| | Symbol | Meaning |
| | λ | A security parameter as input | | G | Additive cyclic group whose two orders are big prime numbers q > 2k | | GT | Multiplicative cyclic group whose two orders are big prime numbers q > 2k | | e:G×G⟶GT | Bilinear mapping | | H1/H2/H3 | Hash functions: | | H1:{0,1}⟶G, H2:{0,1}⟶, | | H3 : G⟶ | | g,u | Generators of group G | | ppub (mpk) | PKG randomly selects x0∈ and calculates Ppub = gx0 | | Msk | s selected randomly by PKG | | skID | The corresponding private key to ID, skID = b + x0H2(ID,B)modq, where b ∈ , B = gb | | Pk | Public key:pk = B·PpubH2(ID,B)modq | | PP | Public parameter | | PP = {G, GT, e, q, , u, H1, H2, H3, ppub (mpk)} | | formula (1) | = B·PpubH2(ID,B)modq | | Entrust | Entrust = (H1(ID,IDTPA))x. x ∈ as the secret key to generate authorization, and calculate V = as the legal authority verification value. | | mi | Data block of the file | | C | The improved multibranch tree authentication structure | | I | The index of the data block mi | | Name | The file identifier | | Vn | The current version number | | ti | The timestamp | | σi | File authentication tagσi=(H1(name||Vn||ti)·uH3(mi))skID | | Φ | The ordered set of σi | | Γ | Deputy root nodes signed by skID, Γ=(H1(R)) skID | | γ | Root node signed by skID, γ=(H1(R)) skID | | Chal | Challenge chal = {1, } i ∈ I, where ∈ randomly generated by TPA | | formula (2) | e (Entrust, g) = e(H1(ID,IDTPA),V) | | formula (3) | e (γ,g) = e(H1(R),pk) | | formula (4) | e (Γ,g) = e(H1(R),pk) | | formula (5) | |
|
|
