CN113656818B - Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security - Google Patents
Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security Download PDFInfo
- Publication number
- CN113656818B CN113656818B CN202110943595.4A CN202110943595A CN113656818B CN 113656818 B CN113656818 B CN 113656818B CN 202110943595 A CN202110943595 A CN 202110943595A CN 113656818 B CN113656818 B CN 113656818B
- Authority
- CN
- China
- Prior art keywords
- data
- uploading
- cloud storage
- integrity
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of cloud data ciphertext deduplication, and provides a method and a system for performing ciphertext deduplication on a third party cloud storage without trust, which meet semantic security. The method comprises the steps that a data uploading person sends a short hash value of data to a cloud storage server; the cloud storage server utilizes the short hash value to match, and judges whether the data possibly exists in the cloud storage or not; the data uploading device comprises a data first uploading device and a data subsequent uploading device; the data primary uploading user generates a data integrity certification set by using an outsourced data integrity remote audit scheme, uploads a data ciphertext, and constructs an intelligent contract by using the integrity certification set and a verification algorithm so as to realize a data primary uploading process; and the subsequent uploading user of the data performs data integrity verification by using the intelligent contract, and obtains a data encryption key output by the intelligent contract or executes a data first uploading process according to a verification result.
Description
Technical Field
The invention belongs to the technical field of cloud data ciphertext deduplication, and particularly relates to a method and a system for performing ciphertext deduplication on a third party cloud storage without trust, which meet semantic security.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
The deduplication technology is widely adopted by cloud service providers, and the same data copy is guaranteed to be stored only once in a cloud server, and if the same copy appears, the cloud server creates a link for an uploading user to access the data copy, so that the storage cost is reduced. However, at present, a cloud storage user always ensures data confidentiality by uploading encrypted data, and because different ciphertext can be formed by encrypting the message under different keys by using a semantic security encryption algorithm, the traditional plaintext deduplication method cannot be applied to ciphertext data in the cloud. The inventor finds that the following technical problems exist in the prior art:
(1) The existing ciphertext deduplication method and system based on convergence encryption or message lock encryption cannot guarantee semantic security of ciphertext data, are low in security level, are easy to be attacked by offline violence, and have potential safety hazards.
(2) Most of the existing ciphertext deduplication methods and systems meeting semantic security require a trusted third party to be responsible for distributing data encryption keys or require some other users who have uploaded the same data before to execute session key exchange protocols with new data uploaders on line to safely distribute data encryption keys, and these requirements are not easy to meet in a real cloud storage environment, so that the practicability of the method is poor.
(3) The existing ciphertext deduplication method and system meeting semantic security without online trusted third parties or online users uploading the same data before are required to define a user group in advance, and a trusted center generates auxiliary information for users in the user group in advance, so that a cloud storage server can collusion with other users in the user group to obtain a data encryption key of a data uploading user.
Disclosure of Invention
In order to solve the technical problems in the background art, the invention provides a method and a system for performing cryptograph deduplication by using a non-trusted third party cloud storage, which meet semantic security, wherein an intelligent contract and a user uploading data are used for executing a data integrity certification protocol, an original data encryption key is sent to a subsequent uploading user according to an integrity verification result, a trusted third party is not needed, a client is supported to encrypt data by using a semantic security encryption algorithm, and stronger security and practicability can be provided.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
the first aspect of the invention provides a trusted-free third party cloud storage ciphertext deduplication method meeting semantic security, which comprises the following steps:
the data uploading person sends the short hash value of the data to the cloud storage server;
the cloud storage server utilizes the short hash value to match, and judges whether the data possibly exists in the cloud storage or not;
the data uploading device comprises a data first uploading device and a data subsequent uploading device; the data primary uploading person generates a public and private key pair for data integrity verification by using a key generation algorithm and a security parameter of an outsourced data integrity remote audit scheme so as to realize a data primary uploading process; and the subsequent uploading of the data generates a public-private key pair for encrypting and decrypting the public key by using a key generation algorithm of the public key encryption algorithm, and then decrypts ciphertext of the data encryption key or executes a data primary uploading process by using the public-private key pair based on data integrity verification.
