Efficient Simultaneous Privately and Publicly Verifiable Robust Provable Data Possession from Elliptic Curves

Christian Hanser, Daniel Slamanig


When outsourcing large sets of data to the cloud, it is desirable for clients to efficiently check, whether all outsourced data is still retrievable at any later point in time without requiring to download all of it. Provable data possession (PDP)/proofs of retrievability (PoR), for which various constructions exist, are concepts to solve this issue. Interestingly, by now, no PDP/PoR scheme leading to an efficient construction supporting both private and public verifiability simultaneously is known. In particular, this means that up to now all PDP/PoR schemes either allow public or private verifiability exclusively, since different setup procedures and metadata sets are required. However, supporting both variants simultaneously seems interesting, as publicly verifiable schemes are far less efficient than privately verifiable ones. In this paper, we propose the first simultaneous privately and publicly verifiable (robust) PDP protocol, which allows the data owner to use the more efficient private verification and anyone else to run the public verification algorithm. Our construction, which is based on elliptic curves, achieves this, as it uses the same setup procedure and the same metadata set for private and public verifiability. We provide a rigorous security analysis and prove our construction secure in the random oracle model under the assumption that the elliptic curve discrete logarithm problem is intractable. We give detailed comparisons with the most efficient existing approaches for either private or public verifiability with our proposed scheme in terms of storage and communication overhead, as well as computational effort for the client and the server. Our analysis shows that for choices of parameters, which are relevant for practical applications, our construction outperforms all existing privately and publicly verifiable schemes significantly. This means, that even when our construction is used for either private or public verifiability alone, it still outperforms the most efficient constructions known, which is particularly appealing in the public verifiability setting.


  1. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Khan, O., Kissner, L., Peterson, Z., and Song, D. (2011). Remote data checking using provable data possession. ACM Trans. Inf. Syst. Secur., 14(1):12:1-12:34.
  2. Ateniese, G., Burns, R. C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z. N. J., and Song, D. X. (2007). Provable data possession at untrusted stores. In ACM CCS, pages 598-609.
  3. Ateniese, G., Kamara, S., and Katz, J. (2009). Proofs of storage from homomorphic identification protocols. In ASIACRYPT, pages 319-333.
  4. Ateniese, G., Pietro, R. D., Mancini, L. V., and Tsudik, G. (2008). Scalable and efficient provable data possession. In SecureComm 2008.
  5. Barker, E., Barker, W., Burr, W., Polk, W., and Smid, M. (2007). NIST SP800-57: Recommendation for Key Management Part 1: General(Revised). Technical report.
  6. Boneh, D., Lynn, B., and Shacham, H. (2001). Short signatures from the weil pairing. In ASIACRYPT, pages 514-532.
  7. Bowers, K. D., Juels, A., and Oprea, A. (2009). Proofs of retrievability: theory and implementation. In CCSW, pages 43-54.
  8. Cash, D., Küpc¸ ü, A., and Wichs, D. (2013). Dynamic Proofs of Retrievability via Oblivious RAM. In EUROCRYPT 2013, LNCS. Springer.
  9. Chatterjee, S. and Menezes, A. (2011). On cryptographic protocols employing asymmetric pairings - the role of ? revisited. Discrete Applied Mathematics, 159(13):1311-1322.
  10. Chen, B. and Curtmola, R. (2012). Robust dynamic provable data possession. In ICDCS Workshops, pages 515-525.
  11. Cloud Outages (2011). http://www.crn.com/slide-shows/ cloud/231000954/the-10-biggest-cloud-outages-of2011-so-far.htm.
  12. Curtmola, R., Khan, O., Burns, R. C., and Ateniese, G. (2008). Mr-pdp: Multiple-replica provable data possession. In ICDCS 2008, pages 411-420.
  13. Dodis, Y., Vadhan, S. P., and Wichs, D. (2009). Proofs of retrievability via hardness amplification. In TCC, pages 109-127.
  14. Erway, C. C., Küpc¸ ü, A., Papamanthou, C., and Tamassia, R. (2009). Dynamic provable data possession. In CCS, pages 213-222.
  15. Goldreich, O. (1997). A sample of samplers - a computational perspective on sampling (survey). ECCC, 4(20).
  16. Hankerson, D., Menezes, A. J., and Vanstone, S. (2003). Guide to Elliptic Curve Cryptography. SpringerVerlag New York, Inc., Secaucus, NJ, USA.
  17. Icart, T. (2009). How to hash into elliptic curves. In CRYPTO, pages 303-316.
  18. Juels, A. and S. Kaliski Jr., B. (2007). Pors: proofs of retrievability for large files. In ACM CCS, pages 584- 597.
  19. Miyaji, Nakabayashi, and Takano (2001). New Explicit Conditions of Elliptic Curve Traces for FRReduction. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems.
  20. Paterson, M. B., Stinson, D. R., and Upadhyay, J. (2012). A coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage. Cryptology ePrint Archive, Report 2012/611. http://eprint.iacr.org/.
  21. Reed, I. and Solomon, G. (1960). Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8(2):300-304.
  22. Shacham, H. and Waters, B. (2008). Compact proofs of retrievability. In ASIACRYPT, pages 90-107.
  23. Silverman, J. (1986). The Arithmetic of Elliptic Curves, volume 106 of Graduate Texts in Mathematics. Springer.
  24. Slamanig, D. and Hanser, C. (2012). On Cloud Storage and the Cloud of Clouds Approach. In ICITST-2012, pages 649 - 655. IEEE.
  25. Wang, C., Chow, S. S. M., Wang, Q., Ren, K., and Lou, W. (2013). Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Computers, 62(2):362- 375.
  26. Xu, J. and Chang, E.-C. (2012). Towards efficient proofs of retrievability. In AsiaCCS. ACM.
  27. Yuan, J. and Yu, S. (2013). Proofs of retrievability with public verifiability and constant communication cost in cloud. In International Workshop on Security in Cloud Computing. ACM.
  28. Zhang, Y. and Blanton, M. (2013). Efficient dynamic provable possession of remote data via balanced update trees. In AsiaCCS, pages 183-194. ACM.
  29. Zhu, Y., Hu, H., Ahn, G.-J., and Yu, M. (2012). Cooperative provable data possession for integrity verification in multicloud storage. IEEE Trans. Parallel Distrib. Syst., 23(12):2231-2244.

Paper Citation

in Harvard Style

Hanser C. and Slamanig D. (2013). Efficient Simultaneous Privately and Publicly Verifiable Robust Provable Data Possession from Elliptic Curves . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 15-26. DOI: 10.5220/0004496300150026

in Bibtex Style

author={Christian Hanser and Daniel Slamanig},
title={Efficient Simultaneous Privately and Publicly Verifiable Robust Provable Data Possession from Elliptic Curves},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},

in EndNote Style

JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Efficient Simultaneous Privately and Publicly Verifiable Robust Provable Data Possession from Elliptic Curves
SN - 978-989-8565-73-0
AU - Hanser C.
AU - Slamanig D.
PY - 2013
SP - 15
EP - 26
DO - 10.5220/0004496300150026