Proofs of Storage from Homomorphic Identification Protocols

  • Giuseppe Ateniese
  • Seny Kamara
  • Jonathan Katz
Conference paper

DOI: 10.1007/978-3-642-10366-7_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)
Cite this paper as:
Ateniese G., Kamara S., Katz J. (2009) Proofs of Storage from Homomorphic Identification Protocols. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg


Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where ‘tags’ on multiple messages can be homomorphically combined to yield a ‘tag’ on any linear combination of these messages.

We provide a framework for building public-key HLAs from any identification protocol satisfying certain homomorphic properties. We then show how to turn any public-key HLA into a publicly-verifiable PoS with communication complexity independent of the file length and supporting an unbounded number of verifications. We illustrate the use of our transformations by applying them to a variant of an identification protocol by Shoup, thus obtaining the first unbounded-use PoS based on factoring (in the random oracle model).

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Seny Kamara
    • 2
  • Jonathan Katz
    • 3
  1. 1.The Johns Hopkins University 
  2. 2.Microsoft Research 
  3. 3.University of Maryland 

Personalised recommendations