Lin Chen,Tongzhou Qu,Anqi Yin

DOI: https://doi.org/10.1007/s11042-023-17984-1

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:Password-based authentication is one of the most prevailing access control mechanism. Typical password-authenticated key exchange (PAKE) protocols are single-server settings and are therefore vulnerable to server compromise attack. To defend against such attack, multi-server PAKE schemes have been advanced, but most of which are built on non-quantum-secure hardness assumptions. Lattice-based cryptosystems are regarded as the most promising one for post-quantum eara by NIST, while the known multi-server password-based authentication solution over lattices achieves merely key transport and is public key infrastructure (PKI)-based, resulting in low efficiency and poor deployability. In this work, we resort to distributed smooth projective hash function (SPHF) to bridge the gap between multi-server PAKE protocol and quantum-security. We first design an exact SPHF and derive the first distributed SPHF over lattices by leveraging the additive homomorphic property of the strong learning with errors (LWE) problem. In particular, the relevant parameters of the public key encryption (PKE) scheme it predicates on are identified, thus eliminating the influence of incomplete lattice homomorphism on the correctness of our SPHFs. Pertinent lattice-based multi-server PAKE protocols are further proposed on both transparent and non-transparent transmission modes by integrating our distributed SPHF into the multi-server framework of Raimondo and Gennaro (EUROCRYPT'03). Our PAKE constructions are able to resist both quantum and sever compromise attacks as well as avoid the expensive cryptographic primitives, including non-interactive zero knowledge (NIZK) proofs, signature/verification, secret sharing and fully homomorphic encryption. Experimental results demonstrate that our SPHFs and PAKE protocols offer better efficiency.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Shanshan Wang,Guofeng Zhao,Chuan Xu,Zhenzhen Han,Shui Yu

DOI: https://doi.org/10.1007/s11227-024-06687-5

IF: 3.3

2024-12-05

The Journal of Supercomputing

Abstract:The satellite networks are the development of the 6th Generation mobile network (6 G). Compared to terrestrial networks, these networks are particularly susceptible to network attacks such as man-in-the-middle and replay attacks during communication. Node identity verification plays a crucial role in preventing malicious attacks. The security of current access authentication schemes relies on the discrete logarithm and prime factorization problems. However, the advent of quantum computers has the capability to solve these problems in polynomial time, necessitating the exploration of post-quantum security authentication schemes. Additionally, due to limited satellite resources and the long distance between the satellite and the ground, an authentication scheme with low cost and short interaction time needed to be adopted. To this end, a lightweight post-quantum access authentication scheme based on lattice for satellite networks is proposed. In the registration phase, a lattice hash function based on the approximate shortest vector problem (SVP) is employed to maintain the confidentiality of the user's identity, thereby reducing the registration computation time. In the authentication phase, a low-dimensional modular multiplication and modular addition mutual authentication algorithm is designed based on the bonsai tree algorithm. This design reduces the algorithm's complexity from a quadratic level to a linear level, further decreasing both the communication costs during the authentication process and the computational costs on the satellite. The theoretical proof and performance analysis demonstrate that the scheme is resistant to quantum computing attacks and reduces authentication time by at least 150 compared to lattice-based authentication schemes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Yuan Zhang,Chunxiang Xu,Hongwei Li,Kan Yang,Nan Cheng,Xuemin Shen

DOI: https://doi.org/10.1109/tmc.2020.2975792

IF: 6.075

2021-06-01

IEEE Transactions on Mobile Computing

Abstract:Password-based single-sign-on authentication has been widely applied in mobile environments. It enables an identity server to issue authentication tokens to mobile users holding correct passwords. With an authentication token, one can request mobile services from related service providers without multiple registrations. However, if an adversary compromises the identity server, he can retrieve users' passwords by performing dictionary guessing attacks (DGA) and can overissue authentication tokens to break the security. In this paper, we propose a password-based threshold single-sign-on authentication scheme dubbed PROTECT that thwarts adversaries who can compromise identity server(s), where multiple identity servers are introduced to authenticate mobile users and issue authentication tokens in a threshold way. PROTECT supports key renewal that periodically updates the secret on each identity server to resist perpetual leakage of the secret. Furthermore, PROTECT is secure against off-line DGA: a credential used to authenticate a user is computed from the password and a server-side key. PROTECT is also resistant to online DGA and password testing attacks in an efficient way. We conduct a comprehensive performance evaluation of PROTECT, which demonstrates the high efficiency on the user side in terms of computation and communication and proves that it can be easily deployed on mobile devices.

