on certificateless is characterized by comprising the following steps:
s1, initializing a system, namely setting password security parameters by a key generation center, wherein the password security parameters comprise bilinear pairwise mapping, multiplication cycle groups and generation elements defined on the multiplication cycle groups; the key generation center sets two collision-resistant hash functions and a homomorphic hash function, and selects a system master private key and a system master public key; a key generation center publishes system public parameters, and the key generation center generates an anonymous identity and a first signature private key for a user; the user generates another part of private key and part of public key; the key generation center publishes system public parameters and sends a first private key of a signature of a user to the user; the user verifies the validity of the anonymous identity and the signature first private key, and after the verification is passed, the user generates a signature second private key for the user and generates a signature private key and a verification public key of the user;
s2, generating a digital signature: a user blocks a data file to obtain a plurality of data file blocks, and a symmetric encryption algorithm is selected to encrypt each data file block to obtain a ciphertext data block; a user generates a certificateless homomorphic signature of each ciphertext data block by using a signature private key and a homomorphic hash function of the user, and a signature set is formed; a user generates integrity audit auxiliary information according to the number of data file blocks; the user sends all the ciphertext data blocks and the signature set to the cloud server for storage, and sends the integrity audit auxiliary information to a third party auditor for storage;
s3, generating challenge information: the third party auditor generates challenge information and sends the challenge information to the cloud server; generating a pre-calculated value by a third party auditor according to the challenge information and the integrity audit auxiliary information before receiving audit certification response information returned by the cloud server;
s4, generating audit certification response information: after receiving the challenge information, the cloud server generates audit certificate response information based on the challenged ciphertext data block and the digital signature, and returns the audit certificate response information to a third party auditor;
s5, integrity audit: and after receiving the audit certificate response information, the third party auditor verifies the correctness of the audit certificate response information by utilizing the pre-calculated value, the system public parameter, the verification public key of the user and the anonymous identity.
2. The certificateless public auditing method according to claim 1 based on cloud storage data integrity, where S1 includes:
s101, selecting a large prime number q by a key generation center PKG, and setting a bilinear pairwise mapping e to meet the requirement
Figure DEST_PATH_IMAGE001
Wherein, in the step (A),
Figure DEST_PATH_IMAGE002
are all made ofA q factorial cyclic group;
s102, selecting a q factorial method circulation group by a key generation center PKG
Figure DEST_PATH_IMAGE003
And generates a primitive g and a finite field from order q
Figure DEST_PATH_IMAGE004
A non-zero random number alpha is selected as a main private key of the system and calculated
Figure DEST_PATH_IMAGE005
Wherein, in the step (A),
Figure DEST_PATH_IMAGE006
is the system master public key;
s103, selecting two anti-collision hash functions by the key generation center PKG
Figure DEST_PATH_IMAGE007
And
Figure DEST_PATH_IMAGE008
wherein, in the step (A),
Figure DEST_PATH_IMAGE009
is a bit string of an arbitrary length,
Figure DEST_PATH_IMAGE010
is of fixed length
Figure DEST_PATH_IMAGE011
A bit string of (a);
s104, the key generation center PKG selects a collision-resistant homomorphic hash function
Figure DEST_PATH_IMAGE012
Wherein
Figure DEST_PATH_IMAGE013
The following homomorphism is satisfied: for any two messages
Figure DEST_PATH_IMAGE014
And scalar coefficients
Figure DEST_PATH_IMAGE015
Equation of
Figure DEST_PATH_IMAGE016
If true;
s105, the public parameter of the PKG publishing system of the key generation center
Figure DEST_PATH_IMAGE017
S106, the key generation center PKG is used for generating a finite field from the q order
Figure DEST_PATH_IMAGE018
A non-zero random number k is selected, and an anonymous identity component one is calculated
Figure DEST_PATH_IMAGE019
S107, the key generation center PKG calculates the anonymous identity component two
Figure DEST_PATH_IMAGE020
Wherein T is the effective use period of the anonymous identity of the user,
Figure DEST_PATH_IMAGE021
is the sign of the exclusive or operation,
Figure DEST_PATH_IMAGE022
is a concatenated symbol that is a symbol of a concatenation,
Figure DEST_PATH_IMAGE023
is the true identity of the user;
s108, the key generation center PKG sets the anonymous body of the userIs prepared from
Figure DEST_PATH_IMAGE024
And using the system master private key
Figure DEST_PATH_IMAGE025
And a hash function
