Comments on Public Integrity Auditing for Dynamic Data Sharing With Multiuser Modification

Recently, a practical public integrity auditing scheme supporting multiuser data modification (IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, DOI 10.1109/TIFS.2015.2423264) was proposed. Although the protocol was claimed secure, in this paper, we show that the proposal fails to achieve soundness, the most essential property that an auditing scheme should provide. Specifically, we show that a cloud server can collude with a revoked user to deceive a third-party auditor (TPA) that a stored file keeps virgin even when the entire file has been deleted.