Proofs of Retrievability via Hardness Amplification

Yevgeniy Dodis, Salil Vadhan, Daniel Wichs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client's data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an audit, and even the number of file-blocks accessed by the server during the audit. In this work, we identify several different variants of the problem (such as bounded-use vs. unbounded-use, knowledge-soundness vs. information-soundness), and giving nearly optimal PoR schemes for each of these variants. Our constructions either improve (and generalize) the prior PoR constructions, or give the first known PoR schemes with the required properties. In particular, we Formally prove the security of an (optimized) variant of the bounded-use scheme of Juels and Kaliski [JK07], without making any simplifying assumptions on the behavior of the adversary. Build the first unbounded-use PoR scheme where the communication complexity is linear in the security parameter and which does not rely on Random Oracles, resolving an open question of Shacham and Waters [SW08]. Build the first bounded-use scheme with information-theoretic security. The main insight of our work comes from a simple connection between PoR schemes and the notion of hardness amplification, extensively studied in complexity theory. In particular, our improvements come from first abstracting a purely information-theoretic notion of PoR codes, and then building nearly optimal PoR codes using state-of-the-art tools from coding and complexity theory.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings
Pages109-127
Number of pages19
Volume5444 LNCS
DOIs
StatePublished - 2009
Event6th Theory of Cryptography Conference, TCC 2009 - San Francisco, CA, United States
Duration: Mar 15 2009Mar 17 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5444 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other6th Theory of Cryptography Conference, TCC 2009
CountryUnited States
CitySan Francisco, CA
Period3/15/093/17/09

Fingerprint

Amplification
Hardness
Servers
Audit
Server
Communication
Complexity Theory
Security of data
Communication Complexity
Soundness
Information-theoretic Security
Network protocols
Random Oracle
Coding Theory
Water
Minimise
Generalise

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., Vadhan, S., & Wichs, D. (2009). Proofs of Retrievability via Hardness Amplification. In Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings (Vol. 5444 LNCS, pp. 109-127). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5444 LNCS). https://doi.org/10.1007/978-3-642-00457-5_8

Proofs of Retrievability via Hardness Amplification. / Dodis, Yevgeniy; Vadhan, Salil; Wichs, Daniel.

Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings. Vol. 5444 LNCS 2009. p. 109-127 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5444 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Vadhan, S & Wichs, D 2009, Proofs of Retrievability via Hardness Amplification. in Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings. vol. 5444 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5444 LNCS, pp. 109-127, 6th Theory of Cryptography Conference, TCC 2009, San Francisco, CA, United States, 3/15/09. https://doi.org/10.1007/978-3-642-00457-5_8
Dodis Y, Vadhan S, Wichs D. Proofs of Retrievability via Hardness Amplification. In Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings. Vol. 5444 LNCS. 2009. p. 109-127. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-00457-5_8
Dodis, Yevgeniy ; Vadhan, Salil ; Wichs, Daniel. / Proofs of Retrievability via Hardness Amplification. Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings. Vol. 5444 LNCS 2009. pp. 109-127 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{9a330e0151a5469881caac8f10ed860f,
title = "Proofs of Retrievability via Hardness Amplification",
abstract = "Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client's data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an audit, and even the number of file-blocks accessed by the server during the audit. In this work, we identify several different variants of the problem (such as bounded-use vs. unbounded-use, knowledge-soundness vs. information-soundness), and giving nearly optimal PoR schemes for each of these variants. Our constructions either improve (and generalize) the prior PoR constructions, or give the first known PoR schemes with the required properties. In particular, we Formally prove the security of an (optimized) variant of the bounded-use scheme of Juels and Kaliski [JK07], without making any simplifying assumptions on the behavior of the adversary. Build the first unbounded-use PoR scheme where the communication complexity is linear in the security parameter and which does not rely on Random Oracles, resolving an open question of Shacham and Waters [SW08]. Build the first bounded-use scheme with information-theoretic security. The main insight of our work comes from a simple connection between PoR schemes and the notion of hardness amplification, extensively studied in complexity theory. In particular, our improvements come from first abstracting a purely information-theoretic notion of PoR codes, and then building nearly optimal PoR codes using state-of-the-art tools from coding and complexity theory.",
author = "Yevgeniy Dodis and Salil Vadhan and Daniel Wichs",
year = "2009",
doi = "10.1007/978-3-642-00457-5_8",
language = "English (US)",
isbn = "3642004563",
volume = "5444 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "109--127",
booktitle = "Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings",

}

TY - GEN

T1 - Proofs of Retrievability via Hardness Amplification

AU - Dodis, Yevgeniy

AU - Vadhan, Salil

AU - Wichs, Daniel

PY - 2009

Y1 - 2009

N2 - Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client's data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an audit, and even the number of file-blocks accessed by the server during the audit. In this work, we identify several different variants of the problem (such as bounded-use vs. unbounded-use, knowledge-soundness vs. information-soundness), and giving nearly optimal PoR schemes for each of these variants. Our constructions either improve (and generalize) the prior PoR constructions, or give the first known PoR schemes with the required properties. In particular, we Formally prove the security of an (optimized) variant of the bounded-use scheme of Juels and Kaliski [JK07], without making any simplifying assumptions on the behavior of the adversary. Build the first unbounded-use PoR scheme where the communication complexity is linear in the security parameter and which does not rely on Random Oracles, resolving an open question of Shacham and Waters [SW08]. Build the first bounded-use scheme with information-theoretic security. The main insight of our work comes from a simple connection between PoR schemes and the notion of hardness amplification, extensively studied in complexity theory. In particular, our improvements come from first abstracting a purely information-theoretic notion of PoR codes, and then building nearly optimal PoR codes using state-of-the-art tools from coding and complexity theory.

AB - Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client's data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an audit, and even the number of file-blocks accessed by the server during the audit. In this work, we identify several different variants of the problem (such as bounded-use vs. unbounded-use, knowledge-soundness vs. information-soundness), and giving nearly optimal PoR schemes for each of these variants. Our constructions either improve (and generalize) the prior PoR constructions, or give the first known PoR schemes with the required properties. In particular, we Formally prove the security of an (optimized) variant of the bounded-use scheme of Juels and Kaliski [JK07], without making any simplifying assumptions on the behavior of the adversary. Build the first unbounded-use PoR scheme where the communication complexity is linear in the security parameter and which does not rely on Random Oracles, resolving an open question of Shacham and Waters [SW08]. Build the first bounded-use scheme with information-theoretic security. The main insight of our work comes from a simple connection between PoR schemes and the notion of hardness amplification, extensively studied in complexity theory. In particular, our improvements come from first abstracting a purely information-theoretic notion of PoR codes, and then building nearly optimal PoR codes using state-of-the-art tools from coding and complexity theory.

UR - http://www.scopus.com/inward/record.url?scp=70350681128&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350681128&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-00457-5_8

DO - 10.1007/978-3-642-00457-5_8

M3 - Conference contribution

SN - 3642004563

SN - 9783642004568

VL - 5444 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 109

EP - 127

BT - Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings

ER -