Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.

安全重复数据删除是一种有前途的解决方案，可以大大减少云的存储空间。但是，加密密钥是确定性地从明文派生的，因此拥有明文的人具有派生的密钥来解密密文。因此，如何在重复数据删除方案中撤销用户是一项严峻的挑战。在现有工作中，当更新数据权限时，数据所有者必须从云中下载数据，解密，重新加密，最后将它们上传到云中。此过程增加了通信和计算开销。在本文中，我们首先提出了一种多用户可更新的加密方案。具体来说，数据所有者可以通过将更新令牌发送到云来在新的组密钥下更新远程密文。然后，我们采用该技术提出了一种新的安全重复数据删除方案，该方案支持有效地撤销未授权用户。在我们的方案中，数据所有者只需要将令牌发送到云以更新数据授权，从而节省了通信和计算成本。安全性和效率分析表明，我们提出的重复数据删除方案可以高效地实现所需的安全性。