Entangled cloud storage

Entangled cloud storage (Aspnes et?al., ESORICS 2004) enables a set of clients to "entangle" their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files.We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et?al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider).Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g.,?based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients' files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e.,?as long as one client's files are intact, the entire remote database continues to be safe and unblemished. We model simulation-based security for data entanglement in the cloud.We introduce stronger security notions for entangled encoding schemes.We give a protocol for entangled storage satisfying our simulation-based definition.

[1]  David Cash,et al.  Dynamic Proofs of Retrievability via Oblivious RAM , 2013, EUROCRYPT.

[2]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[3]  Yehuda Lindell,et al.  Efficient Oblivious Polynomial Evaluation with Simulation-Based Security , 2009, IACR Cryptol. ePrint Arch..

[4]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[5]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[6]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[7]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[8]  Jean-Sébastien Coron,et al.  Fully Homomorphic Encryption over the Integers with Shorter Public Keys , 2011, IACR Cryptol. ePrint Arch..

[9]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[10]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[11]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[12]  Daniele Venturi,et al.  A Multi-Party Protocol for Privacy-Preserving Cooperative Linear Systems of Equations , 2014, BalkanCryptSec.

[13]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[14]  Dan S. Wallach,et al.  Dagster: Censorship-Resistant Publishing Without Replication , 2002 .

[15]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[16]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[17]  Joan Feigenbaum,et al.  Towards a theory of data entanglement , 2007, Theor. Comput. Sci..

[18]  Ivan Visconti,et al.  On Efficient Non-Interactive Oblivious Transfer with Tamper-Proof Hardware , 2010, IACR Cryptol. ePrint Arch..

[19]  David Pointcheval,et al.  Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks , 2001, ASIACRYPT.

[20]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[21]  Marten van Dijk,et al.  Iris: a scalable cloud file system with efficient integrity checks , 2012, ACSAC '12.

[22]  Payman Mohassel,et al.  Rate-Limited Secure Function Evaluation: Definitions and Constructions , 2013, Public Key Cryptography.

[23]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[24]  Ivan Damgård,et al.  Essentially Optimal Universally Composable Oblivious Transfer , 2009, ICISC.

[25]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[26]  Ju-Sung Kang,et al.  A Practical Privacy-Preserving Cooperative Computation Protocol without Oblivious Transfer for Linear Systems of Equations , 2007, J. Inf. Process. Syst..

[27]  GentryCraig,et al.  Leveled) Fully Homomorphic Encryption without Bootstrapping , 2014 .

[28]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[29]  Carles Padró,et al.  A Note on Secure Computation of the Moore-Penrose Pseudoinverse and Its Application to Secure Linear Algebra , 2007, CRYPTO.

[30]  Ayad F. Barsoum Provable Data Possession in Single Cloud Server: A Survey, Classification and Comparative Study , 2015 .

[31]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[32]  Stefan Dziembowski,et al.  Leakage-Resilient Storage , 2010, SCN.

[33]  Roberto Tamassia,et al.  Dynamic provable data possession , 2009, IACR Cryptol. ePrint Arch..

[34]  Moni Naor,et al.  The complexity of online memory checking , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[35]  Matthew K. Franklin,et al.  Efficient Polynomial Operations in the Shared-Coefficients Setting , 2006, Public Key Cryptography.

[36]  Xiaohua Jia,et al.  Data storage auditing service in cloud computing: challenges, methods and opportunities , 2011, World Wide Web.

[37]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[38]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[39]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[40]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[41]  Jonathan Katz,et al.  Proofs of Storage from Homomorphic Identification Protocols , 2009, ASIACRYPT.

[42]  Feng Bao,et al.  Augmented Oblivious Polynomial Evaluation Protocol and Its Applications , 2005, ESORICS.

[43]  Hoeteck Wee,et al.  On Round-Efficient Argument Systems , 2005, ICALP.

[44]  Craig Gentry,et al.  (Leveled) Fully Homomorphic Encryption without Bootstrapping , 2014, ACM Trans. Comput. Theory.

[45]  Elaine Shi,et al.  Practical dynamic proofs of retrievability , 2013, CCS.

[46]  Chi-Jen Lu,et al.  Oblivious polynomial evaluation and oblivious neural learning , 2001, Theor. Comput. Sci..

[47]  Bin Kang,et al.  Privacy-Preserving Cooperative Linear System of Equations Protocol and its Application , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[48]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[49]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[50]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[51]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[52]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[53]  Jia Xu,et al.  Towards efficient proofs of retrievability , 2012, ASIACCS '12.

[54]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[55]  Ivan Damgård,et al.  Secure Distributed Linear Algebra in a Constant Number of Rounds , 2001, CRYPTO.

[56]  Mariana Raykova,et al.  Outsourcing Multi-Party Computation , 2011, IACR Cryptol. ePrint Arch..

[57]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[58]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[59]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[60]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[61]  Wenliang Du,et al.  Privacy-preserving cooperative scientific computations , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[62]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[63]  Ivan Damgård,et al.  Entangled Encodings and Data Entanglement , 2015, SCC@ASIACCS.