Multi-prover proof of retrievability

Abstract There has been considerable recent interest in “cloud storage” wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover the file given any “proving algorithm” that has a sufficiently high success probability. This forms the basis of proof-of-retrievability (PoR) systems. In this paper, we study multiple server PoR systems. We formalize security definitions for two possible scenarios: (i) A threshold of servers succeeds with high enough probability (worst case), and (ii) the average of the success probability of all the servers is above a threshold (average case). We also motivate the study of confidentiality of the outsourced message. We give MPoR schemes which are secure under both these security definitions and provide reasonable confidentiality guarantees even when there is no restriction on the computational power of the servers. We also show how classical statistical techniques previously used by us can be extended to evaluate whether the responses of the provers are accurate enough to permit successful extraction. We also look at one specific instantiation of our construction when instantiated with the unconditionally secure version of the Shacham–Waters scheme. This scheme gives reasonable security and privacy guarantee. We show that, in the multi-server setting with computationally unbounded provers, one can overcome the limitation that the verifier needs to store as much secret information as the provers.

[1]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[2]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[3]  K Ulm,et al.  A simple method to calculate the confidence interval of a standardized mortality ratio (SMR) , 1990, American journal of epidemiology.

[4]  Sergey Yekhanin,et al.  Locally Decodable Codes , 2012, Found. Trends Theor. Comput. Sci..

[5]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[8]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[9]  Jonathan Katz,et al.  Proofs of Storage from Homomorphic Identification Protocols , 2009, ASIACRYPT.

[10]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[11]  Douglas R. Stinson,et al.  A coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage , 2012, J. Math. Cryptol..

[12]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[13]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[14]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[15]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[16]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[17]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[18]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[19]  Ivan Damgård,et al.  Entangled cloud storage , 2016, Future Gener. Comput. Syst..

[20]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[21]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[22]  Douglas R. Stinson,et al.  A simple combinatorial treatment of constructions and threshold gaps of ramp schemes , 2013, Cryptography and Communications.