Cross-user deduplication is an emerging technique to eliminate uploading of redundant data in cloud storage. Even though it is able to improve storage and communication efficiency simultaneously, it suffers from the problem of privacy leakage by side channel attack, which is a major obstacle to the practical application of this technique. In order to achieve a secure cross-user deduplication, Yu et al. recently proposed a zero-knowledge response (ZEUS) scheme, together with an advanced countermeasure ZEUS + by combining ZEUS and the random threshold solution, each of which is claimed to be secure against side channel attack. However, in this paper we show that both ZEUS and ZEUS + are easily subject to a random chunk generation attack, which in turn undermines the claimed security. Furthermore, we also propose a simple but effective method to improve the existing schemes.