An open data replication proof method, system and device against witch attack

By using the storage provider's unique identity and erasure coding, combined with group computation to generate Type II parameters, and establishing a public parameter pool, the problem of Sybil attacks in open data storage is solved, and data replication and verification without trusted startup are achieved.

CN117650916BActive Publication Date: 2026-07-14BEIHANG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIHANG UNIV
Filing Date
2023-11-24
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing technologies cannot effectively solve the problem of Sybil attacks in open data storage, especially when multiple provers are involved, which may lead to false proofs.

Method used

The storage provider's unique identity is used as a public, incompressible coding seed. Data is processed through erasure coding to generate concise, non-interactive proofs. Group computation is used to generate Type II parameters, and a publicly accessible pool of parameters is established to prevent Sybil attacks.

Benefits of technology

It enables a data replication process without trusted startup, prevents Sybil attacks, and ensures the fairness and reliability of data integrity verification. It is suitable for the multi-source, multi-purpose storage and verification needs of open data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117650916B_ABST
    Figure CN117650916B_ABST
Patent Text Reader

Abstract

The application discloses an open data replication proof method and system against witch attack, and relates to the field of data integrity verification. The method comprises the following steps: a storage provider stores a public identity and a storage strategy, and initializes a public parameter pool; the storage provider pre-processes open data, generates a first type of parameter, and updates the public parameter pool; each member in a group K receives the first type of parameter, calculates a second type of parameter, and then the storage provider updates the public parameter pool; the group K is composed of q members, and the group K is represented by C1,..., C q The storage provider regularly obtains a challenge and generates a proof, and updates the public parameter pool; and a verifier regularly obtains the proof from the public parameter pool and verifies it.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data integrity verification, and in particular to an open data replication verification method, system, and device resistant to Sybil attacks. Background Technology

[0002] Proof of replication is a crucial component of data integrity verification schemes, often used by clients to require provers to demonstrate to verifiers that original data has been copied multiple times, and that each copy is correctly stored. However, this approach is only suitable for single-provider scenarios involving private data storage. Firstly, when storing open data, the data source is uncertain and widely distributed. In this case, the client and prover share the same identity, requiring the prover to refrain from performing trusted initiation. Secondly, with multiple provers, a Sybil attack could occur, where one prover generates multiple prover identities, resulting in a number of correctly verified proofs far exceeding the amount of correctly copied and stored data. Currently, no published, mature research has addressed these issues. Summary of the Invention

[0003] The purpose of this invention is to provide an open data replication proof method, system, and device that resists Sybil attacks, thereby avoiding Sybil attacks and solving the trusted boot problem caused by the client and prover being one and the same.

[0004] To achieve the above objectives, the present invention provides the following solution:

[0005] An open data replication proof method resistant to Sybil attacks includes:

[0006] The storage provider discloses its identity and storage policy, and initializes a public parameter pool. The storage provider's identity is its public key pk. The storage policy includes: number of replicas r, first data shard index n, and second data shard index s. The number of replicas r represents the number of copies the storage provider makes of the open data. After subsequent erasure coding of the open data replicas, each open data replica is divided into parts equal to the first data shard index n, and each part is further divided into parts equal to the second data shard index s. The public parameter pool... Always keep the access interface open to the outside world; public parameter pool Updates and access are performed through the storage provider;

[0007] The storage provider preprocesses the open data, generates Class I parameters, and updates the public parameter pool;

[0008] Each member in group K receives type I parameters, calculates type II parameters, and then stores them in the public parameter pool updated by the provider. Group K consists of q members, denoted by C1, ..., C2.q express;

[0009] The storage provider periodically obtains challenges, generates proofs, and updates the public parameter pool;

[0010] Verifiers periodically retrieve proofs from a public parameter pool and verify them.

[0011] Optionally, the storage provider exposes its identity and storage policy, and initializes a public parameter pool, specifically including:

[0012] Add the replica number r, the first data shard index n, the second data shard index s, and the storage provider's public key pk to the public parameter pool. middle.

[0013] Optionally, the storage provider preprocesses the open data to generate Class I parameters and updates the public parameter pool, specifically including:

[0014] The storage provider processes the open data M using erasure coding to obtain recoverable open data M. * ;

[0015] For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider computes M. (k) =PIE.Encode(M * , pk||k); where k is a positive integer; M (k) It is the k-th data copy; pk is the public key of the storage provider; || is the string concatenation operator; pk||k is the string concatenation operation between the public key pk of the storage provider and the positive integer k; PIE.Encode is the encoding algorithm of the public incompressible encoding.

[0016] Storage providers use the formula (π) SNARK w SNARK =SNARK.Prove(M (k) =PIE.Encode(M (k) , pk||k), for 1≤k≤r) generate the proof; where SNARK.Prove is the proof algorithm (Prove) of the concise non-interactive proof algorithm; π SNARK This is evidence of a concise, non-interactive proof algorithm; w SNARK These are the replication verification parameters for the concise, non-interactive proof algorithm;

[0017] For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider will store the k-th data copy M. (k)The data is divided into parts equal to the first shard index n, and each part is further divided into parts equal to the second shard index s. The set of all such parts is called a fine partition. The union of the fine partitions of the k-th data replica set corresponding to all k that satisfy 1 ≤ k ≤ r is called the open data replica set, denoted as [missing information].

[0018] For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider randomly generates a filename. in, It is the modulo p residual group;

[0019] For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider randomly generates s elements. Where G is a cyclic group; It is a random number operator that generates uniformly distributed random numbers; for each positive integer k satisfying 1 ≤ k ≤ r, the storage provider calculates the k-th name. The positive integer k corresponding to all positive integers k satisfying 1≤k≤r The union of these sets is called the name set, denoted as .

[0020] For each positive integer k satisfying 1 ≤ k ≤ r, and for each positive integer i satisfying 1 ≤ i ≤ n, the storage provider computes the i-th tag of the k-th replica. The positive integer k that satisfies 1 ≤ k ≤ r and the positive integer i that satisfies 1 ≤ i ≤ n. The union of the sets is called the labeled set, denoted as . Here, H is a hash function that can map strings of arbitrary length to a group G;

[0021] The storage provider will make the full set of data copies available. Evidence π, a concise non-interactive proof algorithm SNARK Auxiliary verification parameter w for concise non-interactive proof algorithm SNARK , tag set and name collection Add to public parameter pool Perform an update; change the tag set and name collection These are called Type I parameters.

[0022] Optionally, each member in group K receives type I parameters, calculates type II parameters, and then stores them in the public parameter pool updated by the provider, specifically including:

[0023] In group K, for every x in 1≤x≤q, member C x Access the public parameter pool after its first update;

[0024] In group K, for every X in 1≤x≤q, member C x Randomly generated

[0025] In group K, for every X in 1≤x≤q, member C x calculate

[0026] In group K, for every x in 1≤x≤q, member C x calculate Wherein, SKg is the key generation algorithm for BLS signatures;

[0027] In group K, for every x in 1≤x≤q, member C x For every k in 1≤k≤r, calculate Wherein, SSig is the signature algorithm for BLS signatures;

[0028] In group K, for every x in 1≤x≤q, member C x For every k in 1 ≤ k ≤ r, where for every i in 1 ≤ i ≤ n, compute

[0029] For every k in 1 ≤ k ≤ r, where for every i in 1 ≤ i ≤ n, the formula is used. Determine the signature tag set

[0030] For each k in 1≤k≤r, use the formula Determine the set of signature names {t (k)} 1≤k≤r ;

[0031] Using formula and Determine the public key (β, spk);

[0032] Group K outputs a set of signature tokens to the storage provider. Signature name set {t (k)} 1≤k≤r Verifying the public key (β, spk) is called a type II parameter;

[0033] The storage provider adds the Class II parameters to the public parameter pool and performs a second update.

[0034] Optionally, the storage provider periodically acquires challenges and generates proofs, and updates the public parameter pool, specifically including:

[0035] The storage provider generates subsets using unpredictable public random numbers. And |I| = l; where [1, n] represents the set of all positive integers greater than or equal to 1 and less than or equal to n; |I| represents the number of elements in set I;

[0036] The storage provider, using the unpredictable common random number, randomly generates elements for each i ∈ I. Given all pairs (i, v) satisfying i∈I i The union of (i, v) is called the set of challenge blocks, denoted as {(i, v)}. i )} i∈I ;in, It is an operator for generating uniformly distributed random numbers; It is the modulo p residual group;

[0037] The storage provider randomly generates a subset using the unpredictable public random number. R is called the set of challenge replicas; where [1, r] represents the set of all positive integers greater than or equal to 1 and less than or equal to r;

[0038] The storage provider will challenge the block set {(i, v)} i )} i∈I The challenge instance set R is added to the public parameter pool and updated three times.

[0039] For each k satisfying k∈R, and for each positive integer j satisfying 1≤j≤s, the storage provider computes... All satisfying k∈R Union notation

[0040] For each k satisfying k∈R, the storage provider computes

[0041] The storage provider calculates σ = Π k∈R σ (k) ;

[0042] The storage provider takes all t that satisfy k∈R (k) The union of the sets is denoted as {t}. (k)} k∈R ;

[0043] Storage provider's proof

[0044] The storage provider adds the proof π to the public parameter pool and updates it four times.

[0045] Optionally, the verifier periodically retrieves and verifies proofs from a public parameter pool, specifically including:

[0046] The validator accesses the public parameter pool after four updates.

[0047] The verifier calculates b SNARK =SNARK.Verify(π) SNARK w SNARK ); where SNARK.Verify is the verification algorithm for the concise non-interactive proof algorithm; π SNARK This is evidence of a concise, non-interactive proof algorithm; w SNARK These are auxiliary verification parameters for the concise, non-interactive proof algorithm; b SNARK It is the verification result of the concise non-interactive proof algorithm, and its value range is 0 or 1;

[0048] For each k satisfying k∈R, the verifier verifies 1←SVerify(spk,t) (k) If the condition is not met, the verification algorithm ends and the verification result b = 0 is output; where SVerify is the signature verification algorithm of the BLS signature algorithm.

[0049] For each k satisfying k∈R, the verifier verifies Whether it holds true; where e: G×G→G T It is a bilinear mapping; G T It is a cyclic group;

[0050] If the verification is successful, the verifier records the verification result b = 1; otherwise, the verifier records the verification result b = 0.

[0051] The verifier outputs the verification result b and the verification result b from the concise non-interactive proof algorithm. SNARK .

[0052] An open data replication proof system resistant to Sybil attacks includes:

[0053] The public parameter pool initialization module is used to store the public identity and storage policy of the storage provider, and to initialize the public parameter pool. The identity of the storage provider is its public key pk. The storage policy includes: number of replicas r, number of first data shard metrics n, and number of second data shard metrics s. The number of replicas r represents the number of copies the storage provider makes of the open data. After subsequent erasure coding is used to encode the open data replicas, each open data replica is divided into parts equal to the number of first data shard metrics n, and each part is then divided into parts equal to the number of second data shard metrics s. The public parameter pool... Always keep the access interface open to the outside world; public parameter pool Updates and access are performed through the storage provider;

[0054] The public parameter pool update module is used to store the provider's preprocessing of open data, generating Class I parameters, and updating the public parameter pool.

[0055] The common parameter pool secondary update module is used by each member of group K to receive type I parameters, calculate type II parameters, and then store the updated common parameter pool by the provider. Group K consists of q members, denoted by C1, ..., C2. q express;

[0056] The proof generation module is used to store the challenges that the provider periodically obtains and generates proofs, and to update the public parameter pool;

[0057] The verification module is used by verifiers to periodically retrieve proofs from the public parameter pool and verify them.

[0058] An open data replication proof device resistant to Sybil attacks includes: at least one processor, at least one memory, and computer program instructions stored in the memory, which, when executed by the processor, implement the open data replication proof method resistant to Sybil attacks.

[0059] Optionally, the memory is a computer-readable storage medium.

[0060] According to specific embodiments provided by the present invention, the present invention discloses the following technical effects:

[0061] The present invention provides an open data replication proof method, system, and device resistant to Sybil attacks. It employs a scheme that uses the storage provider's unique identity as the seed of a public, incompressible code. The replication process is recoverable and secret-free, requiring no trusted boot and preventing Sybil attacks. A publicly accessible pool of parameters is set up and bound to the storage provider's unique identity, meeting the needs of multi-source, multi-purpose, and undirected access to raw data, evidence access, and evidence verification in open data environments. Furthermore, it avoids the possibility of Sybil attacks under public scrutiny. The trusted boot group calculates the Type I parameters generated by the storage provider as Type II parameters. Through distributed computing, the secrets of the data integrity audit scheme during the boot process are hidden, solving the trusted boot problem arising from the client and prover being one and the same. Attached Figure Description

[0062] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0063] Figure 1 This is a schematic diagram of an open data replication proof method for resisting Sybil attacks provided by the present invention. Detailed Implementation

[0064] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0065] The purpose of this invention is to provide an open data replication proof method, system, and device that resists Sybil attacks, thereby avoiding Sybil attacks and solving the trusted boot problem caused by the client and prover being one and the same.

[0066] To make the above-mentioned objects, features and advantages of the present invention more apparent and understandable, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0067] like Figure 1 As shown, the present invention provides an open data replication proof method resistant to Sybil attacks, characterized in that it includes:

[0068] S101, the storage provider discloses its identity and storage policy, and initializes the public parameter pool; the storage provider's identity is its public key pk; the storage policy includes: number of replicas r, number of first data shard metrics n, and number of second data shard metrics s; the number of replicas r represents the number of copies the storage provider makes of the open data; after subsequent erasure coding is used to encode the open data replicas, each open data replica is divided into parts equal to the number of first data shard metrics n, and each part is then divided into parts equal to the number of second data shard metrics s; public parameter pool. Always keep the access interface open to the outside world; public parameter pool Updates and accesses are performed through the storage provider; where r, n, and s are all positive integers.

[0069] Storage provider initializes common parameter pool Then, the number of replicas r, the number of data shards n, the number of data shards s, and the storage provider's public key pk are added to it. At this point,

[0070] Here, the public parameter pool The access interface is always open to the outside world. Even if it is stored and accessed by other network nodes, the storage provider's public key (PK) is used as the unique retrieval identifier. Only the storage provider can update the public parameter pool. In the following scheme, the default storage provider is always aware of and can access the public parameter pool at any time.

[0071] S102, the storage provider preprocesses the open data, generates Class I parameters, and updates the public parameter pool;

[0072] The specific steps in S102 are as follows:

[0073] 1. The storage provider processes the original open data M using erasure coding to obtain recoverable open data M. * .

[0074] 2. For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider computes M. (k) =PIE.Encode(M * ,pk||k).

[0075] Where k is a positive integer; M (k) It is the kth data copy; pk is the public key of the storage provider; || is the string concatenation operator; pk||r is the string concatenation operation between the public key pk of the storage provider and the positive integer k; PIE.Encode is the encoding algorithm of Public Incompressible Encoding (PIE).

[0076] 3. The storage provider generates proof.

[0077] (π SNARK w SNARK =SNARK.Prove(M (k) =PIE.Encode(M (k) , pk||k), for 1≤k≤r).

[0078] Among them, SNARK.Prove is the proof algorithm (Prove) of the concise non-interactive proof algorithm (SNARK); π SNARK This is evidence of a concise, non-interactive proof algorithm; w SNARK These are the replication verification parameters for the concise, non-interactive proof algorithm; the input to SNARK.Prove is the following assertion—M (k) =PIE.Encode(M (k) , pk||k), or 1≤k≤r, that is, for every positive integer k satisfying 1≤k≤r, M (k) =PIE.Encode(M * The relationship between pk and pk is valid.

[0079] 4. For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider will store the k-th data copy M. (k)The data is divided into parts equal to the first shard index *n*, and each part is further divided into parts equal to the second shard index *s*. The set of all such parts is called a fine partition. The union of the fine partitions of the k-th data replica set corresponding to all k satisfying 1 ≤ *k* ≤ *r* is called the open data replica universal set, denoted as [[...]].

[0080] 5. For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider randomly generates a filename.

[0081] in, It is the modulo p residual group.

[0082] 6. For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider randomly generates s elements.

[0083] Where G is a cyclic group; It is an operator for generating uniformly distributed random numbers.

[0084] 7. For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider calculates the k-th name. The positive integer k corresponding to all positive integers k satisfying 1≤k≤r The union of these sets is called the name set, denoted as .

[0085] 8. For each positive integer k satisfying 1 ≤ k ≤ r, and for each positive integer i satisfying 1 ≤ i ≤ n, the storage provider computes the i-th tag of the k-th replica. The positive integer k that satisfies 1 ≤ k ≤ r and the positive integer i that satisfies 1 ≤ i ≤ n. The union of the sets is called the labeled set, denoted as .

[0086] Here, H is a hash function that can map strings of arbitrary length to a group G.

[0087] 9. The storage provider will make the complete set of data copies available. Evidence π, a concise non-interactive proof algorithm SNARK The auxiliary verification parameter W of the concise non-interactive proof algorithm SNARK , tag set and name collection Add to public parameter pool tag set and name collection These are called Type I parameters.

[0088] The updated public parameter pool is as follows:

[0089]

[0090] S103, each member of group K receives the type I parameters, calculates the type II parameters, and then stores them in the public parameter pool updated by the provider; group K consists of Q members, denoted by C1,…,C1. q The purpose of group K is to perform a reliable initiation calculation on the type I parameters to obtain the type II parameters.

[0091] The specific steps for S103 are as follows:

[0092] 1. In group K, for every x in 1≤x≤q, member C x Access the public parameter pool

[0093] 2. In group K, for every x in 1≤x≤q, member C x Randomly generated

[0094] 3. In group K, for every x in 1≤x≤q, member C x calculate

[0095] 4. In group K, for every x in 1 ≤ x ≤ q, member C x calculate

[0096] SKg is the key generation algorithm for BLS signatures.

[0097] 5. In group K, for every x in 1≤x≤q, member C x For every k in 1≤k≤r, calculate

[0098] SSig is the signature algorithm for BLS signatures.

[0099] 6. In group K, for every X in group 1 ≤ x ≤ q, member C x For every k in 1 ≤ k ≤ r, where for every i in 1 ≤ i ≤ n, compute

[0100] 7. For each k in 1 ≤ k ≤ r, where for each i in 1 ≤ i ≤ n, calculate

[0101] 8. For every k in 1≤k≤r, calculate

[0102] 9. Calculate

[0103] 10. Calculate

[0104] 11. Group K outputs a set of signature tokens to the storage provider. Signature name set {t (k)} 1≤k≤r The public key (β, spk) is verified and is called a type II parameter.

[0105] 12. The storage provider adds the Class II parameters to the updated public parameter pool.

[0106] The public parameter pool after the second update is as follows:

[0107]

[0108]

[0109] S104, The storage provider periodically obtains challenges, generates proofs, and updates the public parameter pool;

[0110] The specific steps for S104 are as follows:

[0111] 1. The storage provider generates a subset using unpredictable public random numbers and a publicly disclosed specific algorithm. And |I| = l.

[0112] Where [1, n] represents the set of all positive integers greater than or equal to 1 and less than or equal to n; |I| represents the number of elements in set I.

[0113] 2. The storage provider, using the same unpredictable public random numbers as in step 1, randomly generates elements for each i satisfying i∈I using a publicly available specific algorithm. Given all pairs (i, v) satisfying i∈I i The union of (i, v) is called the set of challenge blocks, denoted as {(i, v)}. i )} i∈I .

[0114] in, It is an operator for generating uniformly distributed random numbers; It is the modulo p residual group.

[0115] 3. The storage provider generates a subset randomly using the same unpredictable public random numbers as in step 1, through a publicly available specific algorithm. R is referred to as the challenge instance set.

[0116] Where [1, r] represents the set of all positive integers greater than or equal to 1 and less than or equal to r.

[0117] 4. The storage provider will challenge the block set {(i, v} i )}i∈I The number of challenge dungeon sets R has been added to the public parameter pool after the second update.

[0118] The public parameter pool after three updates is as follows:

[0119]

[0120]

[0121] 5. The storage provider computes for each k satisfying k∈R, and for each positive integer j satisfying 1≤j≤s, the following: All satisfying k∈R Union notation

[0122] 6. The storage provider computes for each k satisfying k∈R

[0123] 7. The storage provider calculates σ = Π k∈R σ (k) .

[0124] 8. The storage provider takes all t that satisfy k∈R (k) The union of the sets is denoted as {t}. (k)} k∈R .

[0125] 9. Storage provider's certificate

[0126] 10. The storage provider adds the proof of π to the public parameter pool after three updates.

[0127] The public parameter pool after four updates is as follows:

[0128]

[0129]

[0130] S105, validators periodically retrieve proofs from the public parameter pool and verify them.

[0131] The specific steps for S105 are as follows:

[0132] 1. The validator accesses the public parameter pool after four updates.

[0133] 2. The verifier calculates b SNARK =SNARK.Verify(π) SNARK w SNARK ).

[0134] Among them, SNARK.Verify is the verification algorithm (Verify) of the concise non-interactive proof algorithm (SNARK); π SNARK This is evidence of a concise, non-interactive proof algorithm; w SNARK These are auxiliary verification parameters for the concise, non-interactive proof algorithm; b SNARK It is the verification result of the concise non-interactive proof algorithm, and its value range is 0 or 1.

[0135] 3. For each k satisfying k∈R, the verifier verifies 1←SVerify(spk,t) (k) If the condition is not met, the verification algorithm ends and the verification result b = 0 is output.

[0136] SVerify is the signature verification algorithm for the BLS signature algorithm.

[0137] 4. The verifier verifies for each k satisfying k∈R. Whether it is valid or not.

[0138] Where, e: G×G→G T It is a bilinear mapping.

[0139] Among them, G T It is a cyclic group.

[0140] If the verification is successful, the verifier records the verification result b = 1; otherwise, the verifier records the verification result b = 0.

[0141] 5. The verifier outputs the verification result b and the verification result b of the concise non-interactive proof algorithm. SNARK .

[0142] This invention proposes an open data replication proof method resistant to Sybil attacks, with the following advantages: First, it adopts a scheme that uses the unique identity of the storage provider as the seed of a public, incompressible code, ensuring the replication process is recoverable and secret-free, eliminating the need for trusted startup, and preventing Sybil attacks. Second, it establishes a publicly accessible pool of parameters, bound to the unique identity of the storage provider, meeting the needs of multi-source, multi-purpose, and undirected access to raw data, evidence access, and evidence verification in open data, while further avoiding the possibility of Sybil attacks under public scrutiny. Third, the trusted startup group calculates the Type I parameters generated by the storage provider as Type II parameters, concealing the secret of the data integrity verification scheme during the startup process through distributed computing, thus solving the trusted startup problem arising from the client and prover being one and the same.

[0143] Corresponding to the above method, the present invention also provides an open data replication proof system resistant to Sybil attacks, comprising:

[0144] The public parameter pool initialization module is used to store the public identity and storage policy of the storage provider, and to initialize the public parameter pool. The identity of the storage provider is its public key pk. The storage policy includes: number of replicas r, number of first data shard metrics n, and number of second data shard metrics s. The number of replicas r represents the number of copies the storage provider makes of the open data. After subsequent erasure coding is used to encode the open data replicas, each open data replica is divided into parts equal to the number of first data shard metrics n, and each part is then divided into parts equal to the number of second data shard metrics s. The public parameter pool... Always keep the access interface open to the outside world; public parameter pool Updates and access are performed through the storage provider;

[0145] The public parameter pool update module is used to store the provider's preprocessing of open data, generating Class I parameters, and updating the public parameter pool.

[0146] The common parameter pool secondary update module is used by each member of group K to receive type I parameters, calculate type II parameters, and then store the updated common parameter pool by the provider. Group K consists of q members, denoted by C1, ..., C2. q express;

[0147] The proof generation module is used to store the challenges that the provider periodically obtains and generates proofs, and to update the public parameter pool;

[0148] The verification module is used by verifiers to periodically retrieve proofs from the public parameter pool and verify them.

[0149] In order to execute the methods corresponding to the above embodiments and achieve the corresponding functions and technical effects, the present invention also provides an open data copying proof device resistant to Sybil attacks, comprising: at least one processor, at least one memory, and computer program instructions stored in the memory, wherein when the computer program instructions are executed by the processor, the open data copying proof method resistant to Sybil attacks is implemented.

[0150] The memory is a computer-readable storage medium.

[0151] Based on the above description, the technical solution of the present invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of the present invention. The aforementioned computer storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory, random access memory, magnetic disks, or optical disks.

[0152] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the systems disclosed in the embodiments, since they correspond to the methods disclosed in the embodiments, the descriptions are relatively simple; relevant parts can be referred to the method section.

[0153] This document uses specific examples to illustrate the principles and implementation methods of the present invention. The descriptions of the above embodiments are only for the purpose of helping to understand the method and core ideas of the present invention. Furthermore, those skilled in the art will recognize that, based on the ideas of the present invention, there will be changes in the specific implementation methods and application scope. Therefore, the content of this specification should not be construed as a limitation of the present invention.

Claims

1. A method for proving open data replication resistant to Sybil attacks, characterized in that, include: The storage provider exposes its identity and storage policy, and initializes a public parameter pool; The identity of the storage provider is the storage provider's public key (pk). The storage strategy includes: number of replicas r, number of first data shard metrics n, and number of second data shard metrics s; the number of replicas r represents the number of copies of open data that the storage provider replicates; after subsequent erasure coding is used to encode the open data replicas, each open data replica is divided into parts equal to the number of first data shard metrics n, and each part is then divided into parts equal to the number of second data shard metrics s; a common parameter pool. Always keep the access interface open to the outside world; public parameter pool Updates and access are performed through the storage provider; The storage provider preprocesses the open data, generates Class I parameters, and updates the public parameter pool; Each member in group K receives the type I parameters, calculates the type II parameters, and then stores them in the public parameter pool updated by the provider. Group K consists of q members, denoted by C1, ..., C2. q express; The storage provider periodically obtains challenges, generates proofs, and updates the public parameter pool; Verifiers periodically retrieve proofs from a public parameter pool and verify them.

2. The method for proving open data replication against Sybil attacks according to claim 1, characterized in that, The storage provider discloses its identity and storage policy, and initializes a public parameter pool, specifically including: Add the replica number r, the first data shard index n, the second data shard index s, and the storage provider's public key pk to the public parameter pool. middle.

3. The method for proving open data replication against Sybil attacks according to claim 2, characterized in that, The storage provider preprocesses the open data, generates Class I parameters, and updates the public parameter pool, specifically including: The storage provider processes the open data M using erasure coding to obtain recoverable open data M. * ; For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider computes M. (k) =PIE.Encode(M * , pk||k); where k is a positive integer; M (k) It is the k-th data copy; pk is the public key of the storage provider; || is the string concatenation operator; pk||k is the string concatenation operation between the public key pk of the storage provider and the positive integer k; PIE.Encode is the encoding algorithm of the public incompressible encoding. Storage providers use the formula (π) SNARK w SNARK =SNARK.Prove(M (k) =PIE.Encode(M (k) The proof is generated for pk||k), for 1≤k≤r; where SNARK.Prove is the proof algorithm (Prove) of the concise non-interactive proof algorithm; π SNARK This is evidence of a concise, non-interactive proof algorithm; w SNARK These are the replication verification parameters for the concise, non-interactive proof algorithm; For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider will store the k-th data copy M. (k) The data is divided into parts equal to the first shard index n, and each part is further divided into parts equal to the second shard index s. The set of all such parts is called a fine partition. The union of the fine partitions of the k-th data replica set corresponding to all k that satisfy 1 ≤ k ≤ r is called the open data replica universal set, denoted as [missing information]. For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider randomly generates a filename. in, It is the modulo p residual group; For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider randomly generates s elements. Where G is a cyclic group; It is an operator for generating uniformly distributed random numbers; For each positive integer k satisfying 1 ≤ k ≤ r, the storage provider computes the k-th name. The positive integer k corresponding to all positive integers k satisfying 1≤k≤r The union of these sets is called the name set, denoted as . For each positive integer k satisfying 1 ≤ k ≤ r, and for each positive integer i satisfying 1 ≤ i ≤ n, the storage provider computes the i-th tag of the k-th replica. The positive integer k that satisfies 1 ≤ k ≤ r and the positive integer i that satisfies 1 ≤ i ≤ n. The union of the sets is called the labeled set, denoted as . Here, H is a hash function that can map strings of arbitrary length to a group G; The storage provider will make the full set of data copies available. Evidence π, a concise non-interactive proof algorithm SNARK Auxiliary verification parameter w for concise non-interactive proof algorithm SNARK , tag set and name collection Add to public parameter pool Perform an update; change the tag set and name collection These are called Type I parameters.

4. The method for proving open data replication against Sybil attacks according to claim 3, characterized in that, Each member in group K receives type I parameters, calculates type II parameters, and then stores them in the public parameter pool updated by the provider. Specifically, this includes: In group K, for every x in 1≤x≤q, member C x Access the public parameter pool after its first update; In group K, for every x in 1≤x≤q, member C x Randomly generated In group K, for every x in 1≤x≤q, member C x calculate In group K, for every x in 1≤x≤q, member C x calculate Wherein, SKg is the key generation algorithm for BLS signatures; In group K, for every x in 1≤x≤q, member C x For every k in 1≤k≤r, calculate Wherein, SSig is the signature algorithm for BLS signatures; In group K, for every x in 1≤x≤q, member C x For every k in 1 ≤ k ≤ r, where for every i in 1 ≤ i ≤ n, compute For every k in 1 ≤ k ≤ r, where for every i in 1 ≤ i ≤ n, the formula is used. Determine the signature tag set For each k in 1≤k≤r, use the formula Determine the set of signature names {t (k) } 1≤k≤r ; Using formula and Determine the public key (β, spk); Group K outputs a set of signature tokens to the storage provider. Signature name set {t (k) } 1≤k≤r Verify the public key (β, spk), which is called a type II parameter; The storage provider adds the Class II parameters to the public parameter pool and performs a second update.

5. The method for proving open data replication against Sybil attacks according to claim 4, characterized in that, The storage provider periodically acquires challenges, generates proofs, and updates the public parameter pool, specifically including: The storage provider generates subsets using unpredictable public random numbers. And |I| = l; where [1, n] represents the set of all positive integers greater than or equal to 1 and less than or equal to n; |I| represents the number of elements in set I; The storage provider, using the unpredictable common random number, randomly generates elements for each i ∈ I. Given all pairs (i, v) satisfying i∈I i The union of (i, v) is called the set of challenge blocks, denoted as {(i, v)}. i )} i∈I ;in, Z is the operator for generating uniformly distributed random numbers; p It is the modulo p residual group; The storage provider randomly generates a subset using the unpredictable public random number. R is called the set of challenge replicas; where [1, r] represents the set of all positive integers greater than or equal to 1 and less than or equal to r; The storage provider will challenge the block set {(i, v} i )} i∈I The challenge instance set R is added to the public parameter pool and updated three times. For each k satisfying k∈R, and for each positive integer j satisfying 1≤j≤s, the storage provider computes... All satisfying k∈R Union notation For each k satisfying k∈R, the storage provider computes Storage provider computing The storage provider takes all t that satisfy k∈R (k) The union of the sets is denoted as {t}. (k) } k∈R ; Storage provider's proof The storage provider adds the proof π to the public parameter pool and updates it four times.

6. The method for proving open data replication against Sybil attacks according to claim 5, characterized in that, The verifier periodically retrieves and verifies proofs from a public parameter pool, specifically including: The validator accesses the public parameter pool after four updates. The verifier calculates b SNARK =SNARK Verif y (π SNARK w SNARK ); where SNARK.Verify is the verification algorithm for the concise non-interactive proof algorithm; π SNARK This is evidence of a concise, non-interactive proof algorithm; w SNARK These are auxiliary verification parameters for the concise, non-interactive proof algorithm; b SNARK It is the verification result of the concise non-interactive proof algorithm, and its value range is 0 or 1; For each k satisfying k∈R, the verifier verifies 1←SVerify(spk,t) (k) If the condition is not met, the verification algorithm ends and the verification result b = 0 is output; where SVerify is the signature verification algorithm of the BLS signature algorithm. For each k satisfying k∈R, the verifier verifies Whether it holds true; where P: G×G→G T It is a bilinear mapping; G T It is a cyclic group; If the verification is successful, the verifier records the verification result b = 1; otherwise, the verifier records the verification result b = 0. The verifier outputs the verification result b and the verification result b from the concise non-interactive proof algorithm. SNARK .

7. An open data replication verification system resistant to Sybil attacks, characterized in that, include: The public parameter pool initialization module is used to store the provider's public identity and storage policy, and to initialize the public parameter pool; The storage provider's identity is its public key pk; the storage policy includes: number of replicas r, number of first data shard metrics n, and number of second data shard metrics s; the number of replicas r represents the number of copies the storage provider makes of the open data; after subsequent erasure coding to encode the open data replicas, each open data replica is divided into parts equal to the number of first data shard metrics n, and each part is then divided into parts equal to the number of second data shard metrics s; public parameter pool. Always keep the access interface open to the outside world; public parameter pool Updates and access are performed through the storage provider; The public parameter pool update module is used to store the provider's preprocessing of open data, generating Class I parameters, and updating the public parameter pool. The common parameter pool secondary update module is used by each member in group K to receive type I parameters, calculate type II parameters, and then store the updated common parameter pool by the provider. Group K consists of q members, denoted by C1, ..., C2. q express; The proof generation module is used to store the challenges that the provider periodically obtains and generates proofs, and to update the public parameter pool; The verification module is used by verifiers to periodically retrieve proofs from the public parameter pool and verify them.

8. An open data replication proof device resistant to Sybil attacks, characterized in that, include: The method comprises at least one processor, at least one memory, and computer program instructions stored in the memory, which, when executed by the processor, implement an open data copying proof method resistant to Sybil attacks as described in any one of claims 1-6.

9. The open data replication proof device against Sybil attacks according to claim 8, characterized in that, The memory is a computer-readable storage medium.