Comment on “A Lightweight Auditing Service for Shared Data With Secure User Revocation in Cloud Storage”

Abstract

Recently, Rabaninejad <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (2019) proposed an excellent auditing protocol for shared data (CoRPA, for short) [ <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">IEEE Trans. Ser. Comp., DOI 10.1109/TSC.2019.2919627</i> ], which has many better properties, like the identity-privacy, collusion resistant, efficient user revocation and supporting dynamic update etc. In addition, they also presented the detailed security analysis for CoRPA and described the reduction from the soundness of CoRPA to discrete logarithm assumption. However, in this article, we analyze their original security reduction (to discrete logarithm) and find out that it is incorrect and misleading. That is, the soundness of CoRPA cannot be obtained from the discrete logarithm assumption. Now, we give a new proof for their CoRPA based on the square-CDH assumption, which is also used by them to prove the security of homomorphic proxy re-signature scheme. We also hope the new security proof will provide theoretical guarantee when using CoRPA in practical scenes.