Proofs of retrievability: theory and implementation

A proof of retrievability (POR) is a compact proof by a file system (prover) to a client (verifier) that a target file F is intact, in the sense that the client can fully recover it. As PORs incur lower communication complexity than transmission of F itself, they are an attractive building block for high-assurance remote storage systems. In this paper, we propose a theoretical framework for the design of PORs. Our framework improves the previously proposed POR constructions of Juels-Kaliski and Shacham-Waters, and also sheds light on the conceptual limitations of previous theoretical models for PORs. It supports a fully Byzantine adversarial model, carrying only the restriction---fundamental to all PORs---that the adversary's error rate be bounded when the client seeks to extract F. We propose a new variant on the Juels-Kaliski protocol and describe a prototype implementation. We demonstrate practical encoding even for files F whose size exceeds that of client main memory.

[1]  W. W. Peterson,et al.  Error-Correcting Codes. , 1962 .

[2]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[3]  Richard J. Lipton,et al.  A New Approach To Information Theory , 1994, STACS.

[4]  Daniel A. Spielman,et al.  Practical loss-resilient codes , 1997, STOC '97.

[5]  Jacques Patarin Improved security bounds for pseudorandom permutations , 1997, CCS '97.

[6]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[7]  John Black,et al.  Ciphers with Arbitrary Finite Domains , 2002, CT-RSA.

[8]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[9]  Michael Luby,et al.  LT codes , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[10]  Stanislaw Jarecki,et al.  Cryptographic Primitives Enforcing Communication and Storage Complexity , 2002, Financial Cryptography.

[11]  Michael Burrows,et al.  A Cooperative Internet Backup Scheme , 2003, USENIX Annual Technical Conference, General Track.

[12]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[13]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[14]  F. Lemmermeyer Error-correcting Codes , 2005 .

[15]  Silvio Micali,et al.  Optimal Error Correction Against Computationally Bounded Noise , 2005, TCC.

[16]  Moni Naor,et al.  The complexity of online memory checking , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[17]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[18]  Paulo S. L. M. Barreto,et al.  Demonstrating data possession and uncheatable data transfer , 2006, IACR Cryptol. ePrint Arch..

[19]  Mary Baker,et al.  Auditing to Keep Online Storage Services Honest , 2007, HotOS.

[20]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[21]  Amin Shokrollahi,et al.  Raptor Codes , 2007, 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks.

[22]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[23]  Reza Curtmola,et al.  Robust remote data checking , 2008, StorageSS '08.

[24]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[25]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..