The generation of massive data brings a huge storage and computational burden to users, and the emergence of cloud servers solves this problem well. However, data outsourcing brings convenience to users while it also causes some security problems. In order to solve the security problem of data in the outsourcing process, a simpler and more efficient cloud outsourcing data security auditing protocol throughout whole lifecycle was designed and implemented, which was combined with classical distributed string equality checking protocol and Rank-based Merkel Hash Tree (RMHT) algorithm. The protocol not only can protect the integrity of outsourced storage data, allowing users periodically audit its integrity, but also can guarantee the secure transfer of cloud data. Besides, the copy of transfer data can avoid being reserved by malicious cloud servers, protecting users' privacy well. The analyses of security and efficiency show that the proposed protocol is sufficiently secure and comparatively efficient, the security of outsourcing data throughout its whole lifecycle will be protected well.

Focused on the low efficiency of verifying data on the cloud servers, to ensure correct execution of user's commands and high-efficient validation, a method supporting homomorphic MAC for arithmetic circuits on cloud environment was provided. Precise search was obtained through the following ways. Firstly, a label generation algorithm was used to represent a validation label with a polynomial. Secondly, a transformation algorithm was used to transform the validation label to satisfy homomorphic form, meanwhile, homomorphic decryption was used reduce the dimensionality of the label. Finally, a verification algorithm was used to verify the search result. Moreover, the scheme carries out infinite multiplicative homomorphism without increasing the size of verification labels, and is efficient. The drawback of the scheme is that the computational complexity increases with the increase of the input bits of enhancement circuit.

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE) schemes, the private key is defined on attributes shared by multiple users. For any private key that can not be traced back to the owner of the original key, the malicious users may sell their decryption privileges to the third parties for economic benefit and will not be discoverable. In addition, most of the existing ABE schemes have a linear increase in decryption cost and ciphertext size with the complexity of access structure. These problems severely limit the applications of CP-ABE. By defining a traceable table to trace the users who intentionally disclosed the key, the cost of the decryption operation was reduced through the outsourcing operation, and a CP-ABE scheme with traceable and fully verifiable outsourced decryption was proposed. The scheme can simultaneously check the correctness for transformed ciphertexts of authorized users and unauthorized users, and supports any monotonous access structure, which traceability will not have any impact on its security. Finally, the proposed scheme is proved to be CPA (Chosen Plaintext Attack)-secure in the standard model.

The malicious cloud server may send incorrect or forged query results to the user, and the authorized user may send the key information privately to a non-authorized user after completing the retrieval. In order to solve the problems, a new verifiable ciphertext retrieval scheme with user revocation was constructed. Firstly, an encryption algorithm was used to encrypt the user documents and sign the keywords. Secondly, a searching algorithm was used to retrieve documents that needed to be retrieved. Finally, a verification algorithm and user revocation algorithm were used to verify the retrieval results and encrypt the unretrieved documents again. The analysis results show that, the proposed scheme can complete the accurate retrieval on the premise of guaranteeing the integrity of data, realize the user revocation through re-encryption scheme, and guarantee the security of system. Moreover, the proposed scheme satisfies the security of Indistinguishability-Chosen Keyword Attack (IND-CKA).

The main problems exist in current Attribute-Based Encryption (ABE) schemes, such as the access policy has a single function, and the size and decryption time of ciphertext increase with the complexity of access formula. In order to solve the problems, a multi-function ABE scheme for effecient outsourced computing was proposed. Firstly, through the fine-grained access control of sensitive data, different function encryption systems were implemented. Then, using the huge computing power of cloud server to perform partial decryption calculations, the user attribute ciphertext satisfying the access policy was converted into a (constant-size) ElGamal-style ciphertext. At the same time, the correctness of outsourced computing was ensured through the efficient verification methods. The theoretical analysis results show that, compared with the traditional attribute-based functional encryption scheme, the decryption computation at the user end of the proposed scheme is reduced to one exponential operation and one pair operation. The proposed scheme can save a lot of bandwidth and decryption time for users without increasing the amount of transmission.

Combining with the privacy-preserving problem of secure outsourced computation in the cloud and aiming at arbitrary outsourcing multivariate polynomials, a publicly verifiable outsourced computation scheme based on two-server model was constructed by homomorphic encryption and multilinear mapping. The scheme can guarantee the privacy and security of inputs and outputs of polynomial functions, and reach the goal that users or any third party can verify the correctness of the results, thus achieving open verification and availability. The results returned by the cloud are in the state of encryption, only users who have decryption key can output the final results, which can ensure the security of computation. Besides, the scheme can achieve Chosen Plaintext Attack (CPA) security of inputs in the standard model, and the user's computational cost is much less than that of the server and direct computation.

