FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
The Complexity of Online Memory Checking
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Proceedings of the 14th ACM conference on Computer and communications security
14th ACM Conference on Computer and Communications Security 2007
Pors: proofs of retrievability for large files
Proceedings of the 14th ACM conference on Computer and communications security
Provable data possession at untrusted stores
Proceedings of the 14th ACM conference on Computer and communications security
Compact Proofs of Retrievability
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Proofs of Retrievability via Hardness Amplification
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Proofs of retrievability: theory and implementation
Proceedings of the 2009 ACM workshop on Cloud computing security
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Proofs of Retrievability (PoR) allows a client (verifier) to store a file at an untrusted remote storage, and later be able to check the integrity of the file through an interactive challenge-response protocol. A challenge specifies a random subset of blocks and the response is a function of the challenged block. An unbounded-use PoR scheme allows an arbitrary number of challenge-response interactions. Efficient PoR schemes must minimize the communication complexity of the challenge-response protocol, the storage overhead and computation of response by the prover. The security of a PoR scheme is against an erasing adversary and by showing the existence of an extractor which can extract the file from the set of challenges and their corresponding correct responses. In this paper, we modify the unbounded-use PoR scheme of Shacham and Waters (2008) such that the number of challenged data blocks in each round is determined by a probability distribution over a set of possible values. For the security parameter l, the average number of challenged blocks is O(logl), and so is smaller that the original scheme of Shacham and Waters, and in the worst case, is O(l). The response to a challenge is obtained by XORing the challenged data blocks and so is very fast. We show that to ensure security the original verification method of Shacham and Waters must be slightly modified.