A Lightweight Identity-Based Cloud Storage …downloads.hindawi.com › journals › scn › 2019...

Research ArticleA Lightweight Identity-Based Cloud StorageAuditing Supporting Proxy Update andWorkload-Based Payment

Wenting Shen1 Jing Qin 12 and Jixin Ma3

1School of Mathematics Shandong University Shandong 250100 China2State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of SciencesBeijing 100093 China3School of Computing and Mathematical Science University of Greenwich London UK

Correspondence should be addressed to Jing Qin qinjingsdueducn

Received 25 October 2018 Accepted 2 January 2019 Published 3 March 2019

Academic Editor David Nunez

Copyright copy 2019 Wenting Shen et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Cloud storage auditing allows the users to store their data to the cloud with a guarantee that the data integrity can be efficientlychecked In order to release the user from the burden of generating data signatures the proxy with a valid warrant is introducedto help the user process data in lightweight cloud storage auditing schemes However the proxy might be revoked or the proxyrsquoswarrant might expireThese problems are common and essential in real-world applications but they are not considered and solvedin existing lightweight cloud storage auditing schemes In this paper we propose a lightweight identity-based cloud storage auditingscheme supporting proxy update which not only reduces the userrsquos computation overhead but alsomakes the revoked proxy or theexpired proxy unable to process data on behalf of the user any moreThe signatures generated by the revoked proxy or the expiredproxy can still be used to verify data integrity Furthermore our scheme also supports workload-based payment for the proxy Thesecurity proof and the performance analysis indicate that our scheme is secure and efficient

1 Introduction

Cloud storage enables users to store their data in the cloudwithout retaining a copy locally It greatly reduces the burdenof data storage management and maintenance and avoids thecapital expenditure on softwarehardware on the user sideAlthough cloud storage provides a lot of appealing benefits forusers it also incurs a number of security challenges [1] Oncethe users upload their data to the cloud they will lose thephysical control of their data since they no longer keep theirdata locallyThus it is natural for users toworrywhether theirdata stored in the cloud is intact or not due to the inevitablehuman errors or softwarehardware bugs in the cloud Inorder to guarantee the data integrity and reduce the userrsquoscomputation and communication burden some public cloudstorage auditing schemes [2ndash4] have been proposed to allowa public verifier such as the Third Party Auditor (TPA) toperform periodical data integrity auditing tasks on behalf ofusers

In most existing public cloud storage auditing schemesthe user relieves the computation burden for verifying dataintegrity by introducing the TPA but he still needs toperform heavy computation for generating data signaturesbefore uploading data to the cloud These data signatures areused to check the integrity of cloud data In order to dealwith the above problem several lightweight cloud storageauditing schemes [5ndash8] have been proposed Wang et al [5]proposed a proxy-oriented data integrity auditing schemeIn this scheme the proxy helps the user to generate datasignatures which obviously alleviates the userrsquos computationburden Shen et al [6] constructed a lightweight cloudstorage auditing scheme which introduces the Third PartyMedium (TPM) to generate data signatures and verify thedata integrity for users These schemes introduced a proxywith powerful computation capabilities to execute time-consuming operation on behalf of users Nevertheless thereare two critical problems not well solved in all existinglightweight cloud storage auditing schemes

HindawiSecurity and Communication NetworksVolume 2019 Article ID 8275074 15 pageshttpsdoiorg10115520198275074

2 Security and Communication Networks

Firstly these lightweight cloud storage auditing schemescannot support proxy update In real-world applicationsin order to designate a proxy the user needs to issue awarrant with a valid time period to this proxy The cloudwill verify whether the proxy is valid based on this war-rant Furthermore the proxy might be revoked before theexpiration of this valid time period For instance a userwith low computation capabilities delegates a proxy to helphim process data The proxy can be a legal organizationwhich has significant computation resources The user andthe proxy sign a contract with a specific valid time periodOnce the contract expires the expired proxy should not beable to process data on behalf of the user any more Anothersituation is that the user wants to change the proxy beforethe expiration of the contractrsquos valid time period due to themisbehaviour of the proxy This revoked proxy also shouldnot be able to process data for the user any more even if hiswarrant is still in a valid time period Thus how to design alightweight cloud storage auditing supporting proxy updateis worthwhile

Secondly existing lightweight cloud storage auditingschemes do not consider the mechanism of paying for theproxy based on the workload In the lightweight cloudstorage auditing scenario the user delegates a proxy toupload files to the cloud on his behalf However thenumber of these uploaded files might be greatly differ-ent in different time period Obviously it is unfair forthe proxy if we pay for the proxy according to servicetime It is more reasonable to pay for the proxy accordingto how many files he uploads to the cloud Thereforeit is necessary to design an effective mechanism to payfor the proxy based on the workload in cloud storageauditing

Contribution In order to deal with the above problemswe propose a novel lightweight identity-based cloud storageauditing scheme In this scheme we introduce a proxy tohelp the user generate data signatures which remarkablyreleases the usersrsquo burden on computation Different fromthe previous lightweight cloud storage auditing schemes ourproposed scheme supports proxy update In the detailedscheme the user issues a warrant to the designated proxyThe proxy with the valid warrant can process data on behalfof the user In order to realize effective proxy update thevalid time period and the proxy identity are embedded intothe warrant and the cloud keeps a public revocation list Itmakes the revoked proxy or the expired proxy unable toprocess and upload data to the cloud on behalf of the userany more When the proxy is revoked or the proxyrsquos warrantexpires the signatures generated by this proxy can still beused to check data integrity according to this proxy iden-tity the corresponding time period and some verificationvalues We also design an effective mechanism to achieveworkload-based payment for the proxy Our scheme relieson identity-based cryptography which simplifies certificatemanagement We finally prove the security of the schemeand evaluate the performance of the scheme by concreteimplementations

11 Related Work Ateniese et al [2] firstly proposed thenotion of Provable Data Possession (PDP) in which thetechniques of homomorphic authenticators and randomsample are utilized to verify the integrity of data in the cloudTo achieve the retrievability and the integrity guarantee ofthe cloud data Juels and Kaliski [9] proposed the concept ofProof of Retrievability (PoR) and designed a concrete schemeby employing the techniques of the spot-checking and theerror-correcting codes Later many variants of PDP andPoR schemes [10ndash13] were constructed to deal with differentproblems in cloud storage auditing

In order to protect data privacy Wang et al [13] proposeda cloud storage auditing scheme with data privacy preservingby using a randommasking technique Li et al [14] presenteda privacy preserving remote data integrity auditing schemebased on the zero-knowledge proof To support data dynamicoperations Liu et al [15] designed a dynamic data integrityauditing scheme with efficient fine-grained updates basedon the Merkle hash tree Tian et al [16] proposed a cloudstorage auditing scheme supporting data dynamics with theemployment of dynamic hash table By utilizing key updatetechniques [17] Yu et al [18] solved the problem of keyexposure in cloud storage auditing The privacy preservingof authentication in cloud storage auditing was consideredin [19] The problem of usersrsquo identity privacy in shared dataauditing was taken into account in [20 21]

To eliminate the complex certificate management in PKIsetting Wang et al [22] constructed the first identity-basedremote data integrity auditing scheme Based on identity-based cryptosystem Yu et al [23] designed a perfect dataprivacy-preserving cloud storage auditing scheme whichis able to achieve zero knowledge privacy against a thirdparty auditor Li et al [24] proposed a fuzzy identity-basedcloud storage auditing scheme in which a set of descriptiveattributes is used as a userrsquos identity Zhang et al [25]considered the problem of user revocation in the cloudstorage auditing and presented an identity-based shareddata integrity auditing scheme supporting real efficient userrevocation Shen et al [26] proposed an identity-based cloudstorage auditing scheme for shared data In this schemethe cloud file can be shared and used by others under thecondition that the sensitive information is hidden

Most end users such as smart phone have constrainedcomputation resources and computation capabilities Inorder to alleviate the userrsquos computation burden manylightweight cloud storage auditing schemes were proposedLi et al [27] and Wang et al [28] respectively proposedcloud storage auditing schemes for low-performance enddevices based on onlineoffline signatures In these twoschemes most heavy computations are executed in theoffline phase Nonetheless the user still needs to carry outlightweight computations for generating data signatures inthe online phase In order to deal with this problem Wanget al [5] proposed an identity-based cloud storage auditingscheme by introducing a proxy to help users generate datasignatures In this scheme the user does not need to consumecomputation resources to generate data signatures Shen etal [6] designed a lightweight data integrity auditing schemefor cloud storage in which theThird Party Medium (TPM) is

Security and Communication Networks 3

introduced to process data on behalf of users Wang et al [8]constructed a comprehensive cloud storage auditing schemeIn this scheme the user delegates the task of data signaturegeneration to a dedicated proxy However all these schemesthat introduce the proxy donot consider the problemof proxyupdate In addition the problem of workload-based paymentwas also not taken into account Actually these problems arecommon and essential in real-world applications as discussedabove

12 Organization The rest of this paper is organized asfollows We present the system model and design goalsin Section 2 In Section 3 we give the notations andthe definition and review several cryptographic knowledgeThe proposed cloud storage auditing scheme is introducedin Section 4 The security proof and performance eval-uation of the proposed scheme are given respectivelyin Section 5 and Section 6 Section 7 concludes thepaper

