基于格的后量子无证书公共审计方案  

作　　者：马海峰 蔡杰伟 薛庆水 杨家海[2] 韩静 卢子譞 MA Haifeng;CAI Jiewei;XUE Qingshui;YANG Jiahai;HAN Jing;LU Zixuan(School of Computer Science and Information Engineering,Shanghai Institute of Technology,Shanghai 201418,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China)

机构地区：[1]上海应用技术大学计算机科学与信息工程学院,上海201418 [2]清华大学网络科学与网络空间研究院,北京100084

出　　处：《计算机应用》2025年第4期1249-1255,共7页journal of Computer Applications

基　　金：国家电网资助项目(SGHAXTOOWWJS2200033)。

摘　　要：对存储在云服务器上的数据进行周期性的审计,是确保存储在云上数据的安全性和完整性的核心策略,它可以有效识别和应对可能存在的数据篡改或丢失的风险。然而传统的公共审计方案存在证书管理问题或密钥托管等问题,进而在数据的查询和动态修改过程中存在隐私泄露问题;此外,随着量子计算技术的不断发展,传统公钥体制下的公共审计方案面临被量子计算机破解的严重威胁。为了解决以上问题,提出一种基于格的后量子无证书公共审计方案。首先,使用无证书公钥密码体制,以解决传统公共审计方案中的证书管理和密钥托管问题;其次,在数据查询和动态修改过程中,数据拥有者(DO)无需提供具体的数据块信息,从而保证DO的隐私;最后,采用格密码学的技术抵抗量子计算机的攻击。理论分析和实验对比结果验证了所提方案可以抵御恶意攻击并保证DO操作的隐私,同时在标签生成方面具备更高的效率。Periodic audit of data stored on cloud servers is a core strategy to ensure the security and integrity of cloudstored data.It can identify and address the risks of data tampering or loss effectively.However,traditional public audit schemes suffer from issues such as certificate management or key escrow,leading to privacy leak problem during data querying and dynamic modification.Furthermore,with the continuous development of quantum computing technology,public audit schemes based on traditional public key systems face serious threats of being cracked by quantum computers.To address the above issues,a post-quantum certificateless public audit scheme based on lattice was proposed.Firstly,a certificateless public key cryptosystem was used to solve the certificate management and key escrow problems in traditional public audit schemes.Secondly,during data querying and dynamic modification processes,Data Owners(DO)were not required to provide specific data block information,thereby ensuring the privacy of the DO.Finally,lattice cryptography technology was employed to resist attacks from quantum computers.Theoretical analysis and experimental comparison results demonstrate that the proposed scheme can resist malicious attacks while ensuring the privacy of DO operations,and it achieves higher efficiency in label generation.

关 键 词：格 云存储 公共审计 无证书密码学 后量子安全 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]