A Multi-KGC Certificateless Anonymous Cloud Sharing Scheme with Threshold-Based Traceability
摘要
Cloud storage has emerged as a prevalent service model for data sharing in the big data era, yet it faces significant integrity threats. While data integrity auditing has been proposed to address this challenge, existing solutions suffer from either heavy certificate overheads or single-point-of-failure risks in single Key Generation Center (KGC) architectures. To overcome these limitations, we propose a multi-KGC certificateless anonymous cloud sharing scheme with threshold-based traceability. Our scheme employs the certificateless signature with multiple KGCs to eliminate certificate overhead while resisting key escrow issues. By incorporating a group-based multisignature mechanism, we prevent attackers from distinguishing actual signers among sharing participants. Furthermore, we develop an anonymous protection and authentication approach where users generate temporary identities by XORing real IDs with secret parameters distributed via Shamir’s secret sharing, enabling threshold-based identity recovery. Cloud servers verify anonymous identifiers to prevent unauthorized access. Notably, the scheme implements threshold-based traceability: a coalition of t KGCs (n KGCs in total) can collaboratively reconstruct secret parameters to reveal a user’s real identity. Theoretical analysis demonstrates the proposal’s correctness and security. Experimental evaluations confirm its practical efficiency.