In recent years, how to design efficient auditing protocol to verify the integrity of users’ data, which is stored in cloud services provider (CSP), becomes a research focus. Homomorphic message authentication code (MAC) and homomorphic signature are two popular techniques to respectively design private and public auditing protocols. On the one hand, it is not suitable for the homomorphic-MAC-based auditing protocols to be outsourced to third-party auditor (TPA), who has more professional knowledge and computational abilities, although they have high efficiencies. On the other hand, the homomorphic-signature-based ones are very suitable for employing TPA without compromising user’s signing key but have very low efficiency (compared to the former case). In this paper, we propose a new auditing protocol, which perfectly combines the advantages of above two cases. In particular, it is almost as efficient as a homomorphic-MAC-based protocol proposed by Zhang et al. recently. Moreover, it is also suitable for outsourcing to TPA because it does not compromise the privacy of users’ signing key, which can be seen from our security analysis. Finally, numerical analysis and experimental results demonstrate the high-efficiency of our protocol.

近年来，如何设计有效的审核协议来验证存储在云服务提供商（CSP）中的用户数据的完整性成为研究重点。同态消息认证码（MAC）和同态签名是分别设计私有审计协议和公共审计协议的两种流行技术。一方面，不适合将基于同构MAC的审计协议外包给第三方审计员（TPA），后者具有较高的专业知识和计算能力，但效率很高。另一方面，基于同态签名的方法非常适合采用TPA而不会损害用户的签名密钥，但是效率非常低（与前一种情况相比）。在本文中，我们提出了一种新的审核协议，完美结合了以上两种情况的优点。特别是，它几乎与Zhang等人提出的基于同态MAC的协议一样有效。最近。此外，它还适合外包给TPA，因为它不会损害用户签名密钥的私密性，这可以从我们的安全分析中看出。最后，数值分析和实验结果证明了我们协议的高效性。