Abstract Certificateless provable data possession (CL-PDP) protocol is an important tool to check the integrity of data outsourced to cloud service provider (CSP) since it is not necessary to consider the certificate management and key escrow problems. In 2017, He et al. proposed an efficient CL-PDP protocol (HKWWC-protocol, for short) with an additional good property: Privacy protection from the verifier [Appl. Math. Comput., vol. 314, pp. 31-43]. However, recently, Liao et al. illustrates that the HKWWC-protocol is completely insecure under their suggested attack (LLON-attack) since CSP can return a forged proof that is able to pass the verification of the verifier, which shows that the HKWWC-protocol will become completely useless. In this paper, we revisit the original HKWWC-protocol and try to rescue it. After our modification, the twisted new protocol can be immune to the LLON-attack. More importantly, we find that the original He et al.’s security model cannot depict the practical scene at all because they viewed CSP and KGC (key generation center) as one entity in their system. Hence, we redefine a new security model and prove the twisted HKWWC-protocol is secure under our new security model. Performance analysis shows that our proposed protocol is still efficient and practical.

中文翻译：

---

用于云上大数据存储的隐私保护无证书可证明数据拥有方案，重新审视

摘要 无证书可证明数据所有权（CL-PDP）协议是检查外包给云服务提供商（CSP）数据完整性的重要工具，因为它不需要考虑证书管理和密钥托管问题。2017 年，He 等人。提出了一种高效的 CL-PDP 协议（​​简称 HKWWC 协议），并具有一个额外的优点：来自验证者的隐私保护 [Appl. 数学。计算，卷。314，第 31-43 页]。然而，最近，廖等人。说明 HKWWC 协议在他们建议的攻击（LLON 攻击）下是完全不安全的，因为 CSP 可以返回能够通过验证者验证的伪造证明，这表明 HKWWC 协议将变得完全无用。在本文中，我们重新审视了最初的 HKWWC 协议并试图挽救它。我们修改后，扭曲的新协议可以免受 LLON 攻击。更重要的是，我们发现 He 等人的原始安全模型根本无法描绘实际场景，因为他们将 CSP 和 KGC（密钥生成中心）视为他们系统中的一个实体。因此，我们重新定义了一个新的安全模型，并证明了扭曲的 HKWWC 协议在我们的新安全模型下是安全的。性能分析表明，我们提出的协议仍然有效和实用。