AbstractWhen outsourced database owners delegate their data to service providers, which might be untrusted or compromised, two issues of data security emerge, including data confidentiality and data integrity. Most of the previous research focuses on only one issue and the solution to integrate two approaches is expensive. In this paper, we propose bucket‐based authentication that can keep data confidentiality and meanwhile guarantee data integrity. Specifically, we first propose a new approach based on bucket checksum, which can be used for the authentication of multiple tuples at one time. We then apply bucket checksum to the authentication of various types of queries in static scenarios, including range queries and aggregation queries, such as MIN, MAX, SUM and COUNT queries. In the authentication of aggregation queries, several pruning rules have been proposed to improve performance further. We also extend our approach to dynamic scenarios based on incremental hash. Cost analysis shows the advantages of our approach over previous ones in terms of construction and verification cost. Experimental results show that our approach is both efficient and effective. Copyright © 2010 John Wiley & Sons, Ltd.