CN114065299B - Ring signature-based data integrity verification method - Google Patents

Abstract

The invention discloses a data integrity verification method based on ring signature, firstly, dividing data into a plurality of data blocks by a data owner, and signing each data block by adopting a ring signature algorithm; then uploading the signature set and the data to a cloud server; when a data owner wants to verify whether the data stored in the cloud is complete, sending an audit request to a third party auditor; the third party auditor generates challenge information and sends the challenge information to the cloud service provider; the cloud service provider generates evidence information according to the challenge information and sends the evidence information to a third party auditor; and finally, the third party auditor verifies the integrity of the data by verifying the equation, if the equation is satisfied, the data is judged to be complete, and otherwise, the data is judged to be incomplete. The data tag is designed by adopting the advanced ring signature technology, so that the cloud data integrity can be rapidly and effectively checked, and the safety is ensured; meanwhile, the problem of data integrity verification in a quantum environment is solved, and the efficiency of the verification scheme is improved.

Description

Ring signature-based data integrity verification method

Technical Field

The invention belongs to the technical field of cloud computing security and data auditing, and particularly relates to a data integrity verification method based on a ring signature.

Background

In the big data age, data owners prefer to store large amounts of data on cloud platforms that provide storage services and computing services, such as apple clouds, hundred degree clouds, tencent clouds, arian clouds, and the like. On one hand, the data owner can fully utilize abundant software, hardware and bandwidth resources of the cloud platform, and can access own data through the Internet anywhere; on the other hand, for a cloud platform, it may gain economic benefit by collecting rentals from the data owners. Another benefit to the data owners is that cloud platforms have high availability and low cost compared to complex local storage management. While data owners may gain tremendous benefit from cloud storage, this approach also presents serious security issues. The most important security issue is data integrity, i.e. the cloud server provider may tamper with or delete data that is rarely accessed by the user, to save storage space. In addition, the data owner may lose physical control of the data.

In recent years, many data auditing methods have been proposed in the field of cloud computing. Data holding may be demonstrated to be a common method of verifying the integrity of data stored in the cloud. Users first break their data into chunks and tag each chunk, and then can challenge the cloud storage service provider with randomly selected portions of the chunks to check their own data. If the data is corrupted, the above method cannot recover the data. Therefore, scholars have proposed a retrievable attestation model to solve this problem, which not only ensures that the server stores data correctly by sampling and error correction techniques, but also enables the user to retrieve the data he needs. Most schemes only consider static data storage and are not applicable to general scenarios. To support data updates, including data modification, insertion, and deletion, scholars have proposed schemes based on classical merck hash trees and bilinear aggregate signatures. Because the data owner can bring great computational burden for verifying the data integrity by himself, researchers put forward schemes supporting public verification and batch processing and identity-based data auditing schemes, which consider different application requirements in cloud storage and support efficient user revocation, trusted data outsourcing or fuzzy identity management. However, since these schemes are based on bilinear pair signatures, a significant computational cost is incurred for third party auditors.

The data audit schemes described above are mostly designed based on traditional asymmetric cryptographic primitives, with difficult problems based on large integer decomposition or discrete logarithm problems. However, the development of quantum computers may render conventional asymmetric cryptographic schemes no longer secure. Lattice-based cryptography is a novel area of research and application. The potential resistance of lattice cryptography to quantum computer attacks provides new impetus for the research and implementation of related algorithm protocols. Well-known lattice-based cryptodesigns include Ajtai-Dwork lattice cryptosystems, NTRU systems, short integer solution and LWE problem based cryptosystems, identity based cryptosystems, and isomorphic cryptosystems, among others. At present, lattice-based cryptography is still secure against attacks by quantum computer adversaries, it has the best prospect of post-quantum cryptography because it has very strong security evidence based on worst-case difficulties, and efficient implementation. In view of the foregoing, in a quantum computing environment, it is necessary to construct a data integrity verification scheme based on lattice cryptography.

Disclosure of Invention

The invention aims to: the invention provides a data integrity verification method based on a ring signature, which combines LWE difficult assumption, designs a data tag by using the ring signature to verify whether cloud data is deleted or tampered.

The technical scheme is as follows: the invention discloses a data integrity verification method based on ring signature, which comprises the following steps:

(1) Dividing the original data into a plurality of data blocks by a data owner;

(2) Signing each data block by adopting a ring signature algorithm, so as to generate a data tag;

(3) Uploading the signature set and the data to a cloud server, and sending an audit request to a third party auditor when a data owner wants to verify whether the data stored in the cloud is complete;

(4) The third party auditor generates challenge information and sends the challenge information to the cloud service provider;

(5) The cloud service provider generates evidence information according to the challenge information and sends the evidence information to a third party auditor;

(6) The third party auditor verifies the integrity of the data by verifying the equation; if the equation is satisfied, the data is judged to be complete, otherwise, the data is judged to be incomplete.

Further, the implementation process of the step (1) is as follows:

The data owner blocks the original data F and divides the original data F into a plurality of data blocks { F ₁,F₂,…,F_n }, wherein F _i epsilon F; to generate the required common parameters, an addition group G and its two subgroups G ₁,G₂ are determined, defining a uniform distribution Q _k and two matrices Generating a common parameter pp= (G, K, G ₁,G₂,Q_k); a key pair required for signature and verification is generated, and for the keys of the signature, sk=c _i and pk= { l ₁,l₂,…l_n } are first set, and a public-private key pair (sk, pk) is generated, wherein l _i＝Lc_i+e_i,m,r,p∈Z,c_i,e_i∈G₁.

Further, the implementation process of the step (2) is as follows:

For data F= { F ₁,F₂,…,F_n }, first set st ε {0,1} ^2λ, then for each data block F _i in data F, i ε (1, 2, …, n), calculate Y _i＝H(F_i, R), And η _i＝(φ,τ,α_i), where φ ε [ - (B ₂-B₁),(B₂-B₁)],B₁,B₂ ε Z, τ is obtained by algorithm GETMERKLEPATH, α _i∈{0,1}^λ; finally, generating data tag informationWhere H is the hash function, R is a ring, rt _i is the root of the ith hash tree, then t= { σ ₁,σ₂,…,σ_n } is the tag of data f= { F ₁,F₂,…,F_n }.

Further, the implementation process of the step (4) is as follows:

after receiving the audit request, the audit request is sent through a set of random values And a random subset u= { u ₁,u₂,…,u_v } of the set {1,2, …, n }, generating and transmitting challenge information chal= { u _i,w_i } to the cloud service provider.

Further, the implementation process of the step (5) is as follows:

after receiving the challenge information, the cloud service provider generates evidence information according to the challenge information, and firstly calculates auxiliary verification information Then calculateFinally generating evidence informationAnd sending the message to a third party auditor.

Further, the implementation process of the step (6) is as follows:

After receiving the evidence information, the third party auditor calculates the aggregation verification information according to the evidence information Then verifying whether the following equation is satisfied, if so, judging that the data is complete, otherwise, judging that the data is incomplete:

Wherein, Is a collectionThe (a) is a value of the (u _i),Is the (u _i) th dataAnd a hash of the set of rings R,Is the set of the roots of the first u _i hash trees,Is the u _i th auxiliary authentication information,Is the root of the u _i hash tree.

The beneficial effects are that: compared with the prior art, the invention has the beneficial effects that: the data tag is designed by adopting the advanced ring signature technology, so that the cloud data integrity can be rapidly and effectively checked, and the safety is ensured; meanwhile, the problem of data integrity verification in a quantum environment is solved, and the efficiency of the verification scheme is improved.

Drawings

Fig. 1 is a schematic flow chart of the present invention.

Detailed Description

The invention is described in further detail below with reference to the accompanying drawings.

The invention provides a data integrity verification method based on ring signature, as shown in figure 1, which specifically comprises the following steps:

before the data is uploaded to the cloud, the data is processed. The treatment process is as follows:

Firstly, the data owner partitions the original data, and divides F into a plurality of data blocks { F ₁,F₂,…,F_n }, wherein F _i epsilon F; then to generate the required common parameters, an addition group G and its two subgroups G ₁,G₂ are determined, next a uniform distribution Q _k and two matrices are defined Finally, generating a common parameter pp= (G, K, G ₁,G₂,Q_k); next, a key pair required for signature and verification is generated, and for the keys of the signature, sk=c _i and pk= { l ₁,l₂,…l_n } are set first, and then a public-private key pair (sk, pk) is generated, where l _i＝Lc_i+e_i,m,r,p∈Z,c_i,e_i∈G₁.

In order to verify whether the data stored in the cloud is tampered or deleted, signature is carried out on each data block by adopting a ring signature algorithm, and then a data tag is generated. The specific process is as follows:

for data f= { F ₁,F₂,…,F_n }, first st e {0,1} ^2λ is set, then for each data block F _i, i e (1, 2, …, n) in data F, Y _i＝H(F_i, R is calculated, And η _i＝(φ,τ,α_i), where φ ε [ - (B ₂-B₁),(B₂-B₁)],B₁,B₂ ε Z, τ is obtained by algorithm GETMERKLEPATH, α _i∈{0,1}^λ. Finally generating label informationWhere H is a hash function, R is a ring, rt _i is the root of the hash tree, then t= { σ ₁,σ₂,…,σ_n } is the tag of data f= { F ₁,F₂,…,F_n }.

And uploading the signature set and the data to a cloud server, and sending an audit request to a third party auditor when the data owner wants to verify whether the data stored in the cloud is complete.

After receiving the audit request, the audit request is sent through a set of random valuesAnd a random subset u= { u ₁,u₂,…,u_v } of the set {1,2, …, n }, generating and transmitting challenge information chal= { u _i,w_i } to the cloud service provider.

After receiving the challenge information, the cloud service provider generates evidence information according to the challenge information, and firstly calculates auxiliary verification informationThen calculateFinally generating evidence informationAnd sending the message to a third party auditor.

After receiving the evidence information, the third party auditor calculates the aggregation verification information according to the evidence informationThen verifying whether the following equation is satisfied, if so, judging that the data is complete, otherwise, judging that the data is incomplete:

Wherein, Is a collectionThe (a) is a value of the (u _i),Is the (u _i) th dataAnd a hash of the set of rings R,Is the set of the roots of the first u _i hash trees,Is the u _i th auxiliary authentication information,Is the root of the u _i hash tree.

The selection of signature algorithms and the setting of parameters are greatly different from data labels generated by different signature algorithms, which directly affects the time for generating the labels, indirectly affects the time spent by the verification equation in the evidence verification stage, and further affects the efficiency of the whole data integrity verification method.

The invention adopts the advanced ring signature technology to design the data tag, so that the cloud data integrity can be rapidly and effectively checked, and the safety is ensured. Meanwhile, the problem of data integrity verification in a quantum environment is solved, and the efficiency of the verification scheme is improved.

The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims (2)

1. A method for verifying data integrity based on a ring signature, comprising the steps of:

(1) Dividing the original data into a plurality of data blocks by a data owner; generating a key pair required by signature and verification according to the data block;

(2) Signing each data block by adopting a ring signature algorithm, so as to generate a data tag;

(3) Uploading the signature set and the data to a cloud server, and sending an audit request to a third party auditor when a data owner wants to verify whether the data stored in the cloud is complete;

(4) The third party auditor generates challenge information and sends the challenge information to the cloud service provider;

(5) The cloud service provider generates evidence information according to the challenge information and sends the evidence information to a third party auditor;

(6) The third party auditor verifies the integrity of the data by verifying the equation; if the equation is satisfied, judging that the data is complete, otherwise judging that the data is incomplete;

The implementation process of the step (2) is as follows:

For data F= { F ₁,F₂,…,F_n }, first set st ε {0,1} ^2λ, then for each data block F _i in data F, i ε (1, 2, …, n), calculate Y _i＝H(F_i, R), And η _i＝(φ,τ,α_i), where φ ε [ - (B ₂-B₁),(B₂-B₁)],B₁,B₂ ε Z, τ is obtained by algorithm GETMERKLEPATH, α _i∈{0,1}^λ; finally, generating data tag informationWhere H is a hash function, R is a ring, rt _i is the root of the ith hash tree, then t= { σ ₁,σ₂,…,σ_n } is the tag of data f= { F ₁,F₂,…,F_n };

the implementation process of the step (4) is as follows:

after receiving the audit request, the audit request is sent through a set of random values And a random subset u= { u ₁,u₂,…,u_v } of the set {1,2, …, n } to generate and send challenge information chal= { u _i,w_i } to the cloud service provider;

The implementation process of the step (5) is as follows:

after receiving the challenge information, the cloud service provider generates evidence information according to the challenge information, and firstly calculates auxiliary verification information Then calculateFinally generating evidence informationSending to a third party auditor;

the implementation process of the step (6) is as follows:

After receiving the evidence information, the third party auditor calculates the aggregation verification information according to the evidence information Then verifying whether the following equation is satisfied, if so, judging that the data is complete, otherwise, judging that the data is incomplete:

Wherein, Is a collectionThe (a) is a value of the (u _i),Is the (u _i) th dataAnd a hash of the set of rings R,Is the set of the roots of the first u _i hash trees,Is the u _i th auxiliary authentication information,Is the root of the u _i hash tree.

2. The method for verifying the integrity of data based on a ring signature as defined in claim 1, wherein the step (1) is implemented as follows:

The data owner blocks the original data F and divides the original data F into a plurality of data blocks { F ₁,F₂,…,F_n }, wherein F _i epsilon F; to generate the required common parameters, an addition group G and its two subgroups G ₁,G₂ are determined, defining a uniform distribution Q _k and two matrices Generating a common parameter pp= (G, K, G ₁,G₂,Q_k); a key pair required for signature and verification is generated, and for the keys of the signature, sk=c _i and pk= { l ₁,l₂,…l_n } are first set, and a public-private key pair (sk, pk) is generated, wherein l _i＝Lc_i+e_i,m,r,p∈Z,c_i,e_i∈G₁.