{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T05:00:02Z","timestamp":1764997202114,"version":"3.46.0"},"reference-count":21,"publisher":"Walter de Gruyter GmbH","issue":"4","license":[{"start":{"date-parts":[[2018,9,20]],"date-time":"2018-09-20T00:00:00Z","timestamp":1537401600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,12,1]]},"abstract":"Abstract<\/jats:title>\n \n There has been considerable recent interest in \u201ccloud storage\u201d wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover the file given any \u201cproving algorithm\u201d that has a sufficiently high success probability. This forms the basis of\n proof-of-retrievability<\/jats:italic>\n (PoR) systems.\nIn this paper, we study multiple server PoR systems. We formalize security definitions for two possible scenarios:\n(i) A threshold of servers succeeds with high enough probability (worst case), and (ii) the average of the success probability of all the servers is above a threshold (average case).\nWe also motivate the study of confidentiality of the outsourced message. We give MPoR schemes which are secure under both these security definitions and provide reasonable confidentiality guarantees even when there is no restriction on the computational power of the servers. We also show how classical statistical techniques previously used by us can be extended to evaluate whether the responses of the provers are accurate enough to permit successful extraction.\nWe also look at one specific instantiation of our construction when instantiated with the unconditionally secure version of the Shacham\u2013Waters scheme.\nThis scheme gives reasonable security and privacy guarantee. We show that, in the multi-server setting with computationally unbounded provers, one can overcome the limitation that the verifier needs to store as much secret information as the provers.\n <\/jats:p>","DOI":"10.1515\/jmc-2018-0012","type":"journal-article","created":{"date-parts":[[2018,9,20]],"date-time":"2018-09-20T05:02:42Z","timestamp":1537419762000},"page":"203-220","source":"Crossref","is-referenced-by-count":15,"title":["Multi-prover proof of retrievability"],"prefix":"10.1515","volume":"12","author":[{"given":"Maura B.","family":"Paterson","sequence":"first","affiliation":[{"name":"Department of Economics, Mathematics and Statistics , Birkbeck, University of London , Malet Street , London WC1E 7HX , United Kingdom"}]},{"given":"Douglas R.","family":"Stinson","sequence":"additional","affiliation":[{"name":"David R. Cheriton School of Computer Science , University of Waterloo , Waterloo , ON, N2L 3G1 , Canada"}]},{"given":"Jalaj","family":"Upadhyay","sequence":"additional","affiliation":[{"name":"Department of Computer Science , Johns Hopkins University , Baltimore , MD 21201 , USA"}]}],"member":"374","published-online":{"date-parts":[[2018,9,20]]},"reference":[{"key":"2025120600245242343_j_jmc-2018-0012_ref_001_w2aab3b7b3b1b6b1ab1b9b1Aa","doi-asserted-by":"crossref","unstructured":"G. Ateniese, R. C. Burns, R. Curtmola, J. Herring, O. Khan, L. Kissner, Z. N. J. Peterson and D. Song,\nRemote data checking using provable data possession,\nACM Trans. Inform. Sys. Security 14 (2011), Paper No. 12.","DOI":"10.1145\/1952982.1952994"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_002_w2aab3b7b3b1b6b1ab1b9b2Aa","doi-asserted-by":"crossref","unstructured":"G. Ateniese, R. C. Burns, R. Curtmola, J. Herring, L. Kissner, Z. N. J. Peterson and D. X. Song,\nProvable data possession at untrusted stores,\nProceedings of the 14th ACM Conference on Computer and Communications Security,\nACM, New York (2007), 598\u2013609.","DOI":"10.1145\/1315245.1315318"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_003_w2aab3b7b3b1b6b1ab1b9b3Aa","unstructured":"G. Ateniese, \u00d6. Dagdelen, I. Damg\u00e5rd and D. Venturi,\nEntangled cloud storage,\nIACR Cryptology ePrint Archive (2012), https:\/\/eprint.iacr.org\/2012\/511.pdf."