Practical dynamic proofs of retrievability

Proofs of Retrievability (PoR), proposed by Juels and Kaliski in 2007, enable a client to store n file blocks with a cloud server so that later the server can prove possession of all the data in a very efficient manner (i.e., with constant computation and bandwidth). Although many efficient PoR schemes for static data have been constructed, only two dynamic PoR schemes exist. The scheme by Stefanov et. al. (ACSAC 2012) uses a large of amount of client storage and has a large audit cost. The scheme by Cash (EUROCRYPT 2013) is mostly of theoretical interest, as it employs Oblivious RAM (ORAM) as a black box, leading to increased practical overhead (e.g., it requires about 300 times more bandwidth than our construction). We propose a dynamic PoR scheme with constant client storage whose bandwidth cost is comparable to a Merkle hash tree, thus being very practical. Our construction outperforms the constructions of Stefanov et. al. and Cash et. al., both in theory and in practice. Specifically, for n outsourced blocks of beta bits each, writing a block requires beta+O(lambdalog n) bandwidth and O(betalog n) server computation (lambda is the security parameter). Audits are also very efficient, requiring beta+O(lambda^2log n) bandwidth. We also show how to make our scheme publicly verifiable, providing the first dynamic PoR scheme with such a property. We finally provide a very efficient implementation of our scheme.

[1]  Alan R. Jones,et al.  Fast Fourier Transform , 1970, SIGP.

[2]  K. Thyagarajan Fast Fourier Transform , 1974 .

[3]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[4]  J. H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[5]  Daniel A. Spielman,et al.  Linear-time encodable and decodable error-correcting codes , 1995, STOC '95.

[6]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[7]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[8]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[9]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[10]  Dynamic provable data possession , 2009, IACR Cryptol. ePrint Arch..

[11]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[12]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[13]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[14]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[15]  Yuan Zhou Introduction to Coding Theory , 2010 .

[16]  Shouhuai Xu,et al.  Fair and dynamic proofs of retrievability , 2011, CODASPY '11.

[17]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[18]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[19]  Yevgeniy Vahlis,et al.  Verifiable Delegation of Computation over Large Datasets , 2011, IACR Cryptol. ePrint Arch..

[20]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[21]  Shigang Chen,et al.  A dynamic Proof of Retrievability (PoR) scheme with O(logn) complexity , 2012, 2012 IEEE International Conference on Communications (ICC).

[22]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[23]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[24]  Marten van Dijk,et al.  Iris: a scalable cloud file system with efficient integrity checks , 2012, ACSAC '12.

[25]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[26]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[27]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[28]  Elaine Shi,et al.  Streaming Authenticated Data Structures , 2013, EUROCRYPT.

[29]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[30]  David Cash,et al.  Dynamic Proofs of Retrievability Via Oblivious RAM , 2013, Journal of Cryptology.