2 System Model and Design Goals

21 System Model As shown in Figure 1 there are fivetypes of entities in our system model that is the user thecloud the proxy the Private Key Generator (PKG) and theTPA

(1) UserThe user is the data owner who hasmassive datafiles to be stored to the cloud Most end users suchas smart phone and PDAs have limited computationresources and computation capabilities

(2) Cloud The cloud has enormous storage space andcomputation resources and offers data storage ser-vices for the user

(3) Proxy The proxy is authorized by the user and helpsthe user to process and upload data to the cloud

(4) PKG The PKG is responsible for generating globalparameters the partial private key and the privatekeys for the proxy the user and the cloud respec-tively according to their identities

(5) TPAThe TPA is in charge of executing cloud storageauditing on behalf of the user The TPA can checkwhether the cloud stores the userrsquos data correctly byperforming the challenge-response protocol with thecloud

In our system model when a user would like to storehis data to the cloud he will delegate a proxy to help himto process data Meanwhile the user generates the warrant-signature pair and the time private key and then sends themto the proxyThe proxy with a valid warrant can generate thesignatures for data and upload these data blocks along withthe signature set to the cloud on behalf of the user When theproxy is revoked or the proxyrsquos warrant expires this proxycannot process data for the user any more The user pays forthe proxy based on the proxyrsquos workload Same as the systemmode in cloud storage schemes [5 8 12 25 29] we do nottake any collusion into account in this system

22 Design Goals To support proxy update workload-basedpayment and lightweight identity-based cloud storage audit-ing our designed scheme should achieve the following goals

(1) Auditing correctness to ensure that the auditing proofgenerated by the cloud can pass the TPArsquos verificationif the cloud possesses the userrsquos intact data

(2) Auditing soundness to guarantee that the cloud can-not pass the validation of the TPA if it does not keepthe userrsquos data correctly

(3) Lightweight to reduce the computation burden ofgenerating data signatures and verifying data integrityfor the user with constrained computation capabili-ties

(4) Secure proxy update to ensure that the revoked proxyor the expired proxy cannot process data on behalf ofthe user any more

(5) Efficient proxy update to guarantee that the datasignatures generated by the proxy do not need tobe recomputed even if this proxy is revoked or hiswarrant expires

(6) Effective payment to ensure that the user can pay forthe proxy based on the workload of the proxy

3 Notations Definition andCryptographic Knowledge

31 Notations In Table 1 we show the notations used in thedescription of our scheme

32 Definition

Definition 1 A lightweight identity-based cloud storageauditing scheme supporting proxy update and workload-based payment is composed by the following eight algo-rithms

(1) 119878119890119905119906119901The setup algorithm is run by the PKG It takesas input the security parameter k and outputs themaster private key 119909 and the public parameters 119901119901

(2) 119864119909119905119903119886119888119905 The extract algorithm is run by the PKGIt takes as input the public parameters 119901119901 the useridentity 119868119863119906 the cloud identity 119868119863119888 the proxy identity119868119863119901 and the master private key 119909 and generates theuser 119868119863119906rsquos private key 119904119896119906 the cloud 119868119863119888rsquos private key119904119896119888 and the proxy 119868119863119901rsquos partial private key 119904119896119901 Theuser verifies the correctness of the private key 119904119896119906Thecloud checks the correctness of the private key 119904119896119888Theproxy verifies the correctness of the partial privatekey 119904119896119901

(3) 119875119903119900119909119910119870119890119910119866119890119899 The proxy private key generationalgorithm is run by the user and the proxy It takesas input the warrantrsquos start time 119879119904 and end time 119879119890the user identity 119868119863119906 the proxy identity 119868119863119901 andthe partial private key 119904119896119901 The user generates thetime private key 119904119896119879 and the warrant-signature pair(119898119908 (1198771 1205901)) The proxy generates the proxy private


CloudAuditing Challenge

Auditing Proof

Third Party Auditor(TPA)

User

Private Key Generator(PKG)

Iden

tity(

ID)

Identity(ID)

Priv

ate K

ey

Partial Private Key

Proxy

Time Private KeyWarrant-signature pair

Data and Signatures

Payment based on workload

Figure 1 System model of our cloud storage auditing

Table 1 Notations

Notation Meaning1198661 1198662 Multiplicative cyclic groups with prime order p119892 119906 Two generators of group 1198661119890 A bilinear pairing map 119890 1198661 times 1198661 997888rarr 1198662119867 A cryptographic hash function119867 0 1lowast times 1198661 997888rarr 119885lowast119901ℎ A cryptographic hash function ℎ 0 1lowast 997888rarr 1198661119896 The security parameter119909 Themaster private key119868119863119906 The user identity119868119863119901 The proxy identity119868119863119888 The cloud identity119904119896119868119863119906 The user 119868119863119906rsquos private key119904119896119868119863119901 The proxy 119868119863119901rsquos partial private key119904119896119868119863119888 The cloud 119868119863119888rsquos private key119898119908 The warrant119879119904 119879119890 The warrantrsquos start time and end time(119877119879 120590119879) The time private key(119877119868119863119901 119877119879 120590) The proxy private key119865 The file119899 The number of data blocks of file F119898119894 (119894 = 1 2 119899) The i-th block of file F120590119894 The signature of data block119898119894Φ The signature set of data blocks119873 The upload number120583 The linear combination of data blocks120590 An aggregated data signature


key (119877119868119863119901 119877119879 120590) according to the time private key andthe partial private key

(4) 119878119894119892119899119866119890119899 The signature generation algorithm is runby the proxy It takes as input the file name 119899119886119898119890 thefile 119865 the warrantrsquos start time 119879119904 and end time 119879119890 andthe proxy private key (119877119868119863119901 119877119879 120590) and generates theset of signatures Φ and the file tag 119905119886119892

(5) 119875119903119900119900119891119866119890119899 The proof generation algorithm is run bythe cloud It takes as input the file F the correspond-ing signature set Φ and the auditing challenge chaland generates an auditing proof P that is used to provethe cloud stores the file correctly

(6) 119875119903119900119900119891119881119890119903119894119891119910 The proof verification algorithm is runby the TPA It takes as input the public parameters119901119901 the auditing challenge chal and the auditing proofP and returns ldquo1rdquo if the verification passes or ldquo0rdquo ifotherwise

(7) 119875119903119900119909119910119880119901119889119886119905119890 The proxy update algorithm is run bythe user and the proxy It takes as input the newwarrantrsquos start time 119879119904 and end time 119879119890 the useridentity 119868119863119906 the proxy identity 119868119863119901 and the partialprivate key 119904119896119901The user generates a new time privatekey and a new warrant-signature pair The proxygenerates the proxy private key according to the newtime private key and the partial private key

(8) 119875119886119910119898119890119899119905 The payment algorithm is run by thecloud the proxy and the user It takes as input theupload number119873 and the cloudrsquos private key 119904119896119888 andgenerates the signature 120573 corresponding to 119873 Theproxy and the user check the validity of 120573

33 Cryptographic Knowledge

(1) BilinearMapsA bilinear map is a map 119890 1198661 times1198661 997888rarr 1198662where1198661 and1198662 are two multiplicative cyclic groups of order119901 with the following properties

(a) Computability there exists an efficiently computablealgorithm to calculate 119890(119906 V) for 119906 V isin 1198661

(b) Bilinearity for all 119906 V isin 1198661 and 119909 119910 isin 119885lowast119901 119890(119906119909 V119910) =119890(119906 V)119909119910(c) Nondegeneracy 119890(119892 119892) = 1 where 119892 is the generator

of 1198661(2) Computational Diffie-Hellman (CDH) Problem Given 119892119909and 119892119910 where 119892 is a generator of a multiplicative group1198661 with the prime order 119901 and 119909 119910 isin 119885lowast119901 are unknowncalculate 119892119909119910 isin 1198661 The CDH assumption in 1198661 holds if it iscomputationally infeasible to solve the CDH problem in 1198661(3) Discrete Logarithm (DL) Problem Given 119892119886 where 119892 is agenerator of a multiplicative group 1198661 with the prime order119901 and 119886 isin 119885lowast119901 is unknown calculate 119886 The DL assumptionin 1198661 holds if it is computationally infeasible to solve the DLproblem in 1198661

4 The Proposed Scheme

In our scheme the file 119865 is divided into 119899 blocks ie 119865 =(1198981 1198982 119898119899) where 119898119894 denotes the 119894th block of file 119865 Inprevious cloud storage auditing schemes [18 32] there is asignature 119878119878119894119892 that is used to guarantee the correctness ofthe file identifier name Without loss of generality we alsoutilize a similar identity-based signature 119878119878119894119892 to ensure thecorrectness of the file identifier name the warrantrsquos valid timeperiod the proxy identity and the verification values in ourschemeWe assume 119904119904119896 is the secret key for the signature 119878119878119894119892The proxy holds this secret key In addition we assume theupload number is119873 which is used to record how many filesare uploaded to the cloud by the proxy The upload numberis initialized to 0 The details of the proposed scheme are asfollows

