Proofs of Retrievability via Hardness Amplification

  • Yevgeniy Dodis
  • Salil Vadhan
  • Daniel Wichs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5444)


Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client’s data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an audit, and even the number of file-blocks accessed by the server during the audit. In this work, we identify several different variants of the problem (such as bounded-use vs. unbounded-use, knowledge-soundness vs. information-soundness), and giving nearly optimal PoR schemes for each of these variants. Our constructions either improve (and generalize) the prior PoR constructions, or give the first known PoR schemes with the required properties. In particular, we

  • Formally prove the security of an (optimized) variant of the bounded-use scheme of Juels and Kaliski [JK07], without making any simplifying assumptions on the behavior of the adversary.

  • Build the first unbounded-use PoR scheme where the communication complexity is linear in the security parameter and which does not rely on Random Oracles, resolving an open question of Shacham and Waters [SW08].

  • Build the first bounded-use scheme with information-theoretic security.

The main insight of our work comes from a simple connection between PoR schemes and the notion of hardness amplification, extensively studied in complexity theory. In particular, our improvements come from first abstracting a purely information-theoretic notion of PoR codes, and then building nearly optimal PoR codes using state-of-the-art tools from coding and complexity theory.


Random Oracle Server Storage Security Parameter Response Size Time Poly 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ABC+07]
    Ateniese, G., Burns, R.C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z.N.J., Song, D.X.: Provable data possession at untrusted stores. In: Ning, et al. (eds.) NdVS 2007, pp. 598–609 (2007)Google Scholar
  2. [BJO08]
    Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: Theory and implementation. Cryptology ePrint Archive, Report 2008/175 (2008),
  3. [DVW09]
    Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification (full version). Cryptology ePrint Archive (2009),
  4. [GNW95]
    Goldreich, O., Nisan, N., Wigderson, A.: On yao’s xor-lemma. Electronic Colloquium on Computational Complexity (ECCC) 2(50) (1995)Google Scholar
  5. [Gol97]
    Goldreich, O.: A sample of samplers - a computational perspective on sampling (survey). Electronic Colloquium on Computational Complexity (ECCC) 4(20) (1997)Google Scholar
  6. [IJK06]
    Impagliazzo, R., Jaiswal, R., Kabanets, V.: Approximately list-decoding direct product codes and uniform hardness amplification. In: FOCS, pp. 187–196. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  7. [IJKW08]
    Impagliazzo, R., Jaiswal, R., Kabanets, V., Wigderson, A.: Uniform direct product theorems: simplified, optimized, and derandomized. In: Ladner, R.E., Dwork, C. (eds.) STOC, pp. 579–588. ACM, New York (2008)Google Scholar
  8. [Imp95]
    Impagliazzo, R.: Hard-core distributions for somewhat hard problems. In: FOCS, pp. 538–545 (1995)Google Scholar
  9. [IW97]
    Impagliazzo, R., Wigderson, A.: P = BPP if EXP requires exponential circuits: Derandomizing the xor lemma. In: STOC, pp. 220–229 (1997)Google Scholar
  10. [JK07]
    Juels, A., Kaliski, B.S.: Pors: proofs of retrievability for large files. In: Ning, et al. (eds.) NdVS 2007, pp. 584–597 (2007)Google Scholar
  11. [Lev87]
    Levin, L.A.: One-way functions and pseudorandom generators. Combinatorica 7(4), 357–363 (1987)Google Scholar
  12. [NdVS07]
    Ning, P., De Capitani di Vimercati, S., Syverson, P.F.: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007. ACM, New York (2007)Google Scholar
  13. [NR05]
    Naor, M., Rothblum, G.N.: The complexity of online memory checking. In: FOCS, pp. 573–584 (2005)Google Scholar
  14. [SW08]
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. [Tre03]
    Trevisan, L.: List-decoding using the xor lemma. In: FOCS, pp. 126–135. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  16. [Yao82]
    Chi-Chih Yao, A.: Theory and applications of trapdoor functions (extended abstract). In: FOCS, pp. 80–91. IEEE, Los Alamitos (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Salil Vadhan
    • 2
  • Daniel Wichs
    • 1
  1. 1.Department of Computer ScienceNew York UniversityUSA
  2. 2.Harvard School of Engineering & Applied Sciences and Center for Research on Computation and SocietyCambridge

Personalised recommendations