高效的无证书云数据审计方案

针对现有无证书云审计方案中，使用了幂指数、双线性映射、点哈希映射等大开销运算，导致审计效率不高的问题，本文提出一种高效的无证书云数据完整性验证方案。方案在密钥生成阶段，使用无证书签名技术，由密钥生成中心(Key Generating Center, KGC)与用户合作生成用户的公私钥，能够避免审计系统的安全对于KGC安全的强依赖性，既解决了公钥基础设施(Public Key Infrastructure，PKI)体制下的云审计方案中，公钥证书管理复杂的缺点，又能够解决基于身份的云审计方案所固有的密钥托管问题。在数据预处理阶段，用户将数据加密、分块，保护了数据内容隐私，且降低了方案的计算与通信开销。在数据动态更新阶段，方案使用虚拟索引数据结构实现云端数据块的动态更新（插入、删除、修改），能够避免标签重复计算导致的额外计算开销。在数据审计阶段，由第三方审计者(Third Party Auditor，TPA)代替用户对来自云端的完整性证据进行验证，能够减轻用户的计算负担。本文在安全性分析部分，证明了方案能够抵抗来自云端的替代攻击，可实现隐私保护，且能够抵抗两类敌手的伪造攻击。在方案性能分析部分，首先对本文方案和现有方案进行数值分析与对比，然后利用JPBC库进行实验，结果表明，方案的计算开销明显降低。

Efficient Certificateless Cloud Data Auditing Scheme

In order to solve the problem of low audit efficiency due to the use of power exponent, bilinear mapping, point hash mapping and other expensive operations in the existing certificateless cloud auditing scheme, an efficient certificateless cloud auditing scheme was designed in this paper. In the key generation stage, combined with the certificateless signature technology, the user''s public and private keys are generated by the Key Generating Center (KGC) in cooperation with the user, so the strong dependence of auditing system security on KGC security could be avoided. The shortcomings of complex public key certificate management under the Public Key Infrastructure(PKI) system and the inherent key escrow issues under the identity-based cloud audit scheme could be solved. In the data preprocessing stage, the data was encrypted and divided into blocks, the data content privacy was protected and the calculation and communication overhead of the scheme could be reduced. In the data dynamic update stage, the virtual index data structure was used to realize the insertion, deletion and modification of data blocks, and the extra computational overhead caused by label recalculation could be avoided. In the data auditing stage, the task of users to verify the integrity evidence would be replaced by a Third Party Auditor (TPA), and the user''s computational burden could be reduced. In the section of security analysis, it could be proved that the substitution attack from the cloud could be resisted, the privacy protection could be achieved, and the forgery attacks by two types of adversaries could be resisted. In the performance analysis part, numerical analysis and comparison of the proposed scheme and the existing scheme were carried out first, and then the JPBC library was used to reduce the computational cost of the scheme significantly.