CN116599650B - Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium - Google Patents
Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium Download PDFInfo
- Publication number
- CN116599650B CN116599650B CN202310866182.XA CN202310866182A CN116599650B CN 116599650 B CN116599650 B CN 116599650B CN 202310866182 A CN202310866182 A CN 202310866182A CN 116599650 B CN116599650 B CN 116599650B
- Authority
- CN
- China
- Prior art keywords
- file
- user equipment
- tag
- block
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 98
- 230000004044 response Effects 0.000 claims abstract description 10
- 230000006870 function Effects 0.000 claims description 62
- 238000000638 solvent extraction Methods 0.000 claims description 10
- 230000000903 blocking effect Effects 0.000 claims 4
- 238000004364 calculation method Methods 0.000 description 21
- 230000008569 process Effects 0.000 description 10
- 230000003993 interaction Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 239000002699 waste material Substances 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- PWNAWOCHVWERAR-UHFFFAOYSA-N Flumetralin Chemical compound [O-][N+](=O)C=1C=C(C(F)(F)F)C=C([N+]([O-])=O)C=1N(CC)CC1=C(F)C=CC=C1Cl PWNAWOCHVWERAR-UHFFFAOYSA-N 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Abstract
The application provides a ciphertext deduplication method, a ciphertext deduplication device, ciphertext deduplication equipment and a ciphertext storage medium, relates to the technical field of information security, and is used for solving the problem of ciphertext deduplication under the condition that a third-party server is not introduced and data security is guaranteed as much as possible. The method comprises the following steps: determining whether a second file tag obtained according to a public key of the second user equipment is equal to a second file signature tag obtained according to a second message of the second user equipment or not in response to a ciphertext uploading instruction sent when the second user equipment uploads the second ciphertext; if the second file label is equal to the second file signature label, determining whether the first file label corresponding to the first user equipment is equal to the second file label; if the first file tag is equal to the second file tag, determining whether the second user equipment has a first key corresponding to a first message of the first user equipment; and if the second user equipment is determined to have the first key, notifying the second user equipment not to upload the second ciphertext.
Description
Technical Field
The application relates to the technical field of information security, and provides a ciphertext deduplication method, a ciphertext deduplication device, ciphertext deduplication equipment and a ciphertext storage medium.
Background
At present, with the rapid development of the internet, in order to solve the problems that hard disk storage is unfavorable for taking along with use and storage space is insufficient, users and enterprises increasingly like to upload own data to cloud for storage. However, after the data stored in the cloud loses the control of the data owner, the data can be stolen, tampered, and the like. Therefore, a phenomenon of storing the data itself after encrypting it occurs to avoid these risks. However, since the encryption algorithms are different, a phenomenon of encrypting the same data using a plurality of encryption algorithms, that is, a phenomenon equivalent to repeatedly storing the same data a plurality of times, greatly wastes a storage space, and increases maintenance costs of the server, is liable to occur. On the basis, in order to prevent the phenomenon that a plurality of encryption algorithms encrypt the same data, the concept of data deduplication is proposed. The data deduplication is also called as duplicate data deletion technology, which is to only reserve one file data and give legal access rights to users with the same file copy, so as to save storage space. In the conventional encryption method, since encryption keys used by different users are different, ciphertext is also different, and thus duplication removal cannot be achieved.
Thus, various data deduplication methods have appeared in recent years, for example, ciphertext deduplication using a hash value of a file as an encryption key of the file, or using Message-lock encryption (MLE). However, these schemes are prone to off-line brute force attacks and are less secure. Further, in order to solve the offline brute force attack, a method of encrypting an encryption key by introducing a third-party server and using an RSA blind signature to resist the brute force attack appears, but the key storage and calculation costs of the method are too high, so that the execution efficiency is low. In addition, in order to reduce the leakage probability of data in a deduplication scene as much as possible, in recent years, methods of realizing key security transfer by calculating a large digest of an entropy file without loss, performing ownership authentication on a blockchain through an intelligent contract, jointly generating encryption keys by a plurality of servers and having timeliness, performing upper and lower double-layer encryption sensitive partitioning on the file, storing the encryption keys by using SGX and verifying the integrity of the data and the like have appeared, however, although the methods improve the data security in ciphertext deduplication, basically all introduce a third party server, and have high expenditure.
Therefore, how to perform ciphertext deduplication without introducing a third party server and guaranteeing data security as much as possible is a problem to be solved at present.
Disclosure of Invention
The embodiment of the application provides a ciphertext deduplication method, a ciphertext deduplication device, ciphertext deduplication equipment and a storage medium, which are used for solving the problem of performing ciphertext deduplication under the condition that a third-party server is not introduced and data security is ensured as much as possible.
In one aspect, a ciphertext deduplication method is provided, the method comprising:
uploading a second ciphertext in response to a second user deviceDetermining a second file label obtained according to the public key of the second user equipment according to a ciphertext uploading instruction sent at the time>And a second message according to said second user equipment +.>The second file signature tag obtained +.>Whether or not they are equal; the second user equipment is any user equipment except the first user equipment, which uploads ciphertext to the server equipment, and the first user equipment is the first user equipment which uploads ciphertext to the server equipment;
if the second file label is determinedSignature tag +_with the second file>If the first file labels are equal, determining first file labels corresponding to the first user equipment >And the second file tag->Whether or not they are equal;
if the first file label is determinedAnd the second file tag->Equal, determining if said second user equipment owns a first message of said first user equipment +.>Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first keyIs the first message->According to a preset first hash function +.>Calculating;
if it is determined that the second user equipment owns the first keyNotifying the second user equipment not to upload the second ciphertext +.>。
In one implementation, if the second file tag is determinedSignature tag with the second fileIf the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->After being equal, the method further comprises:
if the first file label is determinedAnd the second file tag->If not, determining the first block tag +.>And the second block tag->Whether or not they are equal; wherein the first block tag->Is according to the first message +.>Is>Obtained, said second block tag->Is according to the second message +. >Second of (3)Block message->Obtained;
if the first block label is determinedSaid second block tag->Equal, determining if said second user equipment owns a first block message of said first user equipment>Corresponding first block key->;
If it is determined that the second user equipment owns the first block keyNotifying the second user equipment not to upload the second block ciphertext +.>The method comprises the steps of carrying out a first treatment on the surface of the Wherein the second block ciphertext ++>Is the second block message +.>By means of the first hash function +.>And (3) performing operation.
In one implementation, if the second file tag is determinedSignature tag with the second fileIf the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->After being equal, the method further comprises:
if the first file label is determinedAnd the second file tag->If not, determining the first block tag +.>And the second block tag->Whether or not they are equal; wherein the first block tag->Is according to the first message +.>Is>Obtained, said second block tag->Is according to the second message +. >Second block message->Obtained;
if the first block label is determinedSaid second block tag->If the first ciphertext is not equal to the second ciphertext, notifying the second user equipment to upload the second ciphertext +.>。
In one implementation, if the second file tag obtained according to the public key of the second user equipment is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Whether equal or not, comprising:
if the second file label obtained according to the public key of the second user equipment is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>Equal, and determining a second block tag obtained from the public key of the second user device +.>And a second block message according to said second user equipment->The second block signature tag obtained +_>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Whether equal.
In one implementation, if a second file tag derived from a public key of a second user device is determinedAnd a second message according to said second user equipment +. >The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
according to the second messageA preset security parameter k and said first hash function +.>Obtaining the firstTwo messages->Corresponding second ciphertext->;
According to the second ciphertextA preset second hash function +.>Obtaining said second file tag +.>;
For the second file labelSigning to obtain the second file signature tag +.>。
In one implementation, if a second file tag derived from a public key of a second user device is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the methodFurther comprises:
for the second messagePartitioning to obtain->Second block message->The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>,/>For the second message->Maximum number of blocks;
according to the second block messageA preset security parameter k and said first hash function +.>Obtaining said second block message +. >Corresponding second block ciphertext->;
According to the second block cipher textA preset second hash function +.>Obtaining said second block message +.>Corresponding second block tag->;
To the second block labelSigning to obtain said second block message +.>Corresponding second block signature tag。
In one implementation, if a second file tag derived from a public key of a second user device is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
if a first file label obtained according to the public key of the first user equipment is determinedAnd according to said first message +.>The first file signature tag obtained->Equal, and determining a first block tag derived from the public key of said first user device +.>And +/according to said first user equipment>The obtained first block signature tagIf the first file ciphertext C and the first file label are equal, determining that the first user corresponding to the first user equipment is a legal user, and adding the first file ciphertext C and the first file label of the first user equipment to the legal user >And storing the public key of the first user equipment in the server equipment.
