International Association
for Cryptologic Research

Entangled cloud storage enables a set of clients {P_i} to \"entangle\" their files {f_i} into a single clew c to be stored by a (potentially malicious) cloud provider S. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files in c. A clew keeps the files in it private but still lets each client P_i recover his own data by interacting with S; no cooperation from other clients is needed. At the same time, the cloud provider is

discouraged from altering or overwriting any significant part of c as this will imply that none of the clients can recover their files.

We provide theoretical foundations for entangled cloud storage, introducing the notion of an entangled encoding scheme that guarantees strong security requirements capturing the properties above. We also give a concrete construction based on privacy-preserving polynomial interpolation, along with protocols for using the encoding scheme in practice.

Protocols for cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, catch a malicious server \"after-the-fact\", meaning that the server needs to be challenged regularly to provide evidence that the clients\' files are stored at a given time.

Entangled storage makes all clients equal and with the same rights: It makes it financially inconvenient for a cloud provider to alter specific files and exclude certain \"average\" customers, since doing so would undermine all customers in the system, even those considered \"important\" and, thus, profitable. Therefore, entangled storage schemes offer security \"before-the-fact\".