Cloud computing security is the key bottleneck that restricts its development, and access control on the result of cloud computing is a hot spot of current research. Based on the classical homomorphic encryption BGN (Boneh-Goh-Nissim) scheme, and combined with outsourcing the decryption of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) ciphertexts, a BGN type outsourcing the decryption of ABE ciphertexts was constructed. In the scheme, partial decryption of ciphertexts was outsourced to the cloud, and only the users whose attributes meet the access policy could get the correct decryption result, thus reducing the storage and computation overhead of users. Compared with the existing outsourcing schemes of ABE, the proposed scheme can operate on ciphertexts for arbitrary additions and one multiplication. Finally, the security of the scheme was analyzed. The proposed scheme is semantically secure under the subgroup decision assumption, and its attribute security is proved under random oracle model.

Aiming at the problem of private set intersection calculation in secure two-party computation, an improved private set intersection protocol based on Bloom Filter was proposed. On the premise of ensuring the security of both parties about their own privacy, the intersection of two datasets could be calculated. Only one party can calculate the intersection elements whereas the other party can't calculate the intersection. Both parties can't obtain or infer any other set elements except the intersection of the other party, which ensures the security of sensitive information for both parties. The proposed protocol introduced the identity-based key agreement protocol, which can resist the malicious attacks of illegal users, protect the privacy and achieve the security defense, resist the risk of key disclosure, reduce the amount of encryption and decryption. The proposed protocol has the ability to support large scale data computation.

The traditional key policy attribute base encryption and decryption scheme has the disadvantages that the ciphertext length increases linearly with the increase of the number of attributes, and consumes a large amount of communication bandwidth of the user in the communication process. The improved scheme of attribute encryption was proposed. Based on the encryption of key policy attributes, a verifiable packet decryption scheme with fixed ciphertext length was proposed. In the non-monotonic access structure, the cipher length was fixed, and the communication bandwidth was effectively saved. Through the improvement of outsourced key generation algorithm, a primary modular exponentiation operation was realized, and the generation time of key generation was effectively shortened.The hash function was used to realize the verification of the decryption and its security was proved.

In order to reduce the decryption burden of the mobile device in cloud application, using Identity-Based Broadcast Encryption (IBBE) scheme, Identity-Based Encryption (IBE) scheme and conditional identity-based broadcast proxy re-encryption scheme, an asymmetric cross-cryptosystem proxy re-encryption scheme with multiple conditions was proposed. In this scheme, the sender is allowed to encrypt information into IBBE ciphertext, which can be sent to multiple recipients at a time. Anyone of the receivers can authorize a multi-condition re-encryption key to the proxy to re-encrypt the original ciphertext which meets the conditions into the IBE ciphertext that a new receiver can decrypt. The scheme realizes asymmetric proxy re-encryption from IBBE encryption system to IBE encryption system and allows the proxy to re-encrypt the original ciphertext according to the conditions, which avoids the proxy to re-encrypt the unnecessary original ciphertext. The scheme not only improves the re-encryption efficiency of the proxy, but also saves the time of the receiver to get the correct plaintext.

In order to make the mobile device more convenient and faster decrypt the outsourcing data stored in the cloud, on the basis of Identity-Based Broadcast Encryption (IBBE) system and Identity-Based Encryption (IBE) system, using the technique of outsourcing the decryption proposed by Green et al. (GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts. Proceedings of the 20th USENIX Conference on Security. Berkeley:USENIX Association, 2011:34), a Modified Asymmetric Cross-cryptosystem Proxy Re-Encryption (MACPRE) scheme across the encryption system was proposed. The proposed scheme is more suitable for mobile devices with limited computing power to securely share the data stored in the cloud. When the mobile user decrypts the re-encrypted data, the plaintext can be restored by performing one exponent operation and one bilinear pairing operation, which greatly improves the decryption efficiency of the mobile user and saves the power consumption of the mobile user. The security of this proposed scheme can be reduced to the security of the IBE and IBBE scheme. The theoretical analysis and experimental results show that, the proposed scheme can allow the mobile devices to decrypt data stored in the cloud by spending less time, and ease the problem of limited computing power of the mobile devices. The proposed scheme is more practical.

Focusing on the issue of low security and poor practicability in the lattice-based broadcast encryption scheme proposed by Wang et al. (WANG J, BI J. Lattice-based identity-based broadcast encryption. https://eprint.iacr.org/2010/288.pdf.) in the random oracle, an identity-based broadcast encryption shceme based on Learning With Errors (LWE) in the standard model was constructed by expanding control algorithm of bonsai tree and one-time signature algorithm. Firstly, the random oracle was replaced by a coding function to make the scheme be in the standard model. Then, the bonsai tree expanding control algorithm was used to generate the private keys of users and public key. Finally, the one-time signature algorithm was added to improve the security. Analysis shows that compared with existed similar schemes, the scheme gets stronger security, achieves adaptively indistinguishable-chosen ciphertext attack security with dynamic extension, which means the users can be added or deleted by expanding or contracting the identity matrix. Hence it has strong practicability.

