Cryptanalysis of Double-trapdoor Hash Function and Multi-Trapdoor Hash Function Schemes

Abstract

Cloud-based storage systems are the norm in our interconnected society, although there remain a number of research and operational challenges relating to the security of such systems. One ongoing research challenge is the design of efficient and secure query authentication mechanism for cloud-based storage systems, in the sense that data users can verify the authenticity and integrity of the retrieved data from the cloud servers. In 2017, Chandrasekhar and Singhal proposed a query authentication protocol for cloud-based storage systems, designed with efficiency and scalability in mind [IEEE Transactions on Services Computing, 10(4):520-533]. In this comment, we demonstrate that their protocol is not secure as claimed, due to weaknesses in two core building blocks of the protocol, namely: the double-trapdoor variant and the multi-trapdoor variant of the trapdoor hash function. By revealing this weakness, we hope future protocol designers can avoid similar mistake in their work.