Accountable Storage

  • Giuseppe Ateniese
  • Michael T. Goodrich
  • Vassilios Lekakis
  • Charalampos Papamanthou
  • Evripidis ParaskevasEmail author
  • Roberto Tamassia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)


We introduce Accountable Storage (AS), a framework enabling a client to outsource n file blocks to a server while being able (any time after outsourcing) to provably compute how many bits were discarded or corrupted by the server. Existing techniques (e.g., proofs of data possession or storage) can address the accountable storage problem, with linear server computation and bandwidth. Instead, our optimized protocols achieve \(O(\delta \log n)\) complexity (where \(\delta \) is the maximum number of corrupted blocks that can be tolerated) through the novel use of invertible Bloom filters and a new primitive called proofs of partial storage. With accountable storage, a client can be compensated with a dollar amount proportional to the number d of corrupted bits (that he can now provably compute). We integrate our protocol with Bitcoin, supporting automatic such compensations. Our implementation is open-source and shows our protocols perform well in practice.



Research supported in part by an NSF CAREER award CNS-1652259, NSF grants CNS-1525044, CNS-1526950, CNS-1228639 and CNS-1526631, a NIST award and by the Defense Advanced Research Projects Agency (DARPA) under agreement no. AFRL FA8750-15-2-0092. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government.


  1. 1.
    Ethereum: A platform for decentralized applications.
  2. 2.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: IEEE SSP (2014)Google Scholar
  3. 3.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: ACM CCS (2007)Google Scholar
  4. 4.
    Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: SecureComm (2008)Google Scholar
  5. 5.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993). doi: 10.1007/3-540-48071-4_28 CrossRefGoogle Scholar
  6. 6.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_6 CrossRefGoogle Scholar
  7. 7.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Comm. ACM 13, 422–426 (1970)CrossRefzbMATHGoogle Scholar
  8. 8.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000). doi: 10.1007/3-540-44598-6_15 CrossRefGoogle Scholar
  9. 9.
    Carter, I.L., Wegman, M.N.: Universal classes of hash functions. In: ACM STOC (1977)Google Scholar
  10. 10.
    Cash, D., Küpçü, A., Wichs, D.: Dynamic proofs of retrievability via oblivious RAM. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 279–295. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_17 CrossRefGoogle Scholar
  11. 11.
    Curtmola, R., Khan, O., Burns, R.C., Ateniese, G.: MR-PDP: multiple-replica provable data possession. In: ICDCS (2008)Google Scholar
  12. 12.
    Eppstein, D., Goodrich, M.T., Uyeda, F., Varghese, G.: What’s the difference? Efficient set reconciliation without prior context. In: SIGCOMM (2011)Google Scholar
  13. 13.
    Erway, C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: ACM CCS (2009)Google Scholar
  14. 14.
    Frederiksen, T.K., Jakobsen, T.P., Nielsen, J.B., Nordholt, P.S., Orlandi, C.: MiniLEGO: efficient secure two-party computation from general assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 537–556. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_32 CrossRefGoogle Scholar
  15. 15.
    Goodrich, M.T., Mitzenmacher, M.: Invertible Bloom Lookup Tables. ArXiv e-prints, January 2011Google Scholar
  16. 16.
    Google. Google protocol buffers.
  17. 17.
    Van Horsen, C.: Gmpy2: Mupltiple-precision arithmetic for python.
  18. 18.
    Jarecki, S., Shmatikov, V.: Efficient two-party secure computation on committed inputs. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 97–114. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_6 CrossRefGoogle Scholar
  19. 19.
    Juels, A., Kaliski Jr. B.S.: PORs: proofs of retrievability for large files. In: ACM CCS (2007)Google Scholar
  20. 20.
    Lindell, Y., Pinkas, B.: An efficient protocol for secure two-party computation in the presence of malicious adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_4 CrossRefGoogle Scholar
  21. 21.
    Litzenberger, D.C.: Pycrypto - the python cryptography toolkit.
  22. 22.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Fair two-party computations via the bitcoin deposits. In: FC (2014)Google Scholar
  23. 23.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system.
  24. 24.
    Nielsen, J.B., Orlandi, C.: LEGO for two-party secure computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_22 CrossRefGoogle Scholar
  25. 25.
    Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: IEEE SSP (2013)Google Scholar
  26. 26.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-89255-7_7 CrossRefGoogle Scholar
  27. 27.
    Shi, E., Stefanov, E., Papamanthou, C.: Practical dynamic proofs of retrievability. In: ACM CCS (2013)Google Scholar
  28. 28.
    Stefanov, E., van Dijk, M., Oprea, A., Juels, A.: Iris: a scalable cloud file system with efficient integrity checks. In: ACSAC (2012)Google Scholar
  29. 29.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 355–370. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04444-1_22 CrossRefGoogle Scholar
  30. 30.
    Woodruff, D.P.: Revisiting the efficiency of malicious two-party computation. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 79–96. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_5 CrossRefGoogle Scholar
  31. 31.
    Yao, A.C.-C.: How to generate and exchange secrets. In: SFCS (1986)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Michael T. Goodrich
    • 2
  • Vassilios Lekakis
    • 3
  • Charalampos Papamanthou
    • 5
  • Evripidis Paraskevas
    • 5
    Email author
  • Roberto Tamassia
    • 4
  1. 1.Department of Computer ScienceStevens Institute of TechnologyHobokenUSA
  2. 2.Department of Computer ScienceUniversity of CaliforniaIrvineUSA
  3. 3.Department of Computer ScienceUniversity of MarylandCollege ParkUSA
  4. 4.Department of Computer ScienceBrown UniversityProvidenceUSA
  5. 5.Department of Electrical and Computer EngineeringUniversity of MarylandCollege ParkUSA

Personalised recommendations