computer science, information systems,telecommunications

Md Jakir Hossain,Chunxiang Xu,Yuan Zhang,Xiaojun Zhang,Wanpeng Li

DOI: https://doi.org/10.1007/s12652-021-03620-z

IF: 3.662

2022-01-13

Journal of Ambient Intelligence and Humanized Computing

Abstract:The deployment of cloud services enables users to outsource their data to cloud servers and retrieve the target data efficiently. However, the application of quantum computers in clouds would be realized from the recent breakthrough results of quantum computers. Existing authentication schemes based on conventional hardness assumptions will be confronted with quantum attackers in the near future. A lattice-based authentication scheme resolves this tension. Although, existing lattice-based authentication schemes employing identity-based signcryption (IBS), the security against misbehaved private key generators (mPKG) is not well-considered, which may cause privacy issues in some application scenarios since the mPKG can generate the secret key for any given identity. This paper proposes an IBS-based authentication scheme for cloud storage dubbed LAMA that thwarts adversaries who have quantum computing power. We integrate the IBS scheme with the lattice-based cryptography, which is the variant of existing IBS-based authentication schemes and is post-quantum secure. We integrate identity certifying authority (ICA) with private key generator (PKG) to ensure security against mPKG. Our comprehensive security proof demonstrates that LAMA is indistinguishable against chosen plaintext attacks and secure against mPKG. We conduct a comprehensive performance evaluation of LAMA, which demonstrates the high efficiency of LAMA in terms of computation and communication overhead and proves that it can be easily deployed on low configured user devices.

computer science, information systems,telecommunications, artificial intelligence

Khoa Nguyen,Benjamin Hong Meng Tan,Huaxiong Wang

DOI: https://doi.org/10.48550/arXiv.1802.05004

2018-02-14

Abstract:Passwords are ubiquitous and most commonly used to authenticate users when logging into online services. Using high entropy passwords is critical to prevent unauthorized access and password policies emerged to enforce this requirement on passwords. However, with current methods of password storage, poor practices and server breaches have leaked many passwords to the public. To protect one's sensitive information in case of such events, passwords should be hidden from servers. Verifier-based password authenticated key exchange, proposed by Bellovin and Merrit (IEEE S\&P, 1992), allows authenticated secure channels to be established with a hash of a password (verifier). Unfortunately, this restricts password policies as passwords cannot be checked from their verifier. To address this issue, Kiefer and Manulis (ESORICS 2014) proposed zero-knowledge password policy check (ZKPPC). A ZKPPC protocol allows users to prove in zero knowledge that a hash of the user's password satisfies the password policy required by the server. Unfortunately, their proposal is not quantum resistant with the use of discrete logarithm-based cryptographic tools and there are currently no other viable alternatives. In this work, we construct the first post-quantum ZKPPC using lattice-based tools. To this end, we introduce a new randomised password hashing scheme for ASCII-based passwords and design an accompanying zero-knowledge protocol for policy compliance. Interestingly, our proposal does not follow the framework established by Kiefer and Manulis and offers an alternate construction without homomorphic commitments. Although our protocol is not ready to be used in practice, we think it is an important first step towards a quantum-resistant privacy-preserving password-based authentication and key exchange system.

Cryptography and Security

Zhao Zhang,Chunxiang Xu,Changsong Jiang,Kefei Chen

DOI: https://doi.org/10.1109/tdsc.2023.3285393

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Single-sign-on (SSO) authentication enables a user to gain a token from the identity server, with which the user accesses multiple services. To address single-point-of-failure of SSO, threshold SSO, where a group of identity servers issue a user with a token in the threshold manner, is introduced. SSO including threshold schemes suffers from privacy disclosure. One can learn a user's identity and access pattern from her/his token. Recent works focus on privacy preservation of SSO. However, these works merely consider scenarios of one single identity server SSO. No works that address privacy preservation of threshold SSO have emerged. In this work, we propose TSAPP, a threshold SSO authentication scheme preserving privacy. Each identity server issues a user with a partial token which is a signature on the user's pseudonym. With a threshold number of partial tokens, the user constructs a token, blinds the token with random numbers and accesses services with blinded tokens. Such mechanism preserves the user's identity, simultaneously protects the user's access pattern since adversaries cannot link the user's accesses, even if identity servers are corrupted. Security analysis demonstrates that TSAPP satisfies properties of anonymity, unlinkability, unforgeability and password-safety. The performance evaluation demonstrates that TSAPP is efficient in practice.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Md. Jakir Hossain,Chunxiang Xu

