Not sure I understand this, how can you deduplicate if every file is encrypted via a random key?
Then, on the user side, they store an per-user encrypted index (random, counter, MAC) to those individual chunks to represent the file.
That way, they can only see giant encrypted blocks of data, and per-user encrypted indexes to data. But it is all encrypted.
They would need to hack into accounts by keylogging passwords to decrypt the indexes and see what files users can actually access.
Public links could be shared by giving out a key in the URL that is a file containing indexes to other blocks. So whoever knows the URL, knows the index, and can get the data.
That is the way I'd design it, at least... :)