TY - CONF T1 - Practical Dynamic Proofs of Retrievability T2 - CCS '13 Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security Y1 - 2013 A1 - Shi, Elaine A1 - Stefanov, Emil A1 - Charalampos Papamanthou KW - dynamic proofs of retrievability KW - erasure code KW - por AB - Proofs of Retrievability (PoR), proposed by Juels and Kaliski in 2007, enable a client to store n file blocks with a cloud server so that later the server can prove possession of all the data in a very efficient manner (i.e., with constant computation and bandwidth). Although many efficient PoR schemes for static data have been constructed, only two dynamic PoR schemes exist. The scheme by Stefanov et. al. (ACSAC 2012) uses a large of amount of client storage and has a large audit cost. The scheme by Cash (EUROCRYPT 2013) is mostly of theoretical interest, as it employs Oblivious RAM (ORAM) as a black box, leading to increased practical overhead (e.g., it requires about 300 times more bandwidth than our construction). We propose a dynamic PoR scheme with constant client storage whose bandwidth cost is comparable to a Merkle hash tree, thus being very practical. Our construction outperforms the constructions of Stefanov et. al. and Cash et. al., both in theory and in practice. Specifically, for n outsourced blocks of beta bits each, writing a block requires beta+O(lambdalog n) bandwidth and O(betalog n) server computation (lambda is the security parameter). Audits are also very efficient, requiring beta+O(lambda^2log n) bandwidth. We also show how to make our scheme publicly verifiable, providing the first dynamic PoR scheme with such a property. We finally provide a very efficient implementation of our scheme. JA - CCS '13 Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security T3 - CCS '13 PB - ACM SN - 978-1-4503-2477-9 UR - http://doi.acm.org/10.1145/2508859.2516669 ER -