},{"key":"2025120600245242343_j_jmc-2018-0012_ref_004_w2aab3b7b3b1b6b1ab1b9b4Aa","doi-asserted-by":"crossref","unstructured":"G. Ateniese, R. Di Pietro, L. V. Mancini and G. Tsudik,\nScalable and efficient provable data possession,\nProceedings of the 4th International Conference on Security and Privacy in Communication Networks,\nACM, New York (2008), 1\u20139.","DOI":"10.1145\/1460877.1460889"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_005_w2aab3b7b3b1b6b1ab1b9b5Aa","doi-asserted-by":"crossref","unstructured":"G. Ateniese, S. Kamara and J. Katz,\nProofs of storage from homomorphic identification protocols,\nAdvances in Cryptology\u2014ASIACRYPT 2009,\nSpringer, Berlin (2009), 319\u2013333.","DOI":"10.1007\/978-3-642-10366-7_19"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_006_w2aab3b7b3b1b6b1ab1b9b6Aa","doi-asserted-by":"crossref","unstructured":"G. R. Blakley,\nSafeguarding cryptographic keys,\nProceedings of the National Computer Conference,\nAFIPS, New York (1979), 313\u2013317.","DOI":"10.1109\/MARK.1979.8817296"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_007_w2aab3b7b3b1b6b1ab1b9b7Aa","doi-asserted-by":"crossref","unstructured":"G. R. Blakley and C. Meadows,\nSecurity of ramp schemes,\nAdvances in Cryptology\u2014CRYPTO 1985,\nSpringer, Berlin (1985), 242\u2013268.","DOI":"10.1007\/3-540-39568-7_20"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_008_w2aab3b7b3b1b6b1ab1b9b8Aa","doi-asserted-by":"crossref","unstructured":"K. D. Bowers, A. Juels and A. Oprea,\nProofs of retrievability: Theory and implementation,\nProceedings of the 2009 ACM Workshop on Cloud Computing Security,\nACM, New York (2009), 43\u201354.","DOI":"10.1145\/1655008.1655015"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_009_w2aab3b7b3b1b6b1ab1b9b9Aa","doi-asserted-by":"crossref","unstructured":"R. Curtmola, O. Khan, R. C. Burns and G. Ateniese,\nMR-PDP: Multiple-replica provable data possession,\nThe 28th International Conference on Distributed Computing Systems,\nIEEE Press, Piscataway (2008), 411\u2013420.","DOI":"10.1109\/ICDCS.2008.68"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_010_w2aab3b7b3b1b6b1ab1b9c10Aa","doi-asserted-by":"crossref","unstructured":"Y. Dodis, S. P. Vadhan and D. Wichs,\nProofs of retrievability via hardness amplification,\nTheory of Cryptography,\nSpringer, Berlin (2009), 109\u2013127.","DOI":"10.1007\/978-3-642-00457-5_8"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_011_w2aab3b7b3b1b6b1ab1b9c11Aa","doi-asserted-by":"crossref","unstructured":"A. Juels and B. S. Kaliski, Jr.,\nPORs: Proofs of retrievability for large files,\nProceedings of the 14th ACM Conference on Computer and Communications Security,\nACM, New York (2007), 584\u2013597.","DOI":"10.1145\/1315245.1315317"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_012_w2aab3b7b3b1b6b1ab1b9c12Aa","doi-asserted-by":"crossref","unstructured":"S. Kamara and K. Lauter,\nCryptographic cloud storage,\nFinancial Cryptography and Data Security,\nSpringer, Berlin (2010), 136\u2013149.","DOI":"10.1007\/978-3-642-14992-4_13"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_013_w2aab3b7b3b1b6b1ab1b9c13Aa","doi-asserted-by":"crossref","unstructured":"R. J. McEliece and D. V. Sarwate,\nOn sharing secrets and Reed\u2013Solomon codes,\nComm. ACM 24 (1981), 583\u2013584.\n10.1145\/358746.358762","DOI":"10.1145\/358746.358762"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_014_w2aab3b7b3b1b6b1ab1b9c14Aa","doi-asserted-by":"crossref","unstructured":"M. B. Paterson and D. R. Stinson,\nA simple combinatorial treatment of constructions and threshold gaps of ramp schemes,\nCryptogr. Commun. 5 (2013), 229\u2013240.\n10.1007\/s12095-013-0082-1","DOI":"10.1007\/s12095-013-0082-1"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_015_w2aab3b7b3b1b6b1ab1b9c15Aa","doi-asserted-by":"crossref","unstructured":"M. B. Paterson, D. R. Stinson and J. Upadhyay,\nA coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage,\nJ. Math. Cryptol. 7 (2013), 183\u2013216.","DOI":"10.1515\/jmc-2013-5002"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_016_w2aab3b7b3b1b6b1ab1b9c16Aa","doi-asserted-by":"crossref","unstructured":"H. Shacham and B. Waters,\nCompact Proofs of Retrievability,\nAdvances in Cryptology\u2014ASIACRYPT 2008,\nSpringer, Berlin (2009), 90\u2013107.","DOI":"10.1007\/978-3-540-89255-7_7"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_017_w2aab3b7b3b1b6b1ab1b9c17Aa","doi-asserted-by":"crossref","unstructured":"A. Shamir,\nHow to share a secret,\nComm. ACM 22 (1979), 612\u2013613.\n10.1145\/359168.359176","DOI":"10.1145\/359168.359176"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_018_w2aab3b7b3b1b6b1ab1b9c18Aa","doi-asserted-by":"crossref","unstructured":"K. Ulm,\nSimple method to calculate the confidence interval of a standardized mortality ratio (SMR),\nAmer. J. Epidemiology 131 (1990), 373\u2013375.\n10.1093\/oxfordjournals.aje.a115507","DOI":"10.1093\/oxfordjournals.aje.a115507"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_019_w2aab3b7b3b1b6b1ab1b9c19Aa","doi-asserted-by":"crossref","unstructured":"C. Wang, Q. Wang, K. Ren and W. Lou,\nPrivacy-preserving public auditing for data storage security in cloud computing,\nIEEE Proceedings INFOCOM 2010,\nIEEE Press, Piscataway (2010), 1\u20139.","DOI":"10.1109\/INFCOM.2010.5462173"},{"key":"2025120600245242343_j_jmc-2018-0012_ref_020_w2aab3b7b3b1b6b1ab1b9c20Aa","unstructured":"Summary of the Amazon S3 Service Disruption in the Northern Virginia (US-EAST-1) Region, https:\/\/aws.amazon.com\/message\/41926\/."},{"key":"2025120600245242343_j_jmc-2018-0012_ref_021_w2aab3b7b3b1b6b1ab1b9c21Aa","unstructured":"Why is decentralized and distributed file storage critical for a better web?, https:\/\/coincenter.org\/entry\/why-is-decentralized-and-distributed-file-storage-critical-for-a-better-web."}],"container-title":["Journal of Mathematical Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.degruyter.com\/view\/j\/jmc.2018.12.issue-4\/jmc-2018-0012\/jmc-2018-0012.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2018-0012\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2018-0012\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:25:00Z","timestamp":1764980700000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2018-0012\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9,20]]},"references-count":21,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2018,9,20]]},"published-print":{"date-parts":[[2018,12,1]]}},"alternative-id":["10.1515\/jmc-2018-0012"],"URL":"https:\/\/doi.org\/10.1515\/jmc-2018-0012","relation":{},"ISSN":["1862-2984","1862-2976"],"issn-type":[{"type":"electronic","value":"1862-2984"},{"type":"print","value":"1862-2976"}],"subject":[],"published":{"date-parts":[[2018,9,20]]}}}