research article a reputation-based identity management...

Research ArticleA Reputation-Based Identity Management Model forCloud Computing

Lifa Wu1 Shengli Zhou12 Zhenji Zhou1 Zheng Hong1 and Kangyu Huang1

1College of Command Information System PLAUST Nanjing 210007 China2Information Department Zhejiang Police College Hangzhou 310000 China

Correspondence should be addressed to Shengli Zhou 76933768qqcom

Received 21 March 2015 Revised 27 May 2015 Accepted 30 May 2015

Academic Editor Bao Rong Chang

Copyright copy 2015 Lifa Wu et al This is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

In the field of cloud computing most research on identity management has concentrated on protecting user data Howeverusers typically leave a trail when they access cloud services and the resulting user traceability can potentially lead to the leakageof sensitive user information Meanwhile malicious users can do harm to cloud providers through the use of pseudonyms Tosolve these problems we introduce a reputation mechanism and design a reputation-based identity management model for cloudcomputing In the model pseudonyms are generated based on a reputation signature so as to guarantee the untraceability ofpseudonyms and amechanism that calculates user reputation is proposed which helps cloud service providers to identifymalicioususers Analysis verifies that the model can ensure that users access cloud services anonymously and that cloud providers assess thecredibility of users effectively without violating user privacy

1 Introduction

Cloud computing is a computing model for enabling ubiqui-tous convenient on-demand network access to a shared poolof configurable computing resources (eg networks serversstorage applications and other services) that can be rapidlyprovisioned and released withminimalmanagement effort orcloud service provider (CSP) interaction [1] Large numbersof users may simultaneously engage in cloud computingservices making the ldquomultitenantrdquo feature an importantproperty of cloud computing according to the Cloud SecurityAlliance (CSA) [2] However themultitenant property bringsthe following new problems

(i) Privacy leaks because of external user data in an openenvironment users must be authenticated to accesscloud services If users employ their actual names (orfixed usernames) to log in sensitive information suchas login names or even long-term behavior may berevealed by data mining or other techniques and usedillegally by the CSP

(ii) Management problems caused by an excessive num-ber of tenants to preserve privacy users must employ

different pseudonyms to access each cloud computingsession In this case it is difficult for users to recall alarge number of pseudonyms and passwords Mean-while single-use pseudonyms make no contributionto the development of a userrsquos reputation

(iii) Security threats to the CSP caused by multiple ten-ants by accessing cloud services malicious usersmay take the opportunity to attack the CSP throughactivities such as stealing data performing vulner-ability scanning and launching denial of service(DoS) attacks In particular if allowed to log in bya pseudonym malicious users can launch whitewashattacks where themalicious user can continue to visitthe CSP normally after an attack or initiate anotherattack by creating a new pseudonym

Considering the above problems traditional identitymanagement mechanisms that store user identities in adatabase directly are no longer applicable [3] In this paperwe design a new identity management model based onuser reputation which is herein denoted as reputation-basedidentity management (RIM)Themain contributions of RIMare listed as follows

Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2015 Article ID 238245 15 pageshttpdxdoiorg1011552015238245

2 Mathematical Problems in Engineering

(i) Anonymous user access in RIM we design a methodin which each user takes a different pseudonymfor each session when accessing cloud services Nolink between a user identity and a correspondingpseudonym is provided and no link is providedbetween the pseudonyms of a single user Pseudonymusage does not affect user attestation and it decreasesthe input of private user information rendering itimpossible for tenants to spy on each other

(ii) User attestation in our model users firstly registerwith an identity provider (IdP) which provides theuser with a formal identity certificate The identitycertificate is the basis for the user to prove theirlegitimate status to the CSP

(iii) Reputation attestation RIM records and determinesuser reputations as user activities accumulate withaccess to successive cloud computing sessions andprovides proof of the reputation The proof assuresthe credibility of the reputation ensuring that thereputation indeed belongs to its owner The proofalso guarantees nonrepudiation that is a user cannotdeny the reputation assigned to them As such theproof ensures unforgeability Users cannot promotetheir reputation without the authorization of the IdPThe introduction of a reputation does not affect theanonymity of users

The remainder of this paper is organized as followsSection 2 describes related work Section 3 introduces thebackground and technology of cloud computing along withidentity management Section 4 introduces the proposedRIM and describes its design and realization Section 5analyzes the correctness and security of our model Finallythe last section concludes the paper and proposes futurework

2 Related Work

The focus of identity management for cloud computing isuser privacy In [4] the authors proposed an approach topreserve the privacy of users based on zero-knowledge proofprotocols and semantic matching techniques The approachalso enhanced the interoperability across multiple domainsAlthough the study realized the goal of concealing useridentities the CSP could still obtain sensitive informationthrough data mining techniques because user identitieswere consistent throughout the entire process In [5] theauthors proposed an entity-centric approach for identitymanagement in cloud computingThe approachwas based onpersonally identifiable information (PII) and on anonymousidentification to mediate interactions between users andcloud services Although the identification was anonymousthe PII released privacy related information In [6] theauthors took advantage of attribute-based encryption andsignature technology to conceal user identities in cloudcomputing However because users must employ a singleunchanging certificate to obtain authentication from the CSPan attacker may ascertain a userrsquos identity easily through

the static certificate In [7] the authors improved theapproach proposed in [4] where the registry center was notrequired to be online at all times However the improvedapproach had the same disadvantages with respect to userprivacy protection as the original approach In [8 9] theauthors designed and introduced a method that integratedblind signature and hash chain techniques to protect userprivacy in cloud computing However in every session usersemploy the same pseudonym to log in which results inlinkability between different sessions Although the abovestudies achieve the goal of user identity concealment thesuccessive behaviors of individual users can be associatedThus through analyzing user behaviors the CSP can poten-tially compromise user privacy In [10] the authors pro-posed a method for anonymity using group digital signaturetechnology Because this method introduced no correlationbetween user signatures this method is an improvementover the aforementionedmethods However the use of groupdigital signature technology forbids members from joiningand leaving a group dynamically which conflicts with theopenness of cloud computing

In this paper we propose an approach that achieves useridentity anonymity Moreover by this approach the CSPis unable to link user behavior to user identity While theanonymity of identity protects user privacy it tends to enableCSP attack by malicious users because the CSP is unable totrace the users involved in the attackTherefore our approachintroduces trust management to address the shortcomingsof identity anonymity The approach determines user repu-tations and binds the reputation to user identity The CSPutilizes user reputation to distinguish malicious users and toreduce the threat of attack by malicious users [11]

Previous reputation research has focused on peer topeer (P2P) systems which has been developed into varioussystems for example the EigenTrust [12] the PeerTrust [13]and the PowerTrust [14] systemsAlongwith the developmentof electronic business reputation research has had a serviceoriented focus where the reputation of service providers hasbeen evaluated to protect consumers In [15 16] reputationwas employed as a means of choosing service providers Incloud computing most research has focused on protectingthe CSP such as what was done in [17 18] However the useof a reputation model to manage users in cloud computingsuch as that employed in this paper has not been the subjectof previous research In [19] the authors designed an identitymanagement model for a noncloud computing environmentThe model supposed that users must be previously regis-tered which conflicts with the required openness of cloudcomputing In [20 21] the authors designed a reputation-based identity management model that used online systemsfor applications in for example electronic business andforums The online system must recognize user identities orunique identifiers to accumulate reputation data Howevertracking user identities tends to leak user information whichthreatens privacy This is why these approaches cannot beapplied to cloud computing Our proposed RIM introducesreputation to manage users and simultaneously protectsuser privacy which has not been investigated by otherresearchers

Mathematical Problems in Engineering 3

User

SaaS Application 1 Application n

Management services

QoS guarantee

Security assurance

PaaS Data process model

Mass data storage

Coreservices

IaaS Virtualization services

Data center devicesNetworkresources

Compute nodes

Identity managementservicemiddot middot middot

Figure 1 Cloud services architecture

User privacy protection requires a user identity to beanonymous such that it cannot be tracked However thedetermination of reputation must confirm user identity andtrack user transaction historyTherefore reputationmanage-ment and identity anonymity appear to be contradictory [22]In [22] the authors alleviated this contradiction and designedan anonymous reputation system in a P2P environmentusing electronic cash technology to provide feedback to usersaccording to behavior However according to this approachthe amount of feedback one user gives to another is restrictedby the quantity of electronic coins in the former userrsquospossession A user with no electronic coins is therefore barredfrom involvement in the transaction As such this methodcontradicts with the openness of cloud computing In [23]the authors used blind signature technology to achieve areputation-based identity management approach in the C-Smode This approach provides the service provider with userreputations while guaranteeing user anonymity Howeverunder this approach a service provider can confirm thatorders derive from the same user and accumulate the historyof user actions resulting in the potential violation of userprivacy In [24] authors achieved an anonymous reputationsystem based on zero-knowledge authentication and digitalsignature technology However [4] the sessions between theuser and service provider under this approach are linkableenabling service providers to violate user privacy From theabove analysis we can see that these last two examples[25] manage to provide user reputation only by divulginguser identity Our RIM overcomes these shortcomings bydetermining user reputationwhile ensuring that user identityand pseudonyms are unlinkable

3 Technology Background

31 Cloud Computing Architecture Cloud computing pro-vides three main service delivery models to the publicincluding the following [2]

(i) Software as a Service (SaaS) this is a software deliverymodel in which software and its associated data are

hosted in the cloud and are typically accessed by usersusing a thin client

(ii) Platform as a Service (PaaS) this is the delivery of acomputing platform and solution stack as a servicewhich provides all the facilities required to supportthe complete life cycle of building and delivering webapplications and services from the Internet

(iii) Infrastructure as a Service (IaaS) this delivers com-puter infrastructure (typically a platform virtualiza-tion environment) as a service along with raw stor-age and networks Rather than purchasing serverssoftware data-center space or network equipmentclients purchase the resources as a fully outsourcedservice

Based on the above approach a number of similarabstract service models have been recently promoted suchas Hardware as a Service (HaaS) Data as a Service (DaaS)and Communication as a Service (CaaS) Cloud computingmanagement services ensure the reliability availability andsecurity of core services Figure 1 [26 27] illustrates the basicservice architecture of cloud computing

Cloud identity management takes charge of identitymanagement throughout the entire cloud services stackIdentity management can be divided into three categories[28] isolated user identity model federated user identitymodel and centralized user identitymodel which are definedas follows

(i) Isolated user identitymodel in thismodel the serviceprovider acts as both credential provider and iden-tifier provider to their clients A user obtains sep-arate unique identifiers from each serviceidentifierprovider transacted with

(ii) Federated user identity model this can be definedas the set of agreements standards and technologiesthat enable a group of service providers to recognizeuser identifiers and entitlements from other serviceproviders within a federated domain


User 1

Common identifier and credentials provider

User 2

SaaS PaaS IaaS

Cred2

Cred1

Cred1Cred1

Cred2

Cred2

SaaSVM1

PaaSVM1 VM2

IaaS

VM2

VM

Figure 2 Centralized user identity model in cloud computing

(iii) Centralized user identity model this model employsa single identifier and credential provider that is usedby all service providers to provide identifiers andcredentials to users

In the centralized user identity model the job of identitymanagement has been taken over by an identity providerfrom the service provider This reduces the burden of theservice provider and also reduces the number of certificatesrequired by users to hold In addition the centralized useridentity model facilitates the delivery of the identity man-agement service from the CSP to the users In an identityprovider management domain users first obtain a formalcertificate and then access cloud services in the same domainusing this certificateThis propertymakes the centralized useridentity model suitable for cloud computing and thereforewe employ a centralized model in our design as shown inFigure 2

32 Basic Technology We introduce identity-based signatureblind signature and zero-knowledge authentication technol-ogy to implement RIM

The identity-based signature was proposed by Shamir[29] in 1984 Here a userrsquos identity is first disclosed as apublic key and then used to generate a private key In [29] theauthors designed a conceptual model but did not provide forany real implementation Since then studies of the identity-based signature have been conducted but no efficient andprovable signature scheme was concluded until Boneh etal [30 31] promoted an identity-based encryption schemeIdentity-based signature comprises four stages setup privatekey extraction signature and verification Using an identityas a public key has a natural legitimacy which can simplifythe process of key distribution

The concept of blind signature was suggested by Chaum[32] The approach ensures that the signer does not know thespecific content of the message and that the message ownercan obtain the signature of the message Blind signatureconsists of three operations blinding signing and blindnessremoval Blind signature has many characteristics conducive

to protecting user privacy such as (1) blindness where thesigner does not know the specific content of themessage to besigned and (2) untraceability where if a signature is leakedthe signer has no idea of when and by whom themessage wassigned

Zero-knowledge proof authentication technology refersto a proverrsquos assurance of ownership of some secret informa-tion without revealing any useful knowledge about the secretinformation to the verifier Well-known zero-knowledgeauthentication schemesmainly include the Feige-Fiat-Shamir[33] scheme the Guillou-Quisquater [34] scheme and theSchnorr [35] scheme

The proposed RIM achieves an identity managementmodel that is suitable for cloud computing by employingmethods related to the above techniques that are mostsuitable for specific application scenarios In Section 43 wegive a detailed exposition of our design

4 Model Design and Implementation

In this section we firstly give some assumptions for RIM andthen explain the detailed implementation of the model

41 Assumptions We must make some reasonable assump-tions to ensure proper RIM functionality Firstly we assumethe existence of an independent arbitration agency whosefunction is similar to a governmental authority that canensure user privacy while simultaneously providing a securesource of anonymous user information under very specificcircumstances As such the agency proposed herein is dif-ferent from a trusted third party in an ordinary sense Theagency need not have a continual online presence Moreoverthe agency does not collude with other users and userinformation is protected frommalicious users Because cloudservices are open to the public as a paid service it is necessaryto reveal anonymous user information when a CSP suffers anattack or has economic disputes with users Therefore RIMmust be able to identify anonymous users to address thesespecific problems If a CSP seeks anonymous informationit must provide a range of certificates and follow prescribedsecurity protocols to ensure that the application submitted islegitimate

Another important assumption is that the communica-tion channel in RIM is secure SSL and IPSec protocols canbe used to ensure the security of the channel

42Model Design Four roles aremanaged in RIMUser CSPIdP and deanonymizing authority (DA) which are defined asfollows

(i) User the consumer of cloud services who requestsidentity anonymity and benefits from the service

(ii) CSP the service provider who after the transactionbetween the User and CSP provides feedback regard-ing the transaction

(iii) IdP the service provider who not only providesregistration services to the User but also determinesthe User reputation which is indicative of the degree


CSP

IdP

(1) User registe

r

(2) Pseudonym generation

(3) Identity authentication

(4) Services accessU Pu

(a)

(5) Reputation backfeeding(6) Applying for re

putation update

CSP

IdP

(4) Services access

(8) Reputation update confirmation

(7) Blind signature

U Pu

(b)

Figure 3 Schematic of the anonymous access and reputation update process

of trust based on the feedback obtained from theCSPThe IdP issues the User reputation certificate

(iv) DA an authority that can reveal User pseudonymsand provide User identity-related information to theCSP

RIM has five stages namely Environment InitializationUser Registration Identity Authentication Reputation Com-putation and Pseudonym Disclosure

In the Environment Initialization stage RIM first createsthe public parameters of the IdP DA and CSP It thengenerates the public and private keys used for signaturesTheoperations of key generation are as follows 120582 is the securityparameter 119875119870 denotes the public key and 119878119870 denotesthe private key The following describes the probabilisticpolynomial time algorithm

(i) (119875119870119868119889 119904 119878119870

119868119889 119904) larr 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899(1120582) it is a key-

generation algorithm that takes 120582 as the input andoutputs a pair (119875119870

119868119889 119904 119878119870

119868119889 119904) of public and secret

keys used by the IdP to sign the identity certificate

(ii) (119875119870119868119889 119887 119878119870

119868119889 119887) larr 119878119890119905119906119901 119868119889119875 119887119897119894119899119889(1

120582) given the

security parameter 120582 it creates a pair of keys (119875119870119868119889 119887

119878119870

119868119889 119887) which is used by the IdP to generate a blind

signature

(iii) (119875119870119862119878119875 119878119870

119862119878119875) larr 119878119890119905119906119901 119862119878119875(1120582) it outputs a pair

of keys (119875119870119862119878119875 119878119870

119862119878119875) which is used by the CSP to

create a feedback certificate(iv) (119875119870

119863119860 119878119870

119863119860) larr 119878119890119905119906119901 119863119860(1120582) it gives the DA a

pair of keys (119875119870119863119860 119878119870

119863119860) which is used to encrypt

and decrypt User identities

Keys (119875119870119868119889 119904 119878119870

119868119889 119904) and (119875119870

119868119889 119887 119878119870

119868119889 119887) can be com-

bined into a single pair However in such a situation ifthe keys are disclosed the IdP will collapse When they areseparated if one pair of keys is compromised for example ifthe blind signature key is compromised only the credibility ofthe reputation is affectedwhile the identity certificate remainsvalid Owing to security considerations we maintain thesetwo key pairs as separate

The Registration operation and Verification operationcontained in the User Registration stage are defined asfollows

(i) Registration the User initiates the operation (119862119868119889

119903119890119901 119862119903119890119901) larr 119877119890119892119894119904119905119890119903(119878119870

119868119889 119904 119868119889) to register with the

IdPTheUser obtains an identity (119868119889) as the input andthen receives the identity certificate 119862

119903119890119901 reputation

(119903119890119901) and reputation certificate 119862119903119890119901

Here 119903119890119901 is theinitial reputation value for new users given by the IdP

(ii) Verification the operation 1perp larr 119862ℎ119890119888119896119877119890119892(119875119870119868119889 119904

119862119868119889 119903119890119901 119862

119903119890119901) is employed by theUser to authenticate

119862119868119889 119903119890119901 and119862

119903119890119901This operation takes the IdP public

key 119875119870119868119889 119904

as one of the inputs which will confirmthe legitimate source of these certificates If verified1 will be returned as the result otherwise perp will bereturned

The first time a User enters the cloud service system theUser must register with the IdP using their own identity TheIdP will determine whether the identity is redundant or onthe blacklist If the answer is no the verification is passedThe IdP gives theUser an initial reputation value and issues anidentity certificate and reputation certificateThe identity thatregistered to the IdP is known to the public It can be a URLor e-mail address associatedwith theUserThe public identitycarries less privacy and is easily verified by the IdP Becauseof the openness of cloud services the rules for accessingcloud services cannot be overly strict In RIM all users thatmeet the basic safety requirements are allowed access AfterRegistration theVerification operation is performed to verifythe identity certificate and the reputation certificate Theabove processes are illustrated in Step 1 of Figure 3(a)

After the User has a recognizable valid identity accessis granted to the CSP using the pseudonym generatedaccording to this valid identity and the CSP will authenticatethe pseudonym The Identity Authentication stage includesthe Pseudonym Generation operation and Authenticationoperation shown in steps 2 and 3 of Figure 3(a) which aredescribed as follows


CSP

IdP

(9) Reputation withdrawal

U Pu

Resume (2ndash8)

(a)DA

(10) Anonymity removal

(11) Identity mapping

CSP

IdP

(b)

Figure 4 Schematic of the standard access process and Pseudonym Disclosure

(i) Pseudonym Generation taking 119868119889 the User identitycertificate 119862

119868119889 and 119903119890119901 as the inputs the opera-

tion 119875119906larr 119866119890119899 119901119899119910(119868119889 119862

119868119889 119903119890119901) outputs the User

pseudonym 119875119906 which is the only identification pre-

sented to the CSP

(ii) Authentication the operation 1perp larr

119860119906119905ℎ119890119899119905119894119888119886119905119890(119875119906 119862

119903119890119901) is used to authenticate

the User identity through 119875119906

by the CSP Thisoperation is also used to confirm the credibility ofthe User reputation

The Pseudonym Generation operation encrypts Id usingthe public key provided by the DA As such if a dispute arisesbetween the User and the CSP RIM would decrypt 119875

119906with

the private key provided by the DA to restore the User IdTheAuthentication operation applies the Σ-protocol to conductthe authentication During the process the CSP can extract119875119906 119862

119903119890119901 and 119903119890119901 but not the User Id

After the transaction between the User and the CSPRIM enters the Reputation Computation stage where theUser rep is updated on the basis of feedback provided bythe CSP This stage includes a series of operations includingthe Reputation Backfeeding operation Blinding operationApplying for Reputation Update operation Blind signingoperation and Reputation Update Confirmation operationwhich are defined as follows

(i) Reputation Backfeeding the CSP calls (119903119890119901 119899119890119908119862119903119890119901 119899119890119908

) larr 119866119903119886119899(119875119906) and provides reputation feed-

back 119903119890119901 119899119890119908 and its certificate 119862119903119890119901 119899119890119908

according tothe performance of 119875

119906 The 119862

119903119890119901 119899119890119908guarantees that

119903119890119901 119899119890119908 is from the CSP

(ii) Blinding 119875119906randomly selects the blind factor119873119900119899119888119890

as the input of the operation 119873119900119899119888119890 119887119897119894119899119889 larr

119861119897119894119899119889(119873119900119899119888119890) to obtain the blinded valueNonce blind

(iii) Applying for Reputation Update given the inputs119903119890119901 119899119890119908 119862

119903119890119901 119899119890119908 119873119900119899119888119890 119887119897119894119899119889 119875

119906calls 1perp larr

119880119901119889119886119905119890(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) to apply forreputation updating The IdP verifies the reputationfeedback based on 119903119890119901 119899119890119908 and119862

119903119890119901 119899119890119908 A successful

operation returns 1 otherwise it returns perp

(iv) Blind Signing the IdP calls 119862119887119897119894119899119889

larr

119861119897119894119899119889 119904119894119892119899(119873119900119899119888119890 119887119897119894119899119889) to generate the blindsignature 119862

119887119897119894119899119889of the value Nonce blind

(v) Reputation Update Confirmation the User removesthe blindness of 119862

119887119897119894119899119889and obtains the certificate

119862119873119900119899119888119890

of Nonce Then the User calls 1perp larr

119862119900119899119891119894119903119898 119880119901119889119886119905119890(119862119873119900119899119888119890

) to submit the request forconfirming the update of reputation to the IdP If theIdP successfully updates the User rep it returns 1otherwise it returns perp

The CSP provides feedback to 119875119906using the Reputation

Backfeeding operation as illustrated by Step 5 in Figure 3(b)TheApplying for ReputationUpdate Confirmation operationsubmits the reputation feedback 119903119890119901 119899119890119908 and a blindedrandom value 119873119900119899119888119890 119887119897119894119899119889 to the IdP and expects that theIdP will update 119903119890119901 This operation is illustrated by Step 6in Figure 3(b) The IdP verifies the feedback and determinesthat it is valid However the IdP cannot determine for whomthe feedback is designated because the IdP cannot track thefeedback to the User 119868119889 The IdP uses the Blind Signingoperation to sign119873119900119899119888119890 119887119897119894119899119889 and gives the result119862

119887119897119894119899119889back

to 119875119906 as illustrated by Step 7 in Figure 3(b) Because the

User generates 119875119906directly the User can locate their own 119875

119906

The User obtains 119862119887119897119894119899119889

through 119875119906and then removes the

blindness of 119862119887119897119894119899119889

to obtain 119862119873119900119899119888119890

The User subsequentlycalls the Reputation Update Confirmation operation andsubmits 119862

119873119900119899119888119890to the IdP to confirm the updating of rep

which is illustrated by Step 8 in Figure 3(b) The IdP verifies119862119873119900119899119888119890

and if passed the value of 119903119890119901 is updated The IdPcannot link 119873119900119899119888119890 to 119873119900119899119888119890 119861119897119894119899119889 which is why the blindsignature is introducedThismethod ensures that even in thecase of collusion between the IdP and CSP the IdP cannotobtain the User 119868119889 through 119875

119906

The aforementioned processes address the entire processof new user access to cloud services including User Registra-tion accessing services and reputation updateTheUser whois already registeredmust first call the ReputationWithdrawaloperation to acquire a value for 119903119890119901 from the IdP and thenfollow all subsequent operations as the aforementioned TheReputationWithdrawal operation is illustrated in Figure 4(a)which is described as follows


(i) Reputation Withdrawal the User acquires 119903119890119901 and119862119903119890119901

by the operation (119903119890119901 119862119903119890119901) larr 119882119894119905ℎ119889119903119886119908(119868119889)

using its own 119868119889

The last stage is the Pseudonym Disclosure stage If theUser has done harm to the CSP the CSP must gain accessto the User 119868119889 This stage includes the Anonymity Removaloperation and the Identity Mapping operation which aredescribed as follows

(i) Anonymity Removal when the operation 119892119868119889 larr

119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870

119863119860) is called the DA opens

119875119906using its private key 119878119870

119863119860 The output of this

operation is not the User 119868119889 itself but 119892119868119889 which isgenerated by the IdP where 119892 is one of the publicparameters

(ii) Identity Mapping IdP calls 119868119889 larr 119872119886119901(119892119868119889) to map119892119868119889 to the User 119868119889 and then resolves the disputesoffline

The CSP submits a malicious behavior report for theUser and pseudonym 119875

119906to the DA and applies for opening

a pseudonym as illustrated in Step 10 in Figure 4(b) TheDA uses the Anonymity Removal operation to open 119875

119906and

obtains 119892119868119889The DA submits 119892119868119889 to the IdPThen the IdP callsthe Identity Mapping operation and retrieves the User 119868119889 asillustrated by Step 11 in Figure 4(b) Therefore for securityconsiderations the DA does not recover the 119868119889 directly Thisis one of the methods that ensure user privacy and preventthe misuse of a userrsquos identity

The above provides an overview of RIM The followingprovides a concrete realization of our model

43 RIM Realization In this section we provide a descrip-tion of the concrete realization of RIM based on HiddenIdentity-Based Signaturesproposed byKiayias andZhou [36]Hidden Identity-Based Signatures meet user requirementsfor anonymity in a cloud computing environment but theydo not satisfy the need for a unique user pseudonym foreach session We therefore extended Hidden Identity-BasedSignatures by introducing reputation and blind signature tofulfill the requirementsmentioned above In RIM we achieveblind signature using the Schnorr scheme [25] The publicparameters discussed previously [25 36] are identical so theRIM is made more comprehensive by combining the twotechniques

In the Environment Initialization stage we generatepublic parameters ⟨119901 119892 119866 119866

119879 119890⟩ where 119866 and 119866

119879are cyclic

groups of prime order 119901 119892 is a generator for 119866 and 119866119879 119890 is a

bilinear map 119890 119866 times 119866 rarr 119866119879 and |119866| = |119866

119879| ℎ is selected

from 119866 1 randomly 119867 is a hash function 119867 0 1lowast rarr

119885119901 The operation 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899(1120582) randomly selects

119909 119910119903

larr997888 119885lowast

119901and computes 119883 = 119892119909 119884 = 119892119910 where the

public and private key pairs are given as 119875119870119868119889 119904

= (119883 119884)119878119870

119868119889 119904= (119909 119910) Similarly the operation 119878119890119905119906119901 119868119889119875 119887119897119894119899119889(1120582)

generates the key pair 119875119870119868119889 119887

= 119872 119878119870119868119889 119887

= 119898 where119898

119903


119901and119872 = 119892minus119898 119878119890119905119906119901 119862119878119875(1120582) generates the key pair

119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875

= (119894 119895) for feedback signature using

the same method described above The key pair generationof 119878119890119905119906119901 119863119860(1120582) is more complicated It randomly selects119906 V

119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889

which provides the key pair 119875119870119863119860= (119906 V 119908) 119878119870

119863119860= (119887 119889)

After the keys are generated RIM publishes the public keysand keeps the private keys secret

In the User Registration stage the IdP provides the Userwith the identity certificate reputation and reputation cer-tificate We introduce the technology of short signatures [37]to issue these certificatesThe IdP randomly selects 119903 119902 119903

larr997888 119885119901

and then issues identity certificate119862119868119889larr (1198921(119909+119868119889+119910119903) 119903) and

reputation certificate 119862119903119890119901larr (1198921(119909+119903119890119901+119910119902) 119902) noting that 119868119889

and 119903119890119901 denote the identifier and reputation belonging to theUser After that the IdP gives theUser a triple ⟨119862

119868119889 119862

119903119890119901 119903119890119901⟩

The User verifies these certificates using the IdP pub-lic key When the equation 119890(1198921(119909+119868119889+119910119903) 119883119892119868119889119884119903) =

119890(119892 119892) holds the User accepts the identity certificate Inthe same way the User verifies the reputation certifi-cate If the two certificates are both valid the operation119862ℎ119890119888119896119877119890119892(119875119870

119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) returns 1 If either certificate

is invalid both certificates are discardedThe Pseudonym Generation and Authentication opera-

tions in the Identity Authentication stage are usually carriedout together in practice In this paper we extend the methodintroduced in [36] to authenticate the User identity Useridentity certificate and the link between the User identityand identity certificate Our approach requires verificationthat the reputation generated from the pseudonym belongsto the User we have just authenticatedThe specific process isdescribed as follows

(i)The User employs linear encryption [37] to commit 119868119889in (119880 119881119882) It satisfies the constraints 119880 = 119906

119896 119881 = V119897119882 =

119908119896+119897119892119868119889 where 119897 and 119896 are randomly selected119870 119897 119903

larr997888 119885119901

(ii)TheUser commits119862119868119889in (119878 119877) that is 119878 = 1198921199031119862

119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903

2are randomly selected 119903

1 1199032

119903

larr997888

119885119901(iii) The User authenticates their identity using the zero-

knowledge proof technique [35] as described in Figure 5Finally if the equation holds theUser is assured of possessinga legitimate identity although the CSP would have noknowledge of that identity

(iv) The process of authenticating the User identitycertificate is described in Figure 6 If the equations hold theUser is assured of possessing a legitimate identity certificatealthough theCSPwould have no knowledge of that certificate

(v) It must also be verified that the identity and theidentity certificates belong to the same User The verificationprocess is described in Figure 7 If the equations are true theidentity is bound to the identity certificate

(vi) Moreover the legitimacy of the reputation and thatthe reputation belongs to the User must also be verifiedThe reputation is open to the public so it is authenticatedusing the IdP public key When verifying that the reputationbelongs to the User the User identity is hidden To this end asecret message is selected and ownership of the reputationcertificate can be verified only if the User has the secret


U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP

Show the promise B1 B2 B3

Give the challenge 120590

Show the answer 120585Id 120585k 120585l

Figure 5

S = gr1CId

R = gr2hr1Yr

B4 = gminus1205791199032 hminus1205791199031Yminus120579119903

120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r

B4 R120590gminus1205851199032 hminus1205851199031Yminus120585119903=

User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4


Show the answer 120585r1 120585r2 120585r

S R

Figure 6

message as described in Figure 8(a) Linkability between thereputation certificate and the User identity is then verified asdescribed in Figure 8(b) If the equations hold the reputationand reputation certificate are concluded to belong to theUser

(vii) Finally we verify that the encrypted identity certifi-cate is from the IdP according to the encrypted identity

We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)

where if 11986111= 120585 the abovementioned conclusion is verified

because if the IdP private key is input we obtain the output119890(119862

119868119889 119883119892119868119889119884119903) = 119890(119892 119892)

Thus far the legitimacy of the 119868119889 119862119868119889 119862

119903119890119901119862119868119889 and 119862

119903119890119901

has been verified Moreover the linkability between the 119868119889and the 119862

119868119889and 119862

119903119890119901has been verified Though the 119868119889 has

been encrypted it can be verified that the 119862119868119889

derives fromthe IdP

Together with the verification of the legitimacy ofthe reputation all of the above comprise the operation119860119906119905ℎ119890119899119905119894119888119886119905119890(119875

119906 119862

119903119890119901) Because the reputation need not

be secret the reputation can be authenticated simply byinputting the IdP public key

Next we address the 119890(119862119903119890119901 119883119892119903119890119901119884119902) = 119890(119892 119892) operation

119866119890119899 119901119899119910(119868119889 119862119868119889 119903119890119901) Here the pseudonym 119875

119906is just the

random challenge 120590 used by the CSP for authenticating theUser 119875

119906meets cloud computing security requirements The

security analysis will be conducted in the next sectionOur implementation of the Reputation Computation

stage is described as follows

(i) ReputationWithdrawal the operation119882119894119905ℎ119889119903119886119908(119868119889)returns the reputation certificate which is signed bythe IdPThe specific implementation of the reputationcertificate is equivalent to that of the identity certifi-cate

(ii) Reputation Backfeeding we continue to use the shortsignature [38] to sign the feedback given by the CSPthat is 119862

119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is

randomly selected 119899 119903

larr997888 119885119901

(iii) Blinding this operation is performed by the Userand the IdP The IdP possesses the key pair (119872119898)where119872 = 119892

minus119898 The IdP randomly selects 119903119887

119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from

the IdP and selects a random number 119873119900119899119888119890 that isto be signed 119875

119906computes 119909lowast

119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890

119887as the blind signature of

119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887

(iv) Applying for Reputation Update The IdP verifies thereputation feedback which is signed by the CSP Ifthe equation 119890(1198921(119894+119903119890119901 119899119890119908+119895119899) 119868119892119903119890119901 119899119890119908119869119899) = 119890(119892 119892)

holds we conclude that the verification has passed

(v) Blind Signing the IdP computes 119910119887= 119903

119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889

= 119910119887This is also the process of signing the blind

randomnumber119873119900119899119888119890 119887119897119894119899119889The IdP does not knowthe plaintext of119873119900119899119888119890 throughout the process

(vi) Reputation Update Confirmation the User removesthe blindness of 119862

119887119897119894119899119889(ie 119910

119887) through computing

119910lowast119887= 119910

119887+119906

119887Then the pair (119890lowast

119887 119910lowast

119887) is obtained which

is the signature of 119873119900119899119888119890 denoted by 119862119887119897119894119899119889

Finallythe User calls 119862119900119899119891119894119903119898 119880119901119889a119905119890(119862

119873119900119899119888119890 119873119900119899119888119890) to

confirm the update of the reputation The IdP deter-mines if the equation 119909lowast

119887

= 119892119910lowast

119887119872119890lowast

119887 holds If so theIdP then examines the equation 119890lowast

119887

= 119867(119909lowast119887 119873119900119899119888119890)

When both equations hold the IdP concludes that thesignature is valid


1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752

B6 = Vminus12057911990311205791205752Show the promise B5 B6 B7


Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr

larr Zp997888Show the promise B8


Show the answer 120585t 120585q

(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822

1205821 = tk 1205822 = tlShow the promise B9 B10

(b)

Figure 8

After verifying the blind signature the IdP performs theactual reputation updating operationWe introduce the feed-back based reputation calculation method [39] to estimatethe User reputation Here three factors determine the totalvalue of User trustworthiness that is 119903119890119901 119899119890119908 119903119890119901 ℎ 119903119890119901 119906where 119903119890119901 119899119890119908 represents the new reputation feedback theCSP provides after the transaction 119903119890119901 ℎ is the historyfeedback provided by the previously accessed CSP and119903119890119901 119906 is the overall reputation the User had prior to thecurrent transaction After accessing the service the Userreputation is calculated by 119903119890119901 = (119882 119899119890119908 times 119903119890119901 119899119890119908) +

(119882 ℎ times 119903119890119901 ℎ) + (119882 119906 times 119903119890119901 119906) To regulate the value ofthe reputation we let 119903119890119901 119899119890119908 119903119890119901 ℎ 119903119890119901 119906 be normalized tovalues in [0 1]119882 119899119890119908119882 ℎ119882 119906 denote the new feedbackweight the updated history feedback weight and the updatedoverall reputation weight prior to the current transactionrespectively All the weights have values in [0 1] and satisfythe constraint 119882 119899119890119908 + 119882 ℎ + 119882 119906 = 1 The details havebeen described in [39]

In the Pseudonym Disclosure stage the DA and IdPdecrypt the User pseudonym and then restore the User IdThe details of the two operations are as follows

(i) Anonymity Removal the DA decrypts the secretinformation (119880 119881119882) using the secret key (119887 119889) inthe possession of the DA to restore 119892119868119889 that is 119892119868119889 =119882(119880119887119881119889)

(ii) Identity Mapping the IdP maps 119892119868119889 to the User Idusing the internal mapping table that is built at thebeginning

Through the abovementioned operations we can deliveran identity management service The User generates a pseu-donym using this service and then employs the pseudonymas the identity for accessing cloud services without exposingany real identity information The User reputation within acertain range indicates to what extent the CSP can trust theuser based on the possibility that the User may carry outmalicious activities

5 Model Analysis

In this section we verify the correctness and provide adetailed security analysis of the proposed model


51 Correctness of the Model The correctness of the modelincludes User Registration correctness Reputation Calcu-lation accuracy Identity Authentication correctness andPseudonym Disclosure correctness

Definition 1 User Registration correctness is described asfollows If the identity certificate and the reputation certificatecan be verified with a probability of 1 then one concludes thattheUser Registration is correctThis is given by the following

Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)

Theorem 2 RIM User Registration is correct

Proof If the above probability is 1 then the output of eachoperation must be correct and the identity certificate andthe reputation certificate can pass the verification using thepublic keys in the possession of the IdP The validity of theidentity certificate was verified in [38] and we need only toverify the validity of the reputation certificate The followingformula (3) confirms that 119890(1198921(119909+119903119890119901+119910119902) 119883119892119903119890119901119884119902) = 119890(119892 119892)verifying the reputation certificate is valid Consider

119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)

Definition 3 Identity Authentication correctness is describedas follows The CSP authenticates the User through theUser pseudonym 119875

119906 If all the operations return correct

outputs with a probability of 1 we conclude that the IdentityAuthentication is correct This is given by the following

Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)

Theorem 4 RIM Identity Authentication is correct

Proof The CSP must authenticate the User identity thevalidity of the identity certificate the linkability of theidentity and identity certificate the validity of the reputationcertificate and the linkability of the identity and reputationcertificate All of the above have been proven in [25] with

the exception of the linkability of the 119868119889 and reputationcertificate Therefore we only verify here the linkability ofthe 119868119889 and reputation certificate The verification follows thesame approach as that of formula (3) but is conducted bythe CSP Verifying the linkability of the 119868119889 and reputationcertificate follows according to formula (4) which indicatesthat the User owns the reputation certificate and formulas(5) and (6) which verify that the User identity is linked withreputation certificate Consider

119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)

= 119892119905120590119884120590119902119892minus120590119905119884minus120590119902119892minus120579119905119884

minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579

119905V1205791205822119881minus120590sdot119905V120590sdot119905119897

= 119881minus120579119905V1205791205822119881minus120590sdot119905

119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)

The Reputation Computation accuracy involves twoaspects (1) the correctness of the operations such as reputa-tion acquisition reputation feedback and reputation updateand (2) the fact that the reputation evaluation algorithm canaccurately calculate the user degree of trustworthiness Theaccuracy of the evaluation algorithmhas been verified in [39]Therefore in this paper we only define the correctness of theoperations

Definition 5 Reputation Calculation correctness is describedas follows If the reputation-related operations return correctoutputs with a probability of 1 one concludes that the Repu-tation Calculation is correct This is given by the following

Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)


Theorem 6 RIM Reputation Calculation operations are cor-rect

Proof The operation 119882119894119905ℎ119889119903119886119908(119868119889) and the subsequentverification steps of the reputation are equivalent to theregistration operations The verification of the reputationfeedback is similar to that given in formula (3) Because thecorrectness of the registration operations has been provenin Theorems 2 and 4 we here prove only the correctnessof the blind signature Formula (7) removes the blindnessof the signature obtaining the intermediate value 119909lowast

119887 If the

equation 119890lowast119887

= 119867(119909lowast119887 119873119900119899119888119890) holds we conclude that the

blind signature is correct Along with Theorems 2 and 4 theproof verifies the correctness of the reputation operationsOne has

119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)

Definition 7 Pseudonym Disclosure correctness is describedas follows The DA decrypts the pseudonym to restore theUser Id with a probability of 1 This is given by the following

Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)

Theorem 8 RIM Pseudonym Disclosure is correct

Proof Operations conducted prior to the Pseudonym Dis-closure process have been proven in Theorems 2 4 and 6The correctness of decrypt (119880 119881119882) has been proven in [36]Finally the IdP queries the mapping table to obtain the UserId Therefore we conclude that the Pseudonym Disclosure iscorrect

52 Security of the Model

521 Security of Reputation Before discussing the securityof reputation we assume that the private keys of the IdP CSPandUser have not been leaked If the private keyswere leakedthe RIM would be open to the public The data of the IdP

are stored in a cloud environment and the cloud service isopen to the public Therefore an attacker can obtain an 119868119889and reputation pair thereby conducting a plaintext attack byanalyzing them In this paper we will not consider a situationwhere an attacker modifies the reputation through the cloudunderlying infrastructure and the attacks are all chosen asplaintext attacks

Unforgeability of reputation refers to the fact that anunauthorized user has no way of modifying their own oranotherrsquos reputation value If the attacker (or Adversary119860119889V)wishes to modify a reputation value without permission the119860119889V must forge a reputation certificate issued by the IdP ora feedback certificate signed by the CSP Next we provide aformal definition of reputation unforgeability

Definition 9 If a probabilistic polynomial-timeadversary 119860119889V has the advantage 119860119889V119886119899119905119886119892119890

119906119899119891(120582) =

Pr[(119875119903119894V119870119906119899119891(120582) = 1) minus 12] which is negligible in 120582 then

one concludes that the reputation value is unforgeable Theexperiment 119875119903119894V119870

119906119899119891(120582) is defined as follows

(i) 119860119889V is given the public parameters ⟨119901 119892 119866 119866119879 119890⟩ as

described in the Environment Initialization stageTheregister random oracle119874

119903119890g provides119860119889V with a Useridentity reputation value and reputation certificateThe feedback random oracle 119874

119862119878119875provides 119860119889V with

reputation feedback and the feedback certificate Thepseudonym randomoracle119874

119868119889provides119860119889Vwith the

User pseudonym 119875119906

(ii) The 119860119889V generates (1198681198890 119903119890119901

0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)

(iii) The challenger randomly selects 119887 from 0 1that is 119887 larr 0 1 Then the challenger calls(119903119890119901

119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875

119906)119887) to acquire the pair

(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)

(iv) The 119860119889V gives a guess 1198871015840 and if 119887 = 1198871015840 then output is1 otherwise output is 0

Now we reduce this 119860119889V to an adversary (119860119889V)119887for the

BB signature Firstly (119860119889V)119887initializes a hash table 119867 for

the simulation of the random oracles 119874119903119890119892

and 119874119862119878119875

that areemployed by 119860119889V If 119860119889V queries (119868119889 119903119890119901) or (119875

119906 119903119890119901 119899119890119908)

(119860119889V)119887would resort to119867 If the query has already been on the

table (119860119889V)119887would return the corresponding value if not

(119860119889V)119887would sample a (119868119889 119903119890119901) or (119875

119906 119903119890119901 119899119890119908) and place it

in119867 and return it in the endWhen119860119889V queries a reputationsignature included in (119868119889 119903119890119901) or (119875

119906 119903119890119901 119899119890119908) (119860119889V)

119887

forwards the query to BB-signing oracle 119874BB and returnsthe response After sufficient queries 119860119889V challenges thechallenger using (119868119889

0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)

119887extracts the pair (119903119890119901

0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908

1) and challenges the BB-signing chal-

lenger The BB-signing challenger picks a number 119887 in 0 1(119860119889V)

119887then returns (119862

119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes

a guess of 1198871015840 and gives it to the BB-signing challenger through(119860119889V)

119887 If 119887 = 1198871015840 then not only does 119860119889V have the ability

to forge a reputation certificate but also (119860119889V)119887can forge a


BB signature According to the above mentioned methodwe reduce 119860119889V to (119860119889V)

119887 and we conclude that if the BB

signature is secure then the reputation certificate cannot beforged

Verifiable Reputation means that the reputation indeedbelongs to the authenticated user If the adversary can forgea pseudonym and the pseudonym can pass verification bythe CSP while the DA cannot open the pseudonym or onlyopen it as an unregistered identity then we conclude thatthe adversary is successful This property is guaranteed byHidden Identity-Based (HIB) Signatures [25]

Definition 10 If a probabilistic polynomial-time adversary119860119889V has the advantage119860119889V119886119899119905119886119892119890V119890119903(120582) = Pr[(119875119903119894V119870V119890119903(120582) =

1)minus12] which is negligible in 120582 then one concludes that thereputation value is verifiable The experiment 119875119903119894V119870V119890119903(120582) isdefined as follows

(i) The register random oracle 119874119903119890119892

provides 119860119889V witha User identity reputation value and reputationcertificate and the pseudonym random oracle 119874

119868119889

provides119860119889Vwith aUser pseudonym119875119906119860119889V obtains

the public parameters ⟨119901 119892 119866 119866119879 119890⟩ as described in

the Environment Initialization stage

(ii) 119860119889V generates the pair (1198681198890 (119862

119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901

1) and then gives it to the challenger

(iii) The challenger randomly selects 119887 from 0 1that is 119887 larr 0 1 Then he calls (119875

119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901

119887) to acquire the pseudonym

(119875119906)119887

(iv) 119860119889V gives a guess of 1198871015840 and if 119887 = 11988710158401 larr 119860119906119905ℎ119890119899119905119894119888119886119905119890((119875

119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870

119863119860) hold and then output

is 1 otherwise output is 0

Now we assume that an adversary (119860119889V)119867

is againstthe HIB signature Using three random oracles namely theregistration random oracle 119877119890119892119874119903119886119888119897119890(119868119889) the User identityrandom oracle 119862119900119903119903119906119901119905119874119903119886119888119897119890(119868119889) and the signature oracle119878119894119892119899119874119903119886119888119897119890(119868119889 119888119890119903119905

119894119889 119898) (119860119889V)

119867acquires the User identity

identity certificate and the signature of a message signed bythe User Moreover these three random oracles can simulate119874119903119890119892

and119874119868119889 In [36] the randomoracle119862119900119903119903119906119901119905119874119860119874119903119886119888119897119890()

was used for disclosing a pseudonym to perform a ciphertext attack However in this paper we assume that the DAis trustworthy Therefore we simulate only a plaintext attackIf 119860119889V can disclose a pseudonym then (119860119889V)

119867must be able

to break the HIB signature Now we begin the process ofreducing 119860119889V to (119860119889V)

119867 (119860119889V)

119867removes the part relevant

to reputation from (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)

provided by 119860119889V and then proceeds with the HIB signatureprocess During the authentication process we maintain aconstant challenge factor 120590 The reputation was includedwhen 120590was generated By analyzing the Σ-protocol we knowthat 120590 is randomly selected so its value does not affect thefinal result of authentication Finally (119860119889V)

119867takes 120590 as a

pseudonym (119875119906)119887and returns it to 119860119889V (119875

119906)119887contains the

information regarding a User identity119860119889V gives a guess of 1198871015840

and if 119860119889V can successfully forge a pseudonym then (119860119889V)119867

can crack the HIB signature with the same probabilityNonrepudiation means that under any circumstances

theUsermust admit that the reputation that has been submit-ted belongs only to the User and therefore regardless of howlow the reputation value the User can never deny ownershipIf the adversary has the ability to forge a pseudonym andthe DA opens it to find that it corresponds to a legitimateregistered user identity then we conclude that the adversaryis successful

Definition 11 If a probabilistic polynomial-time adversary119860119889V has the advantage119860119889V119886119899119905119886119892119890

119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =

1) minus 12] which is negligible in 120582 then one concludes thatthe reputation value has the property of NonrepudiationTheexperiment 119875119903119894V119870




119903119890119892provides119860119889V with a User

identity reputation value and reputation certificateThe pseudonym random oracle 119874

119868119889provides 119860119889V

with a User pseudonym 119875119906

(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1


(iii) The challenger randomly selects 119887 from 0 1 thatis 119887 larr 0 1 Then the challenger calls (119875

119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887

(iv) 119860119889V gives a guess 1198871015840 and if 119887 = 11988710158401 larr 119860119906119905ℎ119890119899119905119894119888119886119905119890((119875

119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870

119863119860) are true and then

output is 1 otherwise output is 0

Themethod that reduces119860119889V to an adversary for the HIBsignature is equivalent to the method used in the analysisof Verifiable Reputation We therefore omit the reducingprocess

522 Secure Anonymity In addition to the aforementionedreputation security it is necessary to consider the securityof anonymity To this end we assume that the IdP is notsafe namely its private keys can be leaked Also we assumethat the IdP and CSP can collude together to compromiseanonymity These assumptions comply with the actual situa-tion for the IdP and CSP may belong to the same institutionHowever in the Reputation Calculation process we assumethat private keys in the possession of the IdP cannot be leakedto the User but can be leaked to the CSP because reputationis used to constrain the User and the IdP and User areantithetical

Anonymity security includes the unlinkability not onlybetween pseudonyms (denoted as 119875

119906-unlinkability) but also

between a pseudonym and a User 119868119889 (denoted as 119868119889-119875119906-

unlinkability) 119875119906-unlinkability includes the unlinkability

between the pseudonyms of the same user and the unlink-ability between the pseudonyms of different users


With regard to the probability Pr[(119875119906)0= (119875

119906)1] if

the two pseudonyms (119875119906)0and (119875

119906)1given in Definition 12

are negligible then we conclude that (119875119906)0and (119875

119906)1are

unlinkableA number of factors make one pseudonym different

from another Firstly for different users their identities aredifferent and the randomly selected parameter 119903 ensuresthat the identity certificates are different Moreover theparameters used for encrypting the identity and identitycertificate are different making 119878 119877 119880 119881 and119882 differentThe parameters used for authentication are also differentFinally the reputation of each user is different in mostcases The above factors constitute the challenge factor 120590(ie 119875

119906) If an association exists between pseudonyms the

one-way hash function used to generate pseudonyms willbe compromised although this is impossible Secondly forthe pseudonyms of the same user the parameters used togenerate 120590 excluding the identities are different Thereforein this case the pseudonyms are unlinkable

119868119889-119875119906-unlinkability ensures that a user identity cannot be

inferred from the user pseudonym In the process of userauthentication 119880 119881 119882 119878 and 119877 which are the ciphertext of a user identity and identity certificate generate thepseudonym 119875

119906along with other factors The unlinkability

between119875119906and the user identity is guaranteed by the strength

of linear encryption


119868119875119880(120582) =

Pr[(119875119903119894V119870119868119875119880(120582) = 1) minus 12] which is negligible in 120582

then we conclude that a User identity and correspondingpseudonym are unlinkable The experiment 119875119903119894V119870

119868119875119880(120582) is

defined as follows



119903119890119892provides119860119889Vwith a User


119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1

1199031198901199011) and then gives them to the challenger


119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887

(iv) 119860119889V gives a guess of 1198871015840 and if 119887 = 1198871015840 then output is 1otherwise output is 0

Nonrepudiation and Verifiable Reputation are based onthe unlinkability between a User identity and pseudonymTherefore in the analysis of nonrepudiation and Verifi-able Reputation we have proved that a User identity andpseudonym are unlinkable

523 Reputation and Anonymity The introduction of rep-utation will influence User anonymity The CSP can obtainUser identity information through reputation in three ways

(1) reputation feedback (2) reputation submitted by 119875119906 and

(3) changes of reputation Subsequent analysis indicates thatall three ways will fail provided the blind signature is notcompromised greater than 50 users are registered in the IdPand the CSP is not synchronized with the IdP

The introduction of the blind signature ensures thatthe process of updating a reputation will not disclose Useridentity information 119875

119906submits the 119873119900119899119888119890 119887119897119894119899119889 to the IdP

to apply for modification of the reputation value The User(the generator of 119875

119906) submits the signature of 119873119900119899119888119890 to

the IdP to confirm the reputation update The technologyof blind signature ensures the unlinkability between bothsignatures of 119873119900119899119888119890 119887119897119894119899119889 and 119873119900119899119888119890 Therefore even col-lusion between the IdP and CSP cannot reveal User identityinformation

When the number of Users registered in the IdP isgreater than 50 the CSP cannot locate a User throughtheir reputation value We assume that the number of usersregistered in the IdP is 119899 anddivide the interval of reputationssay [0 1] into 119873 independent values from which these119899 users choose reputations independently (User reputationvalues are calculated independently of each other and thereputation values can be considered uniformly distributed onthe interval) The probability distribution of two users withan equivalent reputation is then 119875(119899) sim 1 minus 1 exp(11989922119873)(httpenwikipediaorgwikibirthday Problem) As we cansee from 119875(119899) when 119873 = 100 the probability that twousers have equivalent reputation values increases rapidlywith increasing 119899 When 119899 approaches 50 the probabilityresides very close to 1 When 119873 = 300 as the numberof users approaches 60 the probability continues to residevery close to 1 For simplicity we take 119873 = 100 in thispaper Therefore when 119899 is greater than 50 a set of users willhave equivalent reputations making it difficult for the CSP tolocate a User based upon their reputation Tomake themodelmore general we assume that119860 is the collection of users thathave the same reputation that is 119860 = 119886

1 119886

2 119886

119898 for

1 le 119898 le 119899 (at least one user in the collection provides areputation) Tomine user privacy the CSPmust continuouslytrack users Assuming the CSP seeks to track user 119886

119895for 119895 isin

1 119898 after the next transaction between 119886119895and the CSP

the CSP will acquire a set of users 119861 based on the reputationprovided by the User through the corresponding pseudonym(119875

119906)TheCSPwill obtain the solution119860cap119861 = 119886

119895notin (119860cap119861)

or 119886119895isin (119860 cap 119861) regardless of whether or not the reputation is

identical in these two steps Therefore when 119899 gt 50 the CSPcannot obtain User identity information from the reputationvalue The openness of cloud computing ensures that 119899 willbe far greater than 50 so that in practice the reputation willnot disclose User identities

Through disrupting the synchronization of the IdP andCSP the CSP cannot locate a User through an update of thereputation value For the aforementioned user set 119860 whenthe CSP gives feedback to a pseudonym the CSP wouldmonitor the reputation changes in the IdP and then linkthe pseudonym to a user identity In this case the CSPmust be synchronized with the IdP For example suppose apseudonym (119875

119906)119895of user 119886

119895accesses the CSP with reputation


119903119890119901119895 After that the CSP grants feedback to (119875

119906)119895to increase

the reputation value Then the CSP monitors the usersin set 119860 whose reputation has been increased links (119875

119906)119895

to 119886119895 and then records the operations of (119875

119906)119895 With a

long-term monitor the CSP will eventually record all theactions of the user and compromise the userrsquos privacy Tosolve this problem the User can choose a random waitingtime to confirm the reputation value update so that thesynchronization will be disrupted thus the CSP cannotdetermine if the pseudonym that the CSP has just grantedbelongs to the user whose reputation value has changed

6 Conclusions

In this paper we designed and implemented RIM an identitymanagement model for cloud computing that enables usersto access cloud services using pseudonyms so as to ensure theunlinkability not only between different pseudonyms but alsobetween a user and their corresponding pseudonym In thisway user privacy can be protected In addition by calculatingthe reputation of users RIM can assist CSPs to identifymalicious users RIM compensates for the shortcomings ofidentity management introduced by the multitenant featureand openness of the cloud computing environment

In this paper we assumed that the CSP honestly providescredible reputation feedback to users However in factmalicious CSPs that provide dishonest assessments of userbehavior may exist In addition a CSP may violate servicelevel agreements (SLA) The various security vulnerabilitiesof CSPs pose a threat to users Therefore our future goal isto assess the credibility of CSPs and improve the reputationevaluation mechanism so as to provide better protection ofuser privacy The access control mechanism in the cloudenvironment by means of reputation is also a valuableresearch topic that can be explored in the future

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

References

[1] P Mell and T GranceTheNIST Definition of Cloud ComputingNational Institute of Standards and Technology GaithersburgMd USA 2011

[2] P Mell and T Grance ldquoThe NIST definition of cloud comput-ingrdquo Special Publication 800-145 National Institute of Stan-dards and Technology 2011

[3] E Olden ldquoArchitecting a cloud-scale identity fabricrdquoComputervol 44 no 3 pp 52ndash59 2011

[4] E Bertino F Paci and R Ferrini ldquoPrivacy-preserving digitalidentity management for cloud computingrdquo IEEE Data Engi-neering Bulletin vol 32 no 1 pp P21ndashP27 2009

[5] P Angin B Bhargava R Ranchal et al ldquoAn entity-centricapproach for privacy and identity management in cloud com-putingrdquo in Proceedings of the 29th IEEE Symposium on ReliableDistributed Systems (SRDS rsquo10) pp 177ndash183 New Delhi IndiaNovember 2010

[6] S Ruj M Stojmenovic and A Nayak ldquoPrivacy preservingaccess control with authentication for securing data in cloudsrdquoin Proceedings of the 12th IEEEACM International Symposiumon Cluster Cloud and Grid Computing (CCGrid rsquo12) pp 556ndash563 IEEE Ottawa Canada May 2012

[7] S S M Chow Y-J He L C K Hui and S M Yiu ldquoSPICEmdashsimple privacy-preserving identity-management for cloud envi-ronmentrdquo in Applied Cryptography and Network Security Pro-ceedings of the 10th International Conference ACNS 2012 Singa-pore June 26ndash29 2012 vol 7341 of Lecture Notes in ComputerScience pp 526ndash543 Springer Berlin Germany 2012

[8] J Xiong Z Yao J Ma X Liu Q Li and T Zhang ldquoPRAMprivacy preserving access management scheme in cloud ser-vicesrdquo in Proceedings of the International Workshop on Securityin Cloud Computing (Cloud Computing rsquo13) pp 41ndash46 ACMHangzhou China May 2013

[9] K Ren W Lou K Kim and R Deng ldquoA novel privacy pre-serving authentication and access control scheme for perva-sive computing environmentsrdquo IEEE Transactions on VehicularTechnology vol 55 no 4 pp 1373ndash1384 2006

[10] K Govinda and P Ravitheja ldquoIdentity anonymization andsecure data storage using group signature in private cloudrdquoin Proceedings of the International Conference on Advances inComputing Communications and Informatics (ICACCI rsquo12) pp129ndash132 ACM ind August 2012

[11] T H Noor Q Z Sheng S Zeadally and J Yu ldquoTrustmanagement of services in cloud environments obstacles andsolutionsrdquo ACM Computing Surveys vol 46 no 1 article 122013

[12] S D Kamvar M T Schlosser and H Garcia-Molina ldquoTheeigentrust algorithm for reputation management in P2P net-worksrdquo in Proceedings of the 12th International Conference onWorld Wide Web (WWW rsquo03) pp 640ndash651 ACM May 2003

[13] L Xiong and L Liu ldquoPeerTrust a trust mechanism for anopen peer-to-peer information systemrdquo IEEE Transactions onKnowledge and Data Engineering vol 16 no 7 pp 843ndash8572004

[14] R Zhou and K Hwang ldquoPowerTrust a robust and scalablereputation system for trusted peer-to-peer computingrdquo IEEETransactions on Parallel and Distributed Systems vol 18 no 4pp 460ndash473 2007

[15] N K Sharma V Gaur and S KMuttoo ldquoA dynamic reputationsystem with built-in attack resilience to safeguard buyers in e-marketrdquo ACM SIGSOFT Software Engineering Notes vol 37 no4 pp 1ndash19 2012

[16] I Pranata R Athauda andG Skinner ldquoModeling decentralizedreputation-based trust for initial transactions in digital environ-mentsrdquo ACM Transactions on Internet Technology vol 12 no 3article 8 35 pages 2013

[17] R Shaikh and M Sasikumar ldquoTrust framework for calculatingsecurity strength of a cloud servicerdquo in Proceedings of theInternational Conference on Communication Information andComputing Technology (ICCICTrsquo 12) October 2012

[18] T H Noor andQ Z Sheng ldquoTrust as a service a framework fortrust management in cloud environmentsrdquo inWeb InformationSystem EngineeringmdashWISE 2011 vol 6997 of Lecture Notes inComputer Science pp 314ndash321 Springer Berlin Germany 2011

[19] F G Marmol J Girao and G M Perez ldquoTRIMS a privacy-aware trust and reputation model for identity managementsystemsrdquo Computer Networks vol 54 no 16 pp 2899ndash29122010


[20] A Post V Shah and A Mislove ldquoBazaar strengthening userreputations in online marketplacesrdquo in Proceedings of the 8thUSENIX Conference on Networked Systems Design and Imple-mentation (NSDI rsquo11) pp 183ndash196 2011

[21] L-H Vu and K Aberer ldquoEffective usage of computationaltrust models in rational environmentsrdquo ACM Transactions onAutonomous and Adaptive Systems vol 6 no 4 article 24 25pages 2011

[22] E Androulaki S G Choi SM Bellovin and TMalkin ldquoRepu-tation systems for anonymous networksrdquo in Privacy EnhancingTechnologies vol 5134 of Lecture Notes in Computer Science pp202ndash218 Springer Berlin Germany 2008

[23] H Rifa-Pous ldquoAnonymous reputation based reservations in e-commerce (AMNESIC)rdquo in Proceedings of the 13th InternationalConference on Electronic Commerce (ICEC rsquo11) ACM August2011

[24] M H Au and A Kapadia ldquoPERM practical reputation-based blacklisting without TTPsrdquo in Proceedings of the ACMConference on Computer and Communications Security pp929ndash940 ACM October 2012

[25] T Okamoto ldquoProvably secure and practical identificationschemes and corresponding signature schemesrdquo in Advances inCryptologymdashCRYPTO92 vol 740 of Lecture Notes in ComputerScience pp 31ndash53 Springer Berlin Germany 1993

[26] J-Z Luo J-H Jin A-B Song and F Dong ldquoCloud computingarchitecture and key technologiesrdquo Journal on Communicationsvol 32 no 7 pp 3ndash21 2011

[27] S Subashini and V Kavitha ldquoA survey on security issues inservice deliverymodels of cloud computingrdquo Journal of Networkand Computer Applications vol 34 no 1 pp 1ndash11 2011

[28] A Josang and S Pope ldquoUser centric identity managementrdquo inProceedings of the AusCERT Conference 2005

[29] A Shamir ldquoIdentity-based cryptosystems and signatureschemesrdquo inAdvances in Cryptology vol 196 of Lecture Notes inComputer Science pp 47ndash53 Springer Berlin Germany 1985

[30] D Boneh andM Franklin ldquoIdentity-based encryption from theWeil pairingrdquo in Advances in CryptologymdashCRYPTO 2001 vol2139 of LectureNotes in Computer Science pp 213ndash229 SpringerBerlin Germany 2001

[31] D Boneh B Lynn and H Shacham ldquoShort signatures fromthe weil pairingrdquo inAdvances in CryptologymdashASIACRYPT 2001vol 2248 of Lecture Notes in Computer Science pp 514ndash532Springer Berlin Germany 2001

[32] D Chaum ldquoBlind signatures for untraceable paymentsrdquo inAdvances in Cryptology Proceedings of Crypto 82 pp 199ndash203Springer New York NY USA 1983

[33] U Feige A Fiat and A Shamir ldquoZero-knowledge proofs ofidentityrdquo Journal of Cryptology vol 1 no 2 pp 77ndash94 1988

[34] L C Guillou and J-J Quisquater ldquoA practical zero-knowledgeprotocol fitted to security microprocessor minimizing bothtransmission and memoryrdquo in Advances in CryptologymdashEUROCRYPT rsquo88 vol 330 of Lecture Notes in Computer Sciencepp 123ndash128 Springer Berlin Germany 1988

[35] C P Schnorr ldquoEfficient signature generation by smart cardsrdquoJournal of Cryptology vol 4 no 3 pp 161ndash174 1991

[36] A Kiayias and H Zhou ldquoHidden identity-based signaturesrdquoin Financial Cryptography and Data Security vol 4886 ofLecture Notes in Computer Science pp 134ndash147 Springer BerlinGermany 2007

[37] D Boneh X Boyen and H Shacham ldquoShort group signaturesrdquoin Advances in CryptologymdashCRYPTO 2004 vol 3152 of Lecture

Notes inComputer Science pp 41ndash55 Springer BerlinGermany2004

[38] D Boneh and X Boyen ldquoShort signatures without randomoraclesrdquo in Advances in CryptologymdashEUROCRYPT 2004 vol3027 of Lecture Notes in Computer Science pp 56ndash73 SpringerBerlin Germany 2004

[39] B-X Li L-F Wu Z-J Zhou and H-B Li ldquoDesign andimplementation of trust-based identity management model forcloud computingrdquo Computer Science vol 41 no 10 pp 3-21144ndash3-21148 2014

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of


Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of


Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of


Mathematical PhysicsAdvances in

Complex AnalysisJournal of


OptimizationJournal of


CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of


Operations ResearchAdvances in

Journal of


Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences


The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Algebra

Discrete Dynamics in Nature and Society



Decision SciencesAdvances in

Discrete MathematicsJournal of


Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of


(i) Anonymous user access in RIM we design a methodin which each user takes a different pseudonymfor each session when accessing cloud services Nolink between a user identity and a correspondingpseudonym is provided and no link is providedbetween the pseudonyms of a single user Pseudonymusage does not affect user attestation and it decreasesthe input of private user information rendering itimpossible for tenants to spy on each other

(ii) User attestation in our model users firstly registerwith an identity provider (IdP) which provides theuser with a formal identity certificate The identitycertificate is the basis for the user to prove theirlegitimate status to the CSP

(iii) Reputation attestation RIM records and determinesuser reputations as user activities accumulate withaccess to successive cloud computing sessions andprovides proof of the reputation The proof assuresthe credibility of the reputation ensuring that thereputation indeed belongs to its owner The proofalso guarantees nonrepudiation that is a user cannotdeny the reputation assigned to them As such theproof ensures unforgeability Users cannot promotetheir reputation without the authorization of the IdPThe introduction of a reputation does not affect theanonymity of users

The remainder of this paper is organized as followsSection 2 describes related work Section 3 introduces thebackground and technology of cloud computing along withidentity management Section 4 introduces the proposedRIM and describes its design and realization Section 5analyzes the correctness and security of our model Finallythe last section concludes the paper and proposes futurework

2 Related Work

The focus of identity management for cloud computing isuser privacy In [4] the authors proposed an approach topreserve the privacy of users based on zero-knowledge proofprotocols and semantic matching techniques The approachalso enhanced the interoperability across multiple domainsAlthough the study realized the goal of concealing useridentities the CSP could still obtain sensitive informationthrough data mining techniques because user identitieswere consistent throughout the entire process In [5] theauthors proposed an entity-centric approach for identitymanagement in cloud computingThe approachwas based onpersonally identifiable information (PII) and on anonymousidentification to mediate interactions between users andcloud services Although the identification was anonymousthe PII released privacy related information In [6] theauthors took advantage of attribute-based encryption andsignature technology to conceal user identities in cloudcomputing However because users must employ a singleunchanging certificate to obtain authentication from the CSPan attacker may ascertain a userrsquos identity easily through

the static certificate In [7] the authors improved theapproach proposed in [4] where the registry center was notrequired to be online at all times However the improvedapproach had the same disadvantages with respect to userprivacy protection as the original approach In [8 9] theauthors designed and introduced a method that integratedblind signature and hash chain techniques to protect userprivacy in cloud computing However in every session usersemploy the same pseudonym to log in which results inlinkability between different sessions Although the abovestudies achieve the goal of user identity concealment thesuccessive behaviors of individual users can be associatedThus through analyzing user behaviors the CSP can poten-tially compromise user privacy In [10] the authors pro-posed a method for anonymity using group digital signaturetechnology Because this method introduced no correlationbetween user signatures this method is an improvementover the aforementionedmethods However the use of groupdigital signature technology forbids members from joiningand leaving a group dynamically which conflicts with theopenness of cloud computing

In this paper we propose an approach that achieves useridentity anonymity Moreover by this approach the CSPis unable to link user behavior to user identity While theanonymity of identity protects user privacy it tends to enableCSP attack by malicious users because the CSP is unable totrace the users involved in the attackTherefore our approachintroduces trust management to address the shortcomingsof identity anonymity The approach determines user repu-tations and binds the reputation to user identity The CSPutilizes user reputation to distinguish malicious users and toreduce the threat of attack by malicious users [11]

Previous reputation research has focused on peer topeer (P2P) systems which has been developed into varioussystems for example the EigenTrust [12] the PeerTrust [13]and the PowerTrust [14] systemsAlongwith the developmentof electronic business reputation research has had a serviceoriented focus where the reputation of service providers hasbeen evaluated to protect consumers In [15 16] reputationwas employed as a means of choosing service providers Incloud computing most research has focused on protectingthe CSP such as what was done in [17 18] However the useof a reputation model to manage users in cloud computingsuch as that employed in this paper has not been the subjectof previous research In [19] the authors designed an identitymanagement model for a noncloud computing environmentThe model supposed that users must be previously regis-tered which conflicts with the required openness of cloudcomputing In [20 21] the authors designed a reputation-based identity management model that used online systemsfor applications in for example electronic business andforums The online system must recognize user identities orunique identifiers to accumulate reputation data Howevertracking user identities tends to leak user information whichthreatens privacy This is why these approaches cannot beapplied to cloud computing Our proposed RIM introducesreputation to manage users and simultaneously protectsuser privacy which has not been investigated by otherresearchers


User


Management services

QoS guarantee

Security assurance


Mass data storage

Coreservices



Compute nodes















User 1


User 2

SaaS PaaS IaaS

Cred2

Cred1

Cred1Cred1

Cred2

Cred2

SaaSVM1

PaaSVM1 VM2

IaaS

VM2

VM



















CSP

IdP

(1) User registe

r




(a)


putation update

CSP

IdP

(4) Services access


(7) Blind signature

U Pu

(b)






(i) (119875119870119868119889 119904 119878119870

119868119889 119904) larr 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899(1120582) it is a key-


119868119889 119904 119878119870



(ii) (119875119870119868119889 119887 119878119870

119868119889 119887) larr 119878119890119905119906119901 119868119889119875 119887119897119894119899119889(1

120582) given the


119878119870


signature

(iii) (119875119870119862119878119875 119878119870


of keys (119875119870119862119878119875 119878119870



119863119860 119878119870


pair of keys (119875119870119863119860 119878119870



Keys (119875119870119868119889 119904 119878119870

119868119889 119904) and (119875119870

119868119889 119887 119878119870

119868119889 119887) can be com-




119903119890119901 119862119903119890119901) larr 119877119890119892119894119904119905119890119903(119878119870



119903119890119901 reputation




119862119868119889 119903119890119901 119862


119862119868119889 119903119890119901 and119862


key 119875119870119868119889 119904





CSP

IdP


U Pu

Resume (2ndash8)

(a)DA



CSP

IdP

(b)




tion 119875119906larr 119866119890119899 119901119899119910(119868119889 119862

119868119889 119903119890119901) outputs the User


sented to the CSP


119860119906119905ℎ119890119899119905119894119888119886119905119890(119875119906 119862





119906with








119906 The 119862

119903119890119901 119899119890119908guarantees that

119903119890119901 119899119890119908 is from the CSP





119903119890119901 119899119890119908 119873119900119899119888119890 119887119897119894119899119889 119875


119880119901119889119886119905119890(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908


119903119890119901 119899119890119908 A successful



larr





119862119873119900119899119888119890


119862119900119899119891119894119903119898 119880119901119889119886119905119890(119862119873119900119899119888119890




119887119897119894119899119889back



119906

The User obtains 119862119887119897119894119899119889


blindness of 119862119887119897119894119899119889

to obtain 119862119873119900119899119888119890





119906








119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870









119906and





119879 119890⟩ where 119866 and 119866

119879are cyclic






119909 119910119903




= (119883 119884)119878119870



= 119872 119878119870119868119889 119887

= 119898 where119898

119903



119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875



119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889


119863119860= (119887 119889)



larr997888 119885119901




119868119889 119862

119903119890119901 119903119890119901⟩



119868119889 119904 119862

119868119889 119903119890119901 119862





119896 119881 = V119897119882 =


larr997888 119885119901


119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903


1 1199032

119903

larr997888







U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










User


Management services

QoS guarantee

Security assurance


Mass data storage

Coreservices



Compute nodes















User 1


User 2

SaaS PaaS IaaS

Cred2

Cred1

Cred1Cred1

Cred2

Cred2

SaaSVM1

PaaSVM1 VM2

IaaS

VM2

VM



















CSP

IdP

(1) User registe

r




(a)


putation update

CSP

IdP

(4) Services access


(7) Blind signature

U Pu

(b)






(i) (119875119870119868119889 119904 119878119870

119868119889 119904) larr 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899(1120582) it is a key-


119868119889 119904 119878119870



(ii) (119875119870119868119889 119887 119878119870

119868119889 119887) larr 119878119890119905119906119901 119868119889119875 119887119897119894119899119889(1

120582) given the


119878119870


signature

(iii) (119875119870119862119878119875 119878119870


of keys (119875119870119862119878119875 119878119870



119863119860 119878119870


pair of keys (119875119870119863119860 119878119870



Keys (119875119870119868119889 119904 119878119870

119868119889 119904) and (119875119870

119868119889 119887 119878119870

119868119889 119887) can be com-




119903119890119901 119862119903119890119901) larr 119877119890119892119894119904119905119890119903(119878119870



119903119890119901 reputation




119862119868119889 119903119890119901 119862


119862119868119889 119903119890119901 and119862


key 119875119870119868119889 119904





CSP

IdP


U Pu

Resume (2ndash8)

(a)DA



CSP

IdP

(b)




tion 119875119906larr 119866119890119899 119901119899119910(119868119889 119862

119868119889 119903119890119901) outputs the User


sented to the CSP


119860119906119905ℎ119890119899119905119894119888119886119905119890(119875119906 119862





119906with








119906 The 119862

119903119890119901 119899119890119908guarantees that

119903119890119901 119899119890119908 is from the CSP





119903119890119901 119899119890119908 119873119900119899119888119890 119887119897119894119899119889 119875


119880119901119889119886119905119890(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908


119903119890119901 119899119890119908 A successful



larr





119862119873119900119899119888119890


119862119900119899119891119894119903119898 119880119901119889119886119905119890(119862119873119900119899119888119890




119887119897119894119899119889back



119906

The User obtains 119862119887119897119894119899119889


blindness of 119862119887119897119894119899119889

to obtain 119862119873119900119899119888119890





119906








119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870









119906and





119879 119890⟩ where 119866 and 119866

119879are cyclic






119909 119910119903




= (119883 119884)119878119870



= 119872 119878119870119868119889 119887

= 119898 where119898

119903



119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875



119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889


119863119860= (119887 119889)



larr997888 119885119901




119868119889 119862

119903119890119901 119903119890119901⟩



119868119889 119904 119862

119868119889 119903119890119901 119862





119896 119881 = V119897119882 =


larr997888 119885119901


119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903


1 1199032

119903

larr997888







U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










User 1


User 2

SaaS PaaS IaaS

Cred2

Cred1

Cred1Cred1

Cred2

Cred2

SaaSVM1

PaaSVM1 VM2

IaaS

VM2

VM



















CSP

IdP

(1) User registe

r




(a)


putation update

CSP

IdP

(4) Services access


(7) Blind signature

U Pu

(b)






(i) (119875119870119868119889 119904 119878119870

119868119889 119904) larr 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899(1120582) it is a key-


119868119889 119904 119878119870



(ii) (119875119870119868119889 119887 119878119870

119868119889 119887) larr 119878119890119905119906119901 119868119889119875 119887119897119894119899119889(1

120582) given the


119878119870


signature

(iii) (119875119870119862119878119875 119878119870


of keys (119875119870119862119878119875 119878119870



119863119860 119878119870


pair of keys (119875119870119863119860 119878119870



Keys (119875119870119868119889 119904 119878119870

119868119889 119904) and (119875119870

119868119889 119887 119878119870

119868119889 119887) can be com-




119903119890119901 119862119903119890119901) larr 119877119890119892119894119904119905119890119903(119878119870



119903119890119901 reputation




119862119868119889 119903119890119901 119862


119862119868119889 119903119890119901 and119862


key 119875119870119868119889 119904





CSP

IdP


U Pu

Resume (2ndash8)

(a)DA



CSP

IdP

(b)




tion 119875119906larr 119866119890119899 119901119899119910(119868119889 119862

119868119889 119903119890119901) outputs the User


sented to the CSP


119860119906119905ℎ119890119899119905119894119888119886119905119890(119875119906 119862





119906with








119906 The 119862

119903119890119901 119899119890119908guarantees that

119903119890119901 119899119890119908 is from the CSP





119903119890119901 119899119890119908 119873119900119899119888119890 119887119897119894119899119889 119875


119880119901119889119886119905119890(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908


119903119890119901 119899119890119908 A successful



larr





119862119873119900119899119888119890


119862119900119899119891119894119903119898 119880119901119889119886119905119890(119862119873119900119899119888119890




119887119897119894119899119889back



119906

The User obtains 119862119887119897119894119899119889


blindness of 119862119887119897119894119899119889

to obtain 119862119873119900119899119888119890





119906








119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870









119906and





119879 119890⟩ where 119866 and 119866

119879are cyclic






119909 119910119903




= (119883 119884)119878119870



= 119872 119878119870119868119889 119887

= 119898 where119898

119903



119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875



119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889


119863119860= (119887 119889)



larr997888 119885119901




119868119889 119862

119903119890119901 119903119890119901⟩



119868119889 119904 119862

119868119889 119903119890119901 119862





119896 119881 = V119897119882 =


larr997888 119885119901


119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903


1 1199032

119903

larr997888







U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










CSP

IdP

(1) User registe

r




(a)


putation update

CSP

IdP

(4) Services access


(7) Blind signature

U Pu

(b)






(i) (119875119870119868119889 119904 119878119870

119868119889 119904) larr 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899(1120582) it is a key-


119868119889 119904 119878119870



(ii) (119875119870119868119889 119887 119878119870

119868119889 119887) larr 119878119890119905119906119901 119868119889119875 119887119897119894119899119889(1

120582) given the


119878119870


signature

(iii) (119875119870119862119878119875 119878119870


of keys (119875119870119862119878119875 119878119870



119863119860 119878119870


pair of keys (119875119870119863119860 119878119870



Keys (119875119870119868119889 119904 119878119870

119868119889 119904) and (119875119870

119868119889 119887 119878119870

119868119889 119887) can be com-




119903119890119901 119862119903119890119901) larr 119877119890119892119894119904119905119890119903(119878119870



119903119890119901 reputation




119862119868119889 119903119890119901 119862


119862119868119889 119903119890119901 and119862


key 119875119870119868119889 119904





CSP

IdP


U Pu

Resume (2ndash8)

(a)DA



CSP

IdP

(b)




tion 119875119906larr 119866119890119899 119901119899119910(119868119889 119862

119868119889 119903119890119901) outputs the User


sented to the CSP


119860119906119905ℎ119890119899119905119894119888119886119905119890(119875119906 119862





119906with








119906 The 119862

119903119890119901 119899119890119908guarantees that

119903119890119901 119899119890119908 is from the CSP





119903119890119901 119899119890119908 119873119900119899119888119890 119887119897119894119899119889 119875


119880119901119889119886119905119890(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908


119903119890119901 119899119890119908 A successful



larr





119862119873119900119899119888119890


119862119900119899119891119894119903119898 119880119901119889119886119905119890(119862119873119900119899119888119890




119887119897119894119899119889back



119906

The User obtains 119862119887119897119894119899119889


blindness of 119862119887119897119894119899119889

to obtain 119862119873119900119899119888119890





119906








119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870









119906and





119879 119890⟩ where 119866 and 119866

119879are cyclic






119909 119910119903




= (119883 119884)119878119870



= 119872 119878119870119868119889 119887

= 119898 where119898

119903



119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875



119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889


119863119860= (119887 119889)



larr997888 119885119901




119868119889 119862

119903119890119901 119903119890119901⟩



119868119889 119904 119862

119868119889 119903119890119901 119862





119896 119881 = V119897119882 =


larr997888 119885119901


119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903


1 1199032

119903

larr997888







U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










CSP

IdP


U Pu

Resume (2ndash8)

(a)DA



CSP

IdP

(b)




tion 119875119906larr 119866119890119899 119901119899119910(119868119889 119862

119868119889 119903119890119901) outputs the User


sented to the CSP


119860119906119905ℎ119890119899119905119894119888119886119905119890(119875119906 119862





119906with








119906 The 119862

119903119890119901 119899119890119908guarantees that

119903119890119901 119899119890119908 is from the CSP





119903119890119901 119899119890119908 119873119900119899119888119890 119887119897119894119899119889 119875


119880119901119889119886119905119890(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908


119903119890119901 119899119890119908 A successful



larr





119862119873119900119899119888119890


119862119900119899119891119894119903119898 119880119901119889119886119905119890(119862119873119900119899119888119890




119887119897119894119899119889back



119906

The User obtains 119862119887119897119894119899119889


blindness of 119862119887119897119894119899119889

to obtain 119862119873119900119899119888119890





119906








119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870









119906and





119879 119890⟩ where 119866 and 119866

119879are cyclic






119909 119910119903




= (119883 119884)119878119870



= 119872 119878119870119868119889 119887

= 119898 where119898

119903



119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875



119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889


119863119860= (119887 119889)



larr997888 119885119901




119868119889 119862

119903119890119901 119903119890119901⟩



119868119889 119904 119862

119868119889 119903119890119901 119862





119896 119881 = V119897119882 =


larr997888 119885119901


119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903


1 1199032

119903

larr997888







U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra















119863119890 119860119899119900119899119910119898119894119905119910(119875119906 119878119870









119906and





119879 119890⟩ where 119866 and 119866

119879are cyclic






119909 119910119903




= (119883 119884)119878119870



= 119872 119878119870119868119889 119887

= 119898 where119898

119903



119875119870119862119878119875

= (119868 119869) 119878119870119862119878119875



119903

larr997888 119866119908 119903

larr997888 1198661 and 119887 119889 119903


119901 resulting in119908 = 119906119887 = V119889


119863119860= (119887 119889)



larr997888 119885119901




119868119889 119862

119903119890119901 119903119890119901⟩



119868119889 119904 119862

119868119889 119903119890119901 119862





119896 119881 = V119897119882 =


larr997888 119885119901


119868119889and

119877 = 1198921199032ℎ1199031119884119903 where 1199031and 119903


1 1199032

119903

larr997888







U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










U = uk

V = l

W = wk+lgId

B1 = uminus120579119896

B2 = minus120579119897

B3 = wminus(120579119896+120579119897)gminus120579119868119889

120585Id = 120579Id + 120590 middot Id

120585k = 120579k + 120590 middot k

120585l = 120579l + 120590 middot l

B1 U120590uminus120585119896=

B2 V120590vminus120585l=

B3 W120590wminus(120585119896+120585119897)g120585119868119889=

K lr

larr Zp997888

120579Id 120579l 120579k

rlarr Zp997888

120590r

larr Zp997888

U V W

User CSP




Figure 5

S = gr1CId

R = gr2hr1Yr


120585r1 = 120579r1 + 120590 middot r1

120585r2 = 120579r2 + 120590 middot r2

120585r = 120579r + 120590 middot r


User CSP

r1 r2r

larr Zp997888

120579r1 120579r2 120579rr

larr Zp997888

120590r

larr Zp997888

Show the promise B4



S R

Figure 6



We assume that

11986111= 119890 (119892119883119882119877)

1205791199031 119890 (119878 119908)

120579119896+120579119897 119890 (119892 119908)

minus(1205791205751+1205791205752)

sdot 119890 (119878 119892)1205791199032 119890 (119892 119892)

minus1205791205753 119890 (119878 ℎ)

1205791199031 119890 (119892 ℎ)

minus1205791205754

120585 = 119890 (119892119883119882119877)1205851199031 119890 (119878 119908)

(120585119896+120585119897)119890 (119892 119908)

minus(1205851205751+1205851205752)

sdot 119890 (119878 119892)1205851199032 119890 (119892 119892)

minus1205851205753 119890 (119878 ℎ)

1205851199031 119890 (119892 ℎ)

minus1205851205754

sdot ((119890 (119892 119892)

119890 (119878 119883119882119877))

120590

)

(1)



119868119889 119883119892119868119889119884119903) = 119890(119892 119892)


119903119890119901119862119868119889 and 119862

119903119890119901


119868119889and 119862



derives fromthe IdP


119906 119862





119906is just the







119903119890119901 119899119890119908larr ⟨1198921(119894+119903119890119901 119899119890119908+119895119899) 119899⟩ where 119899 is


larr997888 119885119901



119903

larr997888 119885119901

and computes 119909119887= 119892

119903119887 Then 119875

119906obtains 119909

119887from



119887= 119892119906119887119872minus119889

119887119909119887 119890lowast

119887=

119867(119909lowast119887 119873119900119899119888119890) and 119890

119887= 119890lowast

119887+119889

119887 where 119889

119887

119903

larr997888 119885119901 119906

119887

119903

larr997888

119885119901 The User assigns 119890


119873119900119899119888119890 that is119873119900119899119888119890 119887119897119894119899119889 = 119890119887




119887+ 119890

119887sdot 119898 and

119862119887119897119894119899119889




119887119897119894119899119889(ie 119910


119910lowast119887= 119910

119887+119906


119887 119910lowast




119873119900119899119888119890 119873119900119899119888119890) to


119887

= 119892119910lowast

119887119872119890lowast


119887

= 119867(119909lowast119887 119873119900119899119888119890)



1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










1205851205751 = 1205791205751 + 120590 middot 1205751

1205851205752 = 1205791205752 + 120590 middot 1205752

1205851205753 = 1205791205753 + 120590 middot 1205753

1205851205754 = 1205791205754 + 120590 middot 1205754

1205851205755 = 1205791205755 + 120590 middot 1205755

B5 = Uminus1205791199031u1205791205751

B7 = Rminus1205791199031g1205791205753 h1205791205754 Y1205791205755

B5 Uminus1205851199031u1205851205751=

B7 Rminus1205851199031g1205851205753 h1205851205754 Y1205851205755=

User CSP

=B6 Vminus12058511990311205851205752



Show the answer 1205851205751 1205851205752 1205851205753 1205851205754 1205851205755

1205791205751 1205791205752 1205791205753 1205791205754 1205791205755

rlarr Zp997888

1205751 = r1k 1205752 = r1l 1205753 = r1r2 1205754 = r21 1205755 = r1r

Figure 7

T = gtYq T

B8 = gminus120579119905Yminus120579119902

120585t = 120579t + 120590 middot t

120585q = 120579q + 120590 middot q

User CSP

B8 T120590gminus120585119905Yminus120585119902=

tr

larr Zp997888

120579t 120579qr




(a)

B9 = Uminus120579119905 u1205791205821

1205851205821 = 1205791205821 + 120590 middot 1205821

1205851205822 = 1205791205822 + 120590 middot 1205822 B9 Uminus120585119905 u1205851205821=

User CSP

=B10 Vminus120585119905 1205851205822

B10 = Vminus120579119905 1205791205822

1205791205821 1205791205822

rlarr Zp997888


Show the answer 1205851205821 1205851205822


(b)

Figure 8







5 Model Analysis





Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra












Pr[[[

[

(119875119870119868119889 119904 S119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

]]]

]

= 1

(2a)



119890 (1198921(119909+119903119890119901+119910119902)

119883119892119903119890119901119884119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909119892119903119890119901(119892

119910)119902)

= 119890 (1198921(119909+119903119890119901+119910119902)

119892119909+119903119890119901+119910119902

) = 119890 (119892 119892)

(3)




Pr

[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119862119868119889 119903119890119901 119862

119903119890119901) larr997888 119877119890119892119894119904119905119890119903 (119878119870

119868119889 119904 119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

]]]]]]]]]

]

= 1

(2b)




119879120590119892minus120585119905119884

minus120585119902 = (119892

119905119884119902)120590

119892minus(120579119905+120590sdot119905)

119884minus(120579119902+120590sdot119902)


minus120579119902 = 119892

minus120579119905119884

minus120579119902

= 1198618

(4)

119880minus120585119905119906

1205851205821 = 119880

minus(120579119905+120590sdot119905)

1199061205791205821+120590sdot1205821 = 119880

minus120579119905119906

1205791205821119880

minus120590sdot119905119906120590sdot119905119896

= 119880minus120579119905119906

1205791205821119880

minus120590sdot119905119880120590sdot119905= 119880

minus120579119905119906

1205791205821 = 119861

9

(5)

119881minus120585119905V1205851205822 = 119881minus(120579

119905+120590sdot119905)V1205791205822+120590sdot1205822 = 119881minus120579



119881120590sdot119905= 119881

minus120579119905V1205791205822 = 119861

10

(6)



Pr

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119868119889 119887 119878119870

119868119889 119887) larr997888 119878119890119905119906119901 119868119889119875 119887119897119894119899119889 (1120582)

(119875119870119862119878119875 119878119870

119862119878119875) larr997888 119878119890119905119906119901 119862119878119875 (1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862r119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

(119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

) larr997888 119866119903119886119899119905 (119875119906)

119873119900119899119888119890 119887119897119894119899119889 larr997888 119861119897119894119899119889 (119873119900119899119888119890)

119880119901119889119886119905119890 (119903119890119901 119899119890119908 119862119903119890119901 119899119890119908

119873119900119899119888119890 119887119897119894119899119889) = 1

119862119887119897119894119899119889

larr997888 119861119897119894119899119889 119904119894119892119899 (119873119900119899119888119890 119887119897119894119899119889)

119862119900119899119891119894119903119898 119880119901119889119886119905119890 (119862119887119897119894119899119889

) = 1

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

]

= 1

(2c)




119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra












119887 If the




119892119910lowast

119887119872119890lowast

119887 = 119892119910119887+119906119887119872

119890lowast

119887 = 119892119903119887+119890119887sdot119898+119906119887119872

119890119887minus119889119887

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898(119890119887minus119889119887)

= 119909119887119892119890119887sdot119898119892119906119887119892

minus119898sdot119890119887119892

minus119898(minus119889119887)= 119909

119887119892119906119887119872

minus119889119887

= 119909lowast

119887

(7)


Pr

[[[[[[[[[[[[[[[[[[[

[

(119875119870119868119889 119904 119878119870

119868119889 119904) larr997888 119878119890119905119906119901 119868119889119875 119868119889119904119894119892119899 (1120582)

(119875119870119863119860 119878119870

119863119860) larr997888 119878119890119905119906119901 119863119860(1120582)

(119903119890119901 119862119903119890119901) larr997888 119882119894119905ℎ119889119903119886119908 (119868119889)

119862ℎ119890119888119896119877119890119892 (119875119870119868119889 119904 119862

119868119889 119903119890119901 119862

119903119890119901) = 1

119875119906larr997888 119866119890119899 119875119899119910 (119868119889 119862

119868119889 119903119890119901)

119860119906119905ℎ119890119899119905119894119888119886119905119890 (119875119906 119862

119903119890119901) = 1

119892119868119889 larr997888 119863119890 119860119899119900119899119910119898119894119905119910 (119875119906 119878119870

119863119860)

119868119889 larr997888 119872119886119901 (119892119868119889)

]]]]]]]]]]]]]]]]]]]

]

= 1

(2d)








119906119899119891(120582) =







119862119878119875provides 119860119889V with





0) (119868119889

1 119903119890119901

1) and

((119875119906)0 119903119890119901 119899119890119908

0) ((119875

119906)1 119903119890119901 119899119890119908

1)


119887 (119862

119903119890119901)119887) larr 119882119894119905ℎ119889119903119886119908(119868119889

119887) and (119903119890119901 119899119890119908

119887

(119862119903119890119901 119899119890119908

)119887) larr 119866119903119886119899119905((119875


(119903119890119901119887 (119862

119903119890119901)119887) and (119903119890119901 119899119890119908

119887 (119862

119903119890119901 119899119890119908)119887)





and 119874119862119878119875


119906 119903119890119901 119899119890119908)




119906 119903119890119901 119899119890119908) and place it


119906 119903119890119901 119899119890119908) (119860119889V)

119887


0 119903119890119901

0) (119868119889

1 119903119890119901

1) or ((119875

119906)0 119903119890119901 119899119890119908

0)

((119875119906)1 119903119890119901 119899119890119908

1) (119860119889V)


0 119903119890119901

1) or

(119903119890119901 1198991198901199080 119903119890119901 119899119890119908




119903119890119901)119887or (119862

119903119890119901 119899119890119908)119887to119860119889V119860119889Vmakes













119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra


















119868119889





119868119889)0 119903119890119901

0) and

(1198681198891 (119862

119868119889)1 119903119890119901



119906)119887

larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and perp larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870





119894119889 119898) (119860119889V)





119867must be able


119867 (119860119889V)



119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1 119903119890119901

1)


119867takes 120590 as a








119899119903119890(120582) = Pr[(119875119903119894V119870

119899119903119890(120582) =







119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887


119906)119887 (119862

119903119890119901)119887) and 1 larr

119863119890 119860119899119900119899119910119898119894119905119910((119875119906)119887 119878119870












119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra











119906)1] if




119906)1are











119868119875119880(120582) =



119868119875119880(120582) is

defined as follows





119868119889provides 119860119889V


(ii) 119860119889V generates (1198681198890 (119862

119868119889)0 119903119890119901

0) and (119868119889

1 (119862

119868119889)1



119906)119887larr

119866119890119899 119875119899119910(119868119889119887 (119862

119868119889)119887 119903119890119901


(119875119906)119887












1 119886

2 119886

119898 for


119895for 119895 isin




119895notin (119860cap119861)




119906)119895of user 119886






119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra













119906)119895


119906)119895 With a


6 Conclusions





References

















































Volume 2014




Journal of











Journal of


Function Spaces






Algebra






































Volume 2014




Journal of











Journal of


Function Spaces






Algebra









research article a reputation-based identity management...

Documents