• cloud storage;
  • provable data possession;
  • post-quantum cryptography;
  • ideal lattice;
  • homomorphic hash function


Provable data possession (PDP) is a model for efficiently checking the integrity of data in cloud storage. Most previous PDP protocols are insecure when quantum computers are considered. In this paper, we propose a homomorphic hash-based PDP (HH-PDP) protocol from ideal lattice assumptions. Firstly, we prove that a collision-resistant hash function family is homomorphic. Then, we use the homomorphism to generate homomorphic verification tags and further construct a new PDP protocol. The security of the proposed protocol relies on the assumed worst-case hardness of ideal lattice problems, which hold a great promise for post-quantum cryptography. We prove that the proposed protocol guarantees data possession in the standard model if the shortest polynomial problem is hard. As the main operations in our construction are addition and multiplication on small integers, the proposed protocol is more efficient than previous protocols. Experimental result shows that HH-PDP is approximately five times cheaper in preprocessing and checking proof, half cost in generating proof compared with the most efficient PDP protocol proposed by Ateniese et al. in 2011. Copyright © 2013 John Wiley & Sons, Ltd.