Concerning the sensitive information leakage problem resulted from making friends by interest matching in social network, a privacy preserving interest matching scheme based on private attributes was proposed. Bloom Filters were used to get the intersection of interest set for both sides, and the interest matching level was determined in the proposed scheme. Both sides intended to add each other as a friend according to their will as long as they met the matching requirements. Based on the semi-honest model, the cryptographic protocols were adopted to protect data security for preventing malicious users obtaining sensitive information illegally, which could avoid information abuse and leakage. Theoretical analysis and calculation results show that the proposed scheme has linear complexity about operational time, support large-scale data sets, and can be applied in Internet environments with different kinds of information and great number of data content, meet user's demands of real-time and efficiency.

To solve the problem that current signcryption schemes based on lattice cannot achieve forward security, a new identity-based signcryption scheme with forward security was proposed. Firstly, lattice basis delegation algorithm was used to update the users' public keys and private keys. Then, the preimage sampleable functions based on Learning With Errors (LWE) over lattice was used to sign the message,and the signature was also used to encrypt the message. The scheme was proved to be adaptive INDistinguishiability selective IDentity and Chosen-Ciphertext Attack (IND-sID-CCA2) secure, strong UnForgeable Chosen-Message Attack (sUF-CMA) secure and forward secure. Compared with the signcryption schemes based on pairings, the proposed scheme has more advantages in computational efficiency and ciphertext extension rate.

In current multi-hop unidirectional identity-based proxy re-encryption schemes, the ciphertext length increases with the number of hops, which leads to the reduction of efficiency. To solve this issue, a new multi-hop unidirectional identity-based proxy re-encryption scheme was designed by changing the re-encryption key generation side. The re-encryption keys were generated by the sender. In the scheme, the first-level and second-level ciphertexts were of the same pattern, and the length of the re-encrypted ciphertext remained unchanged. The efficiency analysis shows that the proposed scheme reduces the numbers of exponent, multiplication, and bilinear pairing computations. The new scheme has been proved to be chosen-ciphertext attack secure in the random oracle model based on the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

The research on aggregate signcryption is mostly based on identity-based encryption to provide confidentiality and authentication, thus improving efficiency. But aggregate signcryption has the problem in certificate management and key escrow. Therefore, it needs to design new aggregate signcryption schemes, which not only solve the problem of certificate management and key escrow, but also guarantee the confidentiality and authentication of the scheme. This paper analyzed the main stream aggregate signcryption schemes and their development. Combined with the scheme of Zhang et al.(ZHANG L, ZHANG F T. A new certificateless aggregate signature scheme. Computer Communications, 2009,32(6)：1079-1085) and the needs mentioned above, this article designed a certificateless aggregate signcryption scheme, and proved its confidentiality and unforgeability based on the Bilinear Diffie-Hellman (BDH) problem and Computational Diffie-Hellman (CDH) problem. The experimental results show that the proposed scheme is more efficient and the amount of computation is equal or lower in comparison with the other schemes. What's more, the new scheme is publicly verifiable, and it eliminates the use of public key certificate and solves the problem in key escrow.

There is a great demand for publicly verifiable encryption in key escrow, optimistic fair exchange, publicly verifiable secret sharing and secure multiparty computation, but the current schemes are either chosen plaintext secure or chosen ciphertext secure in the random oracle model, which obviously are not secure enough to be applied in the complicated circumstances. Based on the analysis of the current schemes and application of the reality, this paper proposed a new publicly verifiable encryption scheme by combining the CS encryption scheme with the non-interactive zero knowledge proof protocol. The new scheme enabled any third party other than the sender and receiver to verify the validity of the ciphertext, but leaked no information about the message. Finally, without using the random oracle, the adaptively chosen ciphertext security of the scheme is proved in the standard model.

Recently Sun Jin,et al. proposed an dentity-based broadcast encryption scheme against selective opening attack, (SUN JIN, HU YU-PU. Identity-based broadcast encryption scheme against selective opening attack. Journal of Electronics and Information Technology, 2011, 33(12): 2929-2934) and it claimed that the scheme can fight against Selective-Opening Attack (SOA) and has constant-size key and ciphertext in the standard model without random tags. However, this paper proved that their proposal cannot work at all. Furthermore, the authors improved their scheme to be a correct one, and then proved its security in the standard model.