Cloud storage services have become accessible and used by everyone. Nevertheless, stored data are dependable on the behavior of the cloud servers, and losses and damages often occur. One solution is to regularly audit the cloud servers in order to check the integrity of the stored data. The Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy presented in ACISP'15 is a straightforward design of such solution. However, this scheme is threatened by several attacks. In this paper, we carefully recall the definition of this scheme as well as explain how its security is dramatically menaced. Moreover, we proposed two new constructions for Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy based on the scheme presented in ACISP'15, one using Index Hash Tables and one based on Merkle Hash Trees. We show that the two schemes are secure and privacy-preserving in the random oracle model.Correctness. We require that a DPDP with PV and DP is correct if for (pk, sk) ← KeyGen(λ), T m ← TagGen(pk, sk, m), (F ′ , E ′ , ν ′ ) ← PerfOp (pk, F, E, inf o), ν ← GenProof(pk, F, chal, Σ), then 1 ← CheckOp(pk, ν ′ ) and 1 ← CheckProof (pk, chal, ν). N.B. The set of ranks is [1, n] at the first upload; it then becomes (0, n + 1) ∩ Q after operations as in the construction in [12].
Security and Privacy ModelsSecurity Model against the Server This model against the server is given in [12], and follows the one proposed in [1,7].We consider a DPDP with PV and DP as defined above. Let a data possession game between a challenger B and an adversary A (acting as the server) be as follows: ⋄ Setup. B runs (pk, sk) ← KeyGen(λ) such that pk is given to A while sk is kept secret. ⋄ Adaptive Queries. First, A is given access to a tag generation oracle O T G . A chooses blocks m i and gives them to B, for i ∈ [1, n]. B runs TagGen(pk, sk, m i ) → T m i and gives them to
