关键词: 去重, 所有权认证, 密钥传递, 零知识验证, 隐藏凭据恢复方法

Abstract: Data deduplication has been widely used in cloud storage servers to reduce bandwidth and save resource effectively. At present, the key chosen to encrypt the file is always the convergent key in the client-based deduplication, so when parts of the file are revealed or the file is poor in entropy, convergent encryption cannot guarantee the semantic security. As for ownership of the file, now the way in some protocols is to check certain numbers of the file blocks to response the challenge of the server, so it cannot prove the whole ownership of the file. In another word, this way is only in a certain probability condition to ensure the ownership of the file. Apart from above, some protocols choose a third party server to participate in the program. Through this way, we need higher security assumption, and it is not suitable for the reality scenes. In this paper, we propose a scheme to deduplicate encrypted data stored in cloud based on zero-knowledge proof and hidden credential retrieval. It uses zero-knowledge proof to achieve the proof of ownership of the file and hidden credential retrieval to transmit the encrypted key to file owners who have proved their ownership of the file. The result shows that our protocol is more efficient and effective. It is easy to be implemented. Meanwhile it improves the security of the ownership authentication and proposes a new key transmission method.

Key words: deduplication, proof of ownership (PoW), key transmission, zero-knowledge proof, hidden credential retrieval