(1) Setup

(a) The PKG randomly selects two multiplicative cyclicgroups 1198661 1198662 with the prime order p a bilinear map119890 1198661 times1198661 997888rarr 1198662 two generators 119892 119906 isin 1198661 and twocryptographic hash functions119867 0 1lowast times1198661 997888rarr 119885lowast119901and ℎ 0 1lowast 997888rarr 1198661

(b) The PKG randomly picks 119909 isin 119885lowast119901 as its master privatekey and computes 119884 = 119892119909

(c) The PKG publishes the global parameters 119901119901 =(1198661 1198662 119901 119892 119890 119906 119884119867 ℎ) and keeps his master pri-vate key 119909

(2) Extract The PKG generates private keys for the user 119868119863119906and the cloud 119868119863119888 respectively and generates the partialprivate key for the proxy 119868119863119901The user 119868119863119906 and the cloud 119868119863119888can verify the correctness of their private keys respectivelyThe proxy 119868119863119901 can check correctness of the partial privatekey

(a) After receiving the userrsquos identity 119868119863119906 the PKGrandomly chooses 119903119868119863119906 isin 119885lowast119901 and calculates 119877119868119863119906 =119892119903119868119863119906 and 120590119868119863119906 = 119903119868119863119906 + 119909119867(119868119863119906 119877119868119863119906) Set the userrsquosprivate key 119904119896119868119863119906 = (119877119868119863119906 120590119868119863119906)The PKG sends 119904119896119868119863119906to the user 119868119863119906Upon receiving the private key from the PKG the user119868119863119906 validates the correctness of 119904119896119868119863119906 by checkingwhether the following equation holds or not

119892120590119868119863119906 = 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 ) (1)

If (1) holds the user 119868119863119906 accepts the private key 119904119896119868119863119906 otherwise the user rejects it

(b) Similarly receiving the cloudrsquos identity 119868119863119888 the PKGcalculates the cloudrsquos private key 119904119896119868119863119888 = (119877119868119863119888 120590119868119863119888 )where 119877119868119863119888 = 119892119903119868119863119888 and 120590119868119863119888 = 119903119868119863119888 + 119909119867(119868119863119888 119877119868119863119888 )and then sends it to the cloudThe cloud can verify thecorrectness of 119904119896119868119863119888 by checking the equation 119892120590119868119863119888 =119877119868119863119888119884119867(119868119863119888 119877119868119863119888 )


(c) Receiving the proxyrsquos identity 119868119863119901 the PKGcalculatesthe proxyrsquos private key and the proxy can get itspartial private key 119904119896119868119863119901 = (119877119868119863119901 120590119868D119901 ) where 119877119868119863119901 =119892119903119868119863119901 and 120590119868119863119901 = 119903119868119863119901 + 119909119867(119868119863119901 119877119868119863119901) The proxycan check the correctness of 119904119896119868119863119901 by checking theequation 119892120590119868119863119901 = 119877119868119863119901119884119867(119868119863119901119877119868119863119901 )

(3) ProxyKeyGen This process is illustrated in Figure 2 Theuser 119868119863119906 firstly sets thewarrantrsquos start time and end time thengenerates the time private key and the warrant-signature pairand finally sends all the above messages to the proxy 119868119863119901Theproxy 119868119863119901 can verify the correctness of the above messagesrespectively and then computes the proxy private key basedon the partial private key and the time private key

(a) The user 119868119863119906 executes the following steps(i) The user 119868119863119906 sets the warrantrsquos start time 119879119904 and

end time 119879119890 The user 119868119863119906 selects 119903119879isin119877119885lowast119901 andcomputes 119877119879 = 119892119903119879 and 120590119879 = 119903119879 + 120590119868119863119906 sdot 119867(119879119904 119879119890 119877119879) Let 119904119896119879 = (119877119879 120590119879) be the time privatekey

(ii) The user 119868119863119906 generates a warrant 119898119908 whichis used to authorize a designated proxy Thewarrant 119898119908 consists of the userrsquos identity 119868119863119906the proxyrsquos identity 119868119863119901 and the warrantrsquos validtime period (start time 119879119904 and end time 119879119890)Let the warrant be denoted as 119898119908 = 119868119863119906 119868119863119901 119879119904 119879119890 The user 119868119863119906 picks 1199031isin119877119885lowast119901 andcalculates the warrant 119898119908rsquos signature as follows1198771 = 1198921199031 and 1205901 = 1199031 + 120590119868119863119906 sdot 119867(119898119908 1198771)

(iii) The user 119868119863119906 sends the warrantrsquos valid timeperiod (119879119904 119879119890) the time private key (119877119879 120590119879)warrant-signature pair (119898119908 (1198771 1205901)) and theverification value 119877119868119863119906 to the proxy 119868119863119901

(b) Upon receiving the messages from the user 119868119863119906 theproxy 119868119863119901 does the following steps(i) The proxy 119868119863119901 verifies the validity of warrant-

signature pair (119898119908 (1198771 1205901)) by checkingwhether the following equation holds

1198921205901 = 1198771119877119867(1198981199081198771)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771) (2)

If (2) does not hold the proxy 119868119863119901 rejects thewarrant 119898119908 from the user 119868119863119906 otherwise heaccepts the warrant and then does step (ii)

(ii) The proxy 119868119863119901 checks the correctness of timeprivate key (119877119879 120590119879) by validating the followingequation

119892120590119879 = 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879) (3)

If (3) holds the proxy 119868119863119901 computes 120590 = (120590119868119863119901 +120590119879)(119898119900119889119901) and sets the proxy private key as(119877119868119863119901 119877119879 120590)

(4) SignGenThis process is illustrated in Figure 3The proxy119868119863119901 calculates the signatures for data blocks with the proxyprivate key and then generates the file tag which is used toguarantee the correctness of the file name the warrantrsquos validtime period the proxy identity and some verification valuesFinally the proxy 119868119863119901 sends the file 119865 its correspondingsignature set the file tag the warrantrsquos valid time periodand the warrant-signature pair to the cloud The cloud firstlychecks whether the proxy is in the public revocation list thenverifies the validity of the warrant-signature pair and the filetag and finally generates a signature for the upload number

(a) The proxy 119868119863119901 performs the following operations

(i) The proxy 119868119863119901 computes the signature 120573119894 of thedata block 119898119894 with the proxy private key 120590 asfollows

120573119894 = (ℎ (119899119886119898119890 119894 119868119863119901) 119906119898119894)120590 (4)

where 119899119886119898119890 isin 119885lowast119901 is the identifier of the file FDenote the set of signatures asΦ = 120573119894119894isin[1119899]

(ii) The proxy 119868119863119901 calculates the file tag 119905119886119892 =119899119886119898119890 119879119904 119879119890 119877119868119863119901 119877119879 119868119863119901 119878119878119894119892119904119904119896(119899119886119898119890 119879119904 119879119890 119877119868119863119901 119877119879 119868119863119901)(iii) The proxy 119868119863119901 sends the file 119865 its corre-

sponding signatures set Φ the file tag 119905119886119892the warrantrsquos valid time period (119879119904 119879119890) andthe warrant-signature pair (119898119908 (1198771 1205901)) to thecloud

(iv) The proxy 119868119863119901 sets the upload number 119873 =119873 + 1 which is used to record how many filesare uploaded to the cloud

(b) After receiving the abovemessages the cloud executesthe following operations

(i) The cloud verifies whether the proxy 119868119863119901 is inthe public revocation list If the proxy 119868119863119901 isnot in the revocation list the cloud does thefollowing step (ii) otherwise the cloud regardsthe proxy 119868119863119901 as a revoked proxy and refuses hisrequest

(ii) The cloud checks the validity of the warrant-signature pair (119898119908 (1198771 1205901)) based on (2) If thecurrent time period is not in the valid timeperiod (119879119904 119879119890) then the warrant 119898119908 can beregarded as an invalid warrant and the cloudrefuses the request of the proxy otherwise thecloud continues to perform the following step(iii)

(iii) The cloud checks the validity of the file tag byverifying whether the signature 119878119878119894119892119904119904119896(119899119886119898119890 119879119904 119879119890 119877119868119863119901 119877119879 119868119863119901) is a valid signatureor not based on the proxy identity 119868119863119901 If it isnot the cloud believes this signature is invalidotherwise the cloud does the last step


User IDu

1 sets warrantrsquos start time Ts and end time Te

2 selects rT and computes the time private key skT

3 generates a warrant-signature pair (m (R1 1))

4 sends (Ts Te) skT (m (R1 1)) and verificationvalue RID

Proxy IDp

5 verifies the validity of warrant-signature pair (m (R1 1))

6 checks the correctness of timeprivate key skT

7 computes the proxy private key(RID

(RT )

Figure 2 The process of proxy private key generation

Proxy IDp Cloud

1 computes the signature i of the data blocks mi

2 calculates the file tag3 sends the file F its corresponding signatures set Φthe file tag the warrantrsquos valid time period (Ts Te)and warrant-signature pair (m (R1 1))

4 sets the upload number N = N+ 1

5 verifies whether the proxy IDp isin the public revocation list6 checks the validity of the warrant-signature pair (m (R1 1))

7 checks the validity of the file tag8 stores the data uploaded by theproxy IDp and increases the uploadnumber he stores9 generates a signature for the uploadnumber N