In one implementation, if a second file tag derived from a public key of a second user device is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
according to the first messagePreset, presetSecurity parameter k and said first hash function +.>Obtaining said first message->Corresponding first ciphertext->;
According to the first ciphertextA preset second hash function +.>Obtaining said first file tag +.>;
For the first file labelSigning to obtain said first message +.>Corresponding first file signature tag。
In one implementation, if a second file tag derived from a public key of a second user device is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>Equal, determining the first user equipmentCorresponding first File Label->And the second file tag->Before whether or not they are equal, the method further comprises:
For the first messagePartitioning to obtain->First block message->The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>,/>For the first message->Maximum number of blocks;
based on the first block messageA preset security parameter k and said first hash function +.>Obtaining said first block message->Corresponding first block cipher text->;
Based on the first block ciphertextA preset second hash function +.>Obtaining said first block message->Corresponding first block label->;
For the first block labelSigning to obtain said first block message +.>Corresponding first block signature tag。
In one implementation, if it is determined that the second user device owns the first keyNotifying the second user equipment of the second ciphertext +.>Thereafter, the method further comprises:
if any user equipment applies for downloading the first ciphertext C, determining whether a third file tag obtained according to the public key of any user equipment is equal to a third file signature tag obtained according to the third message of any user equipment;
and if the third file signature label is equal according to the third file label, the first ciphertext C is sent to any user equipment.
In one aspect, there is provided a ciphertext deduplication apparatus, the apparatus comprising:
a first determining unit for uploading the second ciphertext in response to the second user equipmentDetermining a second file label obtained according to the public key of the second user equipment according to a ciphertext uploading instruction sent at the time>And a second message according to said second user equipment +.>The second file signature tag obtained +.>Whether or not they are equal; the second user equipment is any user equipment except the first user equipment, which uploads ciphertext to the server equipment, and the first user equipment is the first user equipment which uploads ciphertext to the server equipment;
a second determining unit, configured to, if it is determined that the second file tagSignature tag with the second fileIf the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->Whether or not they are equal;
a third determining unit, configured to, if it is determined that the first file tagAnd the second file tag->Equal, determining whether the second user equipment owns the first user equipmentA message->Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first key->Is the first message- >According to a preset first hash function +.>Calculating;
a notification unit configured to, if it is determined that the second ue owns the first keyNotifying the second user equipment not to upload the second ciphertext +.>。
In one aspect, an apparatus for ciphertext deduplication is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing any of the methods described above when executing the computer program.
In one aspect, a computer storage medium having stored thereon computer program instructions which, when executed by a processor, implement any of the methods described above.
In the present application, when the second user device wants to upload the second ciphertext to the server deviceWhen the second user equipment sends a ciphertext uploading instruction to the server equipment, the server equipment responds to the ciphertext uploading instruction and determines a second file tag obtained according to the public key of the second user equipment>And a second message according to a second user equipment +.>The second file signature tag obtained +.>Whether equal. Further, if the second file tag +.>Signature tag with second file- >If the first file labels are equal, determining the first file label corresponding to the first user equipment>And second file label->Whether equal. Further, if the first file tag +.>And second file label->Equal, it is determined if the second user equipment owns the first message +.>Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Further, if it is determined that the second user equipment has the first key +.>Informing the second user equipment not to upload the second ciphertext +.>. Thus, in the present application, by employing an "RSA signature" that determines whether the server device contains the file tag of the second user device, and determining whether the second user device has the encryption key of the first user device +.>The 'zero knowledge authentication of the Schnorr protocol' is used for carrying out double authentication on the identity of the second user, so that the server equipment can realize the authentication on the identity of the second user under the condition that any information related to the second user equipment key is not known, and the probability of data leakage in the interaction process is greatly reduced. In addition, when ciphertext deduplication is carried out, as a third-party server is not introduced, data interaction is carried out with each user device only through the unique server device, and therefore storage and calculation cost can be greatly reduced when violent attack is resisted.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to the provided drawings without inventive effort for those skilled in the art.
Fig. 1 is a schematic view of an application scenario provided by the present application;
FIG. 2 is a schematic flow chart of the ciphertext deduplication method provided by the present application;
FIG. 3 is a schematic flow chart of obtaining a second signature label of a file according to the present application;
FIG. 4 is a schematic flow chart of obtaining a second block signature tag according to the present application;
FIG. 5 is a schematic flow chart of obtaining a first file signature tag according to the present application;
FIG. 6 is a schematic flow chart of obtaining a first signature tag according to the present application;
fig. 7 is a schematic flow chart of downloading the first ciphertext C according to the present application;
fig. 8 is a schematic diagram of a ciphertext deduplication apparatus provided by the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application. Embodiments of the application and features of the embodiments may be combined with one another arbitrarily without conflict. Also, while a logical order is depicted in the flowchart, in some cases, the steps depicted or described may be performed in a different order than presented herein.
At present, with the rapid development of the internet, in order to solve the problems that hard disk storage is unfavorable for taking along with use and storage space is insufficient, users and enterprises increasingly like to upload own data to cloud for storage. However, after the data stored in the cloud loses the control of the data owner, the data can be stolen, tampered, and the like. Therefore, a phenomenon of storing the data itself after encrypting it occurs to avoid these risks. However, since the encryption algorithms are different, a phenomenon of encrypting the same data using a plurality of encryption algorithms, that is, a phenomenon equivalent to repeatedly storing the same data a plurality of times, greatly wastes a storage space, and increases maintenance costs of the server, is liable to occur. On the basis, in order to prevent the phenomenon that a plurality of encryption algorithms encrypt the same data, the concept of data deduplication is proposed. The data deduplication is also called as duplicate data deletion technology, which is to only reserve one file data and give legal access rights to users with the same file copy, so as to save storage space. In the conventional encryption method, since encryption keys used by different users are different, ciphertext is also different, and thus duplication removal cannot be achieved.
Thus, various data deduplication methods have appeared in recent years, for example, ciphertext deduplication using a hash value of a file as an encryption key of the file, or using Message-lock encryption (MLE). However, these schemes are prone to off-line brute force attacks and are less secure. Further, in order to solve the offline brute force attack, a method of encrypting an encryption key by introducing a third-party server and using an RSA blind signature to resist the brute force attack appears, but the key storage and calculation costs of the method are too high, so that the execution efficiency is low. In addition, in order to reduce the leakage probability of data in a deduplication scene as much as possible, in recent years, methods of realizing key security transfer by calculating a large digest of an entropy file without loss, performing ownership authentication on a blockchain through an intelligent contract, jointly generating encryption keys by a plurality of servers and having timeliness, performing upper and lower double-layer encryption sensitive partitioning on the file, storing the encryption keys by using SGX and verifying the integrity of the data and the like have appeared, however, although the methods improve the data security in ciphertext deduplication, basically all introduce a third party server, and have high expenditure.
Based on the above, the present application provides a ciphertext deduplication method, in which, when a second user equipment wants to upload a second ciphertext to a server deviceWhen the second user equipment sends a ciphertext uploading instruction to the server equipment, the server equipment responds to the ciphertext uploading instruction and determines a second file tag obtained according to the public key of the second user equipment>And a second message according to a second user equipment +.>The obtained second file signature markSign->Whether equal. Further, if the second file tag +.>Signature tag with second file->If the first file labels are equal, determining the first file label corresponding to the first user equipment>And second file label->Whether equal. Further, if the first file tag +.>And second file label->Equal, it is determined if the second user equipment owns the first message +.>Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Further, if it is determined that the second user equipment has the first key +.>Informing the second user equipment not to upload the second ciphertext +.>. Thus, in the present application, by employing an "RSA signature" that determines whether the server device contains the file tag of the second user device, and determining whether the second user device has the encryption key of the first user device The 'zero knowledge authentication of the Schnorr protocol' is used for carrying out double authentication on the identity of the second user, so that the server equipment can realize the authentication on the identity of the second user under the condition that any information related to the second user equipment key is not known, and the probability of data leakage in the interaction process is greatly reduced. In addition, when ciphertext deduplication is carried out, as a third-party server is not introduced, data interaction is carried out with each user device only through the unique server device, and therefore storage and calculation cost can be greatly reduced when violent attack is resisted.
After the design idea of the embodiment of the present application is introduced, some simple descriptions are made below for application scenarios applicable to the technical solution of the embodiment of the present application, and it should be noted that the application scenarios described below are only used for illustrating the embodiment of the present application and are not limiting. In the specific implementation process, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application. The application scenario may include a server device 10, a first user device 20, and a second user device 30.
The first user device 20 has a function of encrypting and uploading data to be uploaded by the first user, for example, an electronic device having a computing and network connection function such as a mobile phone or a personal computer (Personal Computer, PC). The second user device 30 has a function of encrypting and uploading data to be uploaded by the second user, and may be an electronic device having a computing and network connection function such as a mobile phone or a personal computer.
The server device 10 has functions of identity authentication and data storage for each user, and the server device 10 may include one or more central processing units 101 (Central Processing Unit, CPU), a memory 102, an I/O interface 103, and a database 104. Specifically, the processor 101 may be a central processing unit (central processing unit, CPU), or a digital processing unit or the like. The memory 102 may be a volatile memory (RAM), such as a random-access memory (RAM); the memory 102 may also be a non-volatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a Hard Disk Drive (HDD) or a Solid State Drive (SSD), or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. The memory 102 may be a combination of the above. The memory 102 may store partial program instructions of the ciphertext deduplication method provided by the embodiment of the present application, where the partial program instructions, when executed by the processor 101, implement steps of the ciphertext deduplication method provided by the embodiment of the present application together with corresponding program instructions in the first user equipment 20 and the second user equipment 30, so as to solve a problem of performing ciphertext deduplication under a condition that a third party server is not introduced and data security is ensured as much as possible. The database 104 may be used to store data such as ciphertext, file tags, and file signature tags involved in the scheme provided by the embodiment of the present application.
In the present application, after a first user calculates data such as an encryption key, a key pair, a ciphertext, a file tag, etc. according to a security parameter k sent by a server device 10 through a first user device 20, the server device 10 may temporarily receive the data through an I/O interface 103, and then, a processor 101 of the server device 10 may perform identity authentication according to a program instruction of a ciphertext duplication removal method provided by an embodiment of the present application in a memory 102, so as to determine whether the first user is a legal user, and further, if the processor 101 determines that the first user is a legal user, the data such as the ciphertext and the file tag of the first user is stored in a database 104.
Further, in the present application, in order to prevent the waste of the storage space of the database 104, when the second user uploads the ciphertext data through the second user device 30, the problem may be solved by determining whether the ciphertext transmitted by the second user has a duplicate storage. Further, after the second user device 30 receives the security parameter k sent by the server device 10, data such as a corresponding encryption key, a key pair, a ciphertext, a file tag, etc. are calculated, and the server device 10 may temporarily receive these data through the I/O interface 103, further, the processor 101 of the server device 10 may perform identity authentication according to the program instruction of the ciphertext duplication removal method provided by the embodiment of the present application in the memory 102, so as to determine whether the second user is a legal user, and whether the same ciphertext exists in the database 104 of the server device 10, further, when the processor 101 determines that the second user is a legal user, and the same ciphertext does not exist in the database 104, the server device 10 notifies the second user device not to upload the ciphertext of the second user device to the server device 10. The second user's ciphertext, file tag, and other data may be stored in database 104.
Of course, the method provided by the present application is not limited to the application scenario shown in fig. 1, but may be used in other possible application scenarios, and the present application is not limited thereto. The functions that can be implemented by each device in the application scenario shown in fig. 1 will be described together in the following method embodiments, which are not described in detail herein. The method according to the embodiment of the present application will be described below with reference to the accompanying drawings.
As shown in fig. 2, a flowchart of the ciphertext deduplication method provided by the present application may be implemented by the server device 10 in fig. 1, and the flowchart of the method is described below.
Step 201: uploading a second ciphertext in response to a second user deviceDetermining a second file tag obtained according to a public key of the second user equipment according to a ciphertext uploading instruction sent at the time>And a second message according to a second user equipment +.>The second file signature tag obtained +.>Whether equal.
In the embodiment of the application, the second user equipment is any user equipment except the first user equipment, which uploads the ciphertext to the server equipment, and the first user equipment is the first user equipment for uploading the ciphertext to the server equipment.
In practical applications, in order to save the storage space of the local second user device 30, the second user may upload the data such as the ciphertext to be stored to the server device 10 for storage, without storing on the local second user device 30. Based on this, the second user uses the second user device 30 to send the second ciphertext to the second user When the data is uploaded to the server device 10, a corresponding ciphertext uploading instruction is sent to the server device 10, and further, in order to verify that the second user device 30 uploading the data is a legal user device, the server device 10, in response to the ciphertext uploading instruction sent by the second user device 30, will send signature data in the received uploading data according to the public key sent by the second user device 30 (the signature data is obtained by using the private key of the second user device 30 to tag the second file->Obtained by signing) to obtain a second file tag +.>At the same time, a second message is also uploaded according to the second user equipment 30 +.>Calculating to obtain a second file signature label +.>Further, by comparing the second file tag +.>Signature tag of the second file->Whether equal or not to determine whether the second user device 30 is a legitimate user device or not.
Step 202: if the second file label is determinedSignature tag with second file->If the first file labels are equal, determining the first file label corresponding to the first user equipment>And second file label->Whether or not they are equal;
in the embodiment of the present application, the server device 10 determines the second file tag when using the "RSA signature" to authenticate the second user device 30 Signature tag with second file->Whether equal. Further, if the second file tag +.>Signature tag with second file->When the second user is determined to be a legal user according to the RSA signature, in order to prevent the second user device 30 from repeatedly uploading the ciphertext data stored in the server device 10, in the embodiment of the present application, the first file tag corresponding to the first user device 20 is determined>With a second file labelWhether equal. Conversely, if the second file tag is determined +.>Signature tag with second file->If the data are not equal, it is determined that the second user is an illegal user, and then the second user device 30 cannot upload the data such as the ciphertext thereof to the server device 10 for storage.
Step 203: if the first file label is determinedAnd second file label->Equal, it is determined if the second user equipment owns the first message +.>Corresponding first key->。
In an embodiment of the present application, the first keyIs the first message->According to a preset first hash function +.>And (5) calculating.
Specifically, if the first file tag is determinedAnd second file label->Equal, i.e. the second ciphertext uploaded to the second user device 30 has been stored in the server device 10 +. >The same ciphertext data, in this case, in order to prevent the second ciphertext +.>The server device 10 should inform the second user device 30 not to upload the own second ciphertext +.>。
However, in order to prevent data leakage, in the embodiment of the present application, the first file tag is determinedAnd second file label->After equality, the identity of the second user may be further verified by zero-knowledge authentication of the Schnorr protocol, in particular by determining whether the second user device 30 owns the first message of the first user device 20>Corresponding first key->。
Step 204: if it is determined that the second user equipment has the first keyInforming the second user equipment not to upload the second ciphertext +.>。
In the embodiment of the application, first, two large prime numbers are selectedAnd->Satisfy->The order is->Andthe second user equipment 30 randomly selects +.>Wherein Z represents all integers, ">Representation->And->Intersection between, calculate +.>And sent to the server device 10.
The challenge value is then randomly selected by the server device 10And send to->。
Next, after the challenge value is received by the second user equipment 30, a response value is calculatedAnd transmitted to the server device 10.
Finally, the server device 10 calculates the calculation If->The server device 10 considers that the second user device 30 has the first key +.>That is, the second user corresponding to the second user device 30 is a legal user. Further, the server device 10 notifies the second user device 30 to upload the second ciphertext +.>. Of course, if->The server device 10 considers that the second user device 30 does not possess the first key +.>I.e. the second user is an illegal user.
In one possible implementation, since for a ciphertext, it may happen that the entire ciphertext segment does not have the same ciphertext data in the server, and that a block or blocks of ciphertext in the ciphertext have the same ciphertext data in the server. Therefore, in order to avoid wasting the storage space of the server device 10 as much as possible, in the embodiment of the present application, if the second file tag is determinedSignature tag +_with the second file>If the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->After equality, the second ciphertext may also be +>The ciphertext block in (a) is subjected to a deduplication decision, as shown in particular in steps 205-207 of fig. 2.
Step 205: if the first file label is determined And second file label->If not, then determine the first block tag +.>And a second block label->Whether equal.
In an embodiment of the application, the first block of labelsIs based on the first message +.>Is>Obtained, second block tag->Is based on a second message of a second user equipment +.>Second block message->Obtained.
In practice, for a certain ciphertext,it may happen that the whole ciphertext block does not have the same ciphertext data in the server, and that a certain block or blocks of ciphertext in the certain ciphertext have the same ciphertext data in the server. Therefore, in order to not waste the storage space of the server device 10 as much as possible, in the embodiment of the present application, the second ciphertext may also be usedAnd (3) performing duplicate removal judgment on the ciphertext block in the sequence.
Specifically, if the first file tag is determinedAnd second file label->Inequality, i.e. there is no complete and second ciphertext +.>The same ciphertext data, so that the server device 10 further determines the first block tag +.>And a second block label->Whether or not they are equal, i.e. determining the second ciphertext +. >Second block ciphertext->Whether or not to be identical to the first ciphertext stored in the server device 10>The first block of ciphertext->Whether equal.
Step 206: if the first block label is determinedSecond block label->Equal, it is determined if the second user equipment owns the first block message of the first user equipment +.>Corresponding first block key->。
In the embodiment of the application, if the first block label is determinedAnd a second block label->Equal, i.e. the second block cipher text +.f uploaded to the second user device 30 has been stored in the server device 10>Identical ciphertext data, in this case, in order to prevent repeated storage of the second block ciphertext +.>The server device 10 should inform the second user device 30 not to upload itself. However, in order to prevent data leakage, in the embodiment of the present application, the first block tag +.>And a second block label->After equality, and determining that the second user equipment has the first key +.>Similarly, the identity of the second user may also be further verified by zero-knowledge authentication of the Schnorr protocol, in particular by determining whether the second user device 30 owns the first block message of the first user device 20>Corresponding first block key->。
Step 207: if it is determined that the second user equipment owns the first block key Informing the second user equipment not to upload the second block cipher text +.>。
In an embodiment of the present application, the second block cipher textIs a second block message->By means of a first hash function->And (3) performing operation.
Specifically, first, two large prime numbers are selectedAnd->Satisfy->The order is->Andthe second user equipment 30 randomly selects +.>Wherein Z represents all integers, ">Representation->And->Intersection between, calculate +.>And sent to the server device 10.
The challenge value is then randomly selected by the server device 10And send to->
Next, after the challenge value is received by the second user equipment 30, a response value is calculatedAnd sent to the server device 10>
Finally, the server device 10 calculates the calculationIf->The server device 10 considers that the second user device 30 has the first block key +.>That is, the second user corresponding to the second user device 30 is a legal user. Further, the server device 10 notifies the second user device 30 to upload the second block cipher text +.>. Of course, ifThe server device 10 considers that the second user device 30 does not possess the first block key +.>I.e. the second user is an illegal user.
In one possible implementation, since the second ciphertext may not be present in the server device 10 The same ciphertext data, also without the second block ciphertext +.>Identical ciphertext data, therefore, if the second file tag is determinedSignature tag +_with the second file>If the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->After being equal, the second user equipment can be also informed to upload the second ciphertext +.>As shown in particular in steps 205, 208 of fig. 2.
Step 205: if the first file label is determinedAnd second file label->If not, then determine the first block tag +.>And a second block label->Whether equal.
Since this step 205 has been described in detail above, reference is made here to the detailed process description of step 205 described above.
Step 208: if the first block label is determinedSaid second block tag->If the first ciphertext is not equal to the second ciphertext, notifying the second user equipment to upload the second ciphertext +.>。
In the embodiment of the application, if the first file tag is determinedAnd second file label->Not equal, and the first block tag->Second block label->Nor are they equal. That is, not only the second ciphertext ++does not exist in the server apparatus 10>Identical ciphertext data, there is no second ciphertext +. >Any one of the second block ciphertexts->The same ciphertext data, then the server device 10 may inform the second user device 30 to upload the second ciphertext +.>。
In one possible implementation, to improve data security, when the server device 10 employs an "RSA signature" to authenticate the second user device 30, except by authenticating the second messageSignature verification is performed while a second message can be signed +.>To verify the identity of the second user equipment 30 further more accurately, as shown in step 201 of fig. 2.
Specifically, if it is determined that the public key is based on the second user equipment 30The second file tag obtained->And a second message according to said second user equipment 30->The second file signature tag obtained +.>Equal and determined according to the second user equipment 30Public key->The second block tag obtained->And a second block message according to said second user equipment 30 +.>The second block signature tag obtained +_>Equal, i.e. the second user device 30 satisfies 2 verification conditions of the "RSA signature" at the same time, it can be determined that the second user is a legitimate user. Based on this, after determining that the second user is a legal user according to the "RSA signature", in order to prevent the second user device 30 from repeatedly uploading the ciphertext data already stored in the server device 10, in the embodiment of the present application, a first file tag corresponding to the first user device 20 is determined ∈ >And second file label->Whether equal.
In a possible embodiment, before determining whether the second user device 30 is a legitimate user device, i.e. if a second file tag derived from the public key of the second user device is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before equality, a second ciphertext to be uploaded by the second user equipment 30 may also be provided>Second File Label->Second File signature Label ++>The calculation of the data is shown in fig. 3, which is a schematic flow chart of the second file signature label obtaining method provided by the application.
Step 301: according to the second messagePreset security parameters->First hash function +.>Obtain a second message->Corresponding second ciphertext->。
In the embodiment of the present application, various system parameters may be set before performing calculation, for example, a security parameter may be setSelecting big prime +.>And->Wherein->And->。/>Is a generator, i.e. satisfies. Defining a first hash function +. >And a second hash function->Is a secure hash function of (1), wherein +.>,/>,/>A set of binary sequences representing arbitrary bit lengths; the second user has a pair of key pairs +.>,/>Representing the private key of the second user, +.>Representing the public key of the second user, +.>Can be used for signing labels and ciphertext, +.>The method can be used for identity authentication when the second user uploads/downloads the ciphertext. To sum up, the disclosed system parameters are +.>. Further, the following calculation process may be performed according to the set system parameters.
Specifically, the second user device 30 uses the first hash functionAnd a preset security parameter->For the second messageHash calculation is performed to obtain the second message +.>Corresponding first hash value +.>For convenience of presentation, the first hash value +.>Marked as->This->Can be used as a second message to be uploaded by the second user equipment 30Is used for the encryption key of the (c). Furthermore, use +.>For second message->Encryption is performed to obtain a second message +.>Corresponding second ciphertext->。
Step 302: according to the second ciphertextA preset second hash function +.>Obtain the second file tag->。
In the embodiment of the application, the second ciphertext is obtainedAfter that, the second user equipment 30 uses a preset second hash function +. >Second ciphertext->Hash calculation is performed to obtain the second file tag +.>。
Step 303: for the second file labelSigning to obtain a second file signature tag +.>。
In the embodiment of the application, the second file label is obtainedThereafter, the second user equipment 30 will use "RSA signature" to tag the second file +.>Signing, i.e. based on the key pair +.>Private key->To a second file tag->Signing to obtain a second file signature tag +.>。
In a possible implementation manner, in an embodiment of the present application, if it is determined that the second file tag is obtained according to the public key of the second user equipmentAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before equality, for the second message +.>The signature process of the data block is shown in fig. 4, which is a stream for obtaining a second block signature label according to the present applicationSchematic diagram of process.
Step 401: for the second messagePartitioning to obtain->Second block message->。
In an embodiment of the present application, in the present application,,/>for the second message->Maximum number of blocks >For the second message->Middle->And a second block message.
Step 402: according to the second block messagePreset security parameter k and first hash function +.>Obtain the second block message->Corresponding second block ciphertext->。
In the embodiment of the applicationThe second user device 30 uses a first hash functionAnd a preset security parameter->For the second block message->Hash calculation is performed to obtain the second block message +.>Corresponding first hash value +.>For convenience of presentation, the first hash value +.>Marked as->This->Second block message which can be uploaded as second user equipment 30 +.>Is used for the encryption key of the (c). Furthermore, use +.>For the second block message->Encryption is performed to obtain a second block message +.>Corresponding second block ciphertext->。
Step 403: according to the second block cipher textA preset second hash function +.>Obtain the second block message->Corresponding second block tag->。
In an embodiment of the present application, a second block ciphertext is obtainedAfter that, the second user equipment 30 uses a preset second hash function +.>Second block ciphertext->Hash calculation is performed to obtain the second block message +.>Corresponding second block label。/>
Step 404: for the second block labelSigning to obtain a second block message +.>Corresponding second block signature tag 。
In the embodiment of the application, the second block label is obtainedThereafter, the second user equipment 30 will use "RSA signature" to tag the second block +.>Signing, i.e. based on the key pair +.>Private key->To tag the second block->Signing to obtain a second block message +.>Corresponding second block signature tag->。
In one possible implementation, since the second user device 30 is any user device other than the first user device 20 that uploads ciphertext to the server device 10, the first user device 20 is the first user device to upload ciphertext to the server device 10. Thus, in the embodiment of the present application, the second ciphertext is uploaded to the second user device 30Before performing the deduplication decision, i.e. if it is determined that the second file tag is obtained from the public key of the second user device +.>And a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first user equipment and the second user equipment are equal, determining that the first user equipment corresponds to the first user equipmentFirst file tag->And the second file tag->Before equality, the identity of the first user corresponding to the first user equipment 20 is verified, and when the first user is a legal user, the first ciphertext +_ of the first user equipment 20 can be used for authentication >The like is saved to the server device 10.
Specifically, if the first file tag obtained according to the public key of the first user equipment 20 is determinedAnd according to the first message->The first file signature tag obtained->Equal, and determining the first block tag obtained from the public key of the first user equipment 20 +.>And +/according to the first user equipment 20>The obtained first block signature tagEqual, i.e. the first user equipment 20 satisfies 2 verification conditions of "RSA signature" at the same time, then it may be determined that the first user corresponding to the first user equipment 20 is a legal user, and the first file ciphertext of the first user equipment 20 may be->First File Label->And the public key of the first user device 20 is stored in the server device 10. Of course, in the embodiment of the present application, when the requirement for verifying the user identity is not high, the first file tag +_ obtained only according to the public key of the first user device 20 may also be used>And according to the first message->The first file signature tag obtained->Whether equal, to determine whether the first user device 20 corresponds to a first user being a legitimate user.
In a possible embodiment, before determining whether the first user device 20 is a legitimate user device, i.e. if a second file tag derived from the public key of the second user device is determined And a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before equality, the first ciphertext to be uploaded by the first user equipment 20 may also be added>First file markSign->First File signature Label ++>The calculation of the data is shown in fig. 5, which is a schematic flow chart for obtaining the first file signature tag according to the embodiment of the present application.
In the embodiment of the present application, before performing the calculation, various system parameters are set, and a security parameter identical to that of the second ue 30 may be setFirst Hash function->And a second hash function->The first user has a pair of key pairs +.>,/>A private key representing the first user, +.>Representing the public key of the first user, +.>Can be used for signing labels and ciphertext, +.>The method can be used for identity authentication when the first user uploads/downloads the ciphertext. To sum up, the disclosed system parameters are +.>. Further, the following calculation process is performed according to the set system parameters.
Step 501: according to the first messagePreset security parameter k and first hash function +. >Obtain the first message->Corresponding first ciphertext->。
In the embodiment of the present application, the first user equipment 20 uses a first hash functionAnd a preset security parameter->For the first message->Hash calculation is performed to obtain the first message +.>Corresponding first hash value +.>For convenience of presentation, the first hash value +.>Marked as->This->Can be used as a first message to be uploaded by the first user equipment 20>Is (are) encryptedA key. Furthermore, use +.>For the first message->Encryption is performed to obtain a first message +.>Corresponding first ciphertext->。
Step 502: according to the first ciphertextA preset second hash function +.>Obtain the first file tag->。
In the embodiment of the application, the first ciphertext is obtainedAfter that, the first user equipment 20 uses a preset second hash function +.>For the first ciphertext->Hash calculation is performed to obtain the first file tag +.>。
Step 503: for the first file labelSigning to obtain a first message +.>Corresponding first file signature tag。
In the embodiment of the application, the first file label is obtainedThereafter, the first user device 20 will use "RSA signature" to tag the first file +.>Signing, i.e. based on the key pair +.>Private key- >To tag a first fileSigning to obtain a first file signature tag +.>。
In one possible embodiment, when the first user device 20 is authenticated using an "RSA signature", i.e. if a second file tag derived from the public key of the second user device is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>If the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Whether or not they are equal, it is also possible to add to the first message by means of the same time>Signing and +_first message>Which is signed to further verify the identity of the first user device 20. In the embodiment of the application, the first message +.>The signature label process of the data block is shown in fig. 6, which is a schematic flow chart of obtaining a signature label of a first block according to an embodiment of the present application.
Step 601: for the first messagePartitioning to obtain->First block message->。
In an embodiment of the present application, in the present application,,/>for the first message->Maximum number of blocks>For the first message->Middle->A first block message.
Step 602: based on the first block message Preset security parameter k and first hash function +.>Obtain the first block message->Corresponding first block cipher text->。
In the embodiment of the present application, the first user equipment 20 uses a first hash functionAnd a preset security parameter->For the first block message->Hash calculation is performed to obtain a first block message +.>Corresponding first hash value +.>For convenience of presentation, the first hash value +.>Marked as->This->A first block message which can be uploaded as first user equipment 20 +.>Is used for the encryption key of the (c). Furthermore, use +.>For the first block message->Encryption is performed to obtain a first block message +.>Corresponding first block cipher text->。
Step 603: from the first block ciphertextA preset second hash function +.>Obtain the first block message->Corresponding first block label->。
In the embodiment of the application, the first block ciphertext is obtainedAfter that, the first user equipment 20 uses a preset second hash function +.>Ciphertext of the first block>Hash calculation is performed to obtain a first block message +.>Corresponding first block label。
Step 604: for the first block labelSigning to obtain a first block of message->Corresponding first block signature tag。
In an embodiment of the application, a first block label is obtainedThereafter, the first user equipment 20 will use "RSA signature" to tag the first block +. >Signing, i.e. based on the key pair +.>Private key->To->Signing to obtain a first block message +.>Corresponding first block signature tag->。
In one possible implementation manner, in the embodiment of the present application, since the storage space of the user equipment is saved, the ciphertexts on all the user equipment are countedAll of which are stored in the server device 10, and the own device does not store the corresponding ciphertext data. Thus, in the embodiment of the present application, if it is determined that the second ue owns the first keyNotifying the second user equipment of the second ciphertext +.>After that, when any user equipment applies for downloading the first message +.>When the corresponding first ciphertext C passes the authentication, the first ciphertext C can be downloaded to any user equipment. Fig. 7 is a schematic flow chart of downloading the first ciphertext C according to an embodiment of the present application.
Step 701: and if the fact that any user equipment applies for downloading the first ciphertext C is determined, receiving a third file tag obtained according to the public key of any user equipment and a third file signature tag obtained according to the third message of any user equipment.
In the embodiment of the present application, when the server device 10 determines that there is any user device applying for downloading the first ciphertext C, the server device 10 receives a third file tag obtained according to the public key of any user device and a third file signature tag obtained according to the third message of any user device. Of course, in the embodiment of the present application, in addition to receiving the third file tag and the third file signature tag, a third block tag obtained according to the public key of any user equipment and a third block signature tag obtained according to the third block message of any user equipment may also be received. Any user device may refer to any user device including the first user device 20 and the second user device 30. For example, when any user device is the first user device 20, then step 701 becomes: if it is determined that the first user equipment 20 applies for downloading the first ciphertext C, a first file tag is receivedAnd a first file signature tag->。
Step 702: it is determined whether the third file tag is equal to the third file signature tag.
In the embodiment of the present application, in order to prevent ciphertext data from being revealed, before the first ciphertext C is sent to any user equipment, an "RSA signature" may be used to perform authentication on any user equipment. Specifically, whether any user device is a legitimate user device may be determined by determining whether the third file tag and the third file signature tag are equal. Of course, in the embodiment of the present application, in order to more accurately determine whether the identity of any user equipment is legal, whether the identity of any user equipment is legal may also be determined by simultaneously determining whether the third file tag is equal to the third file signature tag, and whether the third block tag is equal to the third block signature tag.
Step 703: and if the third file label is equal to the third file signature label, the first ciphertext C is sent to any user equipment.
In the embodiment of the present application, if it is determined that the third file tag is equal to the third file signature tag, that is, any user equipment is legal user equipment, the server device 10 sends the first ciphertext C to any user equipment. Otherwise, if the third file label is not equal to the third file signature label, the first ciphertext C is not sent to any user equipment.
In summary, in the embodiment of the present application, by adopting the "RSA signature" for determining whether the server device contains the file tag of the second user device, and determining whether the second user device has the encryption key of the first user deviceTo double verify the identity of the second user so that the server device may be unaware of the second use concernedUnder any information condition of the user equipment key, the identity authentication of the second user is realized, and the probability of data leakage in the interaction process is greatly reduced. In addition, when ciphertext deduplication is carried out, as a third-party server is not introduced, data interaction is carried out with each user device only through the unique server device, and therefore storage and calculation cost can be greatly reduced when violent attack is resisted.
Based on the same inventive concept, the present application provides a ciphertext deduplication apparatus 80, as shown in fig. 8, the apparatus comprising:
a first determining unit 801 for uploading the second ciphertext in response to the second user equipmentDetermining a second file tag obtained according to a public key of the second user equipment according to a ciphertext uploading instruction sent at the time>And a second message according to a second user equipment +.>The second file signature tag obtained +.>Whether or not they are equal; the second user equipment is any user equipment except the first user equipment, which uploads ciphertext to the server equipment, and the first user equipment is the first user equipment which uploads ciphertext to the server equipment;
a second determining unit 802 for, if determining a second file tagSignature tag with second file->If the first file labels are equal, determining the first file label corresponding to the first user equipment>And second file label->Whether or not they are equal;
a third determining unit 803 for, if determining the first file tagAnd second file label->Equal, it is determined if the second user equipment owns the first message +.>Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first keyIs the first message->According to a preset first hash function +. >Calculating;
a notification unit 804, configured to, if it is determined that the second ue has the first keyInforming the second user equipment not to upload the second ciphertext +.>。
Optionally, the notification unit 804 is further configured to:
if the first file label is determinedAnd second file label->If not, then determine the first block tag +.>And a second block label->Whether or not they are equal; wherein the first block label->Is based on the first message +.>Is>Obtained, second block tag->Is based on a second message of a second user equipment +.>Second block message->Obtained;
if the first block label is determinedSecond block label->Equal, it is determined if the second user equipment owns the first block message of the first user equipment +.>Corresponding first block key->;
If it is determined that the second user equipment has the first block keyInforming the second user equipment not to upload the second block cipher text +.>The method comprises the steps of carrying out a first treatment on the surface of the Wherein, second block ciphertext->Is a second block message->By means of a first hash function->And (3) performing operation.
Optionally, the notification unit 804 is further configured to:
if the first file label is determinedAnd the second file tag->If not, determining the first block tag +.>And the second block tag- >Whether or not they are equal; wherein the first block tag->Is according to the first message +.>Is>Obtained, said second block tag->Is according to the instituteSecond message of said second user equipment +.>Second block message->Obtained;
if the first block label is determinedSecond block label->If the first ciphertext is not equal to the second ciphertext, the second user equipment is notified to upload the second ciphertext。
Optionally, the second determining unit 802 is further configured to:
if the second file label obtained according to the public key of the second user equipment is determinedAnd a second message according to a second user equipment +.>The second file signature tag obtained +.>Equal, and determining a second block tag obtained from the public key of the second user device +.>And a second block message according to a second user equipment +.>The second block signature label obtainedIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And second file label->Whether equal.
Optionally, the apparatus 80 further comprises a tag signing unit 805, the tag signing unit 805 being configured to:
according to the second messagePreset security parameter k and first hash function +.>Obtain a second message->Corresponding second ciphertext->;
According to the second ciphertextA preset second hash function +. >Obtain the second file tag->;
For the second file labelSigning to obtain a second file signature tag +.>。
Optionally, the tag signature unit 805 is further configured to:
for the second messagePartitioning to obtain->Second block message->The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>,/>For the second messageMaximum number of blocks;
according to the second block messagePreset security parameter k and first hash function +.>Obtain the second block message->Corresponding second block ciphertext->;
According to the second block cipher textA preset second hash function +.>Obtain the second block message->Corresponding second block tag->;
For the second block labelSigning to obtain a second block message +.>Corresponding second block signature tag->。
Optionally, the second determining unit 802 is further configured to:
if a first file tag obtained according to a public key of first user equipment is determinedAnd according to the first message->The first file signature tag obtained->Equal and determining a first block of labels derived from the public key of the first user deviceAnd +/according to the first user equipment>The first block signature tag obtained->If the first file ciphertext C and the first file label of the first user equipment are equal, determining that the first user corresponding to the first user equipment is a legal user, and adding the first file ciphertext C and the first file label of the first user equipment to the first user equipment >And storing the public key of the first user equipment in the server equipment.
Optionally, the tag signature unit 805 is further configured to:
according to the first messagePreset security parameter k and first hash function +.>Obtain the first message->Corresponding first ciphertext->;
According to the first ciphertextA preset second hash function +.>Obtain the first file tag->;
For the first file labelSigning to obtain a first message +.>Corresponding first File signature Label ++>。
Optionally, the tag signature unit 805 is further configured to:
for the first messagePartitioning to obtain->First block message->The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>,/>For the first messageMaximum number of blocks;
based on the first block messagePreset security parameter k and first hash function +.>Obtain the first block message->Corresponding first block cipher text->;
From the first block ciphertextA preset second hash function +.>Obtain the first block message->Corresponding first block label->;
For the first block labelSigning to obtain a first block of message->Corresponding first block signature tag->。
Optionally, the apparatus 80 further comprises a data downloading unit 806, the data downloading unit 806 being configured to:
if the fact that any user equipment applies for downloading the first ciphertext C is determined, determining whether a third file tag obtained according to the public key of any user equipment is equal to a third file signature tag obtained according to the third message of any user equipment;
And if the third file signature label is equal according to the third file label, the first ciphertext C is sent to any user equipment.
The device can be used for executing the method executed by the ciphertext deduplication device in the embodiments shown in fig. 2 to 7, so that the description of the embodiments shown in fig. 2 to 7 can be referred to for the functions that can be realized by each functional module of the device, and the like, and are not repeated.
In some possible embodiments, aspects of the method provided by the present application may also be implemented in the form of a program product, which includes a program code for causing a computer device to perform the method according to the various exemplary embodiments of the present application described above when the program product is run on the computer device, for example, the computer device may perform the method performed by the ciphertext deduplication apparatus in the embodiment shown in fig. 2 to 7.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes. Alternatively, the above-described integrated units of the present application may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (11)
1. A ciphertext deduplication method for a server device, the method comprising:
uploading a second ciphertext in response to a second user deviceDetermining a second file label obtained according to the public key of the second user equipment according to a ciphertext uploading instruction sent at the time>And a second message according to said second user equipment +.>The second file signature tag obtained +.>Whether or not they are equal; the second user equipment is any user equipment except the first user equipment, which uploads ciphertext to the server equipment, and the first user equipment is the first user equipment which uploads ciphertext to the server equipment; said second file tag- >Is said second message->Sequentially according to a preset first hash function +.>And a preset second hash function->Calculating; and said second file signature tag +_>Is to the second file label +.>Signing to obtain the signature;
if the second file label is determinedSignature tag +_with the second file>If the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->Whether or not they are equal; wherein the first file tag +_>Is the first message->Sequentially according to the first hash function +.>And said second hash function->Calculating;
if the first file label is determinedAnd the second file tag->Equal, determining if said second user equipment owns a first message of said first user equipment +.>Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first keyIs said first message->According to said first hash function +.>Calculated to authenticate the second with zero knowledge by Schnorr protocolVerifying the identity of the user; if it is determined that the second user equipment owns the first keyNotifying the second user equipment not to upload the second ciphertext +. >;
Or if the first file label is determinedAnd the second file tag->If not, then determine the first block tag +.>And a second block label->Whether or not they are equal; if the first block tag is determined +.>Said second block tag->Equal, determining if said second user equipment owns a first block message of said first user equipment>Corresponding first block key->The method comprises the steps of carrying out a first treatment on the surface of the If it is determined that the second user equipment owns the first block key +.>Notify the instituteThe second user equipment does not upload the second block cipher text +.>The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first block tag->Is according to the first message +.>First block message obtained by blocking +.>Sequentially passing through the first hash function +.>And said second hash function->Calculating; said second block tag->Is according to the second message +.>Second block message by blocking +.>Sequentially passing through the first hash function +.>And said second hash function->Calculating; said second block ciphertext->Is the second block message +.>By means of the first hash function +.>The method comprises the steps of performing operation;
or if the first file label is determinedAnd the second file tag- >Not equal, then determining the first block labelAnd the second block tag->Whether or not they are equal; if the first block tag is determined +.>Said second block tag->If the first ciphertext is not equal to the second ciphertext, notifying the second user equipment to upload the second ciphertext +.>。
2. The method of claim 1, wherein the determining the second file tag based on the public key of the second user deviceAnd a second message according to said second user equipment +.>The obtained second file signature labelIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Whether equal or not, comprising:
if the second file label obtained according to the public key of the second user equipment is determinedAnd a second message according to said second user equipment +.>The second file signature tag obtained +.>Equal, and determining a second block tag obtained from the public key of the second user device +.>And a second block message according to said second user equipment->The second block signature label obtainedIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Whether equal.
3. The method of claim 1, wherein, if a second file tag derived from a public key of the second user device is determined And a second message according to said second user equipment +.>The obtained second file signature labelIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
according to the second messageA preset security parameter k and said first hash function +.>Obtaining said second message->Corresponding second ciphertext->;
According to the second ciphertextA preset second hash function +.>Obtaining said second file tag +.>;
For the second file labelSigning to obtain the second file signature tag +.>。
4. The method of claim 1, wherein, if a second file tag derived from a public key of the second user device is determinedAnd a second message according to said second user equipment +.>The obtained second file signature labelIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
for the second messagePartitioning to obtain->Second block message->The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>,/>For the second message->Maximum number of blocks;
according to the second block message A preset security parameter k and said first hash function +.>Obtaining said second block message +.>Corresponding second block ciphertext->;
According to the second block cipher textA preset second hash function +.>Obtaining said second block message +.>Corresponding second block tag->;
To the second block labelSigning to obtain said second block message +.>Corresponding second block signature tag。
5. The method of claim 1, wherein, if a second file tag derived from a public key of the second user device is determinedAnd a second message according to said second user equipment +.>The obtained second file signature labelIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
if a first file label obtained according to the public key of the first user equipment is determinedAnd according to said first message +.>The first file signature tag obtained->Equal, and determining a first block tag derived from the public key of said first user device +.>And +/according to said first user equipment>The obtained first block signature tagIf the first file ciphertext C and the first file label are equal, determining that the first user corresponding to the first user equipment is a legal user, and adding the first file ciphertext C and the first file label of the first user equipment to the legal user >And storing the public key of the first user equipment in the server equipment.
6. The method of claim 1, wherein, if a second file tag derived from a public key of the second user device is determinedAnd a second message according to said second user equipment +.>The obtained second file signature labelIf the first file labels are equal, determining the first file label corresponding to the first user equipment>And the second file tag->Before whether or not they are equal, the method further comprises:
according to the first messageA preset security parameter k and said first hash function +.>Obtaining the first messageCorresponding first ciphertext->;
According to the first ciphertextA preset second hash function +.>Obtaining said first file tag +.>;
For the first file labelSigning to obtain said first message +.>Corresponding first file signature tag。
7. The method of claim 1, wherein, if a second file tag derived from a public key of the second user device is determinedAnd a second message according to said second user equipment +.>The obtained second file signature labelIf the first file labels are equal, determining the first file label corresponding to the first user equipment >And the second file tag->Before whether or not they are equal, the method further comprises:
for the first messagePartitioning to obtain->First block message->The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>,/>For the first message->Is the most significant of (3)A large number of blocks;
based on the first block messageA preset security parameter k and said first hash function +.>Obtaining said first block message->Corresponding first block cipher text->;
Based on the first block ciphertextA preset second hash function +.>Obtaining said first block message->Corresponding first block label->;
For the first block labelSigning to obtain said first block message +.>Corresponding first block signature tag。
8. As claimed inThe method of 1, wherein if it is determined that the second user device owns the first keyNotifying the second user equipment of the second ciphertext +.>Thereafter, the method further comprises:
if the fact that any user equipment applies for downloading the first ciphertext C is determined, determining whether a third file tag obtained according to the public key of the any user equipment is equal to a third file signature tag obtained according to the third message of the any user equipment;
and if the third file signature label is equal according to the third file label, the first ciphertext C is sent to any user equipment.
9. A ciphertext deduplication apparatus, the apparatus comprising:
a first determining unit for uploading the second ciphertext in response to the second user equipmentDetermining a second file label obtained according to the public key of the second user equipment according to a ciphertext uploading instruction sent at the time>And a second message according to said second user equipment +.>The second file signature tag obtained +.>Whether or not they are equal; wherein the second user equipment is any user equipment except the first user equipment, and the first user equipment isA first user device uploading ciphertext to the server device; said second file tag->Is said second message->Sequentially according to a preset first hash function +.>And a preset second hash function->Calculating; and said second file signature tag +_>Is to the second file label +.>Signing to obtain the signature;
a second determining unit, configured to, if it is determined that the second file tagSignature tag +_with the second file>If the first file labels are equal, determining first file labels corresponding to the first user equipment>And the second file tag->Whether or not they are equal; wherein the first file tag +_ >Is the first message->Sequentially according to the first hash function +.>And the second hash functionCalculating;
a third determining unit, configured to, if it is determined that the first file tagAnd the second file tag->Equal, determining if said second user equipment owns a first message of said first user equipment +.>Corresponding first key->The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first key->Is said first message->According to said first hash function +.>The identity of the second user is verified through zero-knowledge authentication of the Schnorr protocol;
a notification unit configured to, if it is determined that the second ue owns the first keyNotifying the second user equipment not to upload the second ciphertext +.>;
The notification unit is further configured to: if the first file label is determinedAnd the second file tag->If not, then determine the first block tag +.>And a second block label->Whether or not they are equal; if the first block tag is determined +.>The second block labelEqual, determining if said second user equipment owns a first block message of said first user equipment>Corresponding first block key->The method comprises the steps of carrying out a first treatment on the surface of the If it is determined that the second user equipment owns the first block key +. >Notifying the second user equipment not to upload the second block ciphertext +.>The method comprises the steps of carrying out a first treatment on the surface of the Wherein the first block tag->Is according to the first message +.>First block message obtained by blocking +.>Sequentially passing through the first hash function +.>And said second hash function->Calculating; said second block tag->Is according to the second message +.>Second block message by blocking +.>Sequentially passing through the first hash function +.>And said second hash function->Calculating; said second block ciphertext->Is the second block message +.>By means of the first hash function +.>The method comprises the steps of performing operation;
the notification unit is further configured to: if the first file label is determinedAnd the second file tag->If not, determining the first block tag +.>And the second block tag->Whether or not they are equal; if the first block tag is determined +.>Said second block tag->If the first ciphertext is not equal to the second ciphertext, notifying the second user equipment to upload the second ciphertext +.>。
10. A ciphertext deduplication apparatus, the apparatus comprising:
a memory for storing program instructions;
a processor for invoking program instructions stored in the memory and for performing the method of any of claims 1-8 in accordance with the obtained program instructions.
11. A storage medium having stored thereon computer executable instructions for causing a computer to perform the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310866182.XA CN116599650B (en) | 2023-07-14 | 2023-07-14 | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310866182.XA CN116599650B (en) | 2023-07-14 | 2023-07-14 | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116599650A CN116599650A (en) | 2023-08-15 |
| CN116599650B true CN116599650B (en) | 2023-10-13 |
Family
ID=87611997
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310866182.XA Active CN116599650B (en) | 2023-07-14 | 2023-07-14 | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599650B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102761596A (en) * | 2011-04-28 | 2012-10-31 | 汤姆森许可贸易公司 | Method for uploading a file in an on-line storage system and corresponding on-line storage system |
| CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
| CN106612320A (en) * | 2016-06-14 | 2017-05-03 | 四川用联信息技术有限公司 | Encrypted data dereplication method for cloud storage |
| CN110011812A (en) * | 2019-04-10 | 2019-07-12 | 民航成都电子技术有限责任公司 | A kind of card method for anti-counterfeit suitable for airport security |
| CN110677429A (en) * | 2019-10-10 | 2020-01-10 | 青岛大学 | File storage method and system, cloud device and terminal device |
| CN110933149A (en) * | 2019-11-18 | 2020-03-27 | 湖南警察学院 | Cloud storage safety duplicate removal method and system |
| CN111277572A (en) * | 2020-01-13 | 2020-06-12 | 深圳市赛为智能股份有限公司 | Cloud storage safety duplicate removal method and device, computer equipment and storage medium |
| US10788988B1 (en) * | 2016-05-24 | 2020-09-29 | Violin Systems Llc | Controlling block duplicates |
| CN112565434A (en) * | 2020-12-09 | 2021-03-26 | 广东工业大学 | Cloud storage safety duplicate removal method and device based on Mercker hash tree |
| CN112818404A (en) * | 2021-02-26 | 2021-05-18 | 青岛大学 | Data access permission updating method, device, equipment and readable storage medium |
| CN114666349A (en) * | 2022-01-18 | 2022-06-24 | 西安电子科技大学 | Efficient deduplication and accounting method for cloud storage data |
| CN115134087A (en) * | 2022-05-30 | 2022-09-30 | 西北工业大学 | Client security data deduplication method for decentralized cloud storage |
| CN115225409A (en) * | 2022-08-31 | 2022-10-21 | 成都泛联智存科技有限公司 | Cloud data safety deduplication method based on multi-backup joint verification |
| CN115442162A (en) * | 2022-11-08 | 2022-12-06 | 四川公众项目咨询管理有限公司 | Cloud security deduplication method based on convergence encryption technology |
| CN115643098A (en) * | 2022-10-28 | 2023-01-24 | 成都国泰网信科技有限公司 | Cloud data sharing system and auditing system based on certificateless encryption |
| CN115720168A (en) * | 2022-11-18 | 2023-02-28 | 哈尔滨工业大学(深圳) | Duplicate removal and integrity verification method for cloud encrypted data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3394848B8 (en) * | 2016-02-17 | 2021-04-21 | NEC Corporation | Method for storing data on a storage entity |
-
2023
- 2023-07-14 CN CN202310866182.XA patent/CN116599650B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102761596A (en) * | 2011-04-28 | 2012-10-31 | 汤姆森许可贸易公司 | Method for uploading a file in an on-line storage system and corresponding on-line storage system |
| US10788988B1 (en) * | 2016-05-24 | 2020-09-29 | Violin Systems Llc | Controlling block duplicates |
| CN106612320A (en) * | 2016-06-14 | 2017-05-03 | 四川用联信息技术有限公司 | Encrypted data dereplication method for cloud storage |
| CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
| CN110011812A (en) * | 2019-04-10 | 2019-07-12 | 民航成都电子技术有限责任公司 | A kind of card method for anti-counterfeit suitable for airport security |
| CN110677429A (en) * | 2019-10-10 | 2020-01-10 | 青岛大学 | File storage method and system, cloud device and terminal device |
| CN110933149A (en) * | 2019-11-18 | 2020-03-27 | 湖南警察学院 | Cloud storage safety duplicate removal method and system |
| CN111277572A (en) * | 2020-01-13 | 2020-06-12 | 深圳市赛为智能股份有限公司 | Cloud storage safety duplicate removal method and device, computer equipment and storage medium |
| CN112565434A (en) * | 2020-12-09 | 2021-03-26 | 广东工业大学 | Cloud storage safety duplicate removal method and device based on Mercker hash tree |
| CN112818404A (en) * | 2021-02-26 | 2021-05-18 | 青岛大学 | Data access permission updating method, device, equipment and readable storage medium |
| CN114666349A (en) * | 2022-01-18 | 2022-06-24 | 西安电子科技大学 | Efficient deduplication and accounting method for cloud storage data |
| CN115134087A (en) * | 2022-05-30 | 2022-09-30 | 西北工业大学 | Client security data deduplication method for decentralized cloud storage |
| CN115225409A (en) * | 2022-08-31 | 2022-10-21 | 成都泛联智存科技有限公司 | Cloud data safety deduplication method based on multi-backup joint verification |
| CN115643098A (en) * | 2022-10-28 | 2023-01-24 | 成都国泰网信科技有限公司 | Cloud data sharing system and auditing system based on certificateless encryption |
| CN115442162A (en) * | 2022-11-08 | 2022-12-06 | 四川公众项目咨询管理有限公司 | Cloud security deduplication method based on convergence encryption technology |
| CN115720168A (en) * | 2022-11-18 | 2023-02-28 | 哈尔滨工业大学(深圳) | Duplicate removal and integrity verification method for cloud encrypted data |
Non-Patent Citations (4)
| Title |
|---|
| Achieving Efficient Secure Deduplication With User-Defined Access Control in Cloud;Xue Yang ect.;《IEEE Transactions on Dependable and Secure Computing ( Volume: 19, Issue: 1, 01 Jan.-Feb. 2022)》;全文 * |
| 云存储中密文数据的客户端安全去重方案;付安民;宋建业;苏;李帅;;电子学报(12);全文 * |
| 何司蒙 ; 杨超 ; 姜奇 ; 杨力 ; 马建峰 ; .基于零知识验证的密文去重与密钥传递方法.计算机研究与发展.2018,(06),全文. * |
| 基于零知识验证的密文去重与密钥传递方法;何司蒙;杨超;姜奇;杨力;马建峰;;计算机研究与发展(06);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116599650A (en) | 2023-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10790976B1 (en) | System and method of blockchain wallet recovery | |
| CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
| CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
| CN106664202B (en) | Method, system and computer readable medium for providing encryption on multiple devices | |
| EP3619884A1 (en) | Secure dynamic threshold signature scheme employing trusted hardware | |
| US10482255B2 (en) | Controlled secure code authentication | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| US20130290733A1 (en) | Systems and methods for caching security information | |
| US20130290734A1 (en) | Systems and methods for caching security information | |
| JP2018534629A (en) | Method for performing keyed hash message authentication code (HMAC) using multi-party computation without Boolean gates | |
| US11616643B2 (en) | System and method of management of a shared cryptographic account | |
| CN110351297B (en) | Verification method and device applied to block chain | |
| US9075798B2 (en) | Verifying authenticity of input using a hashing algorithm | |
| CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
| CN110719172B (en) | Signature method, signature system and related equipment in block chain system | |
| CN111723384A (en) | Data processing method, system and equipment | |
| US10268832B1 (en) | Streaming authenticated encryption | |
| CN111161075B (en) | Blockchain transaction data proving and supervising method, system and related equipment | |
| Agarwala et al. | DICE: A dual integrity convergent encryption protocol for client side secure data deduplication | |
| CN111414628A (en) | Data storage method and device and computing equipment | |
| US11436360B2 (en) | System and method for storing encrypted data | |
| CN110855693A (en) | Network authentication method and system based on CNN | |
| CN116599650B (en) | Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium | |
| CN110784318A (en) | Group key updating method, device, electronic equipment, storage medium and communication system | |
| KR101593675B1 (en) | User data integrity verification method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |