CN108182367A - A kind of encrypted data chunk client De-weight method for supporting data update - Google Patents

Abstract

Translated fromChinese

本发明公开了一种支持数据更新的加密数据块客户端去重方法，利用收敛加密算法，使得相同的明文文件块加密后映射为相同的密文文件块，构建新型动态平衡跳跃表作为文件所有权认证结构，进行服务器与文件后继上传者之间的文件所有权认证交互，实现加密数据块客户端去重。提出动态平衡跳跃表自平衡的方法，根据用户上传的动态操作指令和待更新的明文文件块的认证值，对动态平衡跳跃表中节点进行修改、插入和删除操作，本发明不仅提高了服务器去重比率和存储资源利用率，节省用户带宽和上传时间，而且支持数据块更新，实现服务器端数据弹性管理。

The invention discloses a client deduplication method for encrypted data blocks that supports data update. A convergent encryption algorithm is used to make the same plaintext file block encrypted and mapped to the same ciphertext file block, and a new type of dynamic balance jump table is constructed as the file ownership. The authentication structure performs the file ownership authentication interaction between the server and the subsequent uploader of the file, and realizes deduplication of encrypted data blocks on the client side. A self-balancing method for a dynamic balance jump table is proposed. According to the dynamic operation instruction uploaded by the user and the authentication value of the plaintext file block to be updated, the nodes in the dynamic balance jump table are modified, inserted and deleted. Re-ratio and storage resource utilization, save user bandwidth and upload time, and support data block update, to achieve server-side data elastic management.

Description

Translated fromChinese

一种支持数据更新的加密数据块客户端去重方法A client-side deduplication method for encrypted data blocks supporting data update

技术领域technical field

本发明属于计算机技术领域，进一步涉及信息安全技术领域中的一种支持数据更新的加密数据块客户端去重方法。本发明可用于支持加密数据块去重和更新的云存储系统，不仅可提高去重比率，节省用户的上传带宽和服务器的存储空间，还支持用户对文件块的更新操作，实现数据弹性管理。The invention belongs to the technical field of computers, and further relates to a deduplication method of an encrypted data block client supporting data update in the technical field of information security. The present invention can be used in a cloud storage system that supports deduplication and update of encrypted data blocks, not only can improve the deduplication ratio, save upload bandwidth of users and storage space of servers, but also support user's update operation of file blocks, and realize flexible data management.

背景技术Background technique

云存储数据去重技术广泛地应用在数据备份中减少网络和存储开销。该技术可以消除数据冗余，只留下一个物理副本，而不会保留多个相同内容的数据拷贝。数据去重技术基于不同的去重策略，可分为客户端或服务器端去重，文件级或文件块级去重等。客户端去重相比于服务器端去重，可以减少重复数据的上传，节省用户带宽和上传时间，带来更好的用户体验。文件块级去重相比于文件级去重，可以实现更细粒度的去重，提高去重比率和存储资源利用率。因此，加密数据块去重技术或者加密数据客户端去重技术得到云存储服务供应商的肯定和支持。但现实生活中，人们往往需要对云端备份文件提出更新请求，因此，数据去重技术支持用户对云端数据的更新，实现服务器对数据的弹性管理，具有重大的现实需求。Cloud storage data deduplication technology is widely used in data backup to reduce network and storage overhead. This technology eliminates data redundancy, leaving only one physical copy rather than multiple copies of the same content. Data deduplication technology is based on different deduplication strategies, which can be divided into client-side or server-side deduplication, file-level or file-block-level deduplication, etc. Compared with server-side deduplication, client-side deduplication can reduce the upload of duplicate data, save user bandwidth and upload time, and bring better user experience. Compared with file-level deduplication, file block-level deduplication can achieve finer-grained deduplication, improve deduplication ratio and storage resource utilization. Therefore, encrypted data block deduplication technology or encrypted data client deduplication technology has been affirmed and supported by cloud storage service providers. However, in real life, people often need to request to update cloud backup files. Therefore, data deduplication technology supports users to update cloud data and realizes flexible management of data by servers, which has a major practical demand.

北京安码科技有限公司在其申请的专利文献“一种安全的重复数据删除方法”(申请号：201310736892.7，公开号：CN 103731423A)中公开了一种重复数据删除的方法。该方法的具体步骤包括：客户端对需要存储的文件运用同一密钥不同的加密算法加密成密文；服务器首先通过文件的哈希值判断是否存储过该文件；客户端通过服务器返回的密文解密出密钥，再用另一加密算法加密；服务器通过对比文件用同一加密算法两次加密判断是否进行重复数据删除。该方法存在的不足之处是：该方法中的密钥是由用户随机产生的，不能抵抗由文件首位上传者发起的内容欺骗攻击，安全性较低，而且该方法不支持文件块级去重，去重粒度小，去重比率低。Beijing Anma Technology Co., Ltd. discloses a method of deduplication in its patent document "A Safe Data Deduplication Method" (application number: 201310736892.7, publication number: CN 103731423A). The specific steps of the method include: the client uses the same key to encrypt the file to be stored into ciphertext; the server first judges whether the file has been stored by the hash value of the file; the client uses the ciphertext returned by the server Decrypt the key, and then encrypt it with another encryption algorithm; the server judges whether to perform data deduplication by comparing files encrypted twice with the same encryption algorithm. The shortcomings of this method are: the key in this method is randomly generated by the user, which cannot resist the content spoofing attack initiated by the first uploader of the file, the security is low, and this method does not support file block level deduplication , the deduplication granularity is small, and the deduplication ratio is low.

Chen R,Mu Y and Yang G等人在其发表的论文“BL-MLE:Block-Level Message-Locked Encryption for Secure Large File Deduplication”(IEEE Transactions onInformation Forensics Security,2015,10(12):2643–2652.)中提出了一种加密文件块的去重方法。该方法基于收敛加密算法对文件块进行加密处理，实现文件块级去重。该方法的具体步骤：客户端利用文件块的哈希值加密文件块，再利用文件的哈希值对文件块的内容进行指数运算，产生文件块标签。服务器通过双线性对等式判断不同文件中是否存在相同文件块，删除重复加密文件块，从而实现文件块级去重。该方法存在的不足之处是：使用双线性算法和指数运算，计算复杂度高，效率低；不能支持用户对文件块的更新操作，若用户想要更新云端备份文件，则需要上传更新后的整个文件，而不仅是需要更新的文件块，从而浪费用户上传带宽和上传时间。Chen R, Mu Y and Yang G et al published the paper "BL-MLE: Block-Level Message-Locked Encryption for Secure Large File Deduplication" (IEEE Transactions on Information Forensics Security, 2015, 10(12): 2643–2652 .) proposed a deduplication method for encrypted file blocks. The method encrypts file blocks based on a convergent encryption algorithm to realize file block-level deduplication. The specific steps of the method: the client encrypts the file block by using the hash value of the file block, and then uses the hash value of the file to perform exponential operation on the content of the file block to generate the file block label. The server judges whether the same file block exists in different files through bilinear equivalence, and deletes duplicate encrypted file blocks, thereby realizing file block-level deduplication. The shortcomings of this method are: using bilinear algorithm and exponential operation, the calculation complexity is high and the efficiency is low; it cannot support the user's update operation on the file block. If the user wants to update the cloud backup file, he needs to upload the update. The entire file of the file, not just the file block that needs to be updated, thereby wasting user upload bandwidth and upload time.

He K,Chen J,Du R等人在其发表的论文“DeyPoS:Deduplicatable DynamicProof of Storage for Multi-User Environments”(IEEE Transactions on Computers,2016,65(12):3631–3645.)中提出了一种云存储数据去重环境下支持动态更新的文件所有权认证和完整性验证的方法。该方法设计了一种新的文件所有权认证结构——同态认证树，它可支持三种更新操作，可满足用户对文件块的更新需求。同态认证树中各节点的计算采用同态算法，服务器基于该结构对文件后继上传者进行文件所有权的认证。该方案存在的不足之处是：大规模的插入和删除操作会导致同态认证结构的失衡，从而失去二分查找的高效性；该方法不支持加密文件块去重，去重比率低。He K, Chen J, Du R et al. proposed a A method for file ownership authentication and integrity verification that supports dynamic updates in a cloud storage data deduplication environment. This method designs a new file ownership authentication structure—homomorphic authentication tree, which can support three update operations and meet the user's update requirements for file blocks. The calculation of each node in the homomorphic authentication tree adopts a homomorphic algorithm, and the server authenticates the ownership of the file to the subsequent uploader of the file based on this structure. The shortcomings of this scheme are: large-scale insertion and deletion operations will lead to an imbalance in the homomorphic authentication structure, thus losing the efficiency of binary search; this method does not support encrypted file block deduplication, and the deduplication ratio is low.

Zhao,Yongjun,and S.S.M.Chow在其发表的论文“Updatable Block-LevelMessage-Locked Encryption[C]”(ACM Asia Conference on Computer andCommunications Security.ACM,2017.)中提出了一种可更新的基于收敛加密算法的数据块去重方法。该方法的具体步骤：用户利用文件块的哈希值加密文件块，将文件块哈希值前后连接作为新明文文件块，再利用新明文文件块的哈希值加密对应的新明文文件块，直到产生最后一个明文文件块，该明文文件块的哈希值作为文件的主密钥，用于文件的加密和更新；服务器基于上述加密文件块建立Merkle Tree，用于文件块和文件块密钥连接值的存储与更新。该方法存在的不足之处是：没有提出安全高效的文件所有权认证方法，造成大量重复文件块的上传，浪费用户带宽；采用迭代收敛加密算法计算文件块密文，使得文件块密文的解密过程效率低；Merkle Tree因自身的结构限制，仅支持叶子节点的修改更新，并不支持叶子节点插入和删除更新，因此，不能完全满足用户对文件块的更新需求。Zhao, Yongjun, and S.S.M.Chow proposed an updateable convergence-based encryption algorithm in their paper "Updatable Block-LevelMessage-Locked Encryption[C]" (ACM Asia Conference on Computer and Communications Security.ACM, 2017.) Data block deduplication method. The specific steps of the method: the user encrypts the file block by using the hash value of the file block, connects the hash value of the file block back and forth as a new plaintext file block, and then encrypts the corresponding new plaintext file block by using the hash value of the new plaintext file block, Until the last plaintext file block is generated, the hash value of the plaintext file block is used as the master key of the file for encryption and update of the file; the server builds a Merkle Tree based on the above encrypted file block, which is used for the file block and the file block key Storage and update of connection values. The shortcomings of this method are: no safe and efficient file ownership authentication method is proposed, resulting in a large number of repeated file block uploads, wasting user bandwidth; the iterative convergence encryption algorithm is used to calculate the file block ciphertext, so that the decryption process of the file block ciphertext Low efficiency; due to its own structural limitations, Merkle Tree only supports leaf node modification and update, and does not support leaf node insertion and deletion updates. Therefore, it cannot fully meet the user's update requirements for file blocks.

发明内容Contents of the invention

本发明的目的是针对上述现有技术的不足，提出一种支持数据更新的加密数据块客户端去重方法。The object of the present invention is to propose a method for deduplication of encrypted data blocks at the client side that supports data update in view of the deficiencies of the above-mentioned prior art.

为了实现本发明目的的具体思路是：采用收敛加密算法计算加密文件块的方法，确保相同的明文文件块加密后映射为相同的密文文件块，实现不同文件中相同文件块的去重，保护数据私密性，提高服务器端的去重比率和存储资源利用率。基于跳跃表概率上高效查找和支持更新操作的特性，提出具有二分查找优势的新型动态平衡跳跃表作为文件所有权的认证结构和新的认证方法，实现服务器与文件后继上传者的文件所有权认证交互，避免了相同数据块重复上传，节省用户带宽和上传时间。最后，借鉴平衡二叉树结构平衡特性，提出动态平衡跳跃表更新操作自平衡的方法，根据用户上传的动态操作指令和待更新的明文文件块的认证值，实现动态平衡跳跃表中节点的修改、插入和删除操作，以支持云端文件块的更新，实现服务器端数据弹性管理。In order to realize the purpose of the present invention, the specific train of thought is: adopt the method of convergent encryption algorithm to calculate the encrypted file block, ensure that the same plaintext file block is encrypted and mapped to the same ciphertext file block, realize the deduplication of the same file block in different files, and protect Data privacy, improve server-side deduplication ratio and storage resource utilization. Based on the characteristics of efficient search and support update operation in the probability of skip table, a new type of dynamic balance skip table with the advantage of binary search is proposed as the authentication structure and new authentication method of file ownership, which realizes the file ownership authentication interaction between the server and the subsequent uploader of the file. Avoid repeated uploads of the same data block, saving user bandwidth and upload time. Finally, referring to the balance characteristics of the balanced binary tree structure, a self-balancing method for updating the dynamic balancing jump table is proposed. According to the dynamic operation instructions uploaded by the user and the authentication value of the plaintext file block to be updated, the modification and insertion of nodes in the dynamic balancing jump table are realized. and delete operations to support the update of cloud file blocks and realize elastic data management on the server side.

本发明的具体步骤包括如下：Concrete steps of the present invention include as follows:

(1)文件首位上传者对数据块进行加密处理：(1) The first uploader of the file encrypts the data block:

(1a)文件首位上传者利用256位安全散列算法SHA256，以明文文件作为输入，计算明文文件的密钥，以明文文件的密钥作为输入，计算明文文件的标签；(1a) The first uploader of the file uses the 256-bit secure hash algorithm SHA256, takes the plaintext file as input, calculates the key of the plaintext file, and uses the key of the plaintext file as input to calculate the label of the plaintext file;

(1b)文件首位上传者对明文文件进行长度为4kb的分块，生成多个明文文件块；(1b) The first uploader of the file divides the plaintext file into blocks with a length of 4kb to generate multiple plaintext file blocks;

(1c)文件首位上传者利用256位安全散列算法SHA256，以每一个明文文件块作为输入，计算每一个明文文件块的密钥，以每一个明文文件块和明文文件块密钥前后连接作为输入，计算每一个明文文件块的认证值；(1c) The first uploader of the file uses the 256-bit secure hash algorithm SHA256, takes each plaintext file block as input, calculates the key of each plaintext file block, and connects each plaintext file block and the plaintext file block key back and forth as Input, calculate the authentication value of each plaintext file block;

(1d)文件首位上传者采用256位高级加密标准AES256中的加密算法，用明文文件块的密钥加密明文文件块，得到密文文件块，用明文文件的密钥加密明文文件块密钥的连接值，得到明文文件块密钥的连接值密文；(1d) The first uploader of the file adopts the encryption algorithm in the 256-bit Advanced Encryption Standard AES256, encrypts the plaintext file block with the key of the plaintext file block, obtains the ciphertext file block, and encrypts the key of the plaintext file block with the key of the plaintext file Connection value, get the connection value ciphertext of the plaintext file block key;

(1e)文件首位上传者将明文文件的标签、明文文件块的认证值、密文文件块和明文文件块密钥的连接值密文上传至服务器；(1e) The first uploader of the file uploads the label of the plaintext file, the authentication value of the plaintext file block, the ciphertext file block and the connection value of the plaintext file block key to the server in ciphertext;

(2)服务器构建新型动态平衡跳跃表：(2) The server builds a new dynamic balance jump table:

(2a)将每个明文文件块认证值对应的基层节点，按照明文文件块认证值对应的明文文件块的前后顺序，连接成一个单链表；(2a) connect the base node corresponding to each plaintext file block authentication value into a singly linked list according to the order of the plaintext file blocks corresponding to the plaintext file block authentication value;

(2b)从当前链表左侧第一个节点开始，将每两个节点作为子节点生成一个父节点；若当前链表中节点个数为奇数时，将剩余的最后三个节点作为子节点生成一个父节点；(2b) Starting from the first node on the left side of the current linked list, use every two nodes as child nodes to generate a parent node; if the number of nodes in the current linked list is odd, use the remaining last three nodes as child nodes to generate a parent node parent node;

(2c)利用256位安全散列算法SHA256，将每个父节点中每个子节点的哈希值，按照子节点左右顺序连接成哈希连接值作为输入，计算哈希连接值的哈希值，将哈希连接值的哈希值赋值给每个父节点的哈希值；(2c) Using the 256-bit secure hash algorithm SHA256, the hash value of each child node in each parent node is connected into a hash connection value according to the left and right order of the child nodes as input, and the hash value of the hash connection value is calculated. Assign the hash value of the hash connection value to the hash value of each parent node;

(2d)将每个父节点中每个子节点可达基层节点数的和赋值给每个父节点的可达的基层节点数；将生成每个父节点所用的节点数赋值给每个父节点的子节点数；(2d) Assign the sum of the number of reachable base-level nodes of each child node in each parent node to the number of reachable base-level nodes of each parent node; assign the number of nodes used to generate each parent node to the number of each parent node number of child nodes;

(2e)用每个父节点的下指针指向该节点左侧第一个子节点的位置，将生成的父节点按照生成的先后顺序链接成父链表；(2e) use the down pointer of each parent node to point to the position of the first child node on the left side of the node, and link the generated parent nodes into a parent linked list according to the order of generation;

(2f)删除不同父节点中子节点之间的指针；(2f) delete pointers between child nodes in different parent nodes;

(2g)判断父链表中是否只有一个节点，若是，则将父链表中的唯一节点标记为根节点，得到动态平衡跳跃表后执行步骤(3)；否则，以生成的父链表作为当前链表后执行步骤(2b)；(2g) Determine whether there is only one node in the parent linked list, if so, mark the unique node in the parent linked list as the root node, and perform step (3) after obtaining the dynamic balance jump list; otherwise, use the generated parent linked list as the current linked list Execute step (2b);

(3)服务器对加密数据块进行去重操作：(3) The server deduplicates the encrypted data block:

服务器利用256位安全散列算法SHA256，以密文文件块作为输入，计算密文文件块的标签，删除已有相同密文文件块标签的重复密文文件块，完成服务器端的加密数据块去重操作；The server uses the 256-bit secure hash algorithm SHA256, takes the ciphertext file block as input, calculates the label of the ciphertext file block, deletes the duplicate ciphertext file block with the same ciphertext file block label, and completes the deduplication of the encrypted data block on the server side operate;

(4)文件后继上传者与服务器进行文件所有权认证交互：(4) Subsequent uploaders of files interact with the server for file ownership authentication:

(4a)服务器利用随机函数随机生成两个正整数,将两个正整数发送给文件后继上传者；(4a) The server uses a random function to randomly generate two positive integers, and sends the two positive integers to subsequent file uploaders;

(4b)文件后继上传者将两个正整数中的一个作为随机种子，生成与另一个正整数相等的多个随机数作为被挑战文件块的索引值；(4b) The subsequent uploader of the file uses one of the two positive integers as a random seed, and generates multiple random numbers equal to the other positive integer as the index value of the challenged file block;

(4c)文件后继上传者对明文文件进行长度为4kb的分块，生成多个明文文件块；(4c) The subsequent uploader of the file divides the plaintext file into blocks with a length of 4kb to generate multiple plaintext file blocks;

(4d)文件后继上传者利用256位安全散列算法SHA256，计算被挑战文件块的索引值所对应的被挑战文件块的认证值，将其发送至服务器；(4d) The subsequent uploader of the file uses the 256-bit secure hash algorithm SHA256 to calculate the authentication value of the challenged file block corresponding to the index value of the challenged file block, and send it to the server;

(5)服务器确定该后继上传者是否是文件拥有者：(5) The server determines whether the subsequent uploader is the file owner:

(5a)服务器将两个正整数中的一个作为随机种子，生成与另一个正整数相等的多个随机数作为被挑战文件块的索引值；(5a) The server uses one of the two positive integers as a random seed, and generates multiple random numbers equal to the other positive integer as the index value of the challenged file block;

(5b)在动态平衡跳跃表中，服务器查找被挑战文件块索引值所对应基层节点的父类节点和父类节点的兄弟节点；(5b) In the dynamic balance jump table, the server searches for the parent node of the base node corresponding to the index value of the challenged file block and the sibling nodes of the parent node;

(5c)利用256位安全散列算法SHA256，服务器用兄弟节点的哈希值和接收到的被挑战文件块的认证值，重新计算动态平衡跳跃表根节点的哈希值；(5c) Using the 256-bit secure hash algorithm SHA256, the server recalculates the hash value of the root node of the dynamic balance jump table with the hash value of the sibling node and the received authentication value of the challenged file block;

(5d)判断动态平衡跳跃表根节点的哈希值与服务器本地所存储的根节点哈希值是否相等，若是，则文件所有权认证通过，服务器将后续上传者标记为文件拥有者后执行步骤(6)；否则，文件所有权认证失败；(5d) Determine whether the hash value of the root node of the dynamic balance jump table is equal to the root node hash value stored locally on the server, if so, the file ownership authentication is passed, and the server marks the subsequent uploader as the file owner and then executes the step ( 6); otherwise, the file ownership authentication fails;

(6)文件拥有者下载服务器端的密文文件块：(6) The file owner downloads the ciphertext file block on the server side:

(6a)文件拥有者将明文文件的标签和下载请求发送至服务器；(6a) The file owner sends the tag and download request of the plaintext file to the server;

(6b)服务器将明文文件标签对应的所有密文文件块和明文文件块密钥连接值的密文发送至文件拥有者；(6b) The server sends all ciphertext file blocks corresponding to the plaintext file label and the ciphertext of the key connection value of the plaintext file block to the file owner;

(7)文件拥有者解密服务器端的密文文件块：(7) The file owner decrypts the ciphertext file block on the server side:

文件拥有者采用256位高级加密标准AES256中的解密算法，用明文文件的密钥解密明文文件块密钥的连接值密文，得到明文文件块密钥的连接值，用明文文件块的密钥解密密文文件块，得到明文文件块；The file owner adopts the decryption algorithm in the 256-bit Advanced Encryption Standard AES256, uses the key of the plaintext file to decrypt the ciphertext of the connection value of the plaintext file block key, obtains the connection value of the plaintext file block key, and uses the key of the plaintext file block to decrypt the ciphertext of the connection value of the plaintext file block key. Decrypt the ciphertext file block to obtain the plaintext file block;

(8)文件拥有者对新的明文文件块进行加密处理：(8) The file owner encrypts the new plaintext file block:

(8a)文件拥有者将明文文件的标签和更新请求发送至服务器；(8a) The file owner sends the label and update request of the plaintext file to the server;

(8b)服务器将文件块密钥连接值的密文发送给文件拥有者；(8b) The server sends the ciphertext of the file block key connection value to the file owner;

(8c)采用256位高级加密标准AES256中的解密算法，文件拥有者用明文文件的密钥解密明文文件块密钥连接值的密文，得到明文文件块密钥的连接值；(8c) Using the decryption algorithm in the 256-bit Advanced Encryption Standard AES256, the file owner uses the key of the plaintext file to decrypt the ciphertext of the connection value of the block key of the plaintext file to obtain the connection value of the block key of the plaintext file;

(8d)利用256位安全散列算法SHA256，文件拥有者分别计算新的明文文件的密钥，新的明文文件的标签，待修改或待插入的明文文件块的密钥和待修改或待插入的明文文件块的认证值；(8d) Using the 256-bit secure hash algorithm SHA256, the file owner calculates the key of the new plaintext file, the label of the new plaintext file, the key of the block of the plaintext file to be modified or to be inserted, and the key to be modified or to be inserted The authentication value of the plaintext file block;

(8e)文件拥有者利用待修改或待插入的明文文件块的索引值及其明文文件块的密钥更新明文文件块密钥的连接值，得到新的明文文件块密钥的连接值；(8e) The file owner uses the index value of the plaintext file block to be modified or inserted and the key of the plaintext file block to update the connection value of the plaintext file block key to obtain a new connection value of the plaintext file block key;

(8f)采用256位高级加密标准AES256中的加密算法，文件拥有者用待修改或待插入的明文文件块的密钥加密对应的明文文件块，得到待修改或待插入的密文文件块，用新的明文文件的密钥加密新的明文文件块密钥的连接值，得到新的明文文件块密钥的连接值密文；(8f) Adopt the encryption algorithm in the 256-bit advanced encryption standard AES256, the file owner encrypts the corresponding plaintext file block with the key of the plaintext file block to be modified or inserted, and obtain the ciphertext file block to be modified or inserted, Encrypt the connection value of the new plaintext file block key with the key of the new plaintext file to obtain the ciphertext of the connection value of the new plaintext file block key;

(8g)文件拥有者将新的明文文件的标签、新的明文文件块密钥的连接值密文、动态操作指令、待修改或待插入或待删除文件块的索引值、待修改或待插入的密文文件块、待修改待插入的明文文件块的认证值发送至服务器；(8g) The file owner sends the label of the new plaintext file, the connection value ciphertext of the new plaintext file block key, the dynamic operation instruction, the index value of the file block to be modified or to be inserted or to be deleted, to be modified or to be inserted The authentication value of the ciphertext file block to be modified and the plaintext file block to be inserted is sent to the server;

(9)服务器对新的密文文件块进行去重操作：(9) The server performs a deduplication operation on the new ciphertext file block:

服务器利用256位安全散列算法SHA256，计算待修改或待插入的密文文件块的标签，删除已有相同密文文件块标签的重复密文文件块，完成服务器端的加密数据块去重操作；The server uses the 256-bit secure hash algorithm SHA256 to calculate the label of the ciphertext file block to be modified or inserted, delete the duplicate ciphertext file block with the same ciphertext file block label, and complete the deduplication operation of the encrypted data block on the server side;

(10)服务器修改动态平衡跳跃表中的基层节点：(10) The server modifies the base node in the dynamic balance jump table:

服务器查找待修改文件块的索引值对应基层节点的父类节点和父类节点的兄弟节点，利用256位安全散列算法SHA256，服务器用待修改明文文件块的认证值和兄弟节点的认证值，更新父类节点的认证值；The server searches for the index value of the file block to be modified corresponding to the parent node of the base node and the sibling node of the parent node. Using the 256-bit secure hash algorithm SHA256, the server uses the authentication value of the plaintext file block to be modified and the authentication value of the sibling node. Update the authentication value of the parent node;

(11)服务器插入动态平衡跳跃表中的基层节点：(11) The server inserts the base node in the dynamic balance jump table:

(11a)服务器查找待插入文件块的索引值对应基层节点的父类节点，生成一个基层节点作为插入节点，用待插入明文文件块的哈希值赋值给插入节点的哈希值，插入节点可达基层节点数赋值为1，插入节点的子节点数赋值为0，将插入节点插入到待插入文件块的索引值所对应基层节点的后指针位置；(11a) The server finds the index value of the file block to be inserted corresponding to the parent node of the base node, generates a base node as an insertion node, assigns the hash value of the plaintext file block to be inserted to the hash value of the insertion node, and the insertion node can be The number of base-level nodes is assigned a value of 1, the number of sub-nodes of the inserted node is assigned a value of 0, and the inserted node is inserted into the post-pointer position of the base-level node corresponding to the index value of the file block to be inserted;

(11b)将最低层的父类节点的子节点数加1，以最低层的父类节点作为当前节点；(11b) adding 1 to the number of child nodes of the parent node of the lowest level, and taking the parent node of the lowest level as the current node;

(11c)判断当前节点的子节点数是否等于3，若是，则执行步骤(11d)；否则，执行步骤(11e)；(11c) judge whether the child node number of current node is equal to 3, if so, then execute step (11d); Otherwise, execute step (11e);

(11d)利用当前节点的每一个子节点，更新当前节点的哈希值、可达基层节点数，执行步骤(11f)；(11d) Utilize each child node of the current node to update the hash value of the current node and the number of reachable grass-roots nodes, and perform step (11f);

(11e)利用当前节点的左侧第一个子节点和第二个子节点更新当前节点的哈希值、可达基层节点数和子节点数；利用当前节点的左侧第三个子节点和第四个子节点生成另一个节点，将生成的节点插入到当前节点的后指针位置，将当前节点的父节点的子节点数加1；(11e) Use the first child node and the second child node on the left side of the current node to update the hash value, the number of reachable base nodes and the number of child nodes of the current node; use the third child node and the fourth child node on the left side of the current node The node generates another node, inserts the generated node into the back pointer position of the current node, and adds 1 to the number of child nodes of the parent node of the current node;

(11f)判断当前节点是否为根节点，若是，则执行步骤(12)；否则，以上一层父类节点作为当前节点，执行步骤(11c)；(11f) judging whether the current node is a root node, if so, then perform step (12); otherwise, perform step (11c) as the current node with the upper layer parent node;

(12)服务器删除动态平衡跳跃表中的基层节点：(12) The server deletes the base node in the dynamic balance jump table:

(12a)服务器查找待删除文件块的索引值对应基层节点的父类节点，删除待删除文件块的索引值所对应的基层节点；(12a) The server searches for the parent node corresponding to the index value of the file block to be deleted, and deletes the base node corresponding to the index value of the file block to be deleted;

(12b)将最低层的父类节点的子节点数减1，以最低层的父类节点作为当前节点；(12b) Subtract 1 from the number of child nodes of the parent node of the lowest level, and use the parent node of the lowest level as the current node;

(12c)判断当前节点的子节点数是否等于2，若是，则执行步骤(12d)；否则，执行步骤(12e)；(12c) judge whether the child node number of current node is equal to 2, if so, then execute step (12d); Otherwise, execute step (12e);

(12d)利用当前节点的每一个子节点，更新当前节点的哈希值、可达基层节点数，执行步骤(12l)；(12d) Utilize each child node of the current node to update the hash value of the current node and the number of reachable grass-roots nodes, and perform step (121);

(12e)判断当前节点的后指针是否指向一个兄弟节点，若是，则执行步骤(12f)；否则，执行步骤(12i)；(12e) judge whether the back pointer of current node points to a sibling node, if so, then perform step (12f); otherwise, perform step (12i);

(12f)判断当前节点的后指针所指的兄弟节点的子节点个数是否等于3，若是，则执行步骤(12g)；否则，执行步骤(12h)；(12f) judge whether the number of subnodes of the brother node indicated by the back pointer of the current node is equal to 3, if so, then perform step (12g); otherwise, perform step (12h);

(12g)将当前节点的后指针所指兄弟节点的左侧第一个子节点作为当前节点的左侧第二个子节点，利用当前节点的两个子节点更新当前节点的哈希值、可达基层节点数和子节点数，利用当前节点的后指针所指的兄弟节点剩余的两个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，执行步骤(12l)；(12g) Use the first child node on the left of the brother node pointed to by the back pointer of the current node as the second child node on the left of the current node, use the two child nodes of the current node to update the hash value of the current node, and reach the base layer Number of nodes and number of subnodes, utilize the remaining two subnodes of the sibling node indicated by the back pointer of the current node to update the hash value of the sibling node, the number of reachable primary nodes and the number of subnodes, and perform step (121);

(12h)将当前节点的唯一子节点作为当前节点后指针所指兄弟节点的左侧第一个子节点，利用当前节点后指针所指兄弟节点的三个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，删除当前节点，将上一层父类节点的子节点数减1后执行步骤(12l)；(12h) The only child node of the current node is used as the first child node on the left side of the sibling node pointed to by the pointer after the current node, and the hash value of the sibling node is updated by using the three child nodes of the sibling node pointed to by the pointer behind the current node, Reachable basic level node number and child node number, delete current node, carry out step (12l) after the child node number of upper layer parent class node is subtracted by 1;

(12i)判断当前节点的前一个兄弟节点的子节点个数是否等于3，若是，则执行步骤(12j)；否则，执行步骤(12k)；(12i) judging whether the number of child nodes of the previous sibling node of the current node is equal to 3, if so, then perform step (12j); otherwise, perform step (12k);

(12j)将前一个兄弟节点的左侧第三个子节点作为当前节点的左侧第一个子节点，利用当前节点的两个子节点更新当前节点的哈希值、可达基层节点数和子节点数，利用当前节点的前一个兄弟节点剩余的两个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，执行步骤(12l)；(12j) Use the third child node on the left of the previous sibling node as the first child node on the left of the current node, and use the two child nodes of the current node to update the hash value, the number of reachable base nodes and the number of child nodes of the current node , using the remaining two sub-nodes of the previous sibling node of the current node to update the hash value of the sibling node, the number of reachable base-level nodes and the number of sub-nodes, and perform step (12l);

(12k)将当前节点的唯一子节点作为当前节点的前一个兄弟节点的左侧第三个子节点，利用当前节点的前一个兄弟节点的三个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，删除当前节点，将上一层父类节点的子节点数减1；(12k) Use the only child node of the current node as the third child node on the left of the previous sibling node of the current node, and use the three child nodes of the previous sibling node of the current node to update the hash value of the sibling node, reaching the base layer The number of nodes and child nodes, delete the current node, and reduce the number of child nodes of the upper parent node by 1;

(12l)判断当前节点是否是根节点，若是，执行步骤(13)；否则，以上一层的父类节点作为当前节点，执行步骤(12c)；(121) judge whether the current node is a root node, if so, perform step (13); otherwise, perform step (12c) as the current node with the parent node of the upper layer;

(13)动态平衡跳跃表更新完毕。(13) The dynamic balance jump table is updated.

本发明与现有技术相比具有以下优点：Compared with the prior art, the present invention has the following advantages:

第一，由于本发明根据明文文件块的认证值构建了一个新型动态平衡跳跃表，并将该动态平衡跳跃表作为上传文件所有权的认证结构，实现用户与服务器之间的上传文件所有权认证交互，克服了现有技术存在不能支持文件块客户端去重的缺陷，使得本发明具有避免相同数据块重复上传，节省用户带宽和上传时间，提高服务器存储资源利用率的优点。First, because the present invention builds a new type of dynamic balance jump table according to the authentication value of the plaintext file block, and uses the dynamic balance jump table as the authentication structure of the ownership of the uploaded file to realize the authentication interaction of the ownership of the uploaded file between the user and the server, The invention overcomes the defect that the existing technology cannot support deduplication of file block clients, so that the present invention has the advantages of avoiding repeated upload of the same data block, saving user bandwidth and upload time, and improving the utilization rate of server storage resources.

第二，由于本发明提出了一种动态平衡跳跃表更新自平衡的方法，根据用户上传的动态操作指令和待更新的明文文件块的认证值，对动态平衡跳跃表进行节点的修改、插入和删除操作，克服了现有技术中不能满足用户高效更新云端备份数据的缺陷，使得本发明具有支持数据块更新，实现服务器端数据弹性管理的优点。Second, since the present invention proposes a self-balancing method for updating the dynamic balance jump table, according to the dynamic operation instruction uploaded by the user and the authentication value of the plaintext file block to be updated, the dynamic balance jump table is modified, inserted and updated. The deletion operation overcomes the defects in the prior art that users cannot efficiently update cloud backup data, so that the present invention has the advantages of supporting data block update and realizing flexible data management on the server side.

附图说明Description of drawings

图1为本发明的流程图。Fig. 1 is a flowchart of the present invention.

图2为本发明的服务器构建新型动态平衡跳跃表步骤的示意图。FIG. 2 is a schematic diagram of the steps of building a new dynamic balance jump table by the server of the present invention.

图3为本法明的文件拥有者对新的明文文件块进行加密处理的流程图；Fig. 3 is the flow chart that the file owner of the present invention encrypts the new plaintext file block;

图4为本法明的服务器修改动态平衡跳跃表中基层节点的示意图；Fig. 4 is the schematic diagram that the server of this invention modifies the basic level node in the dynamic balance jump list;

图5为本法明的服务器插入动态平衡跳跃表中基层节点的示意图；Fig. 5 is the schematic diagram that the server of this invention inserts the basic level node in the dynamic balance skip list;

图6为本法明的服务器删除动态平衡跳跃表中基层节点的示意图；Fig. 6 is a schematic diagram of the server deleting the basic level node in the dynamic balance jump table according to the present invention;

图7为本法明的服务器删除动态平衡跳跃表中的基层节点的流程图；Fig. 7 is the flow chart of the server of this invention deleting the base node in the dynamic balance jump table;

具体实施方式Detailed ways

下面结合附图对本发明做进一步的详细描述。The present invention will be described in further detail below in conjunction with the accompanying drawings.

下面结合附图1对本发明实现的步骤做进一步的详细描述。The steps for implementing the present invention will be further described in detail below in conjunction with FIG. 1 .

步骤1，文件首位上传者对数据块进行加密处理。Step 1, the first uploader of the file encrypts the data block.

文件首位上传者利用256位安全散列算法SHA256，以明文文件作为输入，计算明文文件的密钥，以明文文件的密钥作为输入，计算明文文件的标签。The first uploader of the file uses the 256-bit secure hash algorithm SHA256, takes the plaintext file as input, calculates the key of the plaintext file, and uses the key of the plaintext file as input to calculate the label of the plaintext file.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

文件首位上传者对明文文件进行长度为4kb的分块，生成多个明文文件块。The first uploader of the file divides the plaintext file into blocks with a length of 4kb to generate multiple plaintext file blocks.

文件首位上传者利用256位安全散列算法SHA256，以每一个明文文件块作为输入，计算每一个明文文件块的密钥，以每一个明文文件块和明文文件块密钥前后连接作为输入，计算每一个明文文件块的认证值。The first uploader of the file uses the 256-bit secure hash algorithm SHA256, takes each plaintext file block as input, calculates the key of each plaintext file block, and uses each plaintext file block and the key of the plaintext file block as input to calculate The authentication value for each plaintext file block.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

文件首位上传者采用256位高级加密标准AES256中的加密算法，用明文文件块的密钥加密明文文件块，得到密文文件块，用明文文件的密钥加密明文文件块密钥的连接值，得到明文文件块密钥的连接值密文。The first uploader of the file adopts the encryption algorithm in the 256-bit Advanced Encryption Standard AES256, encrypts the plaintext file block with the key of the plaintext file block, obtains the ciphertext file block, and encrypts the connection value of the plaintext file block key with the key of the plaintext file, Get the concatenated value ciphertext of the plaintext file block key.

所述的256位高级加密标准AES256是指：美国联邦政府采用的一种区块加密标准，其中，密钥的长度为256位的高级加密标准。The 256-bit Advanced Encryption Standard AES256 refers to a block encryption standard adopted by the US federal government, wherein the length of the key is 256-bit Advanced Encryption Standard.

文件首位上传者将明文文件的标签、明文文件块的认证值、密文文件块和明文文件块密钥的连接值密文上传至服务器。The first uploader of the file uploads the label of the plaintext file, the authentication value of the plaintext file block, the ciphertext of the connection value of the ciphertext file block and the key of the plaintext file block to the server.

步骤2，服务器构建新型动态平衡跳跃表。Step 2, the server builds a new dynamic balance jump table.

下面结合附图2对服务器构建动态平衡跳跃表的步骤做进一步的详细描述。The steps for the server to construct the dynamic balance jump table will be further described in detail below in conjunction with FIG. 2 .

图2中A、B、C、D表示四个基层节点，E表示节点A和节点B的父节点，F表示节点C和节点D的父节点，R表示节点E和节点F的父节点，同时也表示整个动态平衡跳跃表的根节点。In Figure 2, A, B, C, and D represent four basic nodes, E represents the parent node of node A and node B, F represents the parent node of node C and node D, R represents the parent node of node E and node F, and It also represents the root node of the entire dynamic balance jump table.

将每个明文文件块认证值对应的基层节点，按照明文文件块认证值对应的明文文件块的前后顺序，连接成一个单链表。The base nodes corresponding to each plaintext file block authentication value are connected into a singly linked list according to the order of the plaintext file blocks corresponding to the plaintext file block authentication value.

所述的基层节点是指，位于动态平衡跳跃表底层的节点。The base node refers to the node located at the bottom of the dynamic balance jump table.

(2b)从当前链表左侧第一个节点开始，将每两个节点作为子节点生成一个父节点；若当前链表中节点个数为奇数时，将剩余的最后三个节点作为子节点生成一个父节点。(2b) Starting from the first node on the left side of the current linked list, use every two nodes as child nodes to generate a parent node; if the number of nodes in the current linked list is odd, use the remaining last three nodes as child nodes to generate a parent node parent node.

所述的节点是指，构成动态平衡跳跃表的基本单元，每个节点由一个五元组构成，元组成员分别为节点哈希值、节点可达基层节点数、子节点数、后指针和下指针。The node refers to the basic unit that constitutes the dynamic balance jump table. Each node is composed of a five-tuple. down pointer.

利用256位安全散列算法SHA256，将每个父节点中每个子节点的哈希值，按照子节点左右顺序连接成哈希连接值作为输入，计算哈希连接值的哈希值，将哈希连接值的哈希值赋值给每个父节点的哈希值。Using the 256-bit secure hash algorithm SHA256, the hash value of each child node in each parent node is connected into a hash connection value in the left and right order of the child nodes as input, and the hash value of the hash connection value is calculated, and the hash The hash of the connection value is assigned to the hash of each parent node.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

将每个父节点中每个子节点可达基层节点数的和赋值给每个父节点的可达的基层节点数；将生成每个父节点所用的节点数赋值给每个父节点的子节点数。Assign the sum of the number of reachable base-level nodes of each child node in each parent node to the number of reachable base-level nodes of each parent node; assign the number of nodes used to generate each parent node to the number of child nodes of each parent node .

用每个父节点的下指针指向该节点左侧第一个子节点的位置，将生成的父节点按照生成的先后顺序链接成父链表。Use the down pointer of each parent node to point to the position of the first child node on the left side of the node, and link the generated parent nodes into a parent linked list according to the order of generation.

删除不同父节点中子节点之间的指针。Delete pointers between child nodes in different parent nodes.

判断父链表中是否只有一个节点，若是，则将父链表中的唯一节点标记为根节点，得到动态平衡跳跃表后执行步骤3；否则，以生成的父链表作为当前链表后执行步骤(2b)。Determine whether there is only one node in the parent linked list, if so, mark the only node in the parent linked list as the root node, and perform step 3 after obtaining the dynamic balance jump table; otherwise, perform step (2b) after using the generated parent linked list as the current linked list .

所述的父链表是指，由多个父节点构成的单链表。The parent linked list refers to a singly linked list composed of multiple parent nodes.

步骤3，服务器对加密数据块进行去重操作。In step 3, the server performs a deduplication operation on the encrypted data block.

服务器利用256位安全散列算法SHA256，以密文文件块作为输入，计算密文文件块的标签，删除已有相同密文文件块标签的重复密文文件块，完成服务器端的加密数据块去重操作。The server uses the 256-bit secure hash algorithm SHA256, takes the ciphertext file block as input, calculates the label of the ciphertext file block, deletes the duplicate ciphertext file block with the same ciphertext file block label, and completes the deduplication of the encrypted data block on the server side operate.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

步骤4，文件后继上传者与服务器进行文件所有权认证交互。Step 4, the subsequent uploader of the file interacts with the server for file ownership authentication.

服务器利用随机函数随机生成两个正整数,将两个正整数发送给文件后继上传者。The server uses a random function to randomly generate two positive integers, and sends the two positive integers to subsequent file uploaders.

文件后继上传者将两个正整数中的一个作为随机种子，生成与另一个正整数相等的多个随机数作为被挑战文件块的索引值。The subsequent uploader of the file uses one of the two positive integers as a random seed, and generates multiple random numbers equal to the other positive integer as the index value of the challenged file block.

文件后继上传者对明文文件进行长度为4kb的分块，生成多个明文文件块。The subsequent uploader of the file divides the plaintext file into blocks with a length of 4kb to generate multiple plaintext file blocks.

文件后继上传者利用256位安全散列算法SHA256，计算被挑战文件块的索引值所对应的被挑战文件块的认证值，将其发送至服务器。Subsequent file uploaders use the 256-bit secure hash algorithm SHA256 to calculate the authentication value of the challenged file block corresponding to the index value of the challenged file block, and send it to the server.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

步骤5，服务器确定该后继上传者是否是文件拥有者。Step 5, the server determines whether the subsequent uploader is the file owner.

服务器将两个正整数中的一个作为随机种子，生成与另一个正整数相等的多个随机数作为被挑战文件块的索引值。The server uses one of the two positive integers as a random seed, and generates multiple random numbers equal to the other positive integer as the index value of the challenged file block.

在动态平衡跳跃表中，服务器查找被挑战文件块索引值所对应基层节点的父类节点和父类节点的兄弟节点。In the dynamic balance jump table, the server searches for the parent node of the base node corresponding to the index value of the challenged file block and the sibling nodes of the parent node.

所述的父类节点是指,从根节点到某个基层节点的查找过程中所访问到的节点中满足可达节点包括该基层节点的节点，不包括基层节点本身。The parent node refers to the nodes visited during the search process from the root node to a certain base-level node, which satisfy reachable nodes including the base-level node, excluding the base-level node itself.

所述的兄弟节点是指，在同一单链表中的其他节点的统称。The sibling nodes refer to the collective name of other nodes in the same singly linked list.

利用256位安全散列算法SHA256，服务器用兄弟节点的哈希值和接收到的被挑战文件块的认证值，重新计算动态平衡跳跃表根节点的哈希值。Using the 256-bit secure hash algorithm SHA256, the server recalculates the hash value of the root node of the dynamic balance jump table with the hash value of the sibling node and the received authentication value of the challenged file block.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

判断动态平衡跳跃表根节点的哈希值与服务器本地所存储的根节点哈希值是否相等，若是，则文件所有权认证通过，服务器将后续上传者标记为文件拥有者后执行步骤6；否则，文件所有权认证失败。Determine whether the hash value of the root node of the dynamic balance jump table is equal to the hash value of the root node stored locally on the server. If so, the file ownership authentication is passed, and the server marks the subsequent uploader as the file owner and then performs step 6; otherwise, File ownership verification failed.

步骤6，文件拥有者下载服务器端的密文文件块。In step 6, the file owner downloads the ciphertext file block on the server side.

文件拥有者将明文文件的标签和下载请求发送至服务器。The file owner sends the tag and download request of the plaintext file to the server.

服务器将明文文件标签对应的所有密文文件块和明文文件块密钥连接值的密文发送至文件拥有者。The server sends all ciphertext file blocks corresponding to the plaintext file label and the ciphertext of the key concatenation value of the plaintext file block to the file owner.

步骤7，文件拥有者解密服务器端的密文文件块。Step 7, the file owner decrypts the ciphertext file block at the server side.

文件拥有者采用256位高级加密标准AES256中的解密算法，用明文文件的密钥解密明文文件块密钥的连接值密文，得到明文文件块密钥的连接值，用明文文件块的密钥解密密文文件块，得到明文文件块。The file owner adopts the decryption algorithm in the 256-bit Advanced Encryption Standard AES256, uses the key of the plaintext file to decrypt the ciphertext of the connection value of the plaintext file block key, obtains the connection value of the plaintext file block key, and uses the key of the plaintext file block to decrypt the ciphertext of the connection value of the plaintext file block key. Decrypt the ciphertext file block to obtain the plaintext file block.

所述的256位高级加密标准AES256是指：美国联邦政府采用的一种区块加密标准，其中，密钥的长度为256位的高级加密标准。The 256-bit Advanced Encryption Standard AES256 refers to a block encryption standard adopted by the US federal government, wherein the length of the key is 256-bit Advanced Encryption Standard.

步骤8，文件拥有者对新的明文文件块进行加密处理。Step 8, the file owner encrypts the new plaintext file block.

下面结合附图3对新明文文件块加密的步骤做进一步的详细描述。The steps of encrypting new plaintext file blocks will be further described in detail below in conjunction with FIG. 3 .

文件拥有者将明文文件的标签和更新请求发送至服务器。The file owner sends the label and update request of the plaintext file to the server.

服务器将文件块密钥连接值的密文发送给文件拥有者。The server sends the ciphertext of the file block key concatenation value to the file owner.

采用256位高级加密标准AES256中的解密算法，文件拥有者用明文文件的密钥解密明文文件块密钥连接值的密文，得到明文文件块密钥的连接值。Using the decryption algorithm in the 256-bit Advanced Encryption Standard AES256, the file owner uses the key of the plaintext file to decrypt the ciphertext of the connection value of the block key of the plaintext file to obtain the connection value of the block key of the plaintext file.

所述的256位高级加密标准AES256是指：美国联邦政府采用的一种区块加密标准，其中，密钥的长度为256位的高级加密标准。The 256-bit Advanced Encryption Standard AES256 refers to a block encryption standard adopted by the US federal government, wherein the length of the key is 256-bit Advanced Encryption Standard.

利用256位安全散列算法SHA256，文件拥有者分别计算新的明文文件的密钥，新的明文文件的标签，待修改或待插入的明文文件块的密钥和待修改或待插入的明文文件块的认证值。Using the 256-bit secure hash algorithm SHA256, the file owner calculates the key of the new plaintext file, the label of the new plaintext file, the key of the block of the plaintext file to be modified or inserted, and the plaintext file to be modified or inserted The authentication value for the block.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

文件拥有者利用待修改或待插入的明文文件块的索引值及其明文文件块的密钥更新明文文件块密钥的连接值，得到新的明文文件块密钥的连接值。The file owner uses the index value of the plaintext file block to be modified or inserted and the key of the plaintext file block to update the connection value of the plaintext file block key to obtain a new connection value of the plaintext file block key.

采用256位高级加密标准AES256中的加密算法，文件拥有者用待修改或待插入的明文文件块的密钥加密对应的明文文件块，得到待修改或待插入的密文文件块，用新的明文文件的密钥加密新的明文文件块密钥的连接值，得到新的明文文件块密钥的连接值密文。Using the encryption algorithm in the 256-bit advanced encryption standard AES256, the file owner encrypts the corresponding plaintext file block with the key of the plaintext file block to be modified or inserted, and obtains the ciphertext file block to be modified or inserted, and uses the new The key of the plaintext file encrypts the connection value of the new plaintext file block key to obtain the ciphertext of the connection value of the new plaintext file block key.

所述的256位高级加密标准AES256是指：美国联邦政府采用的一种区块加密标准，其中，密钥的长度为256位的高级加密标准。The 256-bit Advanced Encryption Standard AES256 refers to a block encryption standard adopted by the US federal government, wherein the length of the key is 256-bit Advanced Encryption Standard.

文件拥有者将新的明文文件的标签、新的明文文件块密钥的连接值密文、动态操作指令、待修改或待插入或待删除文件块的索引值、待修改或待插入的密文文件块、待修改待插入的明文文件块的认证值发送至服务器。The file owner sends the label of the new plaintext file, the connection value ciphertext of the new plaintext file block key, the dynamic operation instruction, the index value of the file block to be modified or inserted or deleted, and the ciphertext to be modified or inserted The authentication value of the file block and the plaintext file block to be modified and inserted is sent to the server.

步骤9，服务器对新的密文文件块进行去重操作。In step 9, the server performs a deduplication operation on the new ciphertext file block.

服务器利用256位安全散列算法SHA256，计算待修改或待插入的密文文件块的标签，删除已有相同密文文件块标签的重复密文文件块，完成服务器端的加密数据块去重操作。The server uses the 256-bit secure hash algorithm SHA256 to calculate the label of the ciphertext file block to be modified or inserted, delete the duplicate ciphertext file block with the same ciphertext file block label, and complete the deduplication operation of the encrypted data block on the server side.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

步骤10，服务器修改动态平衡跳跃表中的基层节点。Step 10, the server modifies the base node in the dynamic balance jump table.

下面结合附图4对服务器在动态平衡跳跃表底层，修改某个位置上基层节点的步骤做进一步的详细描述。The steps of modifying the base node at a certain position by the server at the base layer of the dynamic balance jump table will be further described in detail below in conjunction with FIG. 4 .

图4(a)为服务器修改操作前存储的动态平衡跳跃表，图4(b)为服务器修改操作后的动态平衡跳跃表。Figure 4(a) is the dynamic balance jump table stored before the server modification operation, and Figure 4(b) is the dynamic balance jump table after the server modification operation.

图4(a)中A、B、C、D表示四个基层节点，E表示节点A和节点B的父节点，F表示节点C和节点D的父节点，R表示节点E和节点F的父节点，同时也表示整个动态平衡跳跃表的根节点。In Figure 4(a), A, B, C, and D represent four basic nodes, E represents the parent node of node A and node B, F represents the parent node of node C and node D, and R represents the parent node of node E and node F The node also represents the root node of the entire dynamic balance jump table.

图4(b)中的C表示修改的基层节点，R、F表示节点C的父类节点，E、D表示父类节点的兄弟节点，其中E表示节点F的兄弟节点，D表示节点C的兄弟节点。C in Figure 4(b) represents the modified base node, R and F represent the parent node of node C, E and D represent the sibling nodes of the parent node, where E represents the sibling node of node F, and D represents the parent node of node C. sibling nodes.

服务器查找待修改文件块的索引值对应基层节点的父类节点和父类节点的兄弟节点，利用256位安全散列算法SHA256，服务器用待修改明文文件块的认证值和兄弟节点的认证值，更新父类节点的认证值。The server searches for the index value of the file block to be modified corresponding to the parent node of the base node and the sibling node of the parent node. Using the 256-bit secure hash algorithm SHA256, the server uses the authentication value of the plaintext file block to be modified and the authentication value of the sibling node. Update the authentication value of the parent node.

所述的256位安全散列算法SHA256是指：美国国家标准技术研究所发布的联邦信息处理标准FIPS PUB 180-3中规定的256位单向散列算法SHA256，适用于长度不超过2⁶⁴二进制位的消息。The 256-bit secure hash algorithm SHA256 refers to: the 256-bit one-way hash algorithm SHA256 stipulated in the federal information processing standard FIPS PUB 180-3 issued by the National Institute of Standards and Technology, applicable to binary data whose length does not exceed²⁶⁴ bits of news.

步骤11，服务器插入动态平衡跳跃表中的基层节点。In step 11, the server inserts the base node in the dynamic balance jump table.

下面结合附图5对服务器在动态平衡跳跃表底层的某个位置插入一个基层节点的步骤做进一步的详细描述。The steps of the server inserting a base node at a certain position in the bottom layer of the dynamic balance jump table will be further described in detail below with reference to FIG. 5 .

图5(a)为服务器插入节点G操作前存储的动态平衡跳跃表，(b)为服务器插入基层节点G操作后的动态平衡跳跃表，(c)为服务器插入节点H操作前存储的动态平衡跳跃表，(d)为服务器插入基层节点H操作后的动态平衡跳跃表；Figure 5 (a) is the dynamic balance jump table stored before the server inserts node G, (b) is the dynamic balance jump table after the server inserts the base node G operation, (c) is the dynamic balance stored before the server inserts node H operation Jump table, (d) is the dynamic balance jump table after the server inserts the basic node H operation;

图5(a)中A、B、C、D表示四个基层节点，E表示节点A和节点B的父节点，F表示节点C和节点D的父节点，R表示节点E和节点F的父节点，同时也表示整个动态平衡跳跃表的根节点。In Figure 5(a), A, B, C, and D represent four basic nodes, E represents the parent node of node A and node B, F represents the parent node of node C and node D, and R represents the parent node of node E and node F The node also represents the root node of the entire dynamic balance jump table.

图5(b)中G表示被插入的基层节点，R、F表示节点G的父类节点，E、C、D表示父类节点的兄弟节点,其中E表示节点F的兄弟节点，C、D表示节点G的兄弟节点。In Figure 5(b), G represents the inserted base node, R and F represent the parent node of node G, E, C and D represent the sibling nodes of the parent node, where E represents the sibling node of node F, C and D Indicates the sibling nodes of node G.

图5(c)中A、B、G、C、D表示五个基层节点，E表示节点A和节点B的父节点，F表示节点G、节点C和节点D的父节点，R表示节点E和节点F的父节点，同时也表示整个动态平衡跳跃表的根节点。In Figure 5(c), A, B, G, C, and D represent five basic nodes, E represents the parent node of node A and node B, F represents the parent node of node G, node C and node D, and R represents node E and the parent node of node F, and also represents the root node of the entire dynamic balance jump table.

图5(d)中H表示被插入的基层节点，R、F表示节点H的父类节点，E、G、C、D表示父类节点的兄弟节点，其中E表示节点F的兄弟节点，G、C、D表示节点H的兄弟节点；在更新过程中，生成新的I节点插入到F节点后指针位置。In Figure 5(d), H represents the inserted base node, R and F represent the parent node of node H, E, G, C and D represent the sibling nodes of the parent node, where E represents the sibling node of node F, and G , C, and D represent sibling nodes of node H; during the update process, a new I node is generated and inserted into the pointer position of F node.

第1步，服务器查找待插入文件块的索引值对应基层节点的父类节点，生成一个基层节点作为插入节点，用待插入明文文件块的哈希值赋值给插入节点的哈希值，插入节点可达基层节点数赋值为1，插入节点的子节点数赋值为0，将插入节点插入到待插入文件块的索引值所对应基层节点的后指针位置。Step 1: The server searches for the index value of the file block to be inserted corresponding to the parent node of the base node, generates a base node as the insertion node, assigns the hash value of the plaintext file block to be inserted to the hash value of the insertion node, and inserts the node The number of reachable base-level nodes is assigned a value of 1, the number of child nodes of the inserted node is assigned a value of 0, and the inserted node is inserted into the back pointer position of the base-level node corresponding to the index value of the file block to be inserted.

第2步，将最低层的父类节点的子节点数加1，以最低层的父类节点作为当前节点。Step 2: Add 1 to the number of child nodes of the parent node at the lowest level, and use the parent node at the lowest level as the current node.

第3步，判断当前节点的子节点数是否等于3，若是，则执行第4步；否则，执行第5步。Step 3, determine whether the number of child nodes of the current node is equal to 3, if so, execute step 4; otherwise, execute step 5.

第4步，利用当前节点的每一个子节点，更新当前节点的哈希值、可达基层节点数，执行第6步。Step 4: Utilize each child node of the current node to update the hash value of the current node and the number of reachable base-level nodes, and then execute Step 6.

第5步，利用当前节点的左侧第一个子节点和第二个子节点更新当前节点的哈希值、可达基层节点数和子节点数；利用当前节点的左侧第三个子节点和第四个子节点生成另一个节点，将生成的节点插入到当前节点的后指针位置，将当前节点的父节点的子节点数加1。Step 5: Use the first child node and the second child node on the left of the current node to update the hash value of the current node, the number of reachable base nodes and the number of child nodes; use the third child node and the fourth child node on the left side of the current node A child node generates another node, inserts the generated node into the back pointer position of the current node, and adds 1 to the number of child nodes of the parent node of the current node.

第6步，判断当前节点是否为根节点，若是，则执行步骤12；否则，以上一层父类节点作为当前节点，执行第3步。Step 6, judge whether the current node is the root node, if so, go to step 12; otherwise, take the parent node of the previous layer as the current node, go to step 3.

步骤12，服务器删除动态平衡跳跃表中的基层节点。Step 12, the server deletes the base node in the dynamic balancing jump table.

下面结合附图6的示意图和附图7的流程图，对服务器在动态平衡跳跃表底层，删除某个位置上基层节点的步骤做进一步的详细描述。The following will further describe in detail the steps for the server to delete a basic node at a certain position at the bottom layer of the dynamic balance jump table in combination with the schematic diagram of FIG. 6 and the flowchart of FIG. 7 .

图6(a)为服务器删除基层节点G操作前存储的动态平衡跳跃表，(b)为服务器删除基层节点G操作后的动态平衡跳跃表，(c)为服务器删除基层节点C操作前存储的动态平衡跳跃表，(d)为服务器删除基层节点C操作后的动态平衡跳跃表；Figure 6 (a) is the dynamic balance jump table stored before the server deletes the base node G, (b) is the dynamic balance jump table after the server deletes the base node G operation, (c) is the server deletes the base node C stored before the operation A dynamic balance jump table, (d) deletes the dynamic balance jump table after the operation of the base node C for the server;

图6(a)中A、B、G、C、D表示五个基层节点，E表示节点A和节点B的父节点，F表示节点G、节点C和节点D的父节点，R表示节点E和节点F的父节点，同时也表示整个动态平衡跳跃表的根节点。In Figure 6(a), A, B, G, C, and D represent five basic nodes, E represents the parent node of node A and node B, F represents the parent node of node G, node C and node D, and R represents node E and the parent node of node F, and also represents the root node of the entire dynamic balance jump table.

图6(b)中G表示被删除的基层节点，R、F表示节点G的父类节点，E、C、D表示父类节点的兄弟节点,其中E表示节点F的兄弟节点，C、D表示节点G的兄弟节点。In Figure 6(b), G represents the deleted base node, R and F represent the parent node of node G, E, C and D represent the sibling nodes of the parent node, where E represents the sibling node of node F, C and D Indicates the sibling nodes of node G.

图6(c)中A、B、C、D表示四个基层节点，E表示节点A和节点B的父节点，F表示节点C和节点D的父节点，R表示节点E和节点F的父节点，同时也表示整个动态平衡跳跃表的根节点。In Figure 6(c), A, B, C, and D represent four basic nodes, E represents the parent node of node A and node B, F represents the parent node of node C and node D, and R represents the parent node of node E and node F The node also represents the root node of the entire dynamic balance jump table.

图6(d)中C表示被删除的基层节点，R、F表示节点C的父类节点，E、D表示父类节点的兄弟节点，其中E表示节点F的兄弟节点，D表示节点C的兄弟节点；在更新过程中，F节点被删除，D节点在移动到B节点后指针的位置。In Figure 6(d), C represents the deleted base node, R and F represent the parent node of node C, E and D represent the sibling nodes of the parent node, where E represents the sibling node of node F, and D represents the parent node of node C. Brother node; during the update process, node F is deleted, and node D is the position of the pointer after moving to node B.

第1步，服务器查找待删除文件块的索引值对应基层节点的父类节点，删除待删除文件块的索引值所对应的基层节点。In the first step, the server searches for the parent node corresponding to the index value of the file block to be deleted, and deletes the base node corresponding to the index value of the file block to be deleted.

第2步，将最低层的父类节点的子节点数减1，以最低层的父类节点作为当前节点。Step 2: Subtract 1 from the number of child nodes of the parent node at the lowest level, and use the parent node at the lowest level as the current node.

第3步，判断当前节点的子节点数是否等于2，若是，则执行第4步；否则，执行第5步。Step 3, determine whether the number of child nodes of the current node is equal to 2, if so, execute step 4; otherwise, execute step 5.

第4步，利用当前节点的每一个子节点，更新当前节点的哈希值、可达基层节点数，执行第12步。Step 4: Utilize each child node of the current node to update the hash value of the current node and the number of reachable base-level nodes, and execute step 12.

第5步，判断当前节点的后指针是否指向一个兄弟节点，若是，则执行第6步；否则，执行第9步。Step 5, judge whether the back pointer of the current node points to a sibling node, if so, execute step 6; otherwise, execute step 9.

第6步，判断当前节点的后指针所指的兄弟节点的子节点个数是否等于3，若是，则执行第7步；否则，执行第8步。Step 6, judge whether the number of child nodes of the sibling node pointed to by the back pointer of the current node is equal to 3, if so, execute step 7; otherwise, execute step 8.

第7步，将当前节点的后指针所指兄弟节点的左侧第一个子节点作为当前节点的左侧第二个子节点，利用当前节点的两个子节点更新当前节点的哈希值、可达基层节点数和子节点数，利用当前节点的后指针所指的兄弟节点剩余的两个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，执行第12步。Step 7: Use the first child node on the left of the sibling node pointed to by the back pointer of the current node as the second child node on the left of the current node, and use the two child nodes of the current node to update the hash value of the current node. For the number of base-level nodes and child nodes, use the remaining two child nodes of the sibling node pointed to by the back pointer of the current node to update the hash value of the sibling node, the number of reachable base-level nodes and the number of child nodes, and execute step 12.

第8步，将当前节点的唯一子节点作为当前节点后指针所指兄弟节点的左侧第一个子节点，利用当前节点后指针所指兄弟节点的三个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，删除当前节点，将上一层父类节点的子节点数减1后执行第12步。Step 8: Use the only child node of the current node as the first child node on the left of the sibling node pointed to by the pointer after the current node, and use the three child nodes of the sibling node pointed to by the pointer behind the current node to update the hash value of the sibling node , the number of reachable base-level nodes and the number of child nodes, delete the current node, reduce the number of child nodes of the upper parent node by 1, and then execute step 12.

第9步，判断当前节点的前一个兄弟节点的子节点个数是否等于3，若是，则执行第10步；否则，执行第11步。Step 9, determine whether the number of child nodes of the previous sibling node of the current node is equal to 3, if so, execute step 10; otherwise, execute step 11.

第10步，将前一个兄弟节点的左侧第三个子节点作为当前节点的左侧第一个子节点，利用当前节点的两个子节点更新当前节点的哈希值、可达基层节点数和子节点数，利用当前节点的前一个兄弟节点剩余的两个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，执行第12步。Step 10: Use the third child node on the left of the previous sibling node as the first child node on the left of the current node, and use the two child nodes of the current node to update the hash value of the current node, the number of reachable base nodes and child nodes number, use the remaining two child nodes of the previous sibling node of the current node to update the hash value of the sibling node, the number of reachable base nodes and the number of child nodes, and execute step 12.

第11步，将当前节点的唯一子节点作为当前节点的前一个兄弟节点的左侧第三个子节点，利用当前节点的前一个兄弟节点的三个子节点更新该兄弟节点的哈希值、可达基层节点数和子节点数，删除当前节点，将上一层父类节点的子节点数减1。Step 11. Use the only child node of the current node as the third child node on the left of the previous sibling node of the current node, and use the three child nodes of the previous sibling node of the current node to update the hash value of the sibling node. The number of base-level nodes and child nodes, delete the current node, and reduce the number of child nodes of the upper-level parent node by 1.

第12步，判断当前节点是否是根节点，若是，执行步骤13；否则，以上一层的父类节点作为当前节点，执行第3步。Step 12, judge whether the current node is the root node, if so, go to step 13; otherwise, take the parent node of the previous layer as the current node, go to step 3.

步骤13，动态平衡跳跃表更新完毕。Step 13, the update of the dynamic balance jump table is completed.

Claims (8)

1. a kind of encrypted data chunk client De-weight method for supporting data update, which is characterized in that include the following steps：

(1) data block is encrypted in file first place uploader：

(1a) file first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates in plain textThe key of file using the key of clear text file as input, calculates the label of clear text file；

(1b) file first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks；

(1c) file first place uploader utilizes 256 secure hash algorithm SHA256, using each clear text file block as input,The key of each clear text file block is calculated, it is defeated to be connected to before and after each clear text file block and clear text file block keyEnter, calculate the authentication value of each clear text file block；

(1d) file first place uploader is using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, with clear text file blockKey encrypting plaintext blocks of files, obtains cryptograph files block, with the connection value of the key encrypting plaintext blocks of files key of clear text file,Obtain the connection value ciphertext of clear text file block key；

(1e) file first place uploader is literary by the label of clear text file, the authentication value of clear text file block, cryptograph files block and plaintextThe connection value ciphertext of part block key is uploaded to server；

(2) the novel dynamic equilibrium skip list of server construction：

(2a) by the corresponding base level nodes of each clear text file block authentication value, according to the corresponding plaintext text of clear text file block authentication valueThe tandem of part block connects into a single linked list；

(2b) generates a father node since first node on the left of current chained list, using each two node as child node；IfWhen current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node；

(2c) using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to sub- sectionPoint or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by the Hash of Hash connection valueValue is assigned to the cryptographic Hash of each father node；

(2d) is by child node each in each father node up to reachable base that is base level nodes number and being assigned to each father nodeNode layer number；The number of nodes generated used in each father node is assigned to the son node number of each father node；

(2e) is directed toward the position of first child node on the left of the node with the lower pointer of each father node, and the father node of generation is pressedFather chain's table is linked into according to the sequencing of generation；

(2f) deletes the pointer between different father node child nodes；

Whether (2g) is judged only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root node,Step (3) is performed after obtaining dynamic equilibrium skip list；Otherwise, step is performed after using father chain's table of generation as current chained list(2b)；

(3) server carries out deduplication operation to encrypted data chunk：

256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate the mark of cryptograph files blockLabel delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server endMake；

(4) the subsequent uploader of file carries out File Ownership certification interaction with server：

(4a) server by utilizing random function generates two positive integers at random, and two positive integers are sent to the subsequent upload of filePerson；

The subsequent uploader of (4b) file generates equal with another positive integer using one in two positive integers as random seedMultiple random numbers as by the index value of challenge blocks of files；

The subsequent uploader of (4c) file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks；

The subsequent uploader of (4d) file utilizes 256 secure hash algorithm SHA256, calculates by the index value institute of challenge blocks of filesThe corresponding authentication value by challenge blocks of files sends it to server；

(5) server determines whether the subsequent uploader is file owner：

(5a) server using one in two positive integers as random seed, generation it is equal with another positive integer it is multiple withMachine number is as by the index value of challenge blocks of files；

(5b) in dynamic equilibrium skip list, the parent section of whois lookup base level nodes corresponding to challenge blocks of files index valueThe brotgher of node of point and class node；

(5c) is challenged using 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node with what is receivedThe authentication value of blocks of files recalculates the cryptographic Hash of dynamic equilibrium skip list root node；

Whether the root node cryptographic Hash that (5d) judges the cryptographic Hash of dynamic equilibrium skip list root node and server local is storedEqual, if so, File Ownership certification passes through, server performs step after follow-up uploader is labeled as file owner(6)；Otherwise, File Ownership authentification failure；

(6) the cryptograph files block at file owner's download server end：

The label of clear text file and download request are sent to server by (6a) file owner；

(6b) server is by the ciphertext of the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection valueIt is sent to file owner；

(7) file owner decrypts the cryptograph files block of server end：

File owner is bright with the secret key decryption of clear text file using the decipherment algorithm in 256 Advanced Encryption Standard AES256The connection value ciphertext of literary blocks of files key, obtains the connection value of clear text file block key, and the secret key decryption with clear text file block is closeLiterary blocks of files obtains clear text file block；

(8) new clear text file block is encrypted in file owner：

The label of clear text file and update request are sent to server by (8a) file owner；

The ciphertext of blocks of files key connection value is sent to file owner by (8b) server；

(8c) is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, the key solution of file owner's clear text fileThe ciphertext of close clear text file block key connection value, obtains the connection value of clear text file block key；

(8d) calculates the key of new clear text file respectively using 256 secure hash algorithm SHA256, file owner, newThe label of clear text file, the to be modified or key of clear text file block that is inserted into and to be modified or the clear text file block that is inserted intoAuthentication value；

(8e) file owner utilizes the index value of clear text file block that is to be modified or being inserted into and its key of clear text file blockThe connection value of clear text file block key is updated, obtains the connection value of new clear text file block key；

(8f) using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or be inserted intoThe key of clear text file block encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new brightThe key of file encrypts the connection value of new clear text file block key, and the connection value for obtaining new clear text file block key is closeText；

(8g) file owner grasps the label of new clear text file, the connection value ciphertext of new clear text file block key, dynamicIt instructs, is to be modified or be inserted into or the index value of blocks of files to be deleted, the to be modified or cryptograph files block, to be modified that is inserted intoThe authentication value of clear text file block being inserted into is sent to server；

(9) server carries out deduplication operation to new cryptograph files block：

256 secure hash algorithm SHA256 of server by utilizing calculate the label of cryptograph files block that is to be modified or being inserted into, deleteExcept the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk deduplication operation of server end is completed；

(10) base level nodes in server modification dynamic equilibrium skip list：

The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brotgher of node of class node,Using 256 secure hash algorithm SHA256, the server authentication value of clear text file block to be modified and the certification of the brotgher of nodeValue updates the authentication value of class node；

(11) server is inserted into the base level nodes in dynamic equilibrium skip list：

The index value that (11a) whois lookup is inserted into blocks of files corresponds to the class nodes of base level nodes, generates base's sectionPoint is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and it is reachable to be inserted into nodeBase level nodes number is assigned a value of 1, and the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into the rope for being inserted into blocks of filesDraw the backpointer position of base level nodes corresponding to value；

The son node number of the class node of lowermost layer is added 1 by (11b), using the class node of lowermost layer as present node；

(11c) judges whether the son node number of present node is equal to 3, if so, performing step (11d)；Otherwise, step is performed(11e)；

(11d) is updated the cryptographic Hash of present node, up to base level nodes number, is performed using each child node of present nodeStep (11f)；

(11e) using first, the left side child node of present node and the cryptographic Hash of second sub- node updates present node, canUp to base level nodes number and son node number；Another is generated using the left side third child node of present node and the 4th child nodeThe node of generation, is inserted into the backpointer position of present node by node, and the son node number of the father node of present node is added 1；

(11f) judges whether present node is root node, if so, performing step (12)；Otherwise, made with last layer class nodeFor present node, step (11c) is performed；

(12) server deletes the base level nodes in dynamic equilibrium skip list：

The index value of (12a) whois lookup blocks of files to be deleted corresponds to the class node of base level nodes, deletes file to be deletedBase level nodes corresponding to the index value of block；

The son node number of the class node of lowermost layer is subtracted 1 by (12b), using the class node of lowermost layer as present node；

(12c) judges whether the son node number of present node is equal to 2, if so, performing step (12d)；Otherwise, step is performed(12e)；

(12d) is updated the cryptographic Hash of present node, up to base level nodes number, is performed using each child node of present nodeStep (12l)；

(12e) judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing step (12f)；Otherwise,Perform step (12i)；

(12f) judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so, performingStep (12g)；Otherwise, step (12h) is performed；

(12g) is using first, the left side child node of the backpointer meaning brotgher of node of present node as the left side of present nodeTwo child nodes are saved using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and sonPoints, utilize the Hash of the remaining two sub- node updates brotgher of node of the brotgher of node of the backpointer meaning of present nodeValue, reachable base level nodes number and son node number, perform step (12l)；

(12h) is using unique child node of present node as first, the left side son section of the present node backpointer meaning brotgher of nodePoint, using the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, up to baseNumber of nodes and son node number delete present node, and step (12l) is performed after subtracting 1 by the son node number of last layer class node；

(12i) judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing step(12j)；Otherwise, step (12k) is performed；

(12j) is using the left side third child node of the previous brotgher of node as first, the left side child node of present node, profitWith the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, using currentThe cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of node, reachable base level nodes number and sonNumber of nodes performs step (12l)；

(12k) is using unique child node of present node as the left side third height section of the previous brotgher of node of present nodePoint is saved using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to basePoints and son node number delete present node, subtract 1 by the son node number of last layer class node；

(12l) judges whether present node is root node, if so, performing step (13)；Otherwise, made with the class node of last layerFor present node, step (12c) is performed；

(13) dynamic equilibrium skip list update finishes.

2. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：Step (1a), step (1c), step (2c), step (3), step (4d), step (5c), step (8d), step (9), step(10) 256 secure hash algorithm SHA256 described in refer to：The Federal Information of American National Standard technical research institute publication256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3, suitable for of length no more than 2⁶⁴Two intoThe message of position processed.

3. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：Step (1d), step (7), step (8c), 256 Advanced Encryption Standard AES256 described in step (8f) refer to：The U.S.A kind of block encryption standard that federal government uses, wherein, the length of key is the Advanced Encryption Standard of 256.

4. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：Base level nodes described in step (2a) refer to, positioned at the node of dynamic equilibrium skip list bottom.

5. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：Node described in step (2b) refers to, forms the basic unit of dynamic equilibrium skip list, each node is by a five-tupleIt forms, first group membership is respectively node cryptographic Hash, node up to base level nodes number, son node number, backpointer and lower pointer.

6. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：Father chain's table described in step (2g) refers to, the single linked list being made of multiple father nodes.

7. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：Class node described in step (5b) refers to, is accessed from root node to the search procedure of some base level nodesMeet the node for including the base level nodes up to node in node, not including base level nodes in itself.

8. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature existIn：The brotgher of node described in step (5b) refers to, the general designation of other nodes in same single linked list.