ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (6): 1222-1235.doi: 10.7544/issn1000-1239.2018.20170415

• 信息安全 • 上一篇    下一篇



  1. (西安电子科技大学网络与信息安全学院 西安 710071) (陕西省网络与系统安全重点实验室(西安电子科技大学) 西安 710071) (
  • 出版日期: 2018-06-01
  • 基金资助: 

Deduplication on Encrypted Data Based on Zero-Knowledge Proof and Key Transmission

He Simeng, Yang Chao, Jiang Qi, Yang Li, Ma Jianfeng   

  1. (School of Cyber Engineering, Xidian University, Xi’an 710071) (Shaanxi Key Laboratory of Network and System Security (Xidian University), Xi’an 710071)
  • Online: 2018-06-01

摘要: 文件去重技术已广泛运用于云服务器中,有效地减少带宽并提高资源利用率.目前大部分客户端密文去重方案中,文件加密密钥均采用收敛加密,当文件部分信息泄露或文件熵值较小时,收敛加密不能保证语义安全;部分方案中文件所有权认证采取挑战一定数量的文件数据块进行所有权认证,仅能在一定概率条件下通过所有权认证;部分方案中加入可信第三方,需要更高安全假设,不适用于现实场景.针对上述不足,该方案提出了一种新的密文去重场景下所有权认证与密钥传递方法,利用零知识验证方法,通过不损失熵的文件大摘要实现文件所有权认证,利用隐藏凭据恢复方法实现密钥安全传递.该方案具有密钥与文件分离、完整所有权认证、不使用第三方传递密钥等特点.安全性分析理论证明本方案所有权认证及密钥传递达到了可证明的安全强度,实际云平台测试数据表明:该方案减少了密文去重运算量,使用户可以更高效地使用云服务.

关键词: 去重, 所有权认证, 密钥传递, 零知识验证, 隐藏凭据恢复方法

Abstract: Data deduplication has been widely used in cloud storage servers to reduce bandwidth and save resource effectively. At present, the key chosen to encrypt the file is always the convergent key in the client-based deduplication, so when parts of the file are revealed or the file is poor in entropy, convergent encryption cannot guarantee the semantic security. As for ownership of the file, now the way in some protocols is to check certain numbers of the file blocks to response the challenge of the server, so it cannot prove the whole ownership of the file. In another word, this way is only in a certain probability condition to ensure the ownership of the file. Apart from above, some protocols choose a third party server to participate in the program. Through this way, we need higher security assumption, and it is not suitable for the reality scenes. In this paper, we propose a scheme to deduplicate encrypted data stored in cloud based on zero-knowledge proof and hidden credential retrieval. It uses zero-knowledge proof to achieve the proof of ownership of the file and hidden credential retrieval to transmit the encrypted key to file owners who have proved their ownership of the file. The result shows that our protocol is more efficient and effective. It is easy to be implemented. Meanwhile it improves the security of the ownership authentication and proposes a new key transmission method.

Key words: deduplication, proof of ownership (PoW), key transmission, zero-knowledge proof, hidden credential retrieval