We argue that in such a case, both the client and the server should be able to contact an official court, providing cryptographic proofs, so that the Judge can resolve this dispute. We show that this property is stronger than what has been known as public veriability in the sense that official arbitration should handle a malicious client as well. We clearly show this formalization difference, and then present multiple schemes that work for various static and dynamic storage solutions in a generic way. We implement our schemes and show that they are very efficient, diminishing the validity of arguments against their use, where the overhead for adding the ability to resolve such disputes at a court is only 2 ms and 80 bytes for each update on the stored data, using standard desktop hardware.
Finally, we note that disputes may arise in many other situations, such as when two parties exchange items (e.g., e-commerce) or agree on something (e.g., contract-signing). We show that it is easy to extend our official arbitration protocols for a general case, including dynamic authenticated data structures.Category / Keywords: cryptographic protocols / fair exchange,applications,electronic commerce and payment,cloud storage Date: received 16 May 2012, last revised 6 Mar 2013 Contact author: akupcu at ku edu tr Available format(s): PDF | BibTeX Citation Note: This paper provides stronger guarantees than "public verifiability" in cloud storage systems, and is applicable in general to almost any such system. Version: 20130306:153719 (All versions of this report) Short URL: ia.cr/2012/276 Discussion forum: Show discussion | Start new discussion