Figure 3 The process of signature generation

(iv) The cloud stores the data uploaded by the proxy119868119863119901 and increases the upload number he storesto keep pace with the number 119873 stored by theproxy Then the cloud generates a signature 120573 =1198781198781198941198921015840119904119896119888(119873)with its private key 119904119896119888 for the uploadnumber119873

Remark 2 The proxy usually uploads data in bulk to thecloud Thus the cloud may only need to generate a signaturefor the newest upload number rather than every uploadnumber

(5) ProofGen The TPA firstly verifies the validity of file tagand then generates and sends an auditing challenge to thecloud The cloud responds to an auditing proof to the TPA

(a) The TPA firstly verifies the correctness of the file tag119905119886119892 by checking whether 119878119878119894119892119904119904119896(119899119886119898119890 119879119904 119879119890 119877119868119863119901 119877119879 119868119863119901) is a valid signature If it is not theTPA does not execute the auditing task otherwise heparses 119899119886119898119890 119879119904 119879119890 119877119868119863119901 119877119879 119868119863119901 to obtainthe file name 119899119886119898119890 the warrantrsquos valid time period(start time 119879119904 and end time 119879119890) the verification values119877119868119863119901 119877119879 and the proxy identity 119868119863119901 Then the TPArandomly picks a c-element subset I from the set [1 119899]and selects a random V119894 isin 119885lowast119901 for each 119894 isin 119868 The TPA

sends the auditing challenge 119888ℎ119886119897 = 119894 V119894119894isin119868 to thecloud

(b) After receiving the auditing challenge the cloudcalculates 120583 = sum119894isin119868119898119894V119894 and Ω = prod119894isin119868120573119894V119894 Next thecloud returns 119875 = 120583Ω as the auditing proof to theTPA

(6) ProofVerify The TPA verifies whether the followingequation holds or not

119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)

If (5) holds output ldquo1rdquo otherwise output ldquo0rdquo

(7) ProxyUpdate

(a) When the proxy 119868119863119901 is revoked by the user 119868119863119906before the expiration of the valid time period thecloud will put this revoked proxyrsquos identity 119868119863119901 in apublic revocation list Then the user 119868119863119906 authorizesa new proxy 1198681198631199011015840 and sets the warrantrsquos valid timeperiod for this proxy 1198681198631199011015840and then computes the timeprivate key based on the warrantrsquos valid time period


and generates a warrant-signature pair for the newproxy 1198681198631199011015840 Finally the user 119868119863119906 sends all the abovemessages to the new proxy 1198681198631199011015840 The proxy 1198681198631199011015840 canvalidate the correctness of the messages he receivedand next compute the proxy private key based on thepartial private key generated by the PKG and the timeprivate key

(i) The user 119868119863119906 sets the warrantrsquos start time 119879119904and end time 119879119890 The user 119868119863119906 selects 119903119879isin119877119885119901and computes 119877119879 = 119892119903119879 and 120590119879 = 119903119879 + 120590119868119863119906 sdot119867(119879119904 119879119890 119877119879) Let (119877119879 120590119879) be the time privatekey

(ii) The user 119868119863119906 generates a warrant 119898119908 which isused to authorize a new proxy 1198681198631199011015840 Thewarrant119898119908 consists of the userrsquos identity 119868119863119906 the proxyrsquosidentity 1198681198631199011015840 and the warrantrsquos start time 119879119904and end time 119879119890 Let the warrant be denoted as119898119908 = 119868119863119906 1198681198631199011015840 119879119904 119879119890 The user 119868119863119906picks 1199031isin119877119885lowast119901 and computes the warrant 119898119908rsquossignature as follows 1198771 = 1198921199031 and 1205901 = 1199031 +120590119868119863119906 sdot 119867(119898119908 1198771)

(iii) The user 119868119863119906 sends the warrantrsquos valid timeperiod (119879119904 119879119890) the time private key (119877119879 120590119879)and the warrant-signature pair (119898119908 (1198771 1205901)) tothe proxy 1198681198631199011015840

(iv) The proxy 1198681198631199011015840 verifies the validity of warrant-signature pair (119898119908 (1198771 1205901)) by (2) Then theproxy 1198681198631199011015840 checks the correctness of time pri-vate key (119877119879 120590119879) by (3) and calculates the proxyprivate key (119877119868119863

1199011015840 119877119879 120590) based on the time

private key (119877119879 120590119879) and the partial private key(1198771198681198631199011015840 120590119868119863

1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)

(b) When the proxy 119868119863119901rsquos warrant expires the user 119868119863119906can select to continue employing this proxy Theuser 119868119863119906 generates a new warrant for the proxy 119868119863119901by updating the warrantrsquos start time and end timeThe operations are similar to the above case (a) in119875119903119900119909119910119880119901119889119886119905119890 algorithm

When the proxy is revoked the cloudwill put this revokedproxyrsquos identity in a public revocation list It makes therevoked proxy unable upload new file to the cloud any moreIn addition when the proxyrsquos warrant expires he does nothave the new valid warrant and the expired warrant hekeeps cannot pass the verification of (2) in 119875119903119900119909119910119870119890119910119866119890119899algorithm Therefore neither the revoked proxy nor theexpired proxy can upload a new file to the cloud any more

Remark 3 If a proxy is in the public revocation list he canbe deleted from this revocation list when his warrant expiresThus the size of public revocation list will not increaseunlimitedly

(8) Payment When the proxy 119868119863119901rsquos warrant expires or theproxy 119868119863119901 is revoked the user 119868119863119906 will pay for the proxy 119868119863119901based on his workload

(a) The proxy 119868119863119901 requests the cloud to send him thesignature of the newest upload number119873

(b) Upon receiving the request the cloud computes thesignature of the newest upload number as 120573 =1198781198781198941198921015840119904119896119888(119873 119868119863119901) and returns 120573 to the proxy 119868119863119901

(c) The proxy 119868119863119901 uses the cloud identity to check thevalidity of signature 120573 by inputting his identity 119868119863119901and the upload number119873 he records and then showsthe signature 120573 from the cloud and the newest uploadnumber119873 to the user 119868119863119906

(d) The user 119868119863119906 verifies whether the signature 120573 is validor not via the cloud identity 119868119863119888 When this signatureis valid the user 119868119863119906 pays for the proxy 119868119863119901 based onthe newest upload number119873

5 Security Analysis

Theorem 4 (correctness) Our proposed scheme satisfies thefollowing properties

(1) Private key correctness If the private keys and thepartial private key generated by the PKG are correctthen these private keys and the partial private key areable to pass the checking of the user the cloud and theproxy respectively

(2) Warrant-signature pair correctness If the warrant-signature pair generated by the user is valid thenthis warrant-signature pair is able to pass the proxyrsquoschecking

(3) Time private key correctness If the time private keygenerated by the user is correct then this time privatekey is able to pass the proxyrsquos verification

(4) Auditing correctness If the auditing proof generated bythe cloud is valid this proof is able to pass the TPArsquosverification

Proof

(1) Given a correct private key 119904119896119868119863119906 = (119877119868119863119906 120590119868119863119906)generated by the PKG the verification equation (1) inExtract algorithm can be presented as follows

119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)

Similarly if the private key 119904119896119868119863119888 = (119877119868119863119888 120590119868119863119888 ) andthe partial private key 119904119896119868119863119901 = (119877119868119863119901 120590119868119863119901 ) generatedby the PKG are correct we can ensure that the privatekey 119904119896119868119863119888 and the partial private key 119904119896119868119863119901 are ableto pass the verification of the cloud and the proxyrespectively

(2) Given a valid warrant-signature pair (119898119908 (1198771 1205901))generated by the user 119868119863119906 the verification equation(2) in ProxyKeyGen algorithm holds


1198921205901 = 1198921199031+120590119868119863119906 sdot119867(1198981199081198771) = 1198921199031 sdot 119892120590119868119863119906 sdot119867(1198981199081198771)= 1198771 sdot 119892(119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ))sdot119867(1198981199081198771)= 1198771 sdot 119892119903119868119863119906 sdot119867(1198981199081198771) sdot 119892119909119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)= 1198771119877119867(1198981199081198771)119868119863119906

119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)

(3) Given a time private key 119904119896119868119863119888 = (119877119868119863119888 120590119868119863119888 ) gener-ated by the user 119868119863119906 the verification equation (3) inProxyKeyGen algorithm can be presented as follows

119892120590119879 = 119892119903119879+120590119868119863119906 sdot119867(119879119904119879119890 119877119879) = 119892119903119879 sdot 119892120590119868119863119906 sdot119867(119879119904119879119890 119877119879)= 119877119879 sdot 119892(119903119868119863119906+119909119867(119868119863119906119877119868119863119906 ))sdot119867(119879119904119879119890 119877119879)= 119877119879 sdot 119892119903119868119863119906 sdot119867(119879119904119879119890 119877119879) sdot 119892119909119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)= 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906

119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)

(4) Given a valid proof119875 = 120583Ω generated by the cloudthe verification equation (5) in ProofVerify algorithmcan be proved as follows

