Cryptology ePrint Archive: Report 2008/432

Dynamic Provable Data Possession

C. Chris Erway and Alptekin Kupcu and Charalampos Papamanthou and Roberto Tamassia

Abstract: As storage-outsourcing services and resource-sharing networks have become popular, the problem of efficiently proving the integrity of data stored at untrusted servers has received increased attention. In the provable data possession (PDP) model, the client pre-processes the data and then sends it to an untrusted server for storage, while keeping a small amount of meta-data. The client later asks the server to prove that the stored data has not been tampered with or deleted (without downloading the actual data). However, the original PDP scheme applies only to static (or append-only) files.

We present a definitional framework and efficient constructions for dynamic provable data possession (DPDP), which extends the PDP model to support provable updates to stored data. We use a new version of authenticated dictionaries based on rank information. The price of dynamic updates is a performance change from $O(1)$ to $O(\log{n})$ (or $O(n^{\epsilon}\log n)$), for a file consisting of $n$ blocks, while maintaining the same (or better, respectively) probability of misbehavior detection. Our experiments show that this slowdown is very low in practice (e.g., 415KB proof size and 30ms computational overhead for a 1GB file). We also show how to apply our DPDP scheme to outsourced file systems and version control systems (e.g., CVS).

Category / Keywords: cryptographic protocols / outsourced storage, authenticated dictionary, authenticated data structures, RSA tree, file system, version control system, untrusted storage, provable data possession, skip list, proof of retrievability, integrity checking

Publication Info: CCS 2009

Date: received 6 Oct 2008, last revised 29 Nov 2009

Contact author: kupcu at cs brown edu

Available format(s): PDF | BibTeX Citation

Note: This is the full version of CCS 2009 paper with the same title.

Version: 20091130:045556 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]