If the data is not matched, namely the data does not exist in cloud storage, the data primary uploading user generates an integrity authentication set for uploading data plaintext, the ciphertext data is uploaded to a cloud storage server, an encryption key and an integrity check code are written into an intelligent contract T0 capable of protecting data confidentiality, and the integrity authentication set of the data and a public key of the data primary uploading user writes into the intelligent contract T1, so that the data primary uploading process is completed.
If the data is matched, namely the data possibly exists in the cloud storage, the data follow-up uploading user activates the intelligent contract T1 to acquire challenge/authentication information, activates the intelligent contract T0, firstly checks the data integrity, and if the data integrity check is passed, namely the data to be transmitted is proved to really exist in the cloud storage, the T0 encrypts the data encryption key by utilizing the public key of the data follow-up uploading user, sends the ciphertext to the data follow-up uploading user, and decrypts the ciphertext of the data encryption key by utilizing the private key of the data follow-up uploading user to acquire the data encryption key; and if the data integrity check is not passed, namely that the data to be transmitted does not exist in the cloud storage, executing a data first uploading process.
The second aspect of the invention provides a trusted-free third-party cloud storage ciphertext deduplication system meeting semantic security, which specifically comprises a data uploading person and a cloud storage server;
the data uploading device is used for sending the short hash value of the data to the cloud storage server;
the data uploader comprises a data first uploader and a data subsequent uploader;
the data primary uploading method comprises the steps that a data primary uploading person generates a public and private key pair for data integrity verification by using a key generation algorithm and a security parameter of an outsourced data integrity remote audit scheme so as to realize a data primary uploading process; the data subsequent uploading user uses the key generation algorithm of the public key encryption algorithm to generate a public and private key pair for public key encryption and decryption, and then uses the public and private key pair to decrypt the ciphertext of the data encryption key or execute the data primary uploading process based on the data integrity verification;
and the cloud storage server is used for matching by using the short hash value and judging whether the data possibly exist in the cloud storage.
If the data is not matched, namely the data does not exist in cloud storage, the data uploader is used for generating an integrity authentication set for uploading data plaintext, uploading ciphertext data to a cloud storage server, writing an encryption key and an integrity check code into an intelligent contract T0 capable of protecting data confidentiality, writing the integrity authentication set of the data and a public key of the data into the intelligent contract T1, and completing the data primary uploading process.
If the data is matched, namely the data possibly exists in the cloud storage, a data follow-up uploading person is used for activating the intelligent contract T1 to acquire challenge/authentication information, activating the intelligent contract T0, firstly checking the data integrity, and if the data integrity check is passed, namely the data to be transmitted is proved to really exist in the cloud storage, the T0 encrypts a data encryption key by utilizing a public key of the data follow-up uploading person, sends a ciphertext to the data follow-up uploading person, decrypts the ciphertext of the data encryption key by utilizing a private key of the data follow-up uploading person, and obtains the data encryption key; and if the data integrity check is not passed, namely that the data to be transmitted does not exist in the cloud storage, executing a data first uploading process.
Compared with the prior art, the invention has the beneficial effects that:
(1) The method of the invention supports the client to encrypt the data by using the semantic security encryption algorithm with higher security, can avoid the adversary from guessing the data plaintext by off-line violent attack, and ensures the confidentiality of the data. The method has stronger safety.
(2) The method does not depend on a trusted third party to distribute the data encryption key, does not require other users who upload the same data before to execute a session key exchange protocol with a new data uploading party on line to safely distribute the data encryption key, adopts an intelligent contract to solve the problem of safe distribution of the data encryption key, and has higher practicability. Because the user set is not required to be limited, the trusted center is not required to generate auxiliary information for distributing the encryption key for the users in the user set in advance, and therefore the problem that the cloud storage server is colluded with other users can be avoided.
Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a flow chart of a non-trusted third party cloud storage ciphertext deduplication method meeting semantic security according to an embodiment of the present invention;
FIG. 2 is a short hash value and data ciphertext and an index of a corresponding owner/smart contract address, in accordance with an embodiment of the present invention;
FIG. 3 is a schematic diagram of the smart contract T0 functionality of an embodiment of the present invention;
FIG. 4 is a functional schematic of a smart contract T1 according to an embodiment of the invention;
fig. 5 is a schematic structural diagram of a trusted-free third party cloud storage ciphertext deduplication system meeting semantic security according to an embodiment of the present invention.
