Page 81 - Read Online

P. 81

Page 74 Jiang et al. J Surveill Secur Saf 2020;1:61-78 I http://dx.doi.org/10.20517/jsss.2020.09

Analysis: Suppose the adversary wins in this Game with a non-negligible probability. Hereafter, a
simulator is constructed to work out the Discrete algorithm (DL) problem if the adversary can succeed
in this game. Given a group G with prime order q, , ∈g h G as input, the target of the simulator is to yield
α
a by interacting with , which satisfies =h g . The simulator behaves like in Game 2, but with the
following differences:
(1) Before processing a file F, the simulator first performs the KeyGen algorithm and yields a secret key
for user as KAB. Then, following the process of the presented scheme in this paper, the simulator uses
ω
u j = gg ϖ j j for each1≤ j ≤ s, whereωϖ ∈ Z .
,
*
2
R
q
j
j
(2) The simulator keeps interacting with to execute the auditing protocol proposed in this paper. As
~
described in Game 1, if the aggregate file sectors χ generated by the adversary is not equal to the
j
aggregate file sectors χ of the challenged sectors, then the game aborts and the adversary succeeds. It is
j
~
easy to know that σ σ = for the reason that Game 1 is not aborted. Next, with this in mind, compared with
equation (12) and equation (13), we can get the following equation:
s ~ s
( e ∏ u χ j , g ϑ ) = e ( ∏ u χ j j j , g t ϑ t ) (17)
= j 1 = j 1
It further indicates that:
∏ s u χ j ~ = ∏ s u χ j j j (18)
= j 1 = j 1
~
In addition, set{ χ ∆ j χ = j χ − j } j ∈ [1, ] s , which means at least one element of χ∆ is non-zero. After that,
j
compute:
s
∏ u ∆ j χ j = h s 1 = j ω ∑ j χ ∆ j g s 1 = j ϖ ∑ j χ ∆ j = 1 (19)
= j 1
Finally, the value of a is as follow:

∑ s ϖ j χ ∆ j (20)
α = − = j 1 mod q
∑ s = j 1 ωχ∆ j
j
As long as ∑ s ωχ∆ j j ≠ 0mod q , the above equations are valid and can be structured to work out
= j
1
the DL problem. The probability of solving the DL problem is the same as the probability
of1 Pr[− ∑ s = j 1 ωχ∆ j j ≠ 0mod ] 1 1/= q − q, which is contradictory with the assumption of the DL problem. It
means that if the adversary has a different probability of success in Game 1 and Game 2, which is non-
negligible, then the simulator can be constructed to solve the DL problem. To summarize, the proposed
one-way anonymous auditing protocol is secure and can be proven by uniting Game 0, Game 1, and Game 2.
7 PERFORMANCE ANALYSIS
In this section, we first compare our scheme with the related schemes in terms of various characteristics. In
Table 2, we can clearly conclude that our solution can better satisfy all the major characteristics.

Then, we give the numerical analysis of the computation overhead of the proposed stereo storage structure
assisted one-way anonymous auditing protocol and then evaluate the performance of our scheme. In
Table 3, we analyze and present the computation overhead of each algorithm respectively in the proposed
scheme. Primarily, the following notations are defined to represent the various operations in the specific
algorithms of each phase. The symbols , , and denote a multiplication operation, a exponentiation
operation and a hashing operation in G, respectively. In this paper, H , H , and H are not distinguished and
3
1
2
all can be expressed as . Similarly, the symbols T and T are respectively expressed as a multiplication
operation and a exponentiation operation in G . and q are indicated as one addition operation
T
and one multiplication operation in Z , respectively. And represents a bilinear pairing evaluation
q
×
operation :e G G → G . Considering that both g and g are public system parameters in our protocol,
2
1
T
then (e g g can be calculated in advance and viewed as a public value.
,
)
2
1

76 77 78 79 80 81 82 83 84 85 86