Abstract: With the increasing of cloud storage users, data deduplication technology is widely applied in cloud computing environment. One of the key issues in cloud computing security is to effectively protect data privacy while implementing efficient deduplication and achieving secure multi-party computation among the clients. Cloud users’ control over the deduplication process is considered for the first time. By introducing the user attribute-based security requirement mechanism, a novel data deduplication scheme in cloud storage is proposed, which doesn’t require any online trusted third party. It achieves users’ control over data sharing and fully protects data privacy. Based on bilinear mapping, data tags are constructed to keep track of the data without leaking any exploitable information. The combination of file-level and block-level deduplication is applied to obtain better efficiency with fine data granularity. The ownership proving method is designed based on multi-party computation principles and bloom filter, which ensures only authorized users can access the data. It can prevent malicious users from conducting eavesdropping attack. The data encryption key is protected via broadcast encryption, which secures the data deduplication process. The correctness and security of the proposed scheme are analyzed and proved. Simulation results show that the scheme is secure and effective.