A dynamic cloud storage data integrity verification method supporting privacy protection
By combining virtual indexes and multi-branch path tree (MBT) with random masking technology, the problems of high hash reconstruction overhead and index conflicts in dynamic data updates in cloud storage are solved, achieving efficient data integrity verification and privacy protection, and improving data update efficiency and security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- JINLING INST OF TECH
- Filing Date
- 2026-04-07
- Publication Date
- 2026-06-16
AI Technical Summary
Existing cloud storage technologies suffer from problems such as high hash reconstruction overhead, index conflicts, and difficulty in balancing privacy protection and audit efficiency when data is dynamically updated, thus failing to meet the needs of real-time verification.
By combining virtual indexes and multi-branch path trees (MBT) with random masking technology, it supports dynamic data updates, efficiently inserts and deletes data blocks through the virtual index mechanism, and optimizes the structure through MBT hash updates, thus achieving secure and efficient management of data blocks.
It enables efficient dynamic updates and integrity verification of cloud storage data, protects data privacy, reduces hash reconstruction overhead, and improves data update efficiency and security.
Smart Images

Figure CN122226451A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of cloud computing security technology and relates to a data privacy verification technology for cloud storage. Background Technology
[0002] With the rapid development of technologies such as computers, the Internet of Things, and big data, the total amount of global data is exploding. Traditional local storage has limited capacity and high expansion costs, making it difficult to meet the storage needs of massive amounts of data. Cloud service providers (CSPs), with their elastic resources, pay-as-you-go models, and convenient access, have attracted many enterprises to outsource their data to cloud servers. Data outsourcing means that users lose direct control over their data, and cloud data is vulnerable to risks such as hacker attacks, malicious tampering, and unauthorized deletion of infrequently accessed data by CSPs. Efficient and secure data integrity verification has become a core requirement for cloud storage applications.
[0003] In 2007, Ateniese et al. and Juels et al. proposed the Proof-of-Data Possession (PDP) scheme and the Proof-of-Recovery (POR) model, respectively, achieving high-probability integrity verification, but only supporting static storage. In 2010, Wang et al. proposed a privacy-protecting public auditing scheme, allowing third-party auditors (TPAs) to complete verification without accessing the original data. Li You combined a spatiotemporal chaos model and a binary tree to design a multi-replica dynamic verification scheme, protecting data through blinded information, but the client's computational overhead increases linearly with the number of replicas. Huang et al. and Wu et al. constructed a publicly verifiable auditing scheme based on certificateless and Chameleon VectorCommitment technologies. Li et al. and Wei Yishan et al. utilized blockchain and Merkle hash trees to achieve efficient data verification. Gudeme et al. and Bian et al. balanced privacy protection and anonymity in auditing through random masks and certificateless signature techniques with designated verifiers, respectively.
[0004] To address the need for dynamic data updates, Wang et al. introduced the MHT (Mean Tree Hierarchy Process) to support dynamic operations. However, the binary tree structure results in significant hash reconstruction overhead during high-frequency updates. Some studies have optimized efficiency through MHT variants, circular linked lists, or multi-branch path trees, achieving fast lookup and updates of data blocks. However, these approaches still have limitations in large-scale dynamic data scenarios: first, the depth of binary authentication trees such as MHT trees increases with the data size, leading to low dynamic update efficiency; second, data updates are prone to index conflicts, posing security risks; and third, balancing privacy protection and audit efficiency is difficult, failing to meet the needs of real-time verification.
[0005] The sources of the aforementioned prior art are as follows:
[0006] G. Ateniese, R. Burns,R. Curtmola, et al. “Provable data possession at untrusted stores”, / / Proceedings of the 14th ACM Conference on Computerand Communications Security. New York, USA: ACM Press, pp. 598-609, 2007.
[0007] A. Juels, BS Kaliski Jr. “PORs: Proofs of retrievability for largefiles”, / / Proceedings of the 14th ACM conference on Computer and communications security. New York, USA: ACM Press, pp. 584-597, 2007.
[0008] C. Wang, Q. Wang, K. Ren, et al. “Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing”, / / 2010 Proceedings IEEEINFOCOM. San Diego, California(US): IEEE, pp. 525-533, 2010.
[0009] Li You. “Research on Cloud Storage Data Integrity Verification Scheme”, Changsha: Changsha University of Science and Technology, 2017.
[0010] LX Huang, JL Zhou, GX Zhang, et al. "Certificateless publicverification for the outsourced data integrity in cloud storage", Journal ofCircuits, Systems and Computers, vol 27, no 11, pp. 1850181, 2018.
[0011] QY Wu, FC Zhou, J. Xu, et al. "Secure data stream outsourcing with publicly verifiable integrity in cloud storage", Journal of InformationSecurity and Applications, vol 49, pp. 102392, 2019.
[0012] JX Li, JG Wu, GY Jiang, et al. "Blockchain-based public auditing for big data in cloud storage", Information Processing & Management, vol. 57, no. 6, pp. 102382-, 2020.
[0013] Wei Yishan, Cao Xiaomei, Wang Shaohui, et al. "A Dual Data Integrity Verification Scheme for Cloud Storage", Small and Microcomputer Systems, vol. 45, no. 12, pp. 2944-2950, 2024.
[0014] JR Gudeme, S. Pasupuleti, R. Kandukuri. "Certificateless privacypreserving public auditing for dynamic shared data with group user revocation in cloud storage", Journal of Parallel and Distributed Computing, vol. 156, pp. 163-175, 2021.
[0015] GQ Bian, XS Guo, R. Li, et al. "Certificateless data integrity auditing in cloud storage with a designated verifier and user privacypreservation", Electronics, vol. 11, no. 23, pp. 3901-3901, 2022.
[0016] Q. Wang, C. Wang, K. Ren, et al. "Enabling public auditability and data dynamics for storage security in cloud computing", IEEE Transactions on Parallel and Distributed Systems: A Publication of the IEEE Computer Society, vol. 22, no. 5, pp. 847-859, 2011.
[0017] K. He, CX Huang,JL Shi, et al. "Enabling decentralized and dynamic data integrity verification for secure cloud storage via T-Merklehash tree based blockchain", Mobile Information Systems, vol. 2021, no. 1, pp. 9977744, 2021.
[0018] L. Zhou, AM Fu, GM Yang, et al. "Efficient certificatelessmulti-copy integrity auditing scheme supporting data dynamics", IEEETransactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 1118-1132, 2022.
[0019] Li Xiuguang, Yuan Wenyong, Li Ruifeng, et al. "A Dynamic Cloud Auditing Scheme Based on Homomorphic Hash Function and Virtual Index", Journal of Zhengzhou University (Natural Science Edition), vol. 56, no. 02, pp. 9-17, 2024.
[0020] Feng Tianhao, Ma Limin, Wang Jiahui, et al. "Integrity Verification Based on Blockchain and Circular Linked List Multi-Branch Path Tree", Journal of Beijing Information Science and Technology University (Natural Science Edition), vol. 39, no. 05, pp. 88-94, 2024.
[0021] HS Chen, ZM Tao, ZH Wang, et al. "Merkle multi-branch hashtree-based dynamic data integrity auditing for B5G network cloud storage", Journal of Information Security and Applications, vol. 89, pp. 103981-103981, 2025. Summary of the Invention
[0022] To address the aforementioned issues, this invention proposes a secure and efficient cloud data integrity verification method that supports privacy protection. Based on virtual indexes and multi-branch path trees (MBT), it supports dynamic data updates and utilizes random masking technology to protect data privacy, effectively improving the overall performance of the solution.
[0023] Step 1: Establish a cloud storage system, including users (USER), cloud storage service providers (CSP), and third-party validators (TPA).
[0024] Step 2: The user generates their own private and public keys.
[0025] Step 3: The user generates data block tags for the data and uploads the data blocks, data block tags and related information to the cloud server.
[0026] Step 4: The user entrusts TPA to generate a challenge message and send it to CSP to verify whether the cloud data is complete.
[0027] Step 5: After receiving the challenge information sent by TPA, CSP generates an audit certificate based on the challenge data block and returns it to TPA.
[0028] Step 6: After receiving the proof, TPA verifies the integrity of the cloud data and provides feedback to the user.
[0029] Step 7: Support efficient insertion operations through virtual indexing mechanism, insert new data blocks without causing a complete change to subsequent data block indexes.
[0030] Step 8: Modify the data block through identity verification, version number management, and MBT hash update.
[0031] Step 9: Delete the data block using a logical deletion and structural optimization design.
[0032] Step 1 includes: setting system security parameters Choose a large prime number Choose two prime numbers of order. Multiplication cyclic group and , yes generator, For a bilinear pair, choose two secure hash functions. and : , ,in yes multiplication group As a global variable, output the system's public parameters. .
[0033] Step 2 includes: The user randomly selects a number. Calculate the private key as The public key is ,in Store the private key as a unique identifier for each user. Only public key is disclosed .
[0034] Step 3 includes: the user submits the data. Divided into One data block, i.e. ,in For the first Each data block is processed sequentially to calculate a virtual index. ,in This is the data block sequence number information. set of positive integers , Indicates the step size, the insertion between adjacent data blocks. The number of data blocks is adjusted based on file size and data update frequency. Calculate each data block signature ,in This represents the version number, and its initial value is set to 1.
[0035] Step 3 also includes: constructing a multi-branch path tree (MBT) that incorporates virtual indexes, with leaf nodes storing the virtual indexes. Version number Incrementing with data updates, signature pointer Pointing to the latest signature information User ID and state Identify the validity of a data block: 1 for valid, 0 for invalid. Non-leaf nodes store the hash value and index range of the concatenated child node hashes. The root node is generated by recursively calculating the hash of each node. hash value The signature set of all data blocks Generate a mapping table containing data block sequence numbers, virtual indexes, and version numbers, and send the mapping table to a third-party auditor. Send to the cloud service provider.
[0036] Step 4 includes: the user sends a verification request to the TPA; after receiving the request, the TPA retrieves the information from the entire index. Random selection For each index, generate a corresponding random number. Generate challenge information Send it to the CSP.
[0037] Step 5 includes: CSP based on the index Traverse the MBT to obtain the authentication path and auxiliary information from the target leaf node to the root node. Calculate the linear combination of data blocks Generate random numbers Calculate temporary verification parameters Aggregated data Aggregated signature The audit report will prove Send to TPA.
[0038] Step 6 includes: TPA using relevant node hash values and auxiliary information Reconstruct the root node hash value of MBT ,verify Is it equal to To determine if the data block index and version are valid, verify the equation using the properties of bilinear mappings. If the condition is met, the cloud data is complete and "Success" is output; otherwise, "Failure" is output.
[0039] Step 7 includes: calculating the index of the new data block. Make the new index exist and Between, compute data blocks New signature The user constructs an insert request. Send to CSP, CSP uses virtual index In the data block Insert new data block Without modifying the index information of other data blocks, according to Traverse MBT to find the containing target leaf node ,Will Upgrade to a non-leaf node, create two child nodes, one of which contains... The original node One is to include new node ,in signature pointer Point to new signature Version number and state Set it to 1, calculate The new hash value is obtained by recursively recalculating the hash values of its parent nodes, ancestor nodes, and down to the root node, until the root node hash value is obtained. The update sends a message to the user indicating successful insertion, synchronously updates the mapping table stored locally, and sends the updated mapping table to the TPA.
[0040] Step 8 includes: the user sending a data block information query request. Give it to the CSP, and the CSP will decide based on... Locate the leaf node of MBT and identify the current node. Send to the user, who then verifies the current user identifier. The identifier returned by CSP If the data blocks do not match, the data block is determined not to belong to the current user or is subject to unauthorized access, and the modification operation is rejected; otherwise, the modified data block is used. Calculate new signature The user sends a modification request to the CSP. Data blocks stored in the cloud Replace with Update the version number of the current node. Make the signature pointer Point to new signature Maintain node state If the value is 1, starting from the modified node, recursively recalculate the hash values of all ancestor nodes on its path until the root node hash value of MBT is updated. Then, send a message indicating successful modification to the user, update the local mapping table, and send the updated mapping table to TPA.
[0041] Step 9 includes: The user generates a deletion request. The request is sent to the CSP. After receiving the request, the CSP will proceed according to... Locate the target leaf node of MBT and verify whether the identity of the leaf node matches that in the request. If the signatures are inconsistent, the modification is rejected; otherwise, the data block and its corresponding signature information are not deleted, and the state of the leaf node is changed. Setting it to 0 only logically disables the participation verification permission for this data block; it checks the parent node of this node, and if the status of all child nodes of this parent node is... If all hashes are 0, the parent node is demoted to a leaf node, reducing the depth of the tree. Starting from the target leaf node, the hash values of all ancestor nodes along its path are recursively recalculated upwards until the root node hash value of the MBT is updated. A message will be sent to the user indicating successful deletion.
[0042] This invention provides a solution for verifying the integrity of cloud storage data. Verifiers check the integrity of all data by verifying the correctness of randomly selected auditable data blocks. This invention supports dynamic data updates by employing a novel data structure that integrates virtual and multi-branch path tree (MBT) designs, enabling highly efficient dynamic operations such as modification, insertion, and deletion. This invention utilizes random masking technology to protect the original data and user identity in cloud storage, preventing unauthorized access by third parties. Attached Figure Description
[0043] Figure 1 This is a cloud storage system model diagram.
[0044] Figure 2 It is a multi-branch path tree (MBT) structure diagram that combines virtual indexing technology.
[0045] Figure 3 This is a diagram showing the structure after inserting a new data block.
[0046] Figure 4 It is a structure diagram after modifying a data block.
[0047] Figure 5 This is the structure diagram after deleting a data block. Detailed Implementation
[0048] The technical solution of the present invention will now be described in detail with reference to the accompanying drawings.
[0049] Step 1: Establish a cloud storage system, such as Figure 1 As shown, this includes users (USER), cloud storage service providers (CSP), and third-party validators (TPA).
[0050] Users split the file into chunks, generate signatures, and upload it to the cloud server.
[0051] Third-party verifiers possess auditing expertise, represent users in verifying the integrity of data, and provide the results back to the users.
[0052] Cloud storage service providers possess massive storage space and computing resources, providing users with storage and computing services, responding to TPA data verification requests, and generating data integrity certificates.
[0053] Step 1-1: Set system security parameters .
[0054] Step 1-2: Choose a large prime number Choose two prime numbers of order. Multiplication cyclic group and , yes generator, For a bilinear pair, choose two secure hash functions. and : , ,in yes multiplication group As a global variable, output the system's public parameters. .
[0055] Step 2: The user generates their own private and public keys.
[0056] Step 2-1: The user randomly selects a number. Calculate the private key as The public key is ,in It serves as a unique identifier for each user.
[0057] Step 2-2: User saves private key Only public key is disclosed .
[0058] Step 3: The user generates data block tags for the data and uploads the data blocks, data block tags and related information to the cloud server.
[0059] Step 3-1: The user submits the data Divided into One data block, i.e. ,in For the first Each data block is processed sequentially to calculate a virtual index. ,in This is the data block sequence number information. set of positive integers , Indicates the step size, the insertion between adjacent data blocks. The number of data blocks can be adjusted according to file size and data update frequency. .
[0060] Step 3-2: The user calculates each data block. signature ,in This represents the version number, and its initial value is set to 1.
[0061] Step 3-3: Construct a multi-branch path tree (MBT) that incorporates a virtual index, such as... Figure 2 As shown, the leaf nodes store virtual indexes. Version number Incrementing with data updates, signature pointer Pointing to the latest signature information User ID and state Identify the validity of a data block: 1: valid / 0: invalid. Non-leaf nodes store the hash value and index range of the concatenated child node hashes. The root node is generated by recursively calculating the hash of each node. hash value The signature set of all data blocks Generate a mapping table containing data block sequence numbers, virtual indexes, and version numbers, and send the mapping table to a third-party auditor. Send to the cloud service provider.
[0062] In a typical MBT, leaf nodes store the hash value of a data block, while the value of a non-leaf node is obtained by concatenating the hash values of all its child nodes and performing a hash operation. If the out-degree of the multi-branch path tree is 3, then each non-leaf node contains 3 child nodes. Represents hash operation, non-leaf node The hash value is The hash value of the root node R is This invention combines virtual indexing technology with MBT, enabling dynamic data updates without changing the indexes of other data blocks, effectively reducing update overhead.
[0063] Step 4: The user entrusts TPA to generate a challenge message and send it to CSP to verify whether the cloud data is complete.
[0064] The user sends a verification request to the TPA. After receiving the request, the TPA retrieves the information from the entire index. Random selection For each index, generate a corresponding random number. Generate challenge information Send it to the CSP.
[0065] Step 5: After receiving the challenge information sent by TPA, CSP generates an audit certificate based on the challenge data block and returns it to TPA.
[0066] Step 5-1: After receiving the audit challenge from the TPA, the CSP, based on the index... Traverse the MBT to obtain the authentication path and auxiliary information from the target leaf node to the root node. Calculate the linear combination of data blocks Generate random numbers Calculate temporary verification parameters Aggregated data Aggregated signature .
[0067] Step 5-2: CSP will provide audit evidence. Send to TPA.
[0068] Step 6: After receiving the proof, TPA verifies whether the cloud data is complete.
[0069] Step 6-1: TPA receives audit certification from CSP Then, using the relevant node hash values and auxiliary information Reconstruct the root node hash value of MBT ,verify Is it equal to Determine if the data block index and version are valid.
[0070] Step 6-2: Verify the equation using the properties of bilinear mappings. If the condition is met, the cloud data is complete and "Success" is output; otherwise, "Failure" is output.
[0071] Step 6-3: TPA will provide the verification results to the user.
[0072] Step 7: Support efficient insertion operations through a virtual index mechanism in data blocks. Insert new data block later This enables data expansion without causing a complete overhaul in subsequent data block indexes.
[0073] Step 7-1: Calculate the index of the new data block Make the new index exist and To ensure the ordered nature of the index sequence, calculate the data blocks. New signature The user constructs an insert request. Send it to the CSP.
[0074] Step 7-2: After receiving the insert request, the CSP uses the virtual index... In the data block Insert new data block Without modifying the index information of other data blocks, according to Traverse MBT to find the containing target leaf node ,Will Upgrade to a non-leaf node and create two child nodes: containing The original node and contain new node ,in signature pointer Point to new signature Version number and state Set it to 1, calculate The new hash value is obtained by recursively recalculating the hash values of its parent nodes, ancestor nodes, and down to the root node, until the root node hash value is obtained. The update sends a message to the user indicating successful insertion, synchronously updates the mapping table stored locally, and sends the updated mapping table to the TPA.
[0075] Step 7-3: Assume the branching factor of MBT The value is 3, in the data block. After inserting a new data block, the structure of the MBT is as follows: Figure 3 As shown.
[0076] Step 8: Update the data block through identity verification, version number management, and MBT hash. Modified to This ensures the security and traceability of data modifications.
[0077] Step 8-1: The user sends a data block information query request. Give it to the CSP, and the CSP will decide based on... Locate the leaf node of MBT and identify the current node. Send to the user, who then verifies the current user identifier. The identifier returned by CSP If the data blocks do not match, the data block is determined not to belong to the current user or is subject to unauthorized access, and the modification operation is rejected; otherwise, the modified data block is used. Calculate new signature .
[0078] Step 8-2: The user sends a modification request to the CSP. After receiving the request, the CSP will store the data blocks in the cloud. Replace with Update the version number of the current node. Make the signature pointer Point to new signature Maintain node state If the value is 1, starting from the modified node, recursively recalculate the hash values of all ancestor nodes on its path until the root node hash value of MBT is updated. Then, send a message indicating successful modification to the user, update the local mapping table, and send the updated mapping table to TPA.
[0079] Step 8-3: Modify data blocks for The structure of the post-MBT is as follows Figure 4 As shown.
[0080] Step 9: Delete data blocks using a logical deletion and structural optimization design. It balances the efficiency of data deletion with the need for audit traceability.
[0081] Step 9-1: The user generates a delete request. The request is sent to the CSP. After receiving the request, the CSP will proceed according to... Locate the target leaf node of MBT and verify whether the identity of the leaf node matches that in the request. If the signatures are inconsistent, the modification is rejected; otherwise, the data block and its corresponding signature information are not deleted, and the state of the leaf node is changed. Setting it to 0 only logically disables the participation verification permission for this data block; it checks the parent node of this node, and if the status of all child nodes of this parent node is... If all hashes are 0, the parent node is demoted to a leaf node, reducing the tree depth, optimizing the tree structure of the MBT, and improving the efficiency of subsequent queries and audits. Starting from the target leaf node, the hash values of all ancestor nodes on its path are recursively recalculated upwards until the root node hash value of the MBT is updated. A message will be sent to the user indicating successful deletion.
[0082] Step 9-2: Delete data blocks The structure of the post-MBT is as follows Figure 5 As shown.
Claims
1. A method for verifying the integrity of dynamic cloud storage data with privacy protection, characterized in that, include: Step 1: Establish a cloud storage system, including users (USER), cloud storage service providers (CSP), and third-party validators (TPA); Step 2: The user generates their own private and public keys; Step 3: Users generate data block tags from the data and upload the data blocks, data block tags, and related information to the cloud server; Step 4: The user entrusts the TPA to generate a challenge message and send it to the CSP to verify whether the cloud data is complete; Step 5: After receiving the challenge information sent by TPA, CSP generates an audit certificate based on the challenge data block and returns it to TPA; Step 6: After receiving the proof, TPA verifies the completeness of the cloud data and provides feedback to the user; Step 7: Insert new data blocks using a virtual indexing mechanism, without causing a complete change to subsequent data block indexes; Step 8: Modify the data block through identity verification, version number management, and MBT hash update; Step 9: Delete the data block using a logical deletion and structural optimization design.
2. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 1, characterized in that, Step 1 includes: setting system security parameters Choose a large prime number Choose two prime numbers of order. Multiplication cyclic group and , yes generator, For a bilinear pair, choose two secure hash functions. and : , ,in yes multiplication group As a global variable, output the system's public parameters. .
3. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 2, characterized in that, Step 2 includes: the user randomly selects a number. Calculate the private key as The public key is ,in Store the private key as a unique identifier for each user. Only public key is disclosed .
4. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 3, characterized in that, Step 3 includes: the user transferring data. Divided into One data block, i.e. ,in For the first Each data block is processed sequentially to calculate a virtual index. ,in This is the data block sequence number information. set of positive integers , Indicates the step size, the insertion between adjacent data blocks. The number of data blocks is adjusted based on file size and data update frequency. Calculate each data block signature ,in The version number is represented and initialized to 1. A multi-branch path tree (MBT) is constructed using virtual indexes, with the leaf nodes storing the virtual indexes. Version number Incrementing with data updates, signature pointer Pointing to the latest signature information User ID and state Identify the validity of a data block: 1 for valid, 0 for invalid. Non-leaf nodes store the hash value and index range of the concatenated child node hashes. The root node is generated by recursively calculating the hash of each node. hash value The signature set of all data blocks Generate a mapping table containing data block sequence numbers, virtual indexes, and version numbers, and send the mapping table to a third-party auditor. Send to the cloud service provider.
5. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 4, characterized in that, Step 4 includes: the user initiates a verification request to the TPA; after receiving the request, the TPA retrieves data from the entire index. Random selection For each index, generate a corresponding random number. Generate challenge information Send it to the CSP.
6. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 5, characterized in that, Step 5 includes: CSP based on the index Traverse the MBT to obtain the authentication path and auxiliary information from the target leaf node to the root node. Calculate the linear combination of data blocks Generate random numbers Calculate temporary verification parameters Aggregated data Aggregated signature The audit report will prove Send to TPA.
7. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 6, characterized in that, Step 6 includes: TPA using relevant node hash values and auxiliary information Reconstruct the root node hash value of MBT ,verify Is it equal to To determine if the data block index and version are valid, verify the equation using the properties of bilinear mappings. If the condition is met, the cloud data is complete and "Success" is output; otherwise, "Failure" is output.
8. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 7, characterized in that, Step 7 includes: calculating the index of the new data block. Make the new index exist and Between, compute data blocks New signature The user constructs an insert request. Send to CSP, CSP uses virtual index In the data block Insert new data block Without modifying the index information of other data blocks, according to Traverse MBT to find the containing target leaf node ,Will Upgrade to a non-leaf node, create two child nodes, one of which contains... The original node One is to include new node ,in signature pointer Point to new signature Version number and state Set it to 1, calculate The new hash value is obtained by recursively recalculating the hash values of its parent nodes, ancestor nodes, and down to the root node, until the root node hash value is obtained. The update sends a message to the user indicating successful insertion, synchronously updates the mapping table stored locally, and sends the updated mapping table to the TPA.
9. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 8, characterized in that, Step 8 includes: the user sending a data block information query request. Give it to the CSP, and the CSP will decide based on... Locate the leaf node of MBT and identify the current node. Send to the user, who then verifies the current user identifier. The identifier returned by CSP If the data blocks do not match, the data block is determined not to belong to the current user or is subject to unauthorized access, and the modification operation is rejected; otherwise, the modified data block is used. Calculate new signature The user sends a modification request to the CSP. Data blocks stored in the cloud Replace with Update the version number of the current node. Make the signature pointer Point to new signature Maintain node state If the value is 1, starting from the modified node, recursively recalculate the hash values of all ancestor nodes on its path until the root node hash value of MBT is updated. Then, send a message indicating successful modification to the user, update the local mapping table, and send the updated mapping table to TPA.
10. The method for verifying the integrity of dynamic cloud storage data with privacy protection according to claim 9, characterized in that, Step 9 includes: the user generating a deletion request. The request is sent to the CSP. After receiving the request, the CSP will proceed according to... Locate the target leaf node of MBT and verify whether the identity of the leaf node matches that in the request. If the signatures are inconsistent, the modification is rejected; otherwise, the data block and its corresponding signature information are not deleted, and the state of the leaf node is changed. Setting it to 0 only logically disables the participation verification permission for this data block; it checks the parent node of this node, and if the status of all child nodes of this parent node is... If all hashes are 0, the parent node is demoted to a leaf node, reducing the depth of the tree. Starting from the target leaf node, the hash values of all ancestor nodes along its path are recursively recalculated upwards until the root node hash value of the MBT is updated. A message will be sent to the user indicating successful deletion.