Zero-knowledge proofs of retrievability

  • Yan ZhuEmail author
  • HuaiXi Wang
  • ZeXing Hu
  • Gail-Joon Ahn
  • HongXin HuEmail author
Research Papers


Proof of retrievability (POR) is a technique for ensuring the integrity of data in outsourced storage services. In this paper, we address the construction of POR protocol on the standard model of interactive proof systems. We propose the first interactive POR scheme to prevent the fraudulence of prover and the leakage of verified data. We also give full proofs of soundness and zero-knowledge properties by constructing a polynomialtime rewindable knowledge extractor under the computational Diffie-Hellman assumption. In particular, the verification process of this scheme requires a low, constant amount of overhead, which minimizes communication complexity.


cryptography integrity of outsourced data proofs of retrievability interactive protocol zero-knowledge soundness rewindable knowledge extractor 


  1. 1.
    Juels A, Kaliski-Jr B S. Pors: Proofs of retrievability for large files. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007. Alexandria: ACM, 2007. 584–597CrossRefGoogle Scholar
  2. 2.
    Ateniese G, Burns R C, Curtmola R, et al. Provable data possession at untrusted stores. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007. Alexandria: ACM, 2007. 598–609CrossRefGoogle Scholar
  3. 3.
    Bowers K D, Juels A, Oprea A. Proofs of retrievability: Theory and implementation. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009. Chicago: ACM, 2009. 43–54CrossRefGoogle Scholar
  4. 4.
    Odis Y, Vadhan S P, Wichs D. Proofs of retrievability via hardness amplification. In: Reingold O, ed. Theory of Cryptography, 6th Theory of Cryptography Conference, TCC 2009. Lecture Notes in Computer Science, vol. 5444. San Francisco: Springer-Verlag, 2009. 109–127Google Scholar
  5. 5.
    Wang Q, Wang C, Li J, et al. Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proceedings of the 14th European Symposium on Research in Computer Security, ESORICS 2009. Saint-Malo: Springer-Verlag, 2009. 355–370Google Scholar
  6. 6.
    Shacham H, Waters B. Compact proofs of retrievability. In: Advances in Cryptology — ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security. Melbourne: Springer-Verlag, 2008. 90–107Google Scholar
  7. 7.
    Goldreich O. Foundations of Cryptography: Basic Tools. Volume Basic Tools. Cambridge: Cambridge University Press, 2001Google Scholar
  8. 8.
    Christopher Erway C, Küpü A, Papamanthou C, et al. Dynamic provable data possession. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009. Chicago: ACM, 2009. 213–222CrossRefGoogle Scholar
  9. 9.
    Boneh D, Boyen X, Shacham H. Short group signatures. In: Proceedings of CRYPTO 2004, LNCS series. Santa Barbara: Springer-Verlag, 2004. 41–55Google Scholar
  10. 10.
    Bowers K D, Juels A, Oprea A. Hail: A high-availability and integrity layer for cloud storage. In: ACM Conference on Computer and Communications Security, CCS 2009. Chicago: ACM, 2009. 187–198CrossRefGoogle Scholar
  11. 11.
    Boneh D, Franklin M. Identity-based encryption from the weil pairing. In: Advances in Cryptology (CRYPTO’2001), vol. 2139 of LNCS. Santa Barbara: Springer-Verlag, 2001. 213–229Google Scholar
  12. 12.
    Schnorr C P. Efficient signature generation by smart cards. J Cryptol, 1991, 4: 161–174MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Cramer R, Damgård I D, MacKenzie P D. Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Public Key Cryptography. Melbourne: Springer-Verlag, 2000. 354–373CrossRefGoogle Scholar
  14. 14.
    Barreto P S L M, Galbraith S D, O’Eigeartaigh C, et al. Efficient pairing computation on supersingular abelian varieties. Des Codes Cryptogr, 2007, 42: 239–271MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Beuchat J L, Brisebarre N, Detrey J, et al. Arithmetic operators for pairing-based cryptography. In: Cryptographic Hardware and Embedded Systems — CHES 2007, 9th International Workshop. Vienna: Springer-Verlag, 2007. 239–255CrossRefGoogle Scholar
  16. 16.
    Hu H G, Hu L, Feng D G. On a class of pseudorandom sequences from elliptic curves over finite fields. IEEE Trans Inf Theory, 2007, 53: 2598–2605MathSciNetCrossRefGoogle Scholar

Copyright information

© Science China Press and Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.Institute of Computer Science and TechnologyPeking UniversityBeijingChina
  2. 2.Beijing Key Laboratory of Internet Security TechnologyPeking UniversityBeijingChina
  3. 3.School of Mathematical SciencesPeking UniversityBeijingChina
  4. 4.School of Computing, Informatics, and Decision Systems EngineeringArizona State UniversityTempeUSA

Personalised recommendations