A Multiple-Server Efficient Reusable Proof Of Data Possesion From Private Information Retrieval Techniques

A proof of Data Possession (PDP) allows a client to verify that a remote server is still in possession of a file entrusted to it. One way to design a PDP, is to compute a function depending on a secret and the file. Then, during the verification stage, the client reveals the secret input to the server who recomputes the function and sends the output back to the client. The client can then compare both values to determine if the server is still in possession of the file. The problem with this approach is that once the server knows the secret, it is not useful anymore. In this article, we present two PDP schemes inspired in Multiple-Server Private Information Retrieval (MSPIR) protocols. In a traditional MSPIR protocol, the goal is to retrieve a given block of the file from a group of servers storing identical copies of it, without telling the servers what block was retrieved. In contrast, our goal is to let servers evaluate a function using an input that is not revealed to them. We show that our constructions are secure, practical and that they can complement existing approaches in storage architectures using multiple cloud providers. The amount of transmitted information during the verification stage of the protocols is proportional to the square root of the length of the file.