119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906sum119894isin119868 V119894sdot119898119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )

sdot 119877119879 sdot 119892120590119868119863119906 sdot119867(119879119904119879119890 119877119879)) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 ) sdot 119877119879sdot 119892(119903119868119863119906+119909119867(119868119863119906119877119868119863119906 ))sdot119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)

Theorem5 (auditing soundness) In our proposed scheme thecloud cannot pass the validation of the TPA if it does not keepthe userrsquos data correctly

Proof We construct a knowledge extractor and utilize themethod of knowledge proof to accomplish the followingproof If the cloud does not keep the userrsquos data correctly butcan pass the validation of the TPA then we can repeatedlyinteract between the proposed scheme and the knowledgeextractor to extract the intact challenged data blocks We willprove this theorem by a sequence of games

Game 1 The adversary sends a query to the challengerfor obtaining the signatures of a series of data blocks Thechallenger generates the corresponding signatures for thesedata blocks and sends them to the adversary Then thechallenger submits an auditing challenge 119888ℎ119886119897 = 119894 V119894119894isin119868to the adversary The adversary generates the auditing proof119875 = 120583 Ω and sends it to the challenger

Game 2 Game 2 is identical to Game 1 with one differenceThat is the challenger keeps a list of responses to the queriesfrom the adversary The challenger observes each instanceof the challenge-respond process with the adversary If thechallenger finds the aggregated signature Ω is not equal toprod119894isin119868120573119894V119894 he declares failure and aborts

Analysis Assume that the auditing proof 120583 Ω is generatedby the honest prover based on the correct file 119865 From thecorrectness of our scheme we get

119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)

Assume that the forged auditing proof 1205831015840 Ω1015840 is gener-ated by the adversary based on the corrupted file 1198651015840 where1198651015840 = 119865 Because the forgery is successful we get


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)

Obviously 1205831015840 = 120583 otherwise Ω1015840 = Ω which contradictsour above assumption We define Δ120583 = 120583 minus 1205831015840 and show asimulator that could break the challenge CDH instance withthis adversary as follows

Given (119892 119892120576 120593) isin 1198661 the simulator outputs 120593120576 Set 119906 =119892119886120593119887 where 119886 119887 isin 119885lowast119901 are two randomelements chosen by thesimulator Meanwhile the verification value is set as 119884 = 119892120576

The simulator selects a random element 119903119894 isin 119885lowast119901 for each119894 (1 le 119894 le 119899) in the challenge and programs the randomoracleat 119894 as

119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)

The simulator can compute 120573119894 since we get119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894 = 119892119903119894

(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)

The simulator calculates 120573119894 = (ℎ(119899119886119898119890119894119868119863119901)119906119898119894)120590 =(119892119903119894)120590Dividing (10) by (11) we have

119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)

= 119890 ((119892119886120593119887)Δ120583 119892119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))= 119890 (119892119886Δ120583 119892119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))sdot 119890 (120593119887Δ120583 119892119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))= 119890 (119892119886Δ120583sdot(119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879))sdot 119884119886Δ120583sdot(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879)) 119892)sdot 119890 (120593119887Δ120583sdot(119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)) 119892)sdot 119890 (120593119887Δ120583 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(14)

So we obtain

119890 ( ΩΩ1015840 sdot 119892minus119886Δ120583sdot(119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879))sdot 119884minus119886Δ120583sdot(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))sdot 120593minus119887Δ120583sdot(119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)) 119892)= 119890 (120593119887Δ120583 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)))= 119890 (120593 119884)(119887Δ120583(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)))= 119890 (120593 119892120576)(119887Δ120583(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)))= 119890 (120593120576 119892)(119887Δ120583(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)))

(15)

Then we can learn that

120593120576 = 119890 ( ΩΩ1015840 sdot 119892minus119886Δ120583sdot(119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)) sdot 119884minus119886Δ120583sdot(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))sdot 120593minus119887Δ120583sdot(119903119868119863119901+119903119879+119903119868119863119906119867(119879119904119879119890 119877119879)))1(119887Δ120583(119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))) (16)

Note that the probability we can find a solution to CDHproblem is the same as the probability 119887Δ120583(119867(119868119863119901 119877119868119863119901) +119867(119868119863119906 119877119868119863119906)119867(119879119904 119879119890 119877119879)) = 0 mod 119901 The probabilityof 119887Δ120583(119867(119868119863119901 119877119868119863119901) + 119867(119868119863119906 119877119868119863119906)119867(119879119904 119879119890 119877119879)) =0 mod 119901 is 1 minus 1119901 Then we can find a solution toCDH problem with a probability 1 minus 1119901 which con-tradicts the assumption that the CDH problem in 1198661 ishard

Therefore if the difference between the adversaryrsquos prob-abilities of success in Game 1 and Game 2 is nonnegligible wecan construct a simulator that utilizes the adversary to solvethe CDH problem

Game 3 Game 3 is identical to Game 2 with one differenceThe challenger still maintains and observes each instanceof the proposed scheme For one of these instances if the


challenger finds a linear combination 1205831015840 of data blocks is notequal to the expected 120583 the challenger declares failure andaborts

Analysis Assume that the honest prover generates a corretauditing proof 120583Ω based on the correct file 119865 From thecorrectness of our scheme we get

119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)

Assume that the adversary generates a forged auditingproof 1205831015840 Ω1015840 based on the corrupted file 1198651015840 where 1198651015840 = 119865Because the forgery is successful we get

119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)

According to Game 2 we learn that Ω1015840 = Ω Define Δ120583 =120583minus1205831015840 and we show a simulator that could solve the challengeDL instance with this adversary as follows

Given (119892 120593) isin 1198661 the simulator would like to calculatea value 119909 which satisfies 120593 = 119892119909 The simulator randomlyselects two elements 119886 119887 isin 119885lowast119901 and sets 119906 = 119892119886120593119887

Based on the above two verification equations we get

119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)

Since 120593 = 119892119909 we can find the solution to the DL problemby calculating

120593 = 119892minus119886Δ120583119887Δ120583 (22)

and then119909 = minus119886Δ120583119887Δ120583 As defined aboveΔ120583 = 0 However119887 is zero with the probability 1119901 which is negligible Thenwe can solve the DL problem with a probability of 1 minus 1119901which contradicts the assumption that the DL problem in 1198661is hard

Therefore if the difference between the adversaryrsquos prob-abilities of success in Game 2 andGame 3 is nonnegligible wecan construct a simulator that utilizes the adversary to solvethe DL problem

From the above analysis we can know that the maliciouscloud cannot pass the validation of the TPA if it does not keepthe userrsquos data correctly

Theorem 6 (the security of proxy update) In our proposedscheme the revoked proxy or the expired proxy cannot processdata on behalf of the user any more

Proof When the revoked proxy or the expired proxy uploadsthe file and its corresponding signatures to the cloud thecloud firstly checks whether this proxy is in the publicrevocation list and then verifies the validity of the warrant-signature pair (119898119908 (1198771 1205901)) and the file tag 119905119886119892

Firstly if this proxy is in the public revocation listthe cloud rejects this file and signatures from this proxySecondly the cloud checks the validity of the warrant-signature pair (119898119908 (1198771 1205901)) by the verification equation (2)If the current time period is not in the valid time period(119879119904 119879119890) then the warrant-signature pair cannot pass theverification The cloud regards this proxy as a revoked proxyor an expired proxy and refuses this proxyrsquos request Finallythe cloud checks the validity of the file tag by verifyingwhether 119878119878119894119892119904119904119896(119899119886119898119890 119879119904 119879119890 119877119868119863119901 119877119879 119868119863119901) is avalid signature or not If it is not the cloud considers that thisfile tag is generated by a revoked proxy or an expired proxyand then rejects the request of this proxy

Therefore only the proxy who is not in the publicrevocation list and possess a valid warrant is able to processdata on behalf of the user

Theorem 7 (the soundness of payment) In our proposedscheme the user will pay for the proxy based on the proxyrsquosreal workload assuming the cloud does not collude with theproxy

Proof Firstly when the cloud receives the data uploadedby the proxy it will set the upload number 119873 and gen-erate the signature 120573 with its private key for this uploadnumber 119873 Therefore the signature 120573 that the proxysends to the user is generated by the cloud according tothe real upload number 119873 The proxy cannot forge thissignature

Secondly the proxy can verify whether the signature 120573from the cloud is valid according to his real upload number119873 Thus the signature 120573 that the proxy sends to the user isrecognized by the proxy

In conclusion the user believes the signature 120573 sent by theproxy is validThe payment that the user pays for the proxy isbased on the proxyrsquos real workload in the absence of collusion


6 Performance Evaluation

In this section we first present the functionality comparisonof our scheme with different cloud storage auditing schemesand then compare the computation overhead and the com-munication overhead of our scheme with that of Wang et alscheme [5] At last we show the experimental results of ourscheme

61 Functionality Comparison Table 2 shows a function-ality comparison of our scheme with different cloud stor-age auditing schemes [5 6 18 25 30 31] in terms ofpublic verifiability lightweight computation proxy updatecertificate management simplification and workload-basedpayment Our scheme is the only scheme that meets all of theaforementioned properties