DOI: https://doi.org/10.1109/ICCCS52626.2021.9449136

2021-01-01

Abstract:With the rapid development of the computing paradigm, cloud computing becomes the most notable one that offers convenient and on-demand services from a shared pool of configurable computing resources. However, the application of quantum computers in clouds would be realized from the recent breakthrough results of quantum computers. In the near future, existing conventional hardness-based authentication schemes will be confronted with quantum attackers. Lattice-based authentication scheme resolves this tension. Albeit, existing lattice-based schemes, users and cloud servers are always worried about the communication privacy against misbehaved private key generator referred to as mPKG since PKG potentially has the power to generate the secret key for any given identity. In this paper, we proposed a secure authentication scheme for cloud storage that thwarts the misbehaved PKG. We integrate the identity-based encryption (IBE) scheme with the lattice-based signature, which is the variant of existing IBE-based authentication schemes and post-quantum secure. Additionally, we integrate identity certifying authority (ICA) with PKG to ensure security against misbehaved PKG. Our comprehensive security proof demonstrates that the proposed scheme provides stronger security guarantees against misbehaved PKG and ICA.

Min Wang,Gui-Lu Long

DOI: https://doi.org/10.1007/s11432-024-4177-5

2024-11-10

Science China Information Sciences

Abstract:Access authentication scheme plays a foundational role in ensuring the security of communication networks. However, an access authentication scheme with high security and efficiency is still lacking in quantum communication networks. In this paper, we propose a lattice-based access authentication scheme for quantum communication networks in the manner of real-time interaction with the network control center, which could achieve properties of mutual authentication, conditional anonymity, data confidentiality, unforgeability, undeniability, and data integrity. We utilize the digital signature algorithm CRYSTALS-Dilithium and the key-establishment algorithm CRYSTALS-KYBER, both of which have been selected for standardization by the National Institute of Standards and Technology, to realize secure access authentication for users of the quantum communication networks. Specifically, in the quantum secure direct communication network, key-establishment is replaced by the verification of signatures encoded in quantum states. Our results demonstrate the feasibility of establishing a quantum-secure communication network.

computer science, information systems,engineering, electrical & electronic

Xiao Zhang,Faguo Wu,Wang Yao,Wenhua Wang,Zhiming Zheng

DOI: https://doi.org/10.32604/cmc.2020.08008

2020-01-01

Abstract:Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Shanshan Li,Chunxiang Xu,Yuan Zhang,Jianying Zhou

DOI: https://doi.org/10.1109/tifs.2022.3209886

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:We investigate existing “password+hardware token”-based authentication schemes deployed in real-world applications and observe that they are vulnerable to critical threats. Specifically, a compromised manufacturer may issue a backdoored hardware token to a user and later recover the user’s secret, which is well known as backdoor attacks. Additionally, an authentication credential in these schemes consists of two parts: the one is derived from the password, the other one is derived from the hardware token. However, since the two parts are independent of each other, if an adversary can physically access the hardware token of a victim, he is able to break security of these schemes by performing dictionary-guessing attacks (DGA), which is called mislaying-then-DGA. In this paper, we design a non-interactively re-randomizable reverse firewall signature mechanism for securing hardware tokens, such that the user’s secret is well protected even if a backdoor is embedded. We also utilize a servers-aided password-based encryption mechanism to harden hardware tokens, so as to “seamlessly” integrate the two factors into one credential. Based on the above mechanisms, we develop a secure two-factor authentication scheme, dubbed ATTACH. We evaluate ATTACH in terms of security and efficiency to demonstrate it achieves a strong security guarantee with high efficiency.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ETCS.2010.437

2010-01-01

Abstract:User authentication is very important mechanism in computer network systems for preventing unauthorized network access. In recent years, the bilinear pairings have been found to be very useful in various applications in cryptography and have allowed us to construct new cryptographic primitives. In 2006, Das et al. proposed an identity-based remote user authentication scheme with smart cards using bilinear pairings. Unfortunately, their scheme is insecure against forgery attack. In this paper, we propose a (t, n) threshold distributed authentication scheme using the bilinear pairings with smart cards which needs at least t authentication servers to collaboratively authenticate the remote user. Our scheme makes some improvements from Das's scheme and is expanded to a multi-server environment in distributed networks. Based on the Computational Diffie-Hellman Problem, we show that the proposed scheme is secure against forgery attack and identity attack under the random oracle model.

Ge Gao,Yuan Zhang,Yaqing Song,Shiyu Li

DOI: https://doi.org/10.1109/tifs.2024.3392533

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Single-sign-on (SSO) authentication employs an identity provider (IdP) to provide users with an efficient way to authenticate themselves with different service providers and has been widely applied in digital systems. However, existing SSO authentication schemes suffer from critical issues in terms of security and privacy. Regarding security, most SSO authentication schemes achieve a high convenience at the expense of security and are thereby susceptible to various attacks. Regarding privacy, most existing schemes fail to protect users' subscription pattern and access pattern against adversaries who can easily extract users' sensitive information from their authentications and launch subsequent attacks for profits. In this paper, we develop a practical SSO authentication system, dubbed PrivSSO, with the protection of users' subscription pattern and access pattern. To balance the trade-off between security and convenience, the key technique is a secure "hybrid" key-based authentication mechanism: a long-term key stored in a well-guarded hardware token serves as the "primary" authentication factor (AF) to guarantee strong security; an ephemeral key bound with portable device(s) serves as the "daily-used" AF to achieve high convenience. To protect the subscription pattern and access pattern from leakage, we propose a redactable token generation mechanism, where the users themselves specify what IdP and the service providers can learn from their authentications. We formally define and prove the security of PrivSSO. We also implement a PrivSSO prototype and conduct a comprehensive performance evaluation to demonstrate its practicality.

Yifu Shi,Chunxiang Xu,Zhao Zhang,Xinyu Liu

DOI: https://doi.org/10.1109/iscipt61983.2024.10672864

2024-01-01

Abstract:Most existing digital twin systems utilize Single Sign- On (SSO) authentication protocols. In SSO authentication, an identity authentication server (IS) issues tokens to legitimate users, allowing them to access one or multiple application servers (AS) as required. However, traditional SSO protocols suffer from two main issues: privacy leakage and single point of failure. It is worth noting that traceability is often a requirement in digital twin systems, which was not adequately addressed by recent works. To address these challenges, we propose TTSSO that achieves traceability while protecting user privacy and preventing single points of failure. By utilizing a threshold number of partial tokens which issued by multiple identity servers, users can construct a blind token that prevents the extraction of private information. We have specifically set up a server called the Tracking Server (TS) to fulfill the tracking functionality and hand public key management. TS retains users' public keys and can reconstruct user identities based on the blind tokens. The effectiveness of our work was verified through experiments.

Zhang Xiaojun,Xu Chunxiang,Xie Run,Jin Chunhua

DOI: https://doi.org/10.1049/cje.2018.01.012

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:Recently, how to retrieve the encrypted data efficiently from a cloud storage system becomes a hot topic. Public key encryption with keyword search (PEKS) can allow one to search the encrypted data with a keyword efficiently. Due to the booming of post-quantum cryptography, we propose public key encryption with keyword search from lattice assumption, which can resist quantum computer attacks. We delegate a particular cloud server to search the results, thus only the designated cloud server can finish the test process. Our scheme has been proved ciphertext indistinguishability in the standard model, which can reflect its security in the real world. To the best of our knowledge, our scheme is the first construction based on lattice in the standard model, which is a step stone in the post-quantum cryptographic communication.

Jintai Ding,Saed Alsayigh,Jean Lancrenon,R. Saraswathy,Michael Snook

DOI: https://doi.org/10.1007/978-3-319-52153-4_11

2017-01-01

Abstract:Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols PAK and PPK [13,41], but in the lattice-based setting. The new protocol resembling PAK is three-pass, and provides mutual explicit authentication, while the protocol following the structure of PPK is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to PAK and PPK, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for PAK and PPK.

Sherry Wang,Carlisle Adams,Anne Broadbent

DOI: https://doi.org/10.1109/QCE52317.2021.00051

2022-01-29

Abstract:In a post-quantum world, where attackers may have access to full-scale quantum computers, all classical password-based authentication schemes will be compromised. Quantum copy-protection prevents adversaries from making copies of existing quantum software; we suggest this as a possible approach for designing post-quantum-secure password authentication systems. In this paper, we show an implementation of quantum copy-protection for password verification on IBM quantum computers. We also share our quantum computation results and analyses, as well as lessons learned.

Quantum Physics

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Xiaojun Zhang,Chunxiang Xu,Chunhua Jin

DOI: https://doi.org/10.1504/ijesdf.2016.073736

2016-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:With the rapid development of cloud storage technology, users choose to store their data in the cloud server remotely. Without the burden of local data storage and maintenance, users can enjoy on-demand high quality cloud storage services. Recently, lattice-based cryptography has been considered as the best choice for post-quantum cryptography, which can resist quantum computer attacks. Considering the forthcoming of the quantum computer in the near future, in this paper, we propose an efficient identity-based cloud storage public auditing scheme, which is constructed based on lattice. We prove our scheme can guarantee public verifiability, unforgeability. Moreover, our scheme can prevent the third party auditor (TPA) from revealing the primitive data blocks of cloud users. In particular, to achieve efficient data dynamics, by utilising index hash tables, our auditing scheme can efficiently perform dynamic operations. Efficient performance analysis demonstrates that our public auditing scheme is more efficient and more practical even in the post-quantum cryptographic era.