Skip to main content

Proofs of Retrievability via Hardness Amplification

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5444)


Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to store a file F on an untrusted server, and later run an efficient audit protocol in which the server proves that it (still) possesses the client’s data. Constructions of PoR schemes attempt to minimize the client and server storage, the communication complexity of an audit, and even the number of file-blocks accessed by the server during the audit. In this work, we identify several different variants of the problem (such as bounded-use vs. unbounded-use, knowledge-soundness vs. information-soundness), and giving nearly optimal PoR schemes for each of these variants. Our constructions either improve (and generalize) the prior PoR constructions, or give the first known PoR schemes with the required properties. In particular, we

  • Formally prove the security of an (optimized) variant of the bounded-use scheme of Juels and Kaliski [JK07], without making any simplifying assumptions on the behavior of the adversary.

  • Build the first unbounded-use PoR scheme where the communication complexity is linear in the security parameter and which does not rely on Random Oracles, resolving an open question of Shacham and Waters [SW08].

  • Build the first bounded-use scheme with information-theoretic security.

The main insight of our work comes from a simple connection between PoR schemes and the notion of hardness amplification, extensively studied in complexity theory. In particular, our improvements come from first abstracting a purely information-theoretic notion of PoR codes, and then building nearly optimal PoR codes using state-of-the-art tools from coding and complexity theory.


  • Random Oracle
  • Server Storage
  • Security Parameter
  • Response Size
  • Time Poly

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The original version of the book was revised: The copyright line was incorrect. The Erratum to the book is available at DOI: 10.1007/978-3-642-00457-5_36


  1. Ateniese, G., Burns, R.C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z.N.J., Song, D.X.: Provable data possession at untrusted stores. In: Ning, et al. (eds.) NdVS 2007, pp. 598–609 (2007)

    Google Scholar 

  2. Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: Theory and implementation. Cryptology ePrint Archive, Report 2008/175 (2008),

  3. Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification (full version). Cryptology ePrint Archive (2009),

  4. Goldreich, O., Nisan, N., Wigderson, A.: On yao’s xor-lemma. Electronic Colloquium on Computational Complexity (ECCC) 2(50) (1995)

    Google Scholar 

  5. Goldreich, O.: A sample of samplers - a computational perspective on sampling (survey). Electronic Colloquium on Computational Complexity (ECCC) 4(20) (1997)

    Google Scholar 

  6. Impagliazzo, R., Jaiswal, R., Kabanets, V.: Approximately list-decoding direct product codes and uniform hardness amplification. In: FOCS, pp. 187–196. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  7. Impagliazzo, R., Jaiswal, R., Kabanets, V., Wigderson, A.: Uniform direct product theorems: simplified, optimized, and derandomized. In: Ladner, R.E., Dwork, C. (eds.) STOC, pp. 579–588. ACM, New York (2008)

    Google Scholar 

  8. Impagliazzo, R.: Hard-core distributions for somewhat hard problems. In: FOCS, pp. 538–545 (1995)

    Google Scholar 

  9. Impagliazzo, R., Wigderson, A.: P = BPP if EXP requires exponential circuits: Derandomizing the xor lemma. In: STOC, pp. 220–229 (1997)

    Google Scholar 

  10. Juels, A., Kaliski, B.S.: Pors: proofs of retrievability for large files. In: Ning, et al. (eds.) NdVS 2007, pp. 584–597 (2007)

    Google Scholar 

  11. Levin, L.A.: One-way functions and pseudorandom generators. Combinatorica 7(4), 357–363 (1987)

    Google Scholar 

  12. Ning, P., De Capitani di Vimercati, S., Syverson, P.F.: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007. ACM, New York (2007)

    Google Scholar 

  13. Naor, M., Rothblum, G.N.: The complexity of online memory checking. In: FOCS, pp. 573–584 (2005)

    Google Scholar 

  14. Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  15. Trevisan, L.: List-decoding using the xor lemma. In: FOCS, pp. 126–135. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  16. Chi-Chih Yao, A.: Theory and applications of trapdoor functions (extended abstract). In: FOCS, pp. 80–91. IEEE, Los Alamitos (1982)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dodis, Y., Vadhan, S., Wichs, D. (2009). Proofs of Retrievability via Hardness Amplification. In: Reingold, O. (eds) Theory of Cryptography. TCC 2009. Lecture Notes in Computer Science, vol 5444. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00456-8

  • Online ISBN: 978-3-642-00457-5

  • eBook Packages: Computer ScienceComputer Science (R0)