Proofs of Storage from Homomorphic Identification Protocols

  • Giuseppe Ateniese
  • Seny Kamara
  • Jonathan Katz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)


Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where ‘tags’ on multiple messages can be homomorphically combined to yield a ‘tag’ on any linear combination of these messages.

We provide a framework for building public-key HLAs from any identification protocol satisfying certain homomorphic properties. We then show how to turn any public-key HLA into a publicly-verifiable PoS with communication complexity independent of the file length and supporting an unbounded number of verifications. We illustrate the use of our transformations by applying them to a variant of an identification protocol by Shoup, thus obtaining the first unbounded-use PoS based on factoring (in the random oracle model).


Authentication Scheme Communication Complexity Random Oracle Security Parameter Probabilistic Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: ACM Conference on Computer and Communications Security. ACM, New York (2007)Google Scholar
  2. 2.
    Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proc. 4th Intl. Conf. on Security and Privacy in Communication Netowrks (SecureComm 2008), pp. 1–10. ACM, New York (2008)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)Google Scholar
  4. 4.
    Bowers, K., Juels, A., Oprea, A.: Proofs of retrievability: Theory and implementation. Technical Report 2008/175, Cryptology ePrint Archive (2008)Google Scholar
  5. 5.
    Dodis, Y., Vadhan, S., Wichs, D.: Proofs of retrievability via hardness amplification. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 109–127. Springer, Heidelberg (2009)Google Scholar
  6. 6.
    Erway, C., Papamanthou, C., Kupcu, A., Tamassia, R.: Dynamic provable data possession. In: ACM Conf. on Computer and Communications Security (to appear, 2009). Available as Cryptology ePrint Archive, Report 2008/432Google Scholar
  7. 7.
    Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. J. Cryptology 1(2), 77–94 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptology 9(3), 167–190 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Groth, J.: A verifiable secret shuffle of homomorphic encryptions. Technical Report 2005/246, IACR ePrint Cryptography Archive (2005)Google Scholar
  10. 10.
    Guillou, L., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)Google Scholar
  11. 11.
    Juels, A., Kaliski, B.: PORs: Proofs of retrievability for large files. In: ACM Conference on Computer and Communications Security. ACM, New York (2007)Google Scholar
  12. 12.
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. J. Cryptology 16(3), 143–184 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Naor, M., Rothblum, G.: The complexity of online memory checking. In: IEEE Symposium on Foundations of Computer Science, pp. 573–584. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  14. 14.
    Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008), Full version CrossRefGoogle Scholar
  15. 15.
    Shoup, V.: On the security of a practical identification scheme. J. Cryptology 12(4), 247–260 (1999)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Seny Kamara
    • 2
  • Jonathan Katz
    • 3
  1. 1.The Johns Hopkins University 
  2. 2.Microsoft Research 
  3. 3.University of Maryland 

Personalised recommendations