Figure DEST_PATH_IMAGE026
Computing a signed first private key
Figure DEST_PATH_IMAGE027
S109. the key generation center PKG will
Figure DEST_PATH_IMAGE028
Sending the data to a user;
s110. user receives
Figure DEST_PATH_IMAGE029
Then, the equation is verified
Figure DEST_PATH_IMAGE030
If the equation is established, the user accepts the anonymous identity ID and the first private key of the signature
Figure DEST_PATH_IMAGE031
Otherwise, the user refuses the anonymous ID and the first private signature key
Figure DEST_PATH_IMAGE032
S111, user limited domain from q order
Figure DEST_PATH_IMAGE033
A non-zero random number x is selected as a second private key of the signature, and a verification public key is calculated
Figure DEST_PATH_IMAGE034
And obtaining the signature private key of the user
Figure DEST_PATH_IMAGE035
3. The certificateless public auditing method according to claim 2 based on cloud storage data integrity, where S2 includes:
s201, a user divides a data file F into n data file blocks, namely
Figure DEST_PATH_IMAGE036
Wherein the identity of the data file F is
Figure DEST_PATH_IMAGE037
Figure DEST_PATH_IMAGE038
Representing blocks of data files;
s202, a user selects a symmetric encryption algorithm SEA and a symmetric key s to encrypt a data file F, and the data file F is encrypted into a data file
Figure DEST_PATH_IMAGE039
To a
Figure DEST_PATH_IMAGE040
Wherein C represents an encrypted data file,
Figure DEST_PATH_IMAGE041
representing a ciphertext data block;
s203. the user selects the q-order finite field
Figure DEST_PATH_IMAGE042
Four different random coefficients are selected
Figure DEST_PATH_IMAGE043
And lead outn seeds:
Figure DEST_PATH_IMAGE044
user sets integrity audit assistance information
Figure DEST_PATH_IMAGE045
S204. for
Figure DEST_PATH_IMAGE046
The user utilizes the private signature key
Figure DEST_PATH_IMAGE047
Computing each ciphertext data block
Figure DEST_PATH_IMAGE048
Based on certificateless homomorphic signatures
Figure DEST_PATH_IMAGE049
And sets a signature set
Figure DEST_PATH_IMAGE050
S205. user sends
Figure DEST_PATH_IMAGE051
And storing the integrity audit auxiliary information AAI to a cloud server, and sending the integrity audit auxiliary information AAI to a third party auditor TPA for storage.
4. The certificateless public auditing method according to claim 3 based on cloud storage data integrity, where S3 includes:
s301, after receiving a request of a user for checking the integrity of cloud data, a third party auditor TPA collects the cloud data
Figure DEST_PATH_IMAGE052
Randomly selecting a subset containing c elements
Figure DEST_PATH_IMAGE053
S302. for each subscript
Figure DEST_PATH_IMAGE054
From q order finite fields
Figure DEST_PATH_IMAGE055
In randomly selecting matching coefficient
Figure DEST_PATH_IMAGE056
S303, sending challenge information to third party auditor TPA
Figure DEST_PATH_IMAGE057
Sending the data to a cloud server;
s304, before the third party auditor TPA returns the audit certification response information, the third party auditor TPA generates a pre-calculated value I
Figure DEST_PATH_IMAGE058
And a pre-calculated value of two
Figure DEST_PATH_IMAGE059
5. The certificateless public auditing method according to claim 4 based on cloud storage data integrity, where S4 includes:
s401, the cloud server receives the challenge information
Figure DEST_PATH_IMAGE060
Then, the cloud server calculates the combined information block of the challenged ciphertext data block
Figure DEST_PATH_IMAGE061
And aggregate signatures
Figure DEST_PATH_IMAGE062
S402, the cloud server sends audit certification response information
Figure DEST_PATH_IMAGE063
And giving the third party auditor TPA.
6. The certificateless public auditing method according to claim 5 based on cloud storage data integrity, where S5 includes:
s501, third party auditor TPA receives audit certification response information
Figure DEST_PATH_IMAGE064
Then, the pre-calculated value one is used
Figure DEST_PATH_IMAGE065
And a pre-calculated value of two
Figure DEST_PATH_IMAGE066
Checking and validating equation
Figure DEST_PATH_IMAGE067
If the verification equation is established, the TPA of the third-party auditor returns true, otherwise, the TPA of the third-party auditor returns false;
and S502, the third party auditor informs the integrity audit result to the user.
7. The certificateless public auditing method for cloud storage data integrity based on claim 1 characterized in that in S2, after the user sends all ciphertext data blocks and signature sets to the cloud server for storage and sends the integrity auditing auxiliary information to the third party auditor for storage, the user deletes the ciphertext data blocks, signature sets and integrity auditing auxiliary information at the local client.
CN202110916420.4A 2021-08-11 2021-08-11 Certificateless public auditing method for integrity of cloud storage data Active CN113364600B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110916420.4A CN113364600B (en) 2021-08-11 2021-08-11 Certificateless public auditing method for integrity of cloud storage data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110916420.4A CN113364600B (en) 2021-08-11 2021-08-11 Certificateless public auditing method for integrity of cloud storage data