62 Performance Analysis and Comparison

(1) Computation Overhead Since the scheme of [5] is thelightweight cloud storage auditing scheme which achievespublic verifiability and certificates management simplifica-tion we compare our scheme with it with regard to thecomputation overhead of different entities in Table 3 Inour scheme the main cost of the PKG is generating globalparameters the partial private key and private keys forthe proxy the user and the cloud respectively Thereforethe computation overhead of the PKG is 41198641198661 + 3(1198601198661 +119872119885lowast119901

+ 119867119885lowast119901 ) where 1198641198661 and 1198601198661 respectively denote oneexponentiation operation and one addition operation in 1198661and 119872119885lowast119901

and 119867119885lowast119901 respectively denote one multiplicationoperation and one hashing operation in 119885lowast119901 The dominatedcomputation overhead of the proxy for computing proxyprivate key and data signatures is119860119885lowast119901 +119899(1198721198661

+21198641198661 +1198671198661)where 119860119885lowast119901 denotes one addition operation in 119885lowast119901 1198721198661

and1198671198661 respectively denote one multiplication operation andhash operation in 1198661 and n is the total number of datablocks When generating a warrant-signature pair and thetime private key the cost of the user is 2(119860119885lowast119901 +119872119885lowast119901

+ 119867119885lowast119901 )which can be done offline The computation overhead of thecloud for generating an auditing proof is (119888 minus 1)1198721199061198971198661 +1198881198641199091199011198661 + 119888119872119906119897119885lowast119901 + (119888 minus 1)119860119889119889119885lowast119901 where c is the number ofchallenged data blocksThe computation overhead of theTPAmainly comes from verifying the correctness of the auditingproof which needs 2119875 + 1198881198671198661 + (119888 + 4)1198641198661 + (119888 + 4)1198721198661

+119872119885lowast119901+ 4119867119885lowast119901 119875 denotes one pairing operation

When the scheme is built from the bilinear parings thecomputation overhead of the scheme mainly comes fromthe exponentiation operation the pairing operation and themultiplication operation in 1198661 The other operations suchas the operation in 119885lowast119901 and hashing operation cost lesscomputation overhead Thus comparing with the scheme of[5] our scheme and the scheme of [5] cost almost the samecomputation overhead on the proxy the user and the cloudsides In order to generate the cloud private key and performthe auditing task our schemeneeds to costmore computationoverhead than the scheme of [5] on the PKG and the cloud

200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

The numbers of data blocks

Figure 4The computation overhead for generating data signatures

sides What is more our scheme supports proxy update andworkload-based payment while the scheme of [5] cannotsupport that

(2) Communication Overhead As introduced in Section 4the communication overhead of the proposed schememainlycomes from the TPA and the cloud We can see from Table 4for an auditing challenge 119888ℎ119886119897 = 119894 V119894119894isin119868 the communicationoverhead of the TPA in our scheme is 119888 sdot (|119899| + |119901|) bits where|119899| is the size of an element of set [1 119899] and |119901| is the size ofan element in 119885lowast119901 In the scheme of [5] the communicationoverhead of the TPA is |119888| +2|119901| bits for an auditing challenge119888ℎ119886119897 = 119888 1198961 1198962 where 1198961 1198962 isin 119885lowast119901 are random values Forgenerating an auditing proof 119875 = 120582 120590 the communicationoverhead of the cloud in our scheme and the scheme of [5]both are |119901|+ |119902| bits where |119902| is the size of an element in119866163 Experimental Results In this subsection we conductexperiments on the proposed scheme by utilizing the GNUMultiple Precision Arithmetic (GMP) [33] and the Pairing-Based Cryptography (PBC) Library [34] These experimentsare implemented on a Linux machine with an Intel Pentium230GHz processor and 8GB memory and coded based on Cprogramming language In experiments we set the size of anelement in 119885lowast119901 to be |119901| =160 bits the base field size to be512 bits and the size of data file to be 20MB composed by1000000 blocks

(1) Performance of Signature Generation In our scheme theproxy helps the user to generate data signatures To evaluatethe performance of signature generation we implement theexperiment by increasing the number of data blocks 119899 from100 to 1000 From Figure 4 it is easily observed that the timeof generation signatures linearly increases with the numberof data blocksThus we can conclude that our scheme greatlyalleviates the userrsquos computation burden for generating datasignatures

(2) Performance of AuditingThe performance of auditing onthe TPA side and that on the cloud side are respectively


Table 2 Functionality comparison of different cloud storage auditing schemes

Schemes Publicverifiability

Lightweightcomputation Proxy update

Certificatemanagementsimplification

Workload-basedpayment

Wang et al [5] Yes Yes No Yes NoShen et al [6] Yes Yes No No NoYu et al [18] Yes No No No NoZhang et al [25] Yes No No Yes NoShacham et al [30] Yes No No No NoWang et al [31] No No No No NoOurs Yes Yes Yes Yes Yes

Table 3 The computation overhead of our scheme andWang et al scheme [5] for different entities

Entity Computation overhead(Our scheme)

Computation overhead(Wang et al[5])

PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)

User 2(119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901

Cloud(119888 minus 1)1198721199061198971198661 + 1198881198641199091199011198661 +119888119872119906119897119885lowast119901 + (119888 minus 1)119860119889119889119885lowast119901

(119888 minus 1)1198721199061198971198661 + 1198881198641199091199011198661 +119888119872119906119897119885lowast119901 + (119888 minus 1)119860119889119889119885lowast119901TPA

2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12

The numbers of challenged data blocks

Challenge generationProof verification

The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)

Figure 5 The computation overhead of the TPA in the phase ofauditing

shown in Figure 5 and Figure 6 In these experiments weselect to challenge different data blocks from 100 to 1000increased by an interval of 100 As shown in Figure 5 theTPArsquos computation overhead for generating challenge andverifying proof both grow linearly as the number of chal-lenged data blocks The computation overhead for verifyingproof ranges from 1512s to 11931s while the computation

0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation

Figure 6 The computation overhead of the cloud in the phase ofauditing

overhead for generating challenge grows slowly just rangingfrom 0043s to 0422s In Figure 6 it can be seen that thecloudrsquos computation overhead for generating proof rangesfrom 0371s to 3958s From the above analysis we canconclude that the more data blocks are challenged the morecomputation overhead need to be spent on the TPA and thecloud sides


Table 4 The communication overhead of our scheme andWang et al scheme [5]

Entity Phase Communication overhead (Our scheme) Communication overhead (Wang et al [5])TPA Auditing challenge 119888 sdot (|119899| + |119901|) |119888| + 2|119901|Cloud Auditing proof |119901| + |119902| |119901| + |119902|

7 Conclusion

In this paper we propose an identity-based cloud storageauditing scheme which achieves lightweight computation onthe user side by introducing a proxy and supports proxyupdate and workload-based payment for the proxy In ourscheme the task of generating data signatures is executedby the proxy with a valid warrant The revoked proxy andthe proxy with expired warrant cannot help the user processdata any more We pay for the proxy based on the workloadin cloud storage auditing The security analysis and theexperiment results show that our scheme provides strongsecurity with desirable efficient efficiency

Data Availability

No data were used to support this study

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This research is supported by National Natural ScienceFoundation of China (61772311) and the Open Project ofthe State Key Laboratory of Information Security Instituteof Information Engineering Chinese Academy of Sciences(2017-MS-05)

References

[1] K Ren C Wang and Q Wang ldquoSecurity challenges for thepublic cloudrdquo IEEE Internet Computing vol 16 no 1 pp 69ndash73 2012

[2] G Ateniese R Burns R Curtmola et al ldquoProvable datapossession at untrusted storesrdquo in Proceedings of the 14th ACMConference on Computer and Communications Security (CCSrsquo07) pp 598ndash609 Virginia Va USA November 2007

[3] Y Zhang H Zhang R Hao and J Yu ldquoAuthorized identity-based public cloud storage auditing scheme with hierarchicalstructure for large-scale user groupsrdquo China Communicationsvol 15 no 11 pp 111ndash121 2018

[4] A Yang J Xu J Weng J Zhou and D S Wong ldquoLightweightand privacy-preserving delegatable proofs of storage with datadynamics in cloud storagerdquo IEEE Transactions on Cloud Com-puting pp 1-1 2018

[5] H Wang D He and S Tang ldquoIdentity-based proxy-orienteddata uploading and remote data integrity checking in publiccloudrdquo IEEETransactions on Information Forensics and Securityvol 11 no 6 pp 1165ndash1176 2016

[6] W Shen J Yu H Xia H Zhang X Lu and R Hao ldquoLight-weight and privacy-preserving secure cloud auditing schemefor group users via the third party mediumrdquo Journal of Networkand Computer Applications vol 82 pp 56ndash64 2017

[7] B Wang S S M Chow M Li and H Li ldquoStoring shared dataon the cloud via security-mediatorrdquo in Proceedings of the 2013IEEE 33rd International Conference on Distributed ComputingSystems ICDCS 2013 pp 124ndash133 USA July 2013

[8] YWangQWu BQinW Shi RHDeng and JHu ldquoIdentity-based data outsourcingwith comprehensive auditing in cloudsrdquoIEEETransactions on Information Forensics and Security vol 12no 4 pp 940ndash952 2017

[9] A Juels and B S Kaliski Jr ldquoPors proofs of retrievabilityfor large filesrdquo in Proceedings of the 14th ACM Conference onComputer and Communications Security (CCS rsquo07) pp 584ndash597ACM Alexandria Va USA November 2007

[10] M Sookhak A Gani M K Khan and R Buyya ldquoDynamicremote data auditing for securing big data storage in cloudcomputingrdquo Information Sciences vol 380 pp 101ndash116 2017

[11] J Shen J Shen X Chen X Huang and W Susilo ldquoAn efficientpublic auditing protocol with novel dynamic structure for clouddatardquo IEEE Transactions on Information Forensics and Securityvol 12 no 10 pp 2402ndash2415 2017

[12] BWang B Li andH Li ldquoPanda public auditing for shared datawith efficient user revocation in the cloudrdquo IEEE Transactionson Services Computing vol 8 no 1 pp 92ndash106 2015

[13] CWang S SMChowQWang K Ren andW Lou ldquoPrivacy-preserving public auditing for secure cloud storagerdquo IEEETransactions on Computers vol 62 no 2 pp 362ndash375 2013

[14] Y Li Y Yu B Yang G Min and H Wu ldquoPrivacy preservingclouddata auditingwith efficient keyupdaterdquoFutureGenerationComputer Systems vol 78 pp 789ndash798 2018

[15] C Liu J Chen L T Yang et al ldquoAuthorized public auditing ofdynamic big data storage on cloud with efficient verifiable fine-grained updatesrdquo IEEE Transactions on Parallel and DistributedSystems vol 25 no 9 pp 2234ndash2244 2014

[16] H Tian Y Chen C-C Chang et al ldquoDynamic-hash-tablebased public auditing for secure cloud storagerdquo IEEE Transac-tions on Services Computing vol 10 no 5 pp 701ndash714 2017

[17] J Yu R Hao H Xia H Zhang X Cheng and F KongldquoIntrusion-resilient identity-based signatures concrete schemein the standard model and generic constructionrdquo InformationSciences vol 442443 pp 158ndash172 2018

[18] J Yu and H Wang ldquoStrong key-exposure resilient auditingfor secure cloud storagerdquo IEEE Transactions on InformationForensics and Security vol 12 no 8 pp 1931ndash1940 2017

[19] W Shen G Yang J Yu H Zhang F Kong and R HaoldquoRemote data possession checking with privacy-preservingauthenticators for cloud storagerdquo Future Generation ComputerSystems vol 76 pp 136ndash145 2017

[20] G Yang J Yu W Shen Q Su Z Fu and R Hao ldquoEnablingpublic auditing for shared data in cloud storage supporting


identity privacy and traceabilityrdquo The Journal of Systems andSoftware vol 113 pp 130ndash139 2016

[21] A Fu S Yu Y Zhang H Wang and C Huang ldquoNPP a newprivacy-aware public auditing scheme for cloud data sharingwith group usersrdquo IEEE Transactions on Big Data 2017

[22] H Wang Q Wu B Qin and J Domingo-Ferrer ldquoIdentity-based remote data possession checking in public cloudsrdquo IETInformation Security vol 8 no 2 pp 114ndash121 2014

[23] Y Yu M H Au G Ateniese et al ldquoIdentity-based remotedata integrity checking with perfect data privacy preserving forcloud storagerdquo IEEE Transactions on Information Forensics andSecurity vol 12 no 4 pp 767ndash778 2017

[24] Y Li Y Yu G Min W Susilo J Ni and K R ChooldquoFuzzy identity-based data integrity auditing for reliable cloudstorage systemsrdquo IEEE Transactions on Dependable and SecureComputing vol 16 no 1 pp 72ndash83 2019

[25] Y Zhang J Yu R Hao CWang andK Ren ldquoEnabling efficientuser revocation in identity-based cloud storage auditing forshared big datardquo IEEE Transactions on Dependable and SecureComputing 2018

[26] W Shen J Qin J Yu R Hao and J Hu ldquoEnabling identity-based integrity auditing and data sharing with sensitive infor-mation hiding for secure cloud storagerdquo IEEE Transactions onInformation Forensics and Security vol 14 no 2 pp 331ndash3462018

[27] J Li L Zhang J K Liu H Qian and Z Dong ldquoPrivacy-preserving public auditing protocol for low-performance enddevices in cloudrdquo IEEE Transactions on Information Forensicsand Security vol 11 no 11 pp 2572ndash2583 2016

[28] Y Wang Q Wu B Qin S Tang andW Susilo ldquoOnlineofflineprovable data possessionrdquo IEEE Transactions on InformationForensics and Security vol 12 no 5 pp 1182ndash1194 2017

[29] B Wang H Li and M Li ldquoPrivacy-preserving public auditingfor shared cloud data supporting group dynamicsrdquo in Proceed-ings of the 2013 IEEE International Conference on Communica-tions ICC 2013 pp 1946ndash1950 Hungary June 2013

[30] H Shacham and B Waters ldquoCompact proofs of retrievabilityrdquoJournal of Cryptology The Journal of the International Associa-tion for Cryptologic Research vol 26 no 3 pp 442ndash483 2013

[31] H Wang ldquoProxy provable data possession in public cloudsrdquoIEEE Transactions on Services Computing vol 6 no 4 pp 551ndash559 2013

[32] Q-A Wang C Wang K Ren W-J Lou and J Li ldquoEnablingpublic auditability and data dynamics for storage security incloud computingrdquo IEEE Transactions on Parallel and Dis-tributed Systems vol 22 no 5 pp 847ndash859 2011

[33] ldquoThe gnu multiple precision arithmetic library (gmp)rdquohttpgmpliborg

[34] B Lynn The Pairing-Based Cryptographic Library 2015httpscryptostanfordedupbc

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


Firstly these lightweight cloud storage auditing schemescannot support proxy update In real-world applicationsin order to designate a proxy the user needs to issue awarrant with a valid time period to this proxy The cloudwill verify whether the proxy is valid based on this war-rant Furthermore the proxy might be revoked before theexpiration of this valid time period For instance a userwith low computation capabilities delegates a proxy to helphim process data The proxy can be a legal organizationwhich has significant computation resources The user andthe proxy sign a contract with a specific valid time periodOnce the contract expires the expired proxy should not beable to process data on behalf of the user any more Anothersituation is that the user wants to change the proxy beforethe expiration of the contractrsquos valid time period due to themisbehaviour of the proxy This revoked proxy also shouldnot be able to process data for the user any more even if hiswarrant is still in a valid time period Thus how to design alightweight cloud storage auditing supporting proxy updateis worthwhile

Secondly existing lightweight cloud storage auditingschemes do not consider the mechanism of paying for theproxy based on the workload In the lightweight cloudstorage auditing scenario the user delegates a proxy toupload files to the cloud on his behalf However thenumber of these uploaded files might be greatly differ-ent in different time period Obviously it is unfair forthe proxy if we pay for the proxy according to servicetime It is more reasonable to pay for the proxy accordingto how many files he uploads to the cloud Thereforeit is necessary to design an effective mechanism to payfor the proxy based on the workload in cloud storageauditing

Contribution In order to deal with the above problemswe propose a novel lightweight identity-based cloud storageauditing scheme In this scheme we introduce a proxy tohelp the user generate data signatures which remarkablyreleases the usersrsquo burden on computation Different fromthe previous lightweight cloud storage auditing schemes ourproposed scheme supports proxy update In the detailedscheme the user issues a warrant to the designated proxyThe proxy with the valid warrant can process data on behalfof the user In order to realize effective proxy update thevalid time period and the proxy identity are embedded intothe warrant and the cloud keeps a public revocation list Itmakes the revoked proxy or the expired proxy unable toprocess and upload data to the cloud on behalf of the userany more When the proxy is revoked or the proxyrsquos warrantexpires the signatures generated by this proxy can still beused to check data integrity according to this proxy iden-tity the corresponding time period and some verificationvalues We also design an effective mechanism to achieveworkload-based payment for the proxy Our scheme relieson identity-based cryptography which simplifies certificatemanagement We finally prove the security of the schemeand evaluate the performance of the scheme by concreteimplementations

11 Related Work Ateniese et al [2] firstly proposed thenotion of Provable Data Possession (PDP) in which thetechniques of homomorphic authenticators and randomsample are utilized to verify the integrity of data in the cloudTo achieve the retrievability and the integrity guarantee ofthe cloud data Juels and Kaliski [9] proposed the concept ofProof of Retrievability (PoR) and designed a concrete schemeby employing the techniques of the spot-checking and theerror-correcting codes Later many variants of PDP andPoR schemes [10ndash13] were constructed to deal with differentproblems in cloud storage auditing

In order to protect data privacy Wang et al [13] proposeda cloud storage auditing scheme with data privacy preservingby using a randommasking technique Li et al [14] presenteda privacy preserving remote data integrity auditing schemebased on the zero-knowledge proof To support data dynamicoperations Liu et al [15] designed a dynamic data integrityauditing scheme with efficient fine-grained updates basedon the Merkle hash tree Tian et al [16] proposed a cloudstorage auditing scheme supporting data dynamics with theemployment of dynamic hash table By utilizing key updatetechniques [17] Yu et al [18] solved the problem of keyexposure in cloud storage auditing The privacy preservingof authentication in cloud storage auditing was consideredin [19] The problem of usersrsquo identity privacy in shared dataauditing was taken into account in [20 21]

To eliminate the complex certificate management in PKIsetting Wang et al [22] constructed the first identity-basedremote data integrity auditing scheme Based on identity-based cryptosystem Yu et al [23] designed a perfect dataprivacy-preserving cloud storage auditing scheme whichis able to achieve zero knowledge privacy against a thirdparty auditor Li et al [24] proposed a fuzzy identity-basedcloud storage auditing scheme in which a set of descriptiveattributes is used as a userrsquos identity Zhang et al [25]considered the problem of user revocation in the cloudstorage auditing and presented an identity-based shareddata integrity auditing scheme supporting real efficient userrevocation Shen et al [26] proposed an identity-based cloudstorage auditing scheme for shared data In this schemethe cloud file can be shared and used by others under thecondition that the sensitive information is hidden

Most end users such as smart phone have constrainedcomputation resources and computation capabilities Inorder to alleviate the userrsquos computation burden manylightweight cloud storage auditing schemes were proposedLi et al [27] and Wang et al [28] respectively proposedcloud storage auditing schemes for low-performance enddevices based on onlineoffline signatures In these twoschemes most heavy computations are executed in theoffline phase Nonetheless the user still needs to carry outlightweight computations for generating data signatures inthe online phase In order to deal with this problem Wanget al [5] proposed an identity-based cloud storage auditingscheme by introducing a proxy to help users generate datasignatures In this scheme the user does not need to consumecomputation resources to generate data signatures Shen etal [6] designed a lightweight data integrity auditing schemefor cloud storage in which theThird Party Medium (TPM) is





















32 Definition







Auditing Proof


User


Iden

tity(

ID)

Identity(ID)

Priv

ate K

ey

Partial Private Key

Proxy


Data and Signatures



Table 1 Notations
















(1) Setup






119892120590119868119863119906 = 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 ) (1)












1198921205901 = 1198771119877119867(1198981199081198771)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771) (2)



119892120590119879 = 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879) (3)





120573119894 = (ℎ (119899119886119898119890 119894 119868119863119901) 119906119898119894)120590 (4)










User IDu





Proxy IDp




(RT )


Proxy IDp Cloud














119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)


(7) ProxyUpdate








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






















32 Definition







Auditing Proof


User


Iden

tity(

ID)

Identity(ID)

Priv

ate K

ey

Partial Private Key

Proxy


Data and Signatures



Table 1 Notations
















(1) Setup






119892120590119868119863119906 = 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 ) (1)












1198921205901 = 1198771119877119867(1198981199081198771)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771) (2)



119892120590119879 = 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879) (3)





120573119894 = (ℎ (119899119886119898119890 119894 119868119863119901) 119906119898119894)120590 (4)










User IDu





Proxy IDp




(RT )


Proxy IDp Cloud














119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)


(7) ProxyUpdate








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




Auditing Proof


User


Iden

tity(

ID)

Identity(ID)

Priv

ate K

ey

Partial Private Key

Proxy


Data and Signatures



Table 1 Notations
















(1) Setup






119892120590119868119863119906 = 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 ) (1)












1198921205901 = 1198771119877119867(1198981199081198771)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771) (2)



119892120590119879 = 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879) (3)





120573119894 = (ℎ (119899119886119898119890 119894 119868119863119901) 119906119898119894)120590 (4)










User IDu





Proxy IDp




(RT )


Proxy IDp Cloud














119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)


(7) ProxyUpdate








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia
















(1) Setup






119892120590119868119863119906 = 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 ) (1)












1198921205901 = 1198771119877119867(1198981199081198771)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771) (2)



119892120590119879 = 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879) (3)





120573119894 = (ℎ (119899119886119898119890 119894 119868119863119901) 119906119898119894)120590 (4)










User IDu





Proxy IDp




(RT )


Proxy IDp Cloud














119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)


(7) ProxyUpdate








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia











1198921205901 = 1198771119877119867(1198981199081198771)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771) (2)



119892120590119879 = 119877119879119877119867(119879119904119879119890 119877119879)119868119863119906119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879) (3)





120573119894 = (ℎ (119899119886119898119890 119894 119868119863119901) 119906119898119894)120590 (4)










User IDu





Proxy IDp




(RT )


Proxy IDp Cloud














119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)


(7) ProxyUpdate








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



User IDu





Proxy IDp




(RT )


Proxy IDp Cloud














119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904 119879119890 119877119879))

(5)


(7) ProxyUpdate








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia








1199011015840 119877119879 120590) based on the time


1199011015840) where 120590 = (120590119868119863

1199011015840+ 120590119879)(119898119900119889119901)









5 Security Analysis






Proof


119892120590119868119863119906 = 119892119903119868119863119906+119909119867(119868119863119906 119877119868119863119906 ) = 119892119903119868119863119906 sdot 119892119909119867(119868119863119906 119877119868119863119906 )= 119877119868119863119906119884119867(119868119863119906 119877119868119863119906 )

(6)





119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




119884119867(119868119863119906 119877119868119863119906 )sdot119867(1198981199081198771)(7)



119884119867(119868119863119906 119877119868119863119906 )sdot119867(119879119904119879119890 119877119879)(8)


119890 (Ω 119892) = 119890(prod119894isin119868

120573119894V119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)120590sdotV119894 119892)= 119890(prod

119894isin119868

(ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) sdot 119906119898119894)V119894 119892120590)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot prod119894isin119868

119906119898119894sdotV119894 119892120590)= 119890(prod

119894isin119868


119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119892120590119868119863119901+120590119879)= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583119892119903119868119863119901+119909119867(119868119863119901119877119868119863119901 )+119903119879+120590119868119863119906119867(119879119904119879119890 119877119879))= 119890(prod

119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901119877119868119863119901 )



= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119884119867(119868119863119901 119877119868119863119901 )

sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119906 119877119868119863119906 )119867(119879119904119879119890 119877119879))

= 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(9)






119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(10)



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(11)




119867(119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894) = 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) (12)


(119892119886119898119894 sdot 120593119887119898119894) sdot 119906119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886120593119887)

119898119894

= 119892119903119894(119892119886119898119894 sdot 120593119887119898119894) sdot (119892119886119898119894 sdot 120593119887119898119894) = 119892119903119894

(13)


119890 ( ΩΩ1015840 119892) = 119890 (119906Δ120583 119877119868119863119901sdot 119884119867(119868119863119901 119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879) sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906)


(14)

So we obtain


(15)









119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





119890 (Ω 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(17)


119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901 sdot 119877119879

sdot 119877119867(119879119904119879119890 119877119879)119868119863119906sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(18)




119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 119906120583 119877119868119863119901 sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879)) = 119890 (Ω 119892)

= 119890 (Ω1015840 119892) = 119890(prod119894isin119868

ℎ (119899119886119898119890 1003817100381710038171003817100381711986811986311990110038171003817100381710038171003817 119894)V119894 sdot 1199061205831015840 119877119868119863119901sdot 119877119879 sdot 119877119867(119879119904119879119890 119877119879)119868119863119906

sdot 119884119867(119868119863119901119877119868119863119901 )+119867(119868119863119906119877119868119863119906 )119867(119879119904119879119890 119877119879))

(19)

Therefore we obtain

119906120583 = 1199061205831015840 (20)

and therefore that

1 = 119906Δ120583 = (119892119886120593119887)Δ120583 = 119892119886Δ120583 sdot 120593119887Δ120583 (21)


120593 = 119892minus119886Δ120583119887Δ120583 (22)

























200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia















200 400 600 800 10000

2

4

6

8

10

12

14

The o

verh

ead

of si

gnat

ure g

ener

atio

n (s

)

















PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia












PKG 41198641198661 +3(1198601198661+119872119885lowast119901

+119867119885lowast119901) 31198641198661 +2(1198601198661

+119872119885lowast119901+119867119885lowast119901

)Proxy 119860119885lowast119901

+119899(1198721198661+ 21198641198661 +1198671198661

) 119860119885lowast119901+119872119885lowast119901

+ 119867119885lowast119901+119899(1198721198661

+ 21198641198661 + 1198671198661)


+ 119867119885lowast119901) 119860119885lowast119901

+119872119885lowast119901+ 119867119885lowast119901



2119875 + 1198881198671198661+ (119888 + 4)1198641198661 +(119888 + 4)1198721198661+119872119885lowast119901

+ 4119867119885lowast119901

2119875+(119888+2)1198671198661+(119888+3)1198641198661 +(119888 + 3)1198721198661

+ 3119867119885lowast119901+ 2119860119885lowast119901

0 200 400 600 800 10000

2

4

6

8

10

12



The c

ompu

tatio

n ov

erhe

ad o

f TPA

(s)



0 200 400 600 800 10000

1

2

3

4

The c

ompu

tatio

n ov

erhe

ad o

f clo

ud (s

)


Proof generation






7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





7 Conclusion


Data Availability




Acknowledgments


References







































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


A Lightweight Identity-Based Cloud Storage …downloads.hindawi.com › journals › scn › 2019...

Documents

Transcript of A Lightweight Identity-Based Cloud Storage …downloads.hindawi.com › journals › scn › 2019...