We present two provably-secure $\pdp$ schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of $\pdp$ and reveal that the performance of $\pdp$ is bounded by disk I/O and not by cryptographic computation.
Category / Keywords: cryptographic protocols / Publication Info: Full version of the ACM CCS 2007 paper. Date: received 29 May 2007, last revised 7 Dec 2007 Contact author: ateniese at cs jhu edu Available format(s): PDF | BibTeX Citation Note: December 7, 2007: Added important references and fixed some typos.
October 12, 2007: We corrected a bug in the proof in which we erroneously assumed that the GCD of two parameters was 1 with overwhelming probability. The fix affects only the public verifiability feature of our main scheme but we now show how to achieve it by simply restricting the size of file blocks. See the Note at the end of the Introduction.Version: 20071207:210614 (All versions of this report) Short URL: ia.cr/2007/202 Discussion forum: Show discussion | Start new discussion