PCPOR: Public and constant-cost proofs of retrievability in cloud

For data storage outsourcing services, it is important to allow users to efficiently and securely verify that cloud storage servers store their data correctly. To address this issue, a number of Proof of Retrievability (POR) and Proof of Data Possession (PDP) schemes have been proposed wherein servers must prove to a verifier that data are stored correctly. While existing POR and PDP schemes offer decent solutions addressing various practical issues, they either have non-trivial (linear or quadratic) communication and computational complexity, or only consider private verification. In this paper, we propose the first POR scheme with public verifiability, constant communication and computational costs on users. In our scheme, messages exchanged between cloud servers and users are composed of a constant number of group elements and random numbers; computational tasks required on users are also constant; batch auditing of multiple tasks is also efficiently supported. We achieved these by a unique design based on our novel polynomial-based authenticators. Extensive experiments on Amazon EC2 cloud and different client devices (contemporary and mobile devices) show that our design allows a user to audit the integrity of a file of any size with a constant computational cost of 150ms on PC (2.11s on mobile device) and a communication cost of 2.34KB for 99% error detection probability when employing an erasure coding with 1% fault tolerance rate. We prove the security of our scheme based on the Computational Diffie-Hellman problem, the t-Strong Diffie-Hellman problem and the Static Diffie-Hellman problem.