Publications (2)

Publication Number Publication Date
CN113364600A CN113364600A (en) 2021-09-07
CN113364600B true CN113364600B (en) 2021-12-07

Family

ID=77522944

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110916420.4A Active CN113364600B (en) 2021-08-11 2021-08-11 Certificateless public auditing method for integrity of cloud storage data

Country Status (1)

Country Link
CN (1) CN113364600B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12008146B2 (en) * 2021-03-31 2024-06-11 Seagate Technology Llc Code-based signatures for secure programs
CN113890890B (en) * 2021-09-28 2024-02-06 西安建筑科技大学 Efficient data management method applied to intelligent medical system
CN114257378B (en) * 2021-12-07 2024-04-30 中信银行股份有限公司 Anonymous certificate generation method, system, equipment and readable storage medium
CN114415943B (en) * 2021-12-23 2023-08-15 贵州航天计量测试技术研究所 Public auditing method and auditing system for cloud multi-copy data
CN114362958B (en) * 2021-12-28 2023-12-01 湖北工业大学 Intelligent home data security storage auditing method and system based on blockchain
CN114531296A (en) * 2022-03-04 2022-05-24 苏州麦瑶信息科技有限公司 Method for detecting integrity of data transmission process
CN115134132B (en) * 2022-06-20 2023-05-12 哈尔滨工业大学(深圳) Certificate-free identity anonymity privacy protection medical data integrity verification method
CN115333857B (en) * 2022-10-11 2023-03-07 晨越建设项目管理集团股份有限公司 Detection method for preventing data from being tampered based on smart city system cloud platform
CN115604038B (en) * 2022-12-14 2023-09-15 山东省计算中心(国家超级计算济南中心) Cloud storage data auditing system and method based on blockchain and edge computing
CN116938452B (en) * 2023-09-15 2023-12-08 天津太极风控网络科技有限公司 Cloud audit method for encrypted backup account set
CN117874777A (en) * 2023-11-29 2024-04-12 中国民航信息网络股份有限公司 Data storage method, device and system based on blockchain
CN117592120A (en) * 2023-11-29 2024-02-23 西南石油大学 Data tamper-proof integrity detection method based on industrial cloud storage system
CN117978546B (en) * 2024-03-29 2024-06-11 华侨大学 Certificateless dynamic shared data auditing method based on trusted execution environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104994069A (en) * 2015-05-25 2015-10-21 南京信息工程大学 Cloud-storage data integrity proving method based on data repeatability verification
CA2936106A1 (en) * 2016-07-14 2018-01-14 Mirza Kamaludeen Encrypted data - data integrity verification and auditing system
CN108965258A (en) * 2018-06-21 2018-12-07 河南科技大学 A kind of cloud environment data integrity verification method based on full homomorphic cryptography
CN109286490A (en) * 2018-08-27 2019-01-29 西安电子科技大学 Support close state data deduplication and integrity verification method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104994069A (en) * 2015-05-25 2015-10-21 南京信息工程大学 Cloud-storage data integrity proving method based on data repeatability verification
CA2936106A1 (en) * 2016-07-14 2018-01-14 Mirza Kamaludeen Encrypted data - data integrity verification and auditing system
CN108965258A (en) * 2018-06-21 2018-12-07 河南科技大学 A kind of cloud environment data integrity verification method based on full homomorphic cryptography
CN109286490A (en) * 2018-08-27 2019-01-29 西安电子科技大学 Support close state data deduplication and integrity verification method and system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Identity-based key-exposure resilient cloud storage public auditing scheme form lattices;Xiaojun Zhang等;《Information Scineces》;20190131;全文 *
Identity-based proxy-oriented outsourcing with public auditing in cloud-based medical cyberphysical systems;Xiaojun Zhang等;《Pervasive and Mobile Computing》;20190531;全文 *
云存储中数据完整性检测的研究;沈文婷;《中国博士学位论文全文数据库(电子期刊)》;20200815;全文 *
云环境中数据安全存储关键技术研究;薛婧婷;《中国博士学位论文全文数据库(电子期刊)》;20210315;全文 *

Also Published As

Publication number Publication date
CN113364600A (en) 2021-09-07

Similar Documents

Publication Publication Date Title
CN113364600B (en) Certificateless public auditing method for integrity of cloud storage data
Fu et al. NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users
Yu et al. Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage
Li et al. Full verifiability for outsourced decryption in attribute based encryption
Ng et al. Private data deduplication protocols in cloud storage
Wei et al. SecCloud: Bridging secure storage and computation in cloud
Wang et al. Privacy-preserving public auditing for data storage security in cloud computing
JP4639084B2 (en) Encryption method and encryption apparatus for secure authentication
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
Tian et al. Policy-based chameleon hash for blockchain rewriting with black-box accountability
Sun et al. Outsourced decentralized multi-authority attribute based signature and its application in IoT
Zhang et al. Online/offline unbounded multi‐authority attribute‐based encryption for data sharing in mobile cloud computing
Rabaninejad et al. A lightweight auditing service for shared data with secure user revocation in cloud storage
Luo et al. Efficient integrity auditing for shared data in the cloud with secure user revocation
Subha et al. Efficient privacy preserving integrity checking model for cloud data storage security
CN111783136A (en) Data protection method, device, equipment and storage medium
Wang et al. Lightweight certificate-based public/private auditing scheme based on bilinear pairing for cloud storage
Kim et al. Certificateless public auditing protocol with constant verification time
Alimohammadi et al. A secure key-aggregate authentication cryptosystem for data sharing in dynamic cloud storage
Dhakad et al. EPPDP: an efficient privacy-preserving data possession with provable security in cloud storage
Kim et al. Privacy-preserving public auditing for shared cloud data with secure group management
Liao et al. Security analysis of a certificateless provable data possession scheme in cloud
Han et al. Identity-based secure distributeddata storage schemes
Feng et al. A new public remote integrity checking scheme with user and data privacy
Li et al. A forward-secure certificate-based signature scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant