Convergent encryption has been widely used in secure deduplication technology, but because the data itself is predictable, directly using the hash value of the data as a key is vulnerable to brute force attacks. To this end, researchers have proposed some more secure key management methods. However, they have limited scope of application and poor performance. Therefore, this paper proposes a hierarchical key management scheme based on threshold blind signature. The convergence key generated by multiple key servers ensures the key’s confidentiality, and it effectively avoid the threat of brute force attacks. Moreover, key servers are divided into master key nodes and sub-key nodes, which can reduce the interaction between key servers and improve the efficiency of system initialization. This architecture enables sub-key nodes to be distributed in multiple independent network domains and interact with master key nodes through the Internet. On the one hand, it supports to cross-domain deduplication, and on the other hand, it makes the sub-key node closer to the end user, reducing communication delay for improving key generation efficiency. The experimental results show that the proposed scheme has a greater performance improvement in system initialization and key generation than the fully distributed key management scheme.

融合加密在安全去重技术中得到了广泛的应用，但由于数据本身是可预测的，直接使用数据的哈希值作为密钥容易受到暴力破解攻击。为此，研究人员提出了一些更安全的密钥管理方法。但是，它们的应用范围有限，性能较差。因此，本文提出了一种基于门限盲签名的分级密钥管理方案。多台密钥服务器生成的汇聚密钥保证了密钥的机密性，有效避免了暴力攻击的威胁。而且，密钥服务器分为主密钥节点和子密钥节点，可以减少密钥服务器之间的交互，提高系统初始化的效率。这种架构使得子关键节点可以分布在多个独立的网络域中，并通过互联网与主关键节点进行交互。一方面支持跨域去重，另一方面使子密钥节点更贴近终端用户，减少通信延迟，提高密钥生成效率。实验结果表明，与全分布式密钥管理方案相比，该方案在系统初始化和密钥生成方面具有更大的性能提升。