Detailed Description
The invention will be further described with reference to the drawings and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
Example 1
As shown in fig. 1, the method for deduplicating the cloud storage ciphertext of the third party without trust, which satisfies semantic security, specifically includes the following steps:
the data uploading person sends the short hash value of the data to the cloud storage server;
the cloud storage server judges whether the data exists in the cloud storage or not by using the short hash value;
the data uploader comprises a data first uploader and a data subsequent uploader; the data uploading method comprises the steps that a data uploading person generates a public and private key pair for data integrity verification by using a key generation algorithm and a security parameter of an outsourced data integrity remote Audit scheme Audit; and the data subsequent uploading user generates a public and private key pair for public key encryption and decryption by using a key generation algorithm of a public key encryption algorithm PKE.
Specifically, the data uploading user sends the short hash value of the data to the cloud storage server, the cloud storage server searches the short hash value in the existing data short hash value table, if the short hash value can be matched with the short hash value, the data is indicated to be possibly stored in the cloud storage, otherwise, the data is indicated to be not stored in the cloud storage yet.
If the short hash value does not exist, the data uploading person generates an integrity authentication set of uploading data plaintext for the first time, uploads ciphertext data to the cloud storage server, writes an encryption key and an integrity check code into an intelligent contract T0 capable of protecting data confidentiality, writes the integrity authentication set of the data and a public key of the data into the intelligent contract T1, and completes the data uploading process.
And the data primary uploading user uses a private key generated by a key generation algorithm of the outsourced data integrity remote Audit scheme Audit to generate integrity authentication information of the data to be uploaded by using an authentication set generation algorithm of the outsourced data integrity remote Audit scheme Audit.
The remote Audit scheme audio of the integrity of the outsourced data comprises the following algorithm:
and (3) key generation: the user generates a public and private key pair for carrying out remote integrity check on own data;
authentication set generation: data file F is partitioned, f= { m 1 ,……,m n Generating an authentication set phi of data F;
an integrity verification protocol comprises the following two algorithms:
i) Integrity certification generation: let the authentication set of data F be Φ, challenge chal= {(s) i ,v i )} i∈{1,..,c} Wherein s is i E {1, …, n }, j=1, …, c. Then according to Φ, chal and data f= { m 1 ,……,m n Generating an integrity certification P of the data F;
ii) integrity check: and checking the integrity certification P by using the user public key and the challenge Chal, if the verification is passed, the outsourcing data is completely stored by the cloud storage, otherwise, the outsourcing data is destroyed.
The public key encryption algorithm PKE used includes the following algorithms:
and (3) key generation: the user generates a public and private key pair for encrypting and decrypting the public key;
encryption: encrypting the data by using the public key of the user to generate a data ciphertext;
decryption: and decrypting the data ciphertext by using the user private key to obtain a data plaintext.
As one or more embodiments, the digital signature algorithm used in the method includes the following algorithm:
and (3) key generation: generating a public-private key pair for digital signature and verification;
signature: signing the data by using the private key to generate a digital signature;
verifying the signature: and verifying the data and the digital signature by using the public key, outputting a True if the verification is passed, and outputting a False if the verification is not passed.
In specific implementation, a public-private key pair for integrity verification can be generated by using a key generation algorithm of any secure outsourced data integrity remote Audit scheme Audit, and a public-private key pair for public key encryption can be generated by using a key generation algorithm of any secure public key encryption algorithm PKE;
it should be noted that any symmetric encryption algorithm that satisfies semantic security may be used; any secure digital signature algorithm may be used; the intelligent contracts that can protect data confidentiality can be written by zkay and compiled into intelligent contracts that can be executed on ethernet, or Hyperledger Fabric using the data privacy protection mechanism of Hyperledger Fabric.
As shown in fig. 3, the function of the intelligent contract T0 is to input a challenge Chal and a signature sig of the Chal by T1, a public signature key PK used by the intelligent contract T1, and a data integrity certificate P, and the signature sig is checked first by T0, and if the signature sig is a signature of the Chal by T1, the data integrity certificate P is checked, and if the verification of the certificate P is passed, the data encryption key is encrypted by using the public key of the uploading party and a ciphertext is output.
The function of the smart contract T1 is as shown in FIG. 4, selecting an integer c from 1 to n, generating a challenge data block index { s } based on the current state and the pseudo-random function pFUNC i } i=1,…,c Generating data block weight coefficient { v } by using current state, data block index and hash function hFunc 1 ,…,v c Challenge chal= {(s) construction i ,v i )} i∈{1,…c} And finding the corresponding authentication Auth from the data integrity authentication set according to the Chal, obtaining the signature Sig to the Chal and the Auth by using a digital signature scheme, and outputting the Chal, the Auth and the signature Sig.
The challenge Chal is generated as follows:
generating a data block index i= { s by using a current state and a pseudo-random function pFunc 1 ,…,s c }, i.e. s i pFUNC (state i), using the currentGenerating data block weight coefficient { v } by state, data block index and hash function hFunc 1 ,…,v c }, i.e. v i =hFunc(state||s i ) Challenge chal= {(s) i ,v i )} i∈{1,…c} 。
The first uploading user of the data selects an encryption key and encrypts the data to be uploaded by using a symmetrical encryption algorithm meeting semantic security;
firstly, a data uploading person judges whether the data to be uploaded exists on a cloud storage server or not, and if not, the uploading person executes the following steps:
step 1.1: generating an integrity authentication set of the uploaded data;
step 1.2: selecting an encryption key K and encrypting the uploaded data;
step 1.3: uploading the data ciphertext to a cloud storage server;
step 1.4: writing an encryption key K, a generated public key and an integrity checking algorithm code in an audio scheme into an intelligent contract T0 capable of protecting data confidentiality, and writing an integrity authentication set of data into an intelligent contract T1;
step 1.5: the cloud storage server establishes an index of the short hash value, the data ciphertext and the corresponding owner/intelligent contract address, wherein the index is shown in fig. 2, and the data uploading process is completed.
In one or more embodiments, the data uploader deletes the locally stored outsourced data file after completing the uploading step.
If the short hash value exists, the data may already be uploaded by other users, the cloud storage server sends the address of the intelligent contract (T0, T1) corresponding to the short hash value to the uploading person according to the index, and the uploading person performs the following steps:
step 2.1: generating public and private key pairs for public key encryption and decryption, and executing the following steps on all intelligent contracts (T0, T1);
step 2.2: activating an intelligent contract T1, wherein the intelligent contract T1 generates a challenge Chal according to the current state and finds a corresponding authentication Auth from an integrity authentication set of data according to the Chal, and the intelligent contract T1 signs the Chal and the Auth by using a digital signature scheme and outputs the Chal, the Auth and the signature to an uploader;
step 2.3: the uploader verifies the signatures of the intelligent contract T1 to the Chal and the Auth, after the signature passes the verification, the uploader uses own file data and the Chal/Auth to generate an integrity certification P of the data by using an integrity certification generation algorithm in an audio scheme, and takes the public key of the uploader, the certification P, chal and the signature of the intelligent contract T1 to the Chal as inputs to activate the intelligent contract T0;
step 2.4: the intelligent contract T0 firstly verifies the signature of the Chal, if the signature is verified, the integrity verification code is utilized to verify the P, if the signature is verified, the uploading person is proved to really have the complete data file corresponding to the intelligent contract, the T0 encrypts the data encryption key by utilizing the public key of the uploading person and sends the ciphertext to the uploading person, the uploading process is completed, and the step 2.5 is skipped; if the integrity check is not passed, the uploading device is not provided with the complete data file corresponding to the intelligent contract, and jumps to step 2.2 to execute the next pair of intelligent contracts; if the integrity check is not passed for all intelligent contracts corresponding to the short hash value, the fact that the data uploaded by the uploading user for the time is not uploaded by other users before is indicated, the short hash value is the same as some previous data files, the step 1.1 is skipped, the data uploading is executed, and the step 2.5 is not executed any more.
Step 2.5: the uploading user uses the private key to decrypt the ciphertext of the data encryption key, and the data encryption key can be obtained. The subsequent uploader of the data need not actually upload the data.
Example two
As shown in fig. 5, the embodiment provides a trusted-free third party cloud storage ciphertext deduplication system meeting semantic security, which specifically includes: a data uploading person and a cloud storage server;
the data uploading device is used for sending the short hash value of the data to the cloud storage server; the data uploader comprises a data first uploader and a data subsequent uploader; the data uploading method comprises the steps that a data uploading person generates a public and private key pair for data integrity verification by using a key generation algorithm and a security parameter of an outsourced data integrity remote Audit scheme Audit; and the data subsequent uploading user generates a public and private key pair for public key encryption and decryption by using a key generation algorithm of a public key encryption algorithm PKE.
And the cloud storage server is used for matching by using the short hash value and judging whether the data possibly exist in the cloud storage.
If the data is not matched, namely the data does not exist in cloud storage, the data uploading device generates an integrity authentication set for uploading data plaintext for the first time, the ciphertext data is uploaded to a cloud storage server, an encryption key and an integrity check code are written into an intelligent contract T0 capable of protecting data confidentiality, the integrity authentication set of the data and a public key of an outsourcing data integrity remote Audit scheme Audit of the data are written into the intelligent contract T1, and the data uploading process for the first time is completed;
if the data is matched, namely the data possibly exists in the cloud storage, a data follow-up uploading person activates an intelligent contract T1 to acquire challenge/authentication information, activates an intelligent contract T0, firstly checks the data integrity, and if the data integrity check is passed, namely the data to be transmitted is proved to really exist in the cloud storage, the T0 encrypts a data encryption key by utilizing a public key of the data follow-up uploading person and sends a ciphertext to the data follow-up uploading person, and decrypts the ciphertext of the data encryption key by utilizing a private key of the data follow-up uploading person to acquire the data encryption key; and if the data integrity check is not passed, namely that the data to be transmitted does not exist in the cloud storage, executing a data first uploading process.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A trusted-free third-party cloud storage ciphertext deduplication method meeting semantic security is characterized by comprising the following steps:
the data uploading person sends the short hash value of the data to the cloud storage server;
the cloud storage server utilizes the short hash value to match, and judges whether the data exists in the cloud storage or not;
the data uploading device comprises a data first uploading device and a data subsequent uploading device; the data primary uploading person generates a public and private key pair for data integrity verification by using a key generation algorithm and a security parameter of an outsourced data integrity remote audit scheme so as to realize a data primary uploading process; the data subsequent uploading user uses the key generation algorithm of the public key encryption algorithm to generate a public and private key pair for public key encryption and decryption, and then uses the public and private key pair to decrypt the ciphertext of the data encryption key or execute the data primary uploading process based on the data integrity verification;
if the data is not matched, the data primary uploading person generates an integrity authentication set of uploading data plaintext, the ciphertext data is uploaded to the cloud storage server, an encryption key and an integrity check code are written into an intelligent contract T0 capable of protecting data confidentiality, the integrity authentication set of the data and a public key of an outsourcing data integrity remote audit scheme are written into the intelligent contract T1, and the data primary uploading process is completed;
if the data is matched, the data follow-up uploading user activates the intelligent contract T1 to acquire challenge/authentication information, activates the intelligent contract T0, firstly checks the data integrity, if the data integrity check is passed, the T0 encrypts the data encryption key by using the public key of the data follow-up uploading user, sends the ciphertext to the data follow-up uploading user, decrypts the ciphertext of the data encryption key by using the private key of the data follow-up uploading user, and acquires the data encryption key; and if the data integrity check is not passed, executing a data first uploading process.
2. The method for cryptographically storing and de-duplicating a third-party cloud storage without trust for satisfying semantic security according to claim 1, wherein the cloud storage server stores all short hash values of data and addresses of all intelligent contracts corresponding to the short hash values, and searches the short hash values in an existing data short hash value table, if the short hash values can be matched, all intelligent contract addresses corresponding to the short hash values can be obtained, otherwise, the data is not stored in the cloud storage.
3. The method for cryptographically secure non-trusted third-party cloud storage as claimed in claim 1, wherein said public-private key pair comprises a public-private key pair for data integrity verification and a public-private key pair for public-key encryption.
4. The method for cryptographically deduplicating a non-trusted third-party cloud storage that satisfies semantic security of claim 2, wherein an integrity check algorithm code is stored in the smart contract T0.
5. The method for cryptographically deduplicating a non-trusted third-party cloud storage that satisfies semantic security of claim 1, wherein an integrity-authenticated set of data is stored in the smart contract T1.
6. A trusted-free third-party cloud storage ciphertext deduplication system meeting semantic security is characterized by comprising a data uploading person and a cloud storage server;
the data uploading device is used for sending the short hash value of the data to the cloud storage server; the data uploader comprises a data first uploader and a data subsequent uploader; the data primary uploading method comprises the steps that a data primary uploading person generates a public and private key pair for data integrity verification by using a key generation algorithm and a security parameter of an outsourced data integrity remote audit scheme so as to realize a data primary uploading process; the data subsequent uploading user uses the key generation algorithm of the public key encryption algorithm to generate a public and private key pair for public key encryption and decryption, and then uses the public and private key pair to decrypt the ciphertext of the data encryption key or execute the data primary uploading process based on the data integrity verification;
the cloud storage server is used for utilizing the short hash value to match and judging whether the data exists in the cloud storage or not;
if the data is not matched with the data, the data uploading server firstly generates an integrity authentication set of uploading data plaintext, the ciphertext data is uploaded to the cloud storage server, an encryption key and an integrity check code are written into an intelligent contract T0 capable of protecting data confidentiality, the integrity authentication set of the data and a public key of an outsourcing data integrity remote audit scheme are written into the intelligent contract T1, and the data uploading process firstly is completed;
in the cloud storage server, if the data is matched, activating an intelligent contract T1 by a data subsequent uploading user to acquire challenge/authentication information, activating an intelligent contract T0, firstly checking the data integrity, if the data integrity check is passed, encrypting a data encryption key by using a public key of the data subsequent uploading user by T0, sending a ciphertext to the data subsequent uploading user, decrypting the ciphertext of the data encryption key by using a private key of the data subsequent uploading user, and obtaining the data encryption key; and if the data integrity check is not passed, executing a data first uploading process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110943595.4A CN113656818B (en) | 2021-08-17 | 2021-08-17 | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110943595.4A CN113656818B (en) | 2021-08-17 | 2021-08-17 | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113656818A CN113656818A (en) | 2021-11-16 |
| CN113656818B true CN113656818B (en) | 2023-07-28 |
Family
ID=78480061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110943595.4A Active CN113656818B (en) | 2021-08-17 | 2021-08-17 | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113656818B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115484031B (en) * | 2022-09-13 | 2024-03-08 | 山东大学 | SGX-based trusted-free third-party cloud storage ciphertext deduplication method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110677487A (en) * | 2019-09-30 | 2020-01-10 | 陕西师范大学 | Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection |
| CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
| CN112732695A (en) * | 2021-01-21 | 2021-04-30 | 广东工业大学 | Cloud storage data security deduplication method based on block chain |
-
2021
- 2021-08-17 CN CN202110943595.4A patent/CN113656818B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110677487A (en) * | 2019-09-30 | 2020-01-10 | 陕西师范大学 | Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection |
| CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
| CN112732695A (en) * | 2021-01-21 | 2021-04-30 | 广东工业大学 | Cloud storage data security deduplication method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113656818A (en) | 2021-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110213042B (en) | Cloud data deduplication method based on certificate-free proxy re-encryption | |
| US11356280B2 (en) | Personal device security using cryptocurrency wallets | |
| TWI748853B (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
| CN109067524B (en) | Public and private key pair generation method and system | |
| More et al. | Third party public auditing scheme for cloud storage | |
| US7634085B1 (en) | Identity-based-encryption system with partial attribute matching | |
| CN111130757A (en) | Multi-cloud CP-ABE access control method based on block chain | |
| CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
| CN106713279B (en) | video terminal identity authentication system | |
| CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
| Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
| CN108696518B (en) | Block chain user communication encryption method and device, terminal equipment and storage medium | |
| CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
| US10887110B2 (en) | Method for digital signing with multiple devices operating multiparty computation with a split key | |
| US20120290833A1 (en) | Certificate Blobs for Single Sign On | |
| CN104486087A (en) | Digital signature method based on remote hardware security modules | |
| CN113656818B (en) | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security | |
| CN116709325B (en) | Mobile equipment security authentication method based on high-speed encryption algorithm | |
| CN116318784B (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| CN112800462A (en) | Method for storing confidential information in cloud computing environment | |
| CN114760072B (en) | Signature and signature verification method, device and storage medium | |
| CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
| CN115412236A (en) | Method for key management and password calculation, encryption method and device | |
| Abbdal et al. | Secure third party auditor for ensuring data integrity in cloud storage | |
| CN112989378A (en) | File trusted intermediate storage architecture based on attribute encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |