CN117111854A - Data storage method, device and medium based on distributed encryption storage - Google Patents

Data storage method, device and medium based on distributed encryption storage Download PDF

Info

Publication number
CN117111854A
CN117111854A CN202311164633.1A CN202311164633A CN117111854A CN 117111854 A CN117111854 A CN 117111854A CN 202311164633 A CN202311164633 A CN 202311164633A CN 117111854 A CN117111854 A CN 117111854A
Authority
CN
China
Prior art keywords
target
data block
storage
data
storage node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311164633.1A
Other languages
Chinese (zh)
Inventor
李波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiajiayun Technology Ltd Co ltd
Original Assignee
Jiajiayun Technology Ltd Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiajiayun Technology Ltd Co ltd filed Critical Jiajiayun Technology Ltd Co ltd
Priority to CN202311164633.1A priority Critical patent/CN117111854A/en
Publication of CN117111854A publication Critical patent/CN117111854A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data storage, and discloses a data storage method, a device and a medium based on distributed encryption storage, wherein the method comprises the following steps: performing data partitioning on target data, and performing data redundancy coding on the target data block; generating a target data block redundancy matrix according to the target data block and the data block redundancy code, and carrying out data encryption on the target data block redundancy matrix; calculating the safe storage distance of the target encrypted data block according to the initial storage node, and generating a storage node set of the target encrypted data block according to the safe storage distance; calculating a load value of each storage node in the storage node set, and generating a target storage path according to the selected target storage node and the target encrypted data block; encrypting the target storage path, generating a path mapping table according to the target encrypted storage path, and storing target data according to the path mapping table. The invention can improve the safety during data storage.

Description

Data storage method, device and medium based on distributed encryption storage
Technical Field
The present invention relates to the field of data storage technologies, and in particular, to a data storage method, apparatus, and medium based on distributed encryption storage.
Background
Along with the rapid development of information technology, the storage and processing of mass data play an increasingly positive role in scientific computation, and the requirements on the safety of the data are increasingly raised, so that in order to improve the safety in the data storage process, the data needs to be processed in a safety layer before being stored, so as to be stored safely.
Existing data storage technologies are based on stand-alone local storage, where all data and metadata are stored centrally in a storage server. In practical applications, as data access becomes more frequent, a single server becomes a performance bottleneck, and only storing all data into a single server is considered, so that the data storage efficiency is low and the reliability is low, and thus the security of data storage is low.
Disclosure of Invention
The invention provides a data storage method, a device and a medium based on distributed encryption storage, and mainly aims to solve the problem of low security of data storage.
In order to achieve the above object, the present invention provides a data storage method based on distributed encryption storage, including:
s1, performing data blocking on preset target data according to a preset data type to obtain a target data block, and performing data redundancy coding on the target data block to obtain a data block redundancy coding;
S2, generating a target data block redundancy matrix according to the target data block and the data block redundancy code, and carrying out data encryption on the target data block redundancy matrix by utilizing a preset double index encryption algorithm to obtain a target encrypted data block, wherein the method comprises the following steps:
generating a target index key of a target data block in the target data block redundancy matrix through a preset key generation algorithm, wherein the key generation algorithm is as follows:
wherein, key i Target index key for ith target data block, g is generator, r i First random number, t, for the ith target data block i Second random number, q, which is the ith target data block i A third random number that is an i-th target data block;
constructing a key index mapping table according to the target index key and the target data block redundancy matrix;
encrypting the data blocks in the target data block redundancy matrix according to the mapping relation in the key index mapping table by using the following double index encryption algorithm to obtain a target secret value:
wherein L is i The target secret value of the ith target data block, H is a hash function, e is a symmetric encryption algorithm, I i For the original data in the index number of the ith target data block, pk i Sk is the public key of the ith target data block i A private key of the ith target data block;
determining the target encrypted data block according to the target secret value;
s3, any storage node in a preset distributed storage node topological graph is selected as an initial storage node, the safe storage distance of the target encrypted data block is calculated according to the initial storage node through a preset dynamic distance algorithm, and a storage node set of the target encrypted data block is generated according to the safe storage distance;
s4, calculating a load value of each storage node in the storage node set by using a preset load balancing algorithm, selecting a storage node with the minimum load value as a target storage node of the target encrypted data block, and generating a target storage path according to the target storage node and the target encrypted data block;
s5, encrypting the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generating a path mapping table according to the target encrypted storage path, and storing the target data according to the path mapping table.
Optionally, the performing data blocking on the preset target data according to the preset data type to obtain a target data block includes:
Classifying the target data according to a preset data type to obtain a target data type;
extracting a target data partitioning strategy corresponding to the target data category;
partitioning the target data according to the target data partitioning strategy to obtain target partitioning data;
and collecting the target block data as the target data block.
Optionally, the performing data redundancy encoding on the target data block to obtain data block redundancy encoding includes:
generating a data block matrix by the target data block, and marking the data block matrix by symbols to obtain a data block symbol matrix;
generating polynomial coefficients of the target data block according to the data block symbol matrix;
generating an original data polynomial of the target data block according to the polynomial coefficient;
generating a generating polynomial of the target data block through a preset redundancy error correction requirement;
calculating the data block redundancy coding according to the original data polynomial and the generator polynomial, wherein the data block redundancy coding calculation formula is as follows:
wherein P (x) is a product polynomial, D (x) is an original data polynomial, f (x) is a generator polynomial, Q (x) is a quotient polynomial, and R (x) is the data block redundancy code.
Optionally, the generating the target data block redundancy matrix according to the target data block and the data block redundancy code includes:
extracting a data block coefficient of the target data block, and extracting a coding coefficient of the data block redundancy coding;
generating a redundant coding mapping relation according to the data block coefficients and the coding coefficients;
and splicing the data block coefficients and the coding coefficients according to the redundancy coding mapping relation to obtain a target data block redundancy matrix.
Optionally, the calculating, by a preset dynamic distance algorithm, the secure storage distance of the target encrypted data block according to the initial storage node includes:
acquiring node storage capacity of each storage node in the distributed storage node topological graph;
counting the shortest node hop count of each storage node in the initial storage node and the distributed storage node topological graph one by one according to the node storage capacity;
calculating the safe storage distance of the target encrypted data block according to the shortest hop count of the node by a dynamic distance algorithm as follows:
d i =mind k (B u ,B v ),u≠v,i≠k
wherein d i For the safe storage distance of the ith target data block, min is a minimum function, d k (B u ,B v ) For storing capacity B based on node corresponding to node u Node storage capacity B corresponding to the v-th storage node v The safe storage distance of the kth target data block between the storage nodes is C (u, v), and the shortest hop count of the nodes between the (u) th storage node and the (v) th storage node is C (u, v).
Optionally, the calculating, by using a preset load balancing algorithm, a load value of each storage node in the storage node set includes:
counting the load information of each storage node in the storage node set;
determining the load weight of the load information through a preset hierarchical model;
calculating the load value of the storage node according to the load information and the load weight by using a load balancing algorithm as follows:
wherein Z is γ For the load value of the gamma-th storage node, delta is a dynamic load optimization factor,information value w for the information of the τ load in the γ -th storage node γτ The load weight of the τ load information in the γ -th storage node is calculated, and n is the information quantity in the load information;
and updating the load information of each storage node in real time according to the load value, and returning to the step of determining the load weight of the load information through a preset hierarchical model until a preset time stamp is reached, so as to obtain the load value of each storage node in the storage node set.
Optionally, the generating a target storage path according to the target storage node and the target encrypted data block includes:
extracting a node address of the target storage node, and extracting an index address of the encrypted data block;
associating the node address with the index address to obtain an associated address;
and generating a target storage path according to the associated address.
Optionally, the encrypting the target storage path by a preset pseudo-random encryption algorithm to obtain a target encrypted storage path includes:
quantizing the target storage path to obtain a target quantized storage path;
converting the target quantized memory path into binary system to obtain a target binary memory path;
encrypting the target binary storage path through the pseudo-random encryption algorithm to obtain a target encrypted storage path, wherein the pseudo-random encryption algorithm is as follows:
wherein Y is the target encryption storage path, beta is the target binary storage path, M σ For the sigma-th key stream element, m is the modulus, w is the number of bits of the target binary storage path,the sign of exclusive OR is the sign of left shift, the sign of right shift, mod is the sign of remainder, and the V.sub.is the sign of OR.
In order to solve the above problems, the present invention further provides a data storage device based on distributed encrypted storage, the device comprising:
the target data block coding module is used for carrying out data blocking on preset target data according to preset data types to obtain target data blocks, and carrying out data redundancy coding on the target data blocks to obtain data block redundancy coding;
the target data block encryption module is used for generating a target data block redundancy matrix according to the target data block and the data block redundancy code, and carrying out data encryption on the target data block redundancy matrix by utilizing a preset double index encryption algorithm to obtain a target encrypted data block;
the safe storage distance calculation module is used for selecting any storage node in a preset distributed storage node topological graph as an initial storage node, calculating the safe storage distance of the target encrypted data block according to the initial storage node through a preset dynamic distance algorithm, and generating a storage node set of the target encrypted data block according to the safe storage distance;
the target storage path generation module is used for calculating the load value of each storage node in the storage node set by using a preset load balancing algorithm, selecting the storage node with the smallest load value as a target storage node of the target encrypted data block, and generating a target storage path according to the target storage node and the target encrypted data block;
And the target data storage module is used for encrypting the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generating a path mapping table according to the target encrypted storage path, and storing the target data according to the path mapping table.
In order to solve the above-mentioned problems, the present invention also provides a medium in which at least one computer program is stored, the at least one computer program being executed by a processor in an electronic device to implement the above-mentioned data storage method based on distributed encryption storage.
According to the embodiment of the invention, the target data is partitioned, so that the memory use is reduced, and the data processing efficiency is improved; redundancy coding is carried out according to the target data block, so that errors can be detected and repaired when errors occur in the data transmission or storage process; data encryption is carried out on the redundancy matrix of the target data block, so that the safety of data storage is improved; calculating the safe storage distance between storage nodes in the distributed storage node topological graph, and further generating a storage node set of the target encrypted data block according to the safe storage distance, so that the storage positions of the data blocks are ensured to have differences, and the safety of data storage is improved; the load value of each storage node in the storage node set is calculated, so that the storage speed and response time of data can be improved; generating a target storage path according to the target storage node and the target encrypted data block selected by the load value, and encrypting the target storage path to improve the capability of the system for resisting attack, prevent a third party from acquiring the information, and enhance the privacy protection of a user; and storing target data according to the path mapping table, and realizing distributed double encryption storage in the data storage process. Therefore, the data storage method, the data storage device and the data storage medium based on the distributed encryption storage can solve the problem of lower security during data storage.
Drawings
FIG. 1 is a flow chart of a data storage method based on distributed encryption storage according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating the generation of a redundancy matrix for a target data block according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a process for calculating a safe storage distance according to an embodiment of the present application;
fig. 4 is a functional block diagram of a data storage device based on distributed encryption storage according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides a data storage method based on distributed encryption storage. The execution subject of the data storage method based on distributed encryption storage includes, but is not limited to, at least one of a server, a terminal, and the like, which can be configured to execute the method provided by the embodiment of the application. In other words, the data storage method based on distributed encryption storage may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a data storage method based on distributed encryption storage according to an embodiment of the invention is shown. In this embodiment, the data storage method based on distributed encryption storage includes:
s1, performing data blocking on preset target data according to a preset data type to obtain a target data block, and performing data redundancy coding on the target data block to obtain a data block redundancy coding.
In the embodiment of the invention, the data types comprise text data, image data, audio data and video data, and then the data is segmented according to the data types contained in the target data, and the data can be effectively managed and processed by dividing the data into small blocks, so that the memory use is reduced and the processing efficiency is improved.
In the embodiment of the present invention, the data partitioning is performed on preset target data according to a preset data type to obtain a target data block, including:
classifying the target data according to a preset data type to obtain a target data type;
extracting a target data partitioning strategy corresponding to the target data category;
partitioning the target data according to the target data partitioning strategy to obtain target partitioning data;
And collecting the target block data as the target data block.
In detail, classifying target data according to text, image, audio and video data types, dividing the target data into a plurality of target data types, and based on each target data type, carrying out data blocking strategy, for example, for text data, blocking according to units such as characters, words, sentences or paragraphs, and the like, wherein semantic relevance or fixed block size can be considered during blocking so as to adapt to specific application requirements; for image data, the image data can be segmented according to pixels, areas or features, and the segmentation can be performed by using blocks with fixed sizes or performing self-adaptive segmentation according to the content of the image, for example, an image segmentation technology is used for identifying the area of interest; for audio data, the audio data can be segmented according to a time window or a frequency interval, and a window with a fixed length can be selected during the segmentation or the audio data can be adaptively segmented according to the characteristics of the audio signal, for example, the audio data can be segmented based on sound intensity or frequency spectrum characteristics; for video data, the video data can be segmented according to a time stamp or a key frame, the key frame usually represents important content change in the video and can be used as a basis for segmentation, and a time window with a fixed length can be used for self-adaptive segmentation during the segmentation or according to the characteristics of the video frame; so that the data can be conveniently processed, transmitted or stored.
Specifically, different data in the target data are segmented according to data segmentation strategies of different data types, so that target segmentation data corresponding to the different data types are obtained, and all the target segmentation data are collected to be all target data blocks after the target data are segmented. By partitioning the data, the security of the data can be better controlled and managed, different security policies or encryption methods can be applied to different blocks to increase the security of the data and provide finer granularity data access control.
Further, the block storage can prevent data from being stolen and revealed to a certain extent, but once a certain part of data is destroyed by network attack, the whole data file becomes unusable, the redundant storage copies the data into multiple parts and stores the data on different storage nodes respectively, so that the data can be recovered by utilizing a redundant coding algorithm after the certain part of data is destroyed, and the security of the data storage is improved.
In the embodiment of the invention, the data block redundancy coding is an error detection and correction coding used for increasing the redundancy of data so as to improve the reliability and fault tolerance of the data, therefore, redundant information is introduced into the data block, and errors can be detected and repaired when errors occur in the data transmission or storage process.
In the embodiment of the present invention, the performing data redundancy encoding on the target data block to obtain a data block redundancy encoding includes:
generating a data block matrix by the target data block, and marking the data block matrix by symbols to obtain a data block symbol matrix;
generating polynomial coefficients of the target data block according to the data block symbol matrix;
generating an original data polynomial of the target data block according to the polynomial coefficient;
generating a generating polynomial of the target data block through a preset redundancy error correction requirement;
calculating the data block redundancy coding according to the original data polynomial and the generator polynomial, wherein the data block redundancy coding calculation formula is as follows:
wherein P (x) is a product polynomial, D (x) is an original data polynomial, f (x) is a generator polynomial, Q (x) is a quotient polynomial, and R (x) is the data block redundancy code.
In detail, generating n×m dimension data block matrix from target data blocks corresponding to different data types, marking each data block in the data block matrix to obtain data block symbol matrix, wherein the first row of data block in n×m dimension data block matrix is [ d ] 10 ,d 11 ,d 12 ,…,d 1n ]Its corresponding data block is marked with the symbol [10,11,12, …,1n ] ]The polynomial coefficient corresponding to each target data block is [10,11,12, …,1n ]]The symbol corresponding to each data block in the data block symbol matrix is determined as a polynomial coefficient, and then an original data polynomial is generated according to the polynomial coefficient, for example, the original data polynomial is D (x) =d 10 +d 11 x+d 12 x 2 +...+d 1n x n And generating a generator polynomial for the target data block according to a redundancy error correction requirement, wherein the redundancy error correction requirement is to detect and correct errors in a specific number of data blocks, the generator polynomial is determined by a codeword length and a redundancy length, and the redundancy length is the same as the data dimension of the target data block, e.g. the generator polynomial is f (x) = (x- α) 1 )(x-α 2 )...(x-α 2t ) Wherein alpha represents 2 m Is a primitive root of each alpha i Are one factor in the generator polynomial.
Specifically, the data block redundancy code is obtained by a data block redundancy code calculation formula, and the remainder polynomial R (x) represents the redundancy code portion, e.g., R (x) =r 10 +r 11 x+r 12 x 2 Then data block d 10 ,d 11 ,d 12 ,d 13 ]Corresponding redundancy coding of data blocksThe code is [ r ] 10 ,r 11 ,r 12 ,0]Furthermore, the coefficients of the target data block and the redundantly encoded coefficients may be combined, thereby obtaining an encoding matrix.
Further, the target data block redundancy matrix may be used to detect and correct errors in the data block, and by introducing redundancy information into the redundancy matrix, it is possible to detect whether the data block has errors, and recover the original data by a correction operation when necessary, thus constructing the target data block redundancy matrix from the target data block and the data block redundancy code.
S2, generating a target data block redundancy matrix according to the target data block and the data block redundancy code, and carrying out data encryption on the target data block redundancy matrix by utilizing a preset double index encryption algorithm to obtain a target encrypted data block.
In the embodiment of the present invention, the target data block redundancy matrix is a matrix on a finite field, and is formed by the coefficients of the data block and the redundantly encoded coefficients, where each element represents the data block or the redundantly encoded coefficients.
In an embodiment of the present invention, referring to fig. 2, the generating a target data block redundancy matrix according to the target data block and the data block redundancy code includes:
s21, extracting a data block coefficient of the target data block, and extracting a coding coefficient of the data block redundancy coding;
s22, generating a redundant coding mapping relation according to the data block coefficients and the coding coefficients;
and S23, splicing the data block coefficients and the coding coefficients according to the redundancy coding mapping relation to obtain a target data block redundancy matrix.
In detail, the data block coefficient refers to a sign flag of the target data block, and the coding coefficient refers to a coding value of the data block redundancy coding, such as the data block [ d ] 10 ,d 11 ,d 12 ,d 13 ]The data block coefficients of (1) are [10,11,12,13 ]]The coding coefficient is [ r ] 10 ,r 11 ,r 12 ,0]The data block can be generated according to the data block coefficient and the coding coefficientMapping relation with redundant coding, i.e. [ d ] 10 ,d 11 ,d 12 ,d 13 ]→[r 10 ,r 11 ,r 12 ,0]Then a redundancy matrix d of the target data block can be generated based on the redundancy coding mapping relationship 10 ,d 11 ,d 12 ,d 13 |r 10 ,r 11 ,r 12 ,0]。
Further, in order to improve the security of data block storage, the data block needs to be encrypted to enhance the security of the data block, so as to ensure that sensitive data is not accessed and acquired by unauthorized personnel during transmission or storage.
In the embodiment of the present invention, the target encrypted data block is obtained by encrypting each data block in the target data block redundancy matrix, and the encrypted data will be in an unreadable ciphertext form.
In the embodiment of the present invention, the data encryption is performed on the redundancy matrix of the target data block by using a preset double-index encryption algorithm to obtain a target encrypted data block, including:
generating a target index key of a target data block in the target data block redundancy matrix through a preset key generation algorithm, wherein the key generation algorithm is as follows:
wherein, key i Target index key for ith target data block, g is generator, r i First random number, t, for the ith target data block i Second random number, q, which is the ith target data block i A third random number that is an i-th target data block;
constructing a key index mapping table according to the target index key and the target data block redundancy matrix;
encrypting the data blocks in the target data block redundancy matrix according to the mapping relation in the key index mapping table by using the following double index encryption algorithm to obtain a target secret value:
wherein L is i The target secret value of the ith target data block, H is a hash function, e is a symmetric encryption algorithm, I i For the original data in the index number of the ith target data block, pk i Sk is the public key of the ith target data block i A private key of the ith target data block;
and determining the target encrypted data block according to the target secret value.
In detail, a first random number r with E bit is selected from a finite field Z, q=1 (mod r) is calculated by r, r epsilon Z, q epsilon Z, r and q are multiplication inverses in the finite field, a second random number t is selected from the finite field Z, a public key and a private key for encrypting a target data block can be calculated, and thenSk is the public key of the ith target data block i =(r i ,q i ,t i ) The private key of the ith target data block is used for mapping the target index key corresponding to each target data block with each data block in the target data block redundancy matrix, such as data block d 10 The corresponding target index key is key 10 Data block d 11 The corresponding target index key is key 11 And obtaining a target index key corresponding to each data block in the target data block redundancy matrix, thereby generating a key index mapping table.
Specifically, by searching the index number of each target data block in the key index mapping table, encrypting the index number corresponding to the data block through a symmetric encryption algorithm, and then re-mapping the encrypted index number through a hash function, dual mapping data security can be realized. E.g. data block d 10 The index number of (2) is 100, the data in the index number 100 is encrypted by a symmetric encryption algorithm, and after encryption, the data is encrypted, and a hash function H=s mod y is used, wherein s is the index number corresponding to the encrypted data, and y is the index numberThe number of index positions mod is a remainder function, and index number 100 is mapped into different index numbers again, so that a secret value corresponding to index number 100 is obtained, and a target data block corresponding to the secret value is used as a target encrypted data block, wherein the symmetric encryption algorithm comprises, but is not limited to, a DES encryption algorithm and an AES encryption algorithm.
Further, storing the encrypted target data block requires selecting an optimal storage node to ensure the security and efficiency of data storage.
S3, any storage node in a preset distributed storage node topological graph is selected to serve as an initial storage node, the safe storage distance of the target encrypted data block is calculated according to the initial storage node through a preset dynamic distance algorithm, and a storage node set of the target encrypted data block is generated according to the safe storage distance.
In the embodiment of the invention, the initial storage node is a node randomly selected in a distributed storage node topological graph, the distributed storage node topological graph comprises a central architecture topological graph, a peer-to-peer architecture topological graph, a layered architecture topological graph and a cellular architecture topological graph, wherein in the central architecture, one central node is responsible for coordinating and managing the whole distributed storage system, other storage nodes are connected to the central node through a network and exchange data with the central node, the topological graph under the architecture is similar to a star-shaped or tree-shaped structure, the central node is positioned at the top, and other storage nodes are positioned below the sub-branches; in peer-to-peer architecture, all storage nodes are peer-to-peer, interconnect and exchange data with each other, there is no explicit central node, and the topology under such architecture typically presents a mesh structure, each node being directly connected to the other nodes; in a hierarchical architecture, storage nodes are organized in a hierarchy, each level having specific functions and responsibilities. Usually there is a top-level control node, responsible for the management and coordination of the whole system, the lower level nodes are responsible for storing and processing data, and the topology under this architecture is similar to a multi-level tree structure; in a cellular architecture, the storage nodes are organized into a number of individual cells, each having a number of storage nodes, the cells being connected by a network to allow data to be transferred and replicated between the different cells, the topology under such an architecture typically representing a hexagonal or square cellular structure.
Further, in order to ensure the security of the data, the storage positions of the data blocks need to be different, that is, the distance between the storage positions of the different data blocks can represent the security, and if the placement distance between the data blocks is large, the security is considered to be high, so that the security storage distance between the different data blocks needs to be calculated.
In the embodiment of the invention, the safe storage distance represents the storage distance between any two data blocks, so that the safety in the data storage process can be ensured.
In the embodiment of the present invention, referring to fig. 3, the calculating, by a preset dynamic distance algorithm, the secure storage distance of the target encrypted data block according to the initial storage node includes:
s31, acquiring the node storage capacity of each storage node in the distributed storage node topological graph;
s32, counting the shortest hop count of the nodes in each storage node in the initial storage node and the distributed storage node topological graph one by one according to the node storage capacity;
s33, calculating the safe storage distance of the target encrypted data block according to the shortest hop count of the node by using a dynamic distance algorithm as follows:
d i =mind k (B u ,B v ),u≠v,i≠k
wherein d i For the safe storage distance of the ith target data block, min is a minimum function, d k (B u ,B v ) For storing capacity B based on node corresponding to node u Node storage capacity B corresponding to the v-th storage node v The kth target data block in betweenC (u, v) is the shortest hop count of the node between the u-th storage node and the v-th storage node.
In detail, the node storage capacity refers to a size of each storage node capable of storing data, wherein the node storage capacity of each storage node can be obtained from a pre-stored storage area through a computer sentence (such as a Java sentence, a Python sentence, etc.) with a data grabbing function, and a detailed description about hardware specification and capacity of each node is provided in a distributed storage document or configuration information.
Specifically, only when the node storage capacity of the storage node is not zero, counting the shortest distance between the initial storage node and each storage node in the distributed storage node topological graph, namely, the shortest node hop count, wherein if the node hop count between the initial storage node (1) and the storage node (2) is 1, the node hop count between the initial storage node (1) and the storage node (3) is 2, the node hop count between the initial storage node (1) and the storage node (4) is 2, the shortest node hop count is 1, d represents the safe storage distance, and if d=0, the shortest node hop count indicates that a user has no requirement on data security, all data can be stored on one storage node; d=1, the storage distance between any two data blocks must be greater than 1, and the storage distance is the shortest distance between storage nodes storing the data blocks; d=2, then means that the storage distance of any two data blocks must be greater than 2, and similarly, d=n, then means that the storage distance of any two data blocks must be greater than n.
Further, a storage node larger than the safe storage distance is selected as an alternative storage node of the target encrypted data block, and then the alternative storage node is constructed as a storage node set, if the safe storage distance corresponding to the initial storage node (1) is 1, the safe storage distance between the initial storage node (1) and the storage node (2) is 1, the safe storage distance between the initial storage node (1) and the storage node (3) is 2, the safe storage distance between the initial storage node (1) and the storage node (4) is 3, and when d=1, the storage distance between any two data blocks is required to be larger than 1, the storage node (3) and the storage node (4) are selected as alternative storage nodes, and the storage node set is { (1), (3), (4) }.
Furthermore, in order to improve the overall performance of data storage, the load of the nodes is more balanced, and the request delay or the processing speed reduction caused by overload of some nodes does not occur, so that the storage speed and the response time of the data are improved, and therefore, the optimal storage node needs to be selected according to the load value of each storage node.
S4, calculating a load value of each storage node in the storage node set by using a preset load balancing algorithm, selecting a storage node with the minimum load value as a target storage node of the target encrypted data block, and generating a target storage path according to the target storage node and the target encrypted data block.
In the embodiment of the invention, the load value refers to the workload or task amount currently being processed by the storage node, and is generally expressed as a numerical value, and is used for evaluating the load state and the performance condition of the storage node.
In the embodiment of the present invention, the calculating the load value of each storage node in the storage node set by using a preset load balancing algorithm includes:
counting the load information of each storage node in the storage node set;
determining the load weight of the load information through a preset hierarchical model;
calculating the load value of the storage node according to the load information and the load weight by using a load balancing algorithm as follows:
wherein Z is γ For the load value of the gamma-th storage node, delta is a dynamic load optimization factor,information value w for the information of the τ load in the γ -th storage node γτ For the τ load signal in the γ -th storage nodeThe load weight of the message, n is the information quantity in the load information;
and updating the load information of each storage node in real time according to the load value, and returning to the step of determining the load weight of the load information through a preset hierarchical model until a preset time stamp is reached, so as to obtain the load value of each storage node in the storage node set.
In detail, the load information comprises a CPU utilization rate, a memory utilization rate, a disk read-write speed and a network transmission speed, and the data are processed and analyzed by utilizing a data analysis tool and method to obtain insight and visualization about the load of the storage node, so that the load weight of each load index in the load information is determined, and the relative importance of different load information on the data storage can be judged, so that the load value of the storage node can be calculated more comprehensively and accurately.
Specifically, the hierarchical model refers to a hierarchical structure model generated by a hierarchical analysis method, and the hierarchical structure aims at selecting an optimal storage node, wherein criteria comprise CPU load, memory load, disk load and network load, load information comprises CPU utilization rate, memory utilization rate, disk read-write speed and network transmission speed, a comparison matrix needs to be built for each hierarchy to determine relative importance between every two, and in the hierarchical analysis method, a scale from 1 to 9 is used for representing the relative importance. For example, if the disk load is twice as important as the CPU load for system performance, the weight of the disk load may be set to 2, while the weight of the CPU load is set to 0.5, the filled comparison matrix is subjected to consistency check and feature vector calculation, and through the consistency check, it may be verified whether the filled comparison matrix meets the consistency requirement of the secondary analysis method, and if the consistency is passed, the weight of the criterion may be calculated.
Further, calculating a load value of each storage node according to the load information and the load weight, wherein a dynamic load optimization factor delta in a load balancing algorithm represents a dynamic parameter or index used for determining an optimization strategy in the load balancing and resource scheduling process, and performing dynamic adjustment according to real-time load requirements and resource conditions, if the load information is overlarge, the dynamic load optimization factor delta can be adjusted to infinity, and the load value of the storage node reaches the maximum value at the moment; when the load information is too small, the dynamic load optimization factor delta can be adjusted to zero, at the moment, the load value of the storage node is zero, data can be preferentially distributed to the storage node with the load of zero, so that the storage node is dynamically selected, the load balancing is ensured, the load information of the storage node can be updated in real time according to the load value, so that the load condition of the storage node can be mastered in time, the load of the whole storage node can be conveniently adjusted, and the comprehensive load balancing is realized.
Further, the storage node with the smallest load value is selected as the target storage node of the target encrypted data block, if the storage node set is that the load value of the storage node (3) in { (1), (3), (4) } is the smallest, the storage node (3) is selected as the target storage node of the target encrypted data block, and the target encrypted data block is further associated with the target storage node so as to facilitate subsequent data storage.
In the embodiment of the invention, the target storage path refers to a storage association relationship between a target storage node and a target encrypted data block.
In the embodiment of the present invention, the generating a target storage path according to the target storage node and the target encrypted data block includes:
extracting a node address of the target storage node, and extracting an index address of the encrypted data block;
associating the node address with the index address to obtain an associated address;
and generating a target storage path according to the associated address.
In detail, the target storage path can be generated by acquiring the node address of the target storage node and the index address of the encrypted data block from the pre-stored storage area by a computer sentence (e.g., java sentence, python sentence, etc.) having a data grasping function, and further associating the node address with the index address. If the node address of the target storage node (3) is ade1 and the index number of the encrypted data block is 5, the node address ade1 is associated with the index number 5 to obtain an associated address { ade1-5}, and the associated address is stored into a fixed address, such as "/data/files/documents", so as to obtain a target storage path "/data/files/documents".
Furthermore, in order to ensure the security of data storage, the target storage path needs to be encrypted, the encrypted storage path can prevent specific attacks on the path, and an attacker cannot easily obtain path information after encrypting the storage path, so that the capability of resisting the attacks of the system is improved, a third party can be prevented from acquiring the information, and the privacy protection of a user is enhanced.
S5, encrypting the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generating a path mapping table according to the target encrypted storage path, and storing the target data according to the path mapping table.
In the embodiment of the invention, the target encryption storage path is an encryption path obtained by encrypting the target storage path through an encryption algorithm.
In the embodiment of the present invention, encrypting the target storage path by a preset pseudo-random encryption algorithm to obtain a target encrypted storage path includes:
quantizing the target storage path to obtain a target quantized storage path;
converting the target quantized memory path into binary system to obtain a target binary memory path;
Encrypting the target binary storage path through the pseudo-random encryption algorithm to obtain a target encrypted storage path, wherein the pseudo-random encryption algorithm is as follows:
wherein Y is the target encryption storage path, beta is the target binary storage path, M σ For the sigma-th key stream element, m is the modulus, w is the number of bits of the target binary storage path,the sign of exclusive OR is the sign of left shift, the sign of right shift, mod is the sign of remainder, and the V.sub.is the sign of OR.
In detail, the target storage path refers to a new path obtained by performing quantization processing on the target storage path. The purpose of quantifying a storage path is to convert the original path into a more compact or abstract representation for storage, processing, or transmission. The target storage path may be quantized by index encoding, for example, "/data/files/documents" is quantized, i.e., "/data" is converted to index value 1, "/files" is converted to index value 2, and "/documents" is converted to index value 3, then the target quantized storage path is 123. And then generates key stream [ (M) through pseudo-random encryption algorithm σ <<1)mod m∨(M σ >>(w-1))]The encryption storage path is obtained by xoring the target binary storage path corresponding to the target quantized storage path 123 with the key stream, where the modulus M may be 128 bits (16 bytes) or 256 bits (32 bytes), and the key stream element M σ Is an independent random number that is generated by the key stream generator one by one in sequence.
Specifically, a path mapping table is generated according to the target encryption storage path, namely, the path mapping table is constructed by using the target path obtained through analysis and related identification information. The path map may be a data structure, such as a dictionary (or hash table), that maps encrypted paths to original paths or other related information, storing path maps: the generated path map is stored in an appropriate place for later use, and may be written to a file in the file system or stored in a database.
Further, according to the encryption storage path mapping relation between the encryption data block and the storage node stored in the path mapping table, when data needs to be stored, only the corresponding relation between the target data block and the storage node in the path mapping table is required to be queried, and data storage is performed according to the target encryption storage path.
In the embodiment of the present invention, storing the target data according to the path mapping table includes:
acquiring an index number of the target data;
inquiring a data storage address in the path mapping table according to the index number;
And storing the target data to the data storage address.
In detail, when the target data needs to be stored, firstly, an index number corresponding to each target data block in the target data is obtained, then, a data storage address corresponding to the path mapping table is queried according to the index number, and further, the target data block is stored in the data storage address, so that the data distributed storage is realized.
For example, if the index number of the target data block in the target data is 1,2,3 and the data storage address corresponding to the index number of 1,2,3 in the path mapping table is a, B, C, the target data block corresponding to the index number of 1,2,3 is stored into the address of the data storage address of a, B, C, so as to complete the distributed data storage, thereby improving the security of the data storage.
According to the embodiment of the invention, the target data is partitioned, so that the memory use is reduced, and the data processing efficiency is improved; redundancy coding is carried out according to the target data block, so that errors can be detected and repaired when errors occur in the data transmission or storage process; data encryption is carried out on the redundancy matrix of the target data block, so that the safety of data storage is improved; calculating the safe storage distance between storage nodes in the distributed storage node topological graph, and further generating a storage node set of the target encrypted data block according to the safe storage distance, so that the storage positions of the data blocks are ensured to have differences, and the safety of data storage is improved; the load value of each storage node in the storage node set is calculated, so that the storage speed and response time of data can be improved; generating a target storage path according to the target storage node and the target encrypted data block selected by the load value, and encrypting the target storage path to improve the capability of the system for resisting attack, prevent a third party from acquiring the information, and enhance the privacy protection of a user; and storing target data according to the path mapping table, and realizing distributed double encryption storage in the data storage process. Therefore, the data storage method, the data storage device and the data storage medium based on the distributed encryption storage can solve the problem of lower security during data storage.
FIG. 4 is a functional block diagram of a data storage device based on distributed encryption storage according to an embodiment of the present invention.
The data storage device 100 based on distributed encryption storage according to the present invention may be installed in an electronic apparatus. Depending on the functions implemented, the data storage device 100 based on distributed encryption storage may include a target data block encoding module 101, a target data block encryption module 102, a secure storage distance calculation module 103, a target storage path generation module 104, and a target data storage module 105. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the target data block encoding module 101 is configured to perform data blocking on preset target data according to a preset data type to obtain a target data block, and perform data redundancy encoding on the target data block to obtain a data block redundancy encoding;
the target data block encryption module 102 is configured to generate a target data block redundancy matrix according to the target data block and the data block redundancy code, and encrypt data of the target data block redundancy matrix by using a preset double index encryption algorithm to obtain a target encrypted data block;
The secure storage distance calculating module 103 is configured to select any storage node in a preset distributed storage node topology graph as an initial storage node, calculate, according to the initial storage node, a secure storage distance of the target encrypted data block by using a preset dynamic distance algorithm, and generate a storage node set of the target encrypted data block according to the secure storage distance;
the target storage path generating module 104 is configured to calculate a load value of each storage node in the storage node set by using a preset load balancing algorithm, select a storage node with the smallest load value as a target storage node of the target encrypted data block, and generate a target storage path according to the target storage node and the target encrypted data block;
the target data storage module 105 is configured to encrypt the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generate a path mapping table according to the target encrypted storage path, and store the target data according to the path mapping table.
In detail, each module in the data storage device 100 based on distributed encryption storage in the embodiment of the present invention adopts the same technical means as the data storage method based on distributed encryption storage described in fig. 1 to 3, and can produce the same technical effects, which are not described herein.
The present invention also provides a medium storing a computer program which, when executed by a processor of an electronic device, may implement:
performing data blocking on preset target data according to a preset data type to obtain a target data block, and performing data redundancy coding on the target data block to obtain a data block redundancy coding;
generating a target data block redundancy matrix according to the target data block and the data block redundancy code, and carrying out data encryption on the target data block redundancy matrix by using a preset double-index encryption algorithm to obtain a target encrypted data block;
any storage node in a preset distributed storage node topological graph is selected as an initial storage node, the safe storage distance of the target encrypted data block is calculated according to the initial storage node through a preset dynamic distance algorithm, and a storage node set of the target encrypted data block is generated according to the safe storage distance;
calculating a load value of each storage node in the storage node set by using a preset load balancing algorithm, selecting a storage node with the minimum load value as a target storage node of the target encrypted data block, and generating a target storage path according to the target storage node and the target encrypted data block;
Encrypting the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generating a path mapping table according to the target encrypted storage path, and storing the target data according to the path mapping table.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application that uses a digital computer or a digital computer-controlled machine to simulate, extend and expand human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the apparatus claims can also be implemented by means of one unit or means in software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (10)

1. A data storage method based on distributed encryption storage, the method comprising:
s1, performing data blocking on preset target data according to a preset data type to obtain a target data block, and performing data redundancy coding on the target data block to obtain a data block redundancy coding;
s2, generating a target data block redundancy matrix according to the target data block and the data block redundancy code, and carrying out data encryption on the target data block redundancy matrix by utilizing a preset double index encryption algorithm to obtain a target encrypted data block, wherein the method comprises the following steps:
generating a target index key of a target data block in the target data block redundancy matrix through a preset key generation algorithm, wherein the key generation algorithm is as follows:
wherein, key i Target index key for ith target data block, g is generator, r i First random number, t, for the ith target data block i Second random number, q, which is the ith target data block i A third random number that is an i-th target data block;
constructing a key index mapping table according to the target index key and the target data block redundancy matrix;
encrypting the data blocks in the target data block redundancy matrix according to the mapping relation in the key index mapping table by using the following double index encryption algorithm to obtain a target secret value:
wherein L is i The target secret value of the ith target data block, H is a hash function, e is a symmetric encryption algorithm, I i For the original data in the index number of the ith target data block, pk i Sk is the public key of the ith target data block i A private key of the ith target data block;
determining the target encrypted data block according to the target secret value;
s3, any storage node in a preset distributed storage node topological graph is selected as an initial storage node, the safe storage distance of the target encrypted data block is calculated according to the initial storage node through a preset dynamic distance algorithm, and a storage node set of the target encrypted data block is generated according to the safe storage distance;
S4, calculating a load value of each storage node in the storage node set by using a preset load balancing algorithm, selecting a storage node with the minimum load value as a target storage node of the target encrypted data block, and generating a target storage path according to the target storage node and the target encrypted data block;
s5, encrypting the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generating a path mapping table according to the target encrypted storage path, and storing the target data according to the path mapping table.
2. The data storage method based on distributed encryption storage according to claim 1, wherein the performing data blocking on preset target data according to a preset data type to obtain a target data block includes:
classifying the target data according to a preset data type to obtain a target data type;
extracting a target data partitioning strategy corresponding to the target data category;
partitioning the target data according to the target data partitioning strategy to obtain target partitioning data;
and collecting the target block data as the target data block.
3. The data storage method based on distributed encryption storage according to claim 1, wherein the performing data redundancy encoding on the target data block to obtain data block redundancy encoding includes:
generating a data block matrix by the target data block, and marking the data block matrix by symbols to obtain a data block symbol matrix;
generating polynomial coefficients of the target data block according to the data block symbol matrix;
generating an original data polynomial of the target data block according to the polynomial coefficient;
generating a generating polynomial of the target data block through a preset redundancy error correction requirement;
calculating the data block redundancy coding according to the original data polynomial and the generator polynomial, wherein the data block redundancy coding calculation formula is as follows:
wherein P (x) is a product polynomial, D (x) is an original data polynomial, f (x) is a generator polynomial, Q (x) is a quotient polynomial, and R (x) is the data block redundancy code.
4. The data storage method based on distributed encryption storage according to claim 1, wherein the generating a target data block redundancy matrix from the target data block and the data block redundancy code includes:
Extracting a data block coefficient of the target data block, and extracting a coding coefficient of the data block redundancy coding;
generating a redundant coding mapping relation according to the data block coefficients and the coding coefficients;
and splicing the data block coefficients and the coding coefficients according to the redundancy coding mapping relation to obtain a target data block redundancy matrix.
5. The data storage method based on distributed encryption storage according to claim 1, wherein the calculating, by a preset dynamic distance algorithm, the secure storage distance of the target encrypted data block according to the initial storage node includes:
acquiring node storage capacity of each storage node in the distributed storage node topological graph;
counting the shortest node hop count of each storage node in the initial storage node and the distributed storage node topological graph one by one according to the node storage capacity;
calculating the safe storage distance of the target encrypted data block according to the shortest hop count of the node by a dynamic distance algorithm as follows:
d i =mind k (B u ,B v ),u≠v,i≠k
wherein d i For the safe storage distance of the ith target data block, min is a minimum function, d k (B u ,B v ) For storing capacity B based on node corresponding to node u Node storage capacity B corresponding to the v-th storage node v The safe storage distance of the kth target data block between the storage nodes is C (u, v), and the shortest hop count of the nodes between the (u) th storage node and the (v) th storage node is C (u, v).
6. The data storage method based on distributed encryption storage according to claim 1, wherein the calculating the load value of each storage node in the storage node set by using a preset load balancing algorithm includes:
counting the load information of each storage node in the storage node set;
determining the load weight of the load information through a preset hierarchical model;
calculating the load value of the storage node according to the load information and the load weight by using a load balancing algorithm as follows:
wherein Z is γ For the load value of the gamma-th storage node, delta is a dynamic load optimization factor,information value w for the information of the τ load in the γ -th storage node γτ The load weight of the τ load information in the γ -th storage node is calculated, and n is the information quantity in the load information;
and updating the load information of each storage node in real time according to the load value, and returning to the step of determining the load weight of the load information through a preset hierarchical model until a preset time stamp is reached, so as to obtain the load value of each storage node in the storage node set.
7. The data storage method based on distributed encryption storage according to claim 1, wherein the generating a target storage path from the target storage node and the target encrypted data block comprises:
extracting a node address of the target storage node, and extracting an index address of the encrypted data block;
associating the node address with the index address to obtain an associated address;
and generating a target storage path according to the associated address.
8. The data storage method based on distributed encryption storage according to claim 1, wherein encrypting the target storage path by a preset pseudo-random encryption algorithm to obtain a target encrypted storage path comprises:
quantizing the target storage path to obtain a target quantized storage path;
converting the target quantized memory path into binary system to obtain a target binary memory path;
encrypting the target binary storage path through the pseudo-random encryption algorithm to obtain a target encrypted storage path, wherein the pseudo-random encryption algorithm is as follows:
wherein Y is the target encryption storage path, beta is the target binary storage path, M σ For the sigma-th key stream element, m is the modulus, w is the number of bits of the target binary storage path,in the form of an exclusive or symbol,<<in order to shift the symbol to the left,>>for right shift symbols mod is the remainder symbol, and v is the or symbol.
9. A data storage device based on distributed encryption storage, the device comprising:
the target data block coding module is used for carrying out data blocking on preset target data according to preset data types to obtain target data blocks, and carrying out data redundancy coding on the target data blocks to obtain data block redundancy coding;
the target data block encryption module is configured to generate a target data block redundancy matrix according to the target data block and the data block redundancy code, encrypt the target data block redundancy matrix by using a preset double index encryption algorithm, and obtain a target encrypted data block, and includes:
generating a target index key of a target data block in the target data block redundancy matrix through a preset key generation algorithm, wherein the key generation algorithm is as follows:
wherein, key i Target index key for ith target data block, g is generator, r i First random number, t, for the ith target data block i Second random number, q, which is the ith target data block i A third random number that is an i-th target data block;
constructing a key index mapping table according to the target index key and the target data block redundancy matrix;
encrypting the data blocks in the target data block redundancy matrix according to the mapping relation in the key index mapping table by using the following double index encryption algorithm to obtain a target secret value:
wherein L is i The target secret value of the ith target data block, H is a hash function, e is a symmetric encryption algorithm, I i For the original data in the index number of the ith target data block, pk i Sk is the public key of the ith target data block i A private key of the ith target data block;
determining the target encrypted data block according to the target secret value;
the safe storage distance calculation module is used for selecting any storage node in a preset distributed storage node topological graph as an initial storage node, calculating the safe storage distance of the target encrypted data block according to the initial storage node through a preset dynamic distance algorithm, and generating a storage node set of the target encrypted data block according to the safe storage distance;
the target storage path generation module is used for calculating the load value of each storage node in the storage node set by using a preset load balancing algorithm, selecting the storage node with the smallest load value as a target storage node of the target encrypted data block, and generating a target storage path according to the target storage node and the target encrypted data block;
And the target data storage module is used for encrypting the target storage path through a preset pseudo-random encryption algorithm to obtain a target encrypted storage path, generating a path mapping table according to the target encrypted storage path, and storing the target data according to the path mapping table.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements a data storage method based on distributed encryption storage according to any one of claims 1 to 8.
CN202311164633.1A 2023-09-07 2023-09-07 Data storage method, device and medium based on distributed encryption storage Pending CN117111854A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311164633.1A CN117111854A (en) 2023-09-07 2023-09-07 Data storage method, device and medium based on distributed encryption storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311164633.1A CN117111854A (en) 2023-09-07 2023-09-07 Data storage method, device and medium based on distributed encryption storage

Publications (1)

Publication Number Publication Date
CN117111854A true CN117111854A (en) 2023-11-24

Family

ID=88807493

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311164633.1A Pending CN117111854A (en) 2023-09-07 2023-09-07 Data storage method, device and medium based on distributed encryption storage

Country Status (1)

Country Link
CN (1) CN117111854A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117318942A (en) * 2023-11-29 2023-12-29 江苏微知量子科技有限公司 Distributed storage system combined with quantum security technology

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117318942A (en) * 2023-11-29 2023-12-29 江苏微知量子科技有限公司 Distributed storage system combined with quantum security technology
CN117318942B (en) * 2023-11-29 2024-02-13 江苏微知量子科技有限公司 Distributed storage system combined with quantum security technology

Similar Documents

Publication Publication Date Title
JP5194094B2 (en) Data division method, data division apparatus, and computer program
CN106612320A (en) Encrypted data dereplication method for cloud storage
US20100058476A1 (en) Electronic information retention method/system, electronic information split retention method/system, electronic information split restoration processing method/system, and programs for the same
Ren et al. Integrity verification for path oblivious-ram
US20030138105A1 (en) Storing keys in a cryptology device
KR101989813B1 (en) Generating and verifying the alternative data in a specified format
CN115941293B (en) Power network security detection and vulnerability protection datamation method
CN112131227A (en) Data query method and device based on alliance chain
CN106611135A (en) Storage data integrity verification and recovery method
CN117111854A (en) Data storage method, device and medium based on distributed encryption storage
CN117827850B (en) Data storage method and system
CN110770725B (en) Data processing method and device
Chen et al. Robust dynamic remote data checking for public clouds
CN117094008A (en) Neural network model encryption method, neural network model decryption device, neural network model encryption equipment and neural network model decryption medium
JP2004213650A (en) Data fragmentation method, data fragmentation device and computer program
CN114218595A (en) File protection method and system in cloud computing platform
CN117349860B (en) File storage system and method based on matrix change and data segmentation
Balmany et al. Dynamic proof of retrievability based on public auditing for coded secure cloud storage
CN116471103B (en) Internal and external network data security exchange method, device and equipment based on boundary network
CN116305294B (en) Data leakage tracing method and device, electronic equipment and storage medium
CN111866134A (en) Method and system for generating hash value and address of block chain transaction and storage medium
Du et al. Secure and verifiable keyword search in multiple clouds
Moataz et al. Recursive trees for practical ORAM
Vershinin et al. Associative steganography of text messages
CN112486412A (en) Information dispersion method and system based on distributed object storage system security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination