The cloud storage service has brought great convenience to the customer, which can save massive storage and computation resources via outsourcing the data to cloud service provider (CSP). However, the security issues are the biggest challenge such as data integrity. The user can verify the integrity of outsourced data through a remote data auditing solution without retrieving original data from cloud, however, the auditing procedure has heavy computational overhead, which employs third party auditor (TPA) to conduct auditing task on behalf of users. In this paper, we propose a decentralized public auditing scheme for cloud storage based on blockchain, which removes TPA and increases the number of CSP, the auditing task was assigned to multiple CSPs, and the blockchain technology was used to record the audit process. Meanwhile, the structure of e-voting system is utilized to realize the audit result statistics of multiple CSPs via smart contract, which enhanced the credibility and stability of final auditing result. The theoretical analysis and experimental results demonstrate that proposed scheme is secure and efficient.

1. Introduction

With rapid development of computer science and the emergence of concepts such as Internet of Things (IoT) and big data, cloud computing has been widely applied in both business and personal fields, affecting the way we live and produce [1]. Cloud storage, as one of the contents of cloud computing, has attracted academic and engineering attention due to its advantages of large storage capacity, ready-to-use service, high flexibility, and freedom from platform restrictions [2]. Because these advantages that local storage does not have, more and more enterprises and individuals are migrating their data to cloud storage platforms, where cloud service provider (CSP) provide storage and management services [35].

Relying on cloud services, users obtain great convenience, but the security of data outsourcing remains a big concern [6]. For cloud storage, users lose direct control of their data, and all the traditional methods used to verify data integrity cannot be applied to it. Besides, despite its claims of credibility, CSP cannot be fully trusted, it may still hide data corruption from users to preserve their own interests, or deliberately delete data that users rarely access to save storage space [7]. Moreover, there is external adversary trying to steal user data. Therefore, cloud users need a verification scheme to ensure the correctness and integrity of outsourced data.

In order to save bandwidth and communication resources, researchers have proposed several remote data auditing schemes that allow users to verify the integrity of outsourced data without local data backup. At first, private auditing [8, 9] was proposed. The user interacts with CSP to obtain proof of the original data, which verifies the integrity of the data. However, user need to regularly verify data integrity, and frequent interaction with CSP and audit operations can cause significant computing and communication resources consumption. As a consequence, researchers introduced TPA to implement public auditing, which enables users to assign auditing tasks to TPA, and users only need to know the auditing results from TPA [6, 7, 10, 11]. Compared with private auditing, public auditing is obviously more economical and practical, so public auditing is more applied in the auditing scheme. Whereas, in most existing public auditing scheme, TPA was considered to be completely trustworthy and will perform every auditing honestly, which also raises security risks. For example, the auditing process of TPA is untransparent to users, and users can only be notified of audit results. If an irresponsible TPA only tells the user that the audit results are correct in every auditing without doing any actual audit work, the user’s data will be at great risk. In addition to this, TPA is a centralized party; it means that TPA is subject to external attacks or internal faults. Once these effects cause TPA system failure, the auditing process will be affected. Even if the system is working properly, TPA may conspire with CSP to cover up data corruption out of self-interest.

To tackle these challenges, we propose a public auditing scheme based on blockchain and e-voting structure in this paper. The main idea is to employ blockchain technology [12] and e-voting to enhance the security of auditing result. E-voting is a decision-making method that uses internet technology to conduct voting, which first proposed by Chaum [13]. It is not limited by region and time, and has the advantage of convenience, rapidly, easy participation, and low cost. E-voting has gained massive attention from various fields. Traditional e-voting protocols usually employ cryptographic tools [14], such as homomorphic encryption and zero-knowledge, to ensure the security of voting. Nonetheless, there is a manager who supervises the whole voting process of existed e-voting protocols; the failure of the manager will lead to the incorrect result of the vote. The blockchain is well suited to solve such problems as it is known for its data security and decentralisation. As a decentralized distribute ledger, the blockchain is constructed in a distribute network consisting of multiple nodes. Each nodes in the network maintain a distributed ledger that contains all the transaction records recognized in the blockchain. Anyone can access the data in the blockchain. Some researchers have proposed schemes with a combination of e-voting and blockchain [1518]. In addition to supporting e-voting, we record each audit process on the blockchain to achieve the traceability of the auditing process. We also increase the number of CSP. In our scheme, we assign same auditing tasks to multiple CSPs, and count the independent auditing results of CSPs to obtain the final auditing results. The counting process is done through CSP votes, the final statistical work is completed by the smart contract on the blockchain, which can ensure that the statistical results are reliable and verifiable. In general, our contribution in this paper can be summarized as follows: (i)We propose a public auditing scheme with enhanced reliability, which employs multiple CSPs to implement same auditing task(ii)To obtain the audit results of outsourcing data, blockchain-based e-voting structure is proposed. The e-voting process is based on the blockchain records and smart contract, which ensures that the auditing records are not tampered with and the audit results statistics are correct(iii)We propose data sharing scheme to ensure correct data sharing and malicious data sharer detecting(iv)We prove the security and reliability of proposed scheme through theoretical analysis, we also evaluate the performance through property comparison and experiments

The remainder of this paper is organized as follows. In Section 2, we review related work related to cloud auditing scheme. The background technologies have been introduced in Section 3. The system model, threat model, and design goals are demonstrated in Section 4. Section 5 gives the detailed description of proposed scheme. We further analyze it.

With the widely circulated of cloud storage service, researchers have put increasing efforts into integrity auditing and proposed many schemes. Juels and Kaliski [8] firstly proposed provable data posession(PDP) model that allow users to remotely verify the integrity of data in semitrusted server. However, their solution is a private auditing scheme and does not support dynamic updates of data. In the same year, Ateniese et al. [9] proposed the model of provable data possession(PDP), which first introduce the concept of public auditing. They aim to allow anyone to audit the integrity of data by utilizing homomorphic verifiable tags (HVTs). In addition, the model used random sampling to generate data proof, which significantly reduce communication consumption while ensuring security. Hereafter, Ateniese et al. proposed a modified scalable PDP [19], this scheme took advantage of symmetric key cryptography to achieve greater efficiency and safety. Compared with original PDP model, [19] supports dynamic data operation, such as append, deletion, and modification. In [20], Shacham and Waters proposed two improvement PoR schemes. The first one is private auditing scheme that adopt pseudorandom functions, the second one is public auditing that based on BLS signature. Compared with the scheme that based RSA signature, the shorter length of BLS signature can effectively reduce communication costs. Since then, many scheme employed BLS signature to save communication computation and achieve batch auditing [10, 21, 22]. Curtmola et al. [23] proposed a MR-PDP model, which allows users to store multiple backups of one file on the server. When some backups are broken, MR-PDP model can recover files quickly. Except for integrity auditing, researchers have done lots of work in dynamic auditing. In order to realize dynamic data operation in cloud auditing, Erway et al. [24] proposed first fully dynamic solution, they employed rank-based authenticated skip list based on PDP model. Sookhak et al. [25] proposed a new technique, called RDA, that achieves minimum communication and computation burden. They also proposed a new data structure: Divided and Conquer Table (DCT) support full dynamic data operation. Tian et al. [11] proposed auditing data structure Dynamic Hash Table (DHT) and migrated the auxiliary information from CSP to TPA. Shen et al. [21] proposed an public auditing protocol with global and sampling blockless verification and batch auditing, in which they constructed a novel dynamic structure.

The concept of TPA is used in many audit programs, TPA was firstly proposed by Wang et al. in [10]. In their scheme, TPA verifies outsourced data on behalf of customers, helping customers save computing and storage resources. Besides, this scheme utilized HVT and Merkle Hash Tree [26], a well-studied data authentication structure, to achieve dynamic auditing and batch auditing. However, this scheme setting TPA is completely credible, so it cannot deal with the infidelity of TPA. In their subsequent work [27], Wang et al. employed random masking technology on the basis of [10], which could guarantee that TPA cannot derive customers’ original data from integrity proofs. Although many cloud data auditing schemes make use of TPA to replace customers for more audit functions, there are some disadvantages that cannot be ignored. First of all, no matter how trustworthy TPA claims to be, customers cannot trust TPA completely. TPA may infer customers data deliberately, collude with CSP to hide the fact that outsourced data has been corrupted out of self-interests. Next, TPA execute all the auditing tasks, once TPA suffers from external attack or internal failure, it will greatly affect customer’s service experience. Finally, there is only one TPA available in many schemes, but thousands of customers ask for service. This poses tremendous challenges to TPA’s computing and network transmission speed. To address those problems, Armknecht et al. [28] asked for verification of auditor’s behaviors, such as the records of auditing process. Zhang et al. [29] proposed a public auditing scheme CPVA, which takes and protracted auditors into consideration. They recorded the time of each auditing operations through blockchain transaction. Yu et al. [30] did not introduce TPA, but proposed a decentralized auditing blockchain (DAB), which used to collect, store proofs, and enhance the reliability and traceability. In [4], Fan et al. proposed a decentralized auditing scheme Dredas, in which TPA was replaced by smart contract on Ethereum.

3. Preliminaries

In this section, we introduced the preliminaries including Bilinear Map, Dynamic Hash Table, Blockchain and Ethereum, and E-voting.

3.1. Bilinear Map

Let and be two multiplicative cyclic groups of large prime order . Let be the generator of . A bilinear map is a map that occupied following properties: (i)Bilinear: for and , there is and (ii)Non-degeneracy: for generator , there is (iii)Computability: there exists an efficient and computable algorithm for computing

3.2. Dynamic Hash Table

Dynamic Hash Table (DHT) is a novel data structure for dynamic data operation, which is proposed in [11]. Figure 1 shows a sample of DHT. Each row of the two-dimensional table records information about one file, including file ID, the version number of each data block in the file, and the latest update time. DO utilizes DHT to generate block tag, A-CSP utilizes DHT to generate information for verification. Further, dynamic block operation and file operation have become much easier with the assistance of DHT.

3.3. Blockchain and Ethereum

Blockchain was first proposed by Nakamoto and Bitcoin in a paper about electronic cash [31]. It is a chained data structure, which is formed by connecting blocks end-to-end. Each block contains an index, a hash pointer to the previous block, a timestamp, its own hash value, and serval transactions data. The existence of hash pointer guarantees that once a block is modified, the hash value of that block will change, and the next block will not be connected to it by the hash pointer, as will all subsequent blocks. If someone wants to modify the data of a block, he or she must modify all blocks from that block. This principle ensures the security of blockchain. In general, the blockchain can be divided into three types: public blockchain, league blockchain, and private blockchain. In public blockchain, anyone can be a node in the blockchain without getting permission, a prime example is bitcoin. In league chain, a predetermined set of nodes maintain the blockchain, such as serval companies work for the same purpose. In private chain, the blockchain is managed by centralized organization.

Ethereum is an open source blockchain platform with smart contracts. Smart contract is a piece of code recorded on the blockchain, which means that the logic of written code is automatically executed as long as the conditions are met. Except for regular blockchain user account, Ethereum also has smart contract account that controlled by smart contract code on the blockchain. Blockchain user can invoke a smart contract by interacting with the account.

3.4. E-Voting

E-voting is an efficient and cost-saving way for conducting a voting process, which allows user to conduct voting through electronic devices, such as cell phone or computer. To ensure the integrity of the results, e-voting needs an authority to conduct counting and publishing. A complete e-voting system needs to satisfy several principles and requirements [32], but this scheme employs a simplified version.

4. Problem Statement

4.1. System Model

The decentralized auditing architecture of proposed scheme is shown in Figure 2 in previous work [33]. There are three entities: data owner (DO), data user (DU), and CSP. To make it easier to describe data sharing, we will discuss DO and DU separately. In practice, DO and DU can be the same person. (i)DO: has limited computing and storage resources, it outsources large data files to CSP and authorizes other CSPs to verify the integrity of data at regular intervals(ii)DU: acquires the data outsourced in CSP. Besides, for convenience or cost saving, DU will share the data with others. A single piece of data may circulate among many individuals(iii)CSP: provides storage and management services for DO while ensuring data integrity. From DO’s perspective, CSP can be divided into two categories by function: S-CSP is responsible for storing users’ data and providing data proof for auditing requests, A-CSPs are responsible for implementing regular auditing of the data on S-CSP. For a single DO, one CSP performs the function of S-CSP, while the other CSPs perform auditing task together as A-CSP

In proposed scheme, all DO, DU, and CSPs are blockchain user. A-CSP sends auditing request to S-CSP, then S-CSP generates data proof and sends it back to A-CSP. The information exchanges of A-CSP and S-CSP are stored on the blockchain in the form of transaction, and can be accessed by all blockchain users. Therefore, we can realize that all A-CSPs perform the same audit task and get the audits result independently. After that, A-CSPs send auditing results to smart contract for counting and broadcasting. Note that we do not consider the data privacy issues for this topic in cloud storage auditing is orthogonal to what we study in this paper.

4.2. Threat Model

In our scheme, we assume CSP is semitrusted. For example, CSP performs store and audit reliably, but S-CSP may deliberately conceal data corruption from DO. A-CSP may be compromised, that is to say, A-CSP may collude with S-CSP to give correct auditing results on corrupted data out of self-interest. Besides, there are also security issues because of the introduction of e-voting. More specifically, the following attacks may exist in our scheme: (i)Collusion attack. The CSP may collude to modify the auditing results, so the fact of some data being corrupted would be covered up(ii)Forge attack. The S-CSP may forge outsourced data and corresponding block tag to pass verification(iii)Modification attack. The S-CSP may ask A-CSP to modify historical auditing records for its own reputation(iv)Counterfeiting attack. During voting process, there may be some malicious parties who cast fake votes

4.3. Design Goal

In order to ensure the safety and efficiency of the scheme, we designed to achieve the goals as follows: (i)Public auditing. Anyone (except for the entities in our scheme) is able to verify the integrity and correctness of data store in cloud server(ii)Safe storage. Once outsourced data are corrupted, the auditing results of the data will be false(iii)Decentralized auditing. Multiple A-CSPs audit the same data, and the auditing results do not interfere with each other(iv)Blockless verification. There is no need to retrieve original data for verification(v)Traceability. Every auditing process of every A-CSP can be acquired and validated(vi)Data sharing. In the process of DU sharing the data, the malicious modification of the data can be detected

5. The Proposed Scheme

In this section, we present the proposed scheme, which is based on blockchain technology and e-voting structure. The procedure of the proposed scheme consists of four stages are as follows: (i)Setup: DO generates block tag, file tag, and DHT. Then DO uploads tags along with corresponding file to S-CSP, DHT to A-CSPs(ii)Dynamic data operation: after uploading, DO dynamically updates the data on the cloud server, such as appending, deleting, and modification(iii)Integrity verification: A-CSPs audit the data stored in cloud server, and send respective auditing results to smart contract account, which makes statistics and obtains the final auditing results. Figure 3 shows the process of voting(iv)Data sharing: DUs share data and maintain data integrity during data sharing. If a malicious nodes tampers with and shares the wrong data, subsequent nodes can determine who modified data

5.1. Setup

A DO, multiple DUs, and multiple CSPs are included in our scheme. Before starting, we assumed the file has been processed (such as encryption) and is divided into blocks: , , and is a large prime. and is two multiplicative cyclic groups of order , and is a bilinear map. Let be a hash function . is a cryptographic hash function. The setup procedure can be described as follows:

Key Gen: DO generates secret parameters. Firstly, DO randomly choose , , and . And then, DO chooses a random signing key pair for signature. Ultimately, DO set the secret key as , which is kept by DO itself, and the public key as .

DI Gen: DO generates information about the files that need to be stored in A-CSPs, the choice of DO for S-CSP and A-CSPs is random, but notice that for one DO there is only one S-CSP. After making the choice, DO generates , where is preallocated unique identity of file , represents the version number and latest update time of block . Then DO uploads to A-CSPs, and A-CSPs will add it to DHT for this DO.

Tag Gen: DO generates block tags and file tags for files to be outsourced. Firstly, for each block in file , DO computes block tag: . The set of block tags are represented as . Whereafter, for file , DO computes file tag based on secret key : . Finally, DO uploads to S-CSP, and removes them from local database.

5.2. Dynamic Data Operation

After uploading all the data, DO may want to perform dynamic operation of the data. In this section, we described block modification and block insertion, the updating operations of file is similar to block. For we store original data and state data separately, data updates also need to be made in two parts. We took advantage of DHT proposed in [11], so our update of DHT is the same as [11].

Block Modification: we assumed that the block need to be replaced by . Firstly, DO generates new version number and timestamp for , which is . DO computes new block tag . Then, DO constructs update request , where represents modification, and DO sends it to A-CSPs. Upon receiving , A-CSPs find the -th node of file and replaces the node content with . Meanwhile, DO constructs and sends it to S-CSP. After receiving, S-CSP replaces the -th block of file with , and the corresponding tag with .

Block Insertion: we assumed that block will be inserted after block . Same as block modification, DO needs to firstly generate new data information for , then DO sends insertion request to A-CSPs. Upon receiving it, A-CSPs find (-1)-th node of file and inserts a new node after it, the content of new node is . For data inserting, DO computes block tag for , and sends insertion request to S-CSP. Upon receiving it, S-CSP insert and into corresponding sets.

5.3. Integrity Verification

In proposed scheme, the process of auditing is built on the blockchain, and the auditing results are voted with the help of smart contract. We denote A-CSPs blockchain accounts as , which is the total number of A-CSP. S-CSP blockchain account as , smart contract account as . The integrity verification procedure can be described as follows:

Challenge: since all A-CSPs participates in the same audit task, we randomly select one form A-CSPs, denoted as , to launch challenge to . Before launching, need to verify file tag of target file. acquire file tag from and verifies the correctness of it by DO’s public key . If the verification failed, would terminate the auditing and notify DO that the data has been corrupted. If not, regains file ID. Then, constructs challenge information , in which is a subset of with elements, representing the index of blocks to be checked. is randomly selected from . is a random masking, in which is a random element. Finally, as shown in Figure 4, initiates a transaction with , the transaction data is set as .

Response: gets from transaction , and computes response information to proof the integrity and correctness of data. First, computes tag proof , which is the aggregation of block tag to be checked. For data proof, computes . After completing, initiates a transaction with . As shown in Figure 5, the transaction data is set as , in which is the deadline of voting.

Auditing: the verification of proposed scheme contains proof verification and voting procedure. In order to ensure that smart contract knows the total number of voters and whether the voters are eligible, before the deployment of smart contract, we put the white list containing the address of CSP account into it. The verification phase can be completed as follows: (i)Preparation: upon completion of the transaction, informs all of A-CSPs to begin voting(ii)Verification: upon receipt of notice, A-CSPs obtain from transaction and . For data validation, A-CSPs firstly compute based on DHT. Eventually, A-CSPs checks the equation . If the equation holds, the data is correct, or else the data has been corrupted. A-CSPs set or according to the equation, and signs using their private key. Eventually, A-CSPs initiate transaction with , respectively, the transaction data is set as . We consider A-CSPs’ transaction as the vote by it. confirms whether the vote is credited to the total by calling Algorithm 1.(iii)Counting and broadcasting: after the polls close, would call the Algorithm 2 stored in smart contract to obtain final auditing result. sends the auditing result to in the form of transaction , as shown in Figure 6. Except for the result, transaction data contains three address list, which are the addresses of A-CSPs whose audit results are true, false, and the addresses of A-CSPs that was not voted for. These three lists can help DO obtain more information than auditing results. For example, DO can better supervise A-CSPs to perform its duties.

1: Input:
2: if Current time is less than the voting deadline then
3: if The sender of is in the whitelist then
4:  if The sender of has not voted before then
5:   if The signature is correct then
6:     record the address of sender in the list according to the content of .
7:   else
8:    The vote will not be counted.
9:   end if
10:  end if
11: end if
12: end if
1: Input:
2: if The sender of is the initiator of the vote, which is S-CSP then
3:   generates the addresses list of voters who voted , , and unvoted voters.
4:  if The number of voters for is greater than 50% of the total number of voters then
5:    sets the voting result to be .
6:  else
7:     sets the voting result to be .
8:  end if
9: else
10:  Failed vote
11: end if

Datasharing: for DU, he or she can browse the content of blockchain and obtain outsourced data from S-CSP out of own requirement. When a DU needs to share the data with another DU, denoted as shares with . Let implies current time, computes first, and signs to get , then generates . Finally, sends to . After receiving the data from , execute Algorithm 3 to verify if and is correct, as well as prepare auxiliary information for data sharing. Figure 7 shows the flow of data when it is shared.

1: Input:
2: Output:
3: DU obtains ’s public key for validating , compares and .
4: ifthen
5: ifthen
6:  It indicates that is correct, let implies current time, computes and signs to get , in which represents the data to be sent by , when does not modify . Next, computes .
7:  else
8:   It indicates that there is a malicious DU that modifies the data, executes 4 to find the malicious DU.
9:  end if
10: else
11:  Request data again.
12: end if

6. Security Analysis

In this section, we will prove the security of proposed scheme theoretically.

6.1. Correctness of Verification

The correctness of equation is elaborated as follows:

6.2. Resisting Collusion Attack

To enhance the reliability of auditing results, we assign same auditing task to multiple A-CSPs, and make use of smart contract on the blockchain to perform auditing results statistics. Only when the auditing result is true for a certain number of A-CSP, will the final auditing result be true. That is, even if S-CSP collude with a few A-CSPs to tamper with auditing results, as long as most of A-CSPs is honest, final auditing result will not be affected. Besides, data on the blockchain is unmodifiable, which means it is impossible to tamper with auditing result by modifying the smart contract.

6.3. Detecting Malicious DU

DU shares the data after retrieving it from S-CSP. In the process of data sharing, all the participated DUs want the data to be complete and correct. And even if a DU maliciously tampers with it, that DU can be found. Since the signature and other verification message are contained in shared data, DU can verify the correctness of the data or find the malicious DU through data validation. We assume that modified the data and send it. Auxiliary message contains . received modified data and verify it. calls algorithm 4 to verify the data.

1: DU verify whether the received data is correct by checking the equation
2: if This equation holds then
3:  accepts the data .
4: else
5:  divides DU before into two groups: . Then checks if .
6: if The above equation holds then
7:  The malicious DU exists in . computes , then verifies if .
8:  if The equation is satisfied then
9:   The malicious DU belongs to , continues to search through binary search until it finds the malicious DU .
10:  end if
11: else
12:  The malicious DU exists in . continues to search through binary search until it finds the malicious DU .
13:  end if
14: end if
6.4. Resistant to Attacks

We validate the attacks mentioned in threat model that can be resisted, the details are as follows: (i)Forge Attack: in the case of data corruption, S-CSP may forge data to pass the verification. But before outsourcing, DO generates block tags and file tag by BLS signature and DO’s secret key. According to Wang et al. [10], as long as the CDH problem is hard in bilinear groups, the BLS signature is secure(ii)Modification Attack: in our scheme, all auditing records and auditing results are stored on the blockchain. The unmodifiable nature of the data on the blockchain ensures the security of auditing data(iii)Counterfeiting Attack: we utilize smart contract to conduct auditing results counting and publishing. And before deploying, we put the white list containing the address of CSP account into smart contract. After receiving the vote, smart contract can judge whether the vote comes from qualified A-CSP. In addition, anyone can monitor the implementation of smart contract to ensure the credibility

7. Performance Evaluation

In this section, we will describe the performance evaluation of proposed scheme from the perspective of property comparison and experiments.

The properties comparison between our scheme and other state-of-the-art schemes are shown in Table 1. The letter Y and N indicate that the scheme has this property or not. We can see that the properties of our scheme are relatively complete. Because of the decentralized auditing structure, our scheme is more stable in the face of collusion attack. We can also identify malicious modifiers in the data sharing process.

Table 2 shows the computational cost of DO, DU, and CSP in different phase during auditing. denotes the multiplication operation on the group, denotes the exponentiation operation on the group, denotes the bilinear pairing operation, is the general hash function, is the total number of data blocks in a file, and denotes the number of blocks to be checked. In our scheme, the computational consumption is mainy generated by TagGen in phase setup, response, and verification in phase integrity verification. For TagGen, DO generates block tags for every blocks, the computation cost is . For response, S-CSP computes tag proof and data proof, thus the computation cost is . For verification, each A-CSP performs to verifies the data integrity. Besides, the accounting and publishing of audit results are done by smart contract, that is blockchain network. Therefore, the computational cost of counting and broadcasting is approximately equal to .

Specially, in the data sharing phase, the computation cost increases with the increase of the number of sharers For example, the th sharers need to perform general hash functions to verify the correctness of shared data. Because the sharer’s signature is superimposed in the order of sharing to get a hash value for data validation, if there is a malicious sharer who modified the data deliberately, the latest sharer can recognize the malicious sharer by binary search, and the time complexity is . As we can see, the computation cost and communication cost in data sharing is very few.

We conduct simulation experiments to validate the efficiency and effectiveness of our scheme. The experiments are performed on a laptop running Windows 7 with a 2.4 GHz Intel Core i7-4500U CPU and 4 GB of memory. We utilizing Pairing-Based-Cryptography(PBC) library version 0.5.14 to implement all the algorithms. And we employ type A pairing parameters, in which the group order is 160-bit. For the data used in experiments, we set the block size as 10 KB, all running time statistics were averaged over 20 trials.

Figure 8 shows the computation time of three phase while total number of blocks are changing. Except for the computational cost of Verification almost stay stable, the computation time of both TagGen and Response grow steadily and linearly as the number of blocks increases. For Verification, we use aggregated data proofs and only one equation to verify them, so the calculation time is stable. The time consumption of TagGen and Response is related to the number of blocks. In these two stages, DO needs to generate block tags one by one, and S-CSP needs to aggregate these together.

Figure 9 shows the proof time of our scheme over two typical ones (i.e., Reference [27] and Reference [11]). From Figure 9, our scheme is better than Reference [27] and Reference [11] in the proof time.

8. Conclusion

In this paper, we proposed a blockchain-based decentralized public auditing scheme. Our scheme employs blockchain and e-voting structure to realize decentralized auditing and collaborative auditing, which improves the stability and reliability of auditing results. In this way, data owners can verify the consistency of the data and quickly find the tampers. We made theoretical analysis and experimental evaluation of the scheme, the results show that proposed scheme meets expected design goals, it is both secure and reliable.

Data Availability

In this paper, we provide the detailed presentation on data in Section VII (Performance Evaluation), meanwhile, we also introduce the procedure of the computational cost analysis. The experiments are performed on a laptop running Windows 7 with a 2.4 GHz Intel Core i7-4500 U CPU and 4 GB of memory. We utilize Pairing-Based-Cryptography(PBC) library version 0.5.14 to implement all the algorithms. And we employ type A pairing parameters, in which the group order is 160-bit. For the data used in experiments, we set the block size as 10 KB, all running time statistics were averaged over 20 trials. The experimental results can be verified the above experimental results in the same running environment.


The previous work [33] was published in International Conference on Wireless Algorithms, Systems, and Applications 2020.

Conflicts of Interest

The authors declare that they have no conflicts of interest.


This research was supported partially by the Fundamental Research Funds for the Central Universities (No. 2022CDJKYJH015), National Natural Science Foundation of China (No. 62072065), Key Project of Technology Innovation and Application Development of Chongqing (CSTC2019jscx-mbdxX0044), and Overseas Returnees Innovation and Entrepreneurship Support Program of Chongqing (cx2020004).