International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

PORs: Proofs of Retrievability for Large Files

Authors:
Ari Juels
Burton S. Kaliski Jr.
Download:
URL: http://eprint.iacr.org/2007/243
Search ePrint
Search Google
Abstract: In this paper, we define and explore the notion of a _proof of retrievability_ (POR). A POR enables an archive or back-up service (prover) to demonstrate to a user (verifier) that it has ``possession'' of a file F, that is, that the archive retains data sufficient for the user to retrieve F in its entirety. A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a _large_ file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of $F$. In addition, in a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition. We view PORs as an important tool for the management of semi-trusted online archives. Existing cryptographic tools help users ensure the privacy and integrity of their files once they are retrieved. It is also natural, however, for users to want to verify that archives do not delete or modify files while they are stored. The goal of a POR is to accomplish these checks {\em without users having to download the files themselves}. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.
BibTeX
@misc{eprint-2007-13524,
  title={PORs: Proofs of Retrievability for Large Files},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  url={http://eprint.iacr.org/2007/243},
  note={ ajuels@rsa.com 13825 received 18 Jun 2007, withdrawn 8 Nov 2007},
  author={Ari Juels and Burton S. Kaliski Jr.},
  year=2007
}