Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. Bowers, A. Juels, A. Sion, D. Graduate Texts in Mathematics, vol. Cramer, V. Shoup, Signature schemes based on the strong RSA assumption.
Article Google Scholar. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Deswarte, J.
Quisquater, A. Jajodia, L. IFIP, vol. Dodis, S. Vadhan, D. Freeman, M. Scott, E. Teske, A taxonomy of pairing-friendly elliptic curves. Gazzoni Filho, P.
Barreto, Demonstrating data possession and uncheatable data transfer. Guillou, J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, in Proceedings of Eurocrypt , ed. Hoang, B. Morris, P. Rogaway, An enciphering scheme based on a card shuffle, in Proceedings of Crypto , ed. Huang, H. Simitci, Y. Xu, A. Ogus, B. Calder, P. Gopalan, J. Li, S. Heiser, W. Hsieh Juels, B. De Capitani di Vimercati, P. Lillibridge, S.
Elnikety, A. Birrell, M. Burrows, M. Noble , pp. Liskov, R. Rivest, D. Wagner, Tweakable block ciphers. Calderbank, A. Naor, G. Rothblum, The complexity of online memory checking. ACM 56 1 Rabin, Efficient dispersal of information for security, load balancing, and fault tolerance.
ACM 36 2 , — Rizzo, Effective erasure codes for reliable computer communication protocols. Schwarz, E. Ahamad, L. Shah, M. Baker, J. Mogul, R. Hunt Shah, R. Swaminathan, M. Baker, Privacy-preserving audit and extraction of digital contents. Cryptology ePrint Archive. Download references. We thank Dan Boneh, Guy Rothblum, and Moni Naor for helpful discussions about this work; Eric Rescorla for detailed comments on the manuscript; Giuseppe Ateniese for his helpful comments, and in particular for his suggested improvements to our RSA construction; attendees of the MIT Cryptography and Information Security Seminar and the UC Irvine Crypto Seminar for their questions and comments; and the anonymous conference reviewers and Journal of Cryptology referees.
You can also search for this author in PubMed Google Scholar. Correspondence to Hovav Shacham. WNF; and the U. Erasure codes are the codes that provide this property [ 2 , 27 ]. In this section, we briefly note the properties we require from erasure codes. For more on erasure codes, see the brief survey by Mitzenmacher [ 25 ]; for more on their use in storage systems, see the recent paper by Huang et al. Reed—Solomon-style erasure codes can be constructed for arbitrary rates allowing recovery of the original file from any fraction of the encoded file blocks [ 28 ].
The code matrix used can be made public and any user can apply the decoding procedure. This provides public retrievability. The downside of Reed—Solomon codes is the time required for encoding and decoding. For an n -block file, both of these procedure will take O n 2 time. For outsourced storage, n can be very large.
Although one would like decoding to have performance linear in n , no codes are known that provide linear decoding time in the presence of adversarial erasure. To make use of these codes, we scramble the encoded file blocks so the server can do no better than randomly erasing blocks. It is crucial that the server not learn the secrets used for this scrambling step, which unfortunately makes public retrievability impossible.
Our proposed scrambling operation is essentially the same as that proposed by Ateniese et al. First, encode the file using the linear-time code. Second, permute the blocks of the file using a pseudorandom permutation over the domain [1, n ], where n is the number of blocks in the encoded file. See Hoang, Morris, and Rogaway [ 20 ] for details on how to construct such a permutation.
Third, encrypt each block independently using a tweakable block cipher [ 24 ], with the block index as tweak. Store the blocks output by this procedure on the server. In Game 0, we play the erasure game with the adversary.
In Game 1, we replace the pseudorandom permutation with a truly random permutation over [1, n ]. In Game 3, we replace the encrypted block with truly random blocks. Note that, without the tweak, identical plaintext blocks would encrypt to identical ciphertext blocks, so this argument would not apply.
Thus no adversary that erases blocks can do better than random erasure, which is exactly the property we require for decoding to work with overwhelming probability. It is important to note that our model, above, does not consider the access pattern for the file blocks. It is possible that the block accesses made by a user, in reading or in reconstructing her file, leak information about the correlation between plaintext blocks. In this case, the server might be able to do better than guessing in choosing which blocks to delete.
Note that our proof-of-retrievability protocol queries blocks at random, as does the extraction algorithm used in our proofs, so neither leaks information to the adversary. If proofs of retrievability are used as part of a larger system where individual file blocks will be accessed, then codes secure against adversarial erasure should be used instead. In both schemes proposed in Sect. Unfortunately, it is clear from Lemma 4. This is not just a proof problem. Below, we present an attack on the schemes of Sect.
Note that our argument is relevant only to those schemes, like those we presented in Sect. If individual blocks are returned, as in the simple scheme of Sect. In this section, we will make some simplifications to the notation for the sake of brevity and clarity. First, observe that the Part-One proofs of Sect.
Second, we will set the number of sectors per block, s , to 1. With the simplifications above, consider an n -block file with blocks m 1 ,…, m n. We assume that l is even. Footnote Clearly, the adversary needs to store one block less than an honest server would. Now, consider a query I. This is because the subspace known to the adversary is insufficient to determine any block. Reprints and Permissions. Shacham, H. Compact Proofs of Retrievability.
Rent this article via DeepDyve. Pors: Proofs of retrievability for large files. Alexandria: ACM, Chapter Google Scholar. Provable data possession at untrusted stores. Proofs of retrievability: Theory and implementation. Chicago: ACM, Proofs of retrievability via hardness amplification. In: Reingold O, ed. Lecture Notes in Computer Science, vol.
San Francisco: Springer-Verlag, Google Scholar. Enabling public verifiability and data dynamics for storage security in cloud computing. Saint-Malo: Springer-Verlag, Shacham H, Waters B. Proof and Knowledge in Mathematics Philosophical Books, Michael Potter. A short summary of this paper. Download Download PDF. Translate PDF. Let us say tendentiously! Her mathematics could be called the a priori closure of the original intuitions.
Arithmetical calculation […] seems rationally necessary, with two qualifications. First, what is necessary is some method of calculation or other. Addition, multiplication, and so forth are ways to find cardinalities of certain sets, given simpler cardinality determinations.
They take us from statements of number to statements of number. If it needs counting, then calculation will advance it further. The required search for progressively better explanations will, however, drive a calculating inquirer to pure mathematics: first to something like arithmetic, then to set theory. The second module, the execute- order-validate blockchain design established by fabric could be used for permissioned blockchain. Smart contract, the chain code is going to be an integral part of this fabric.
The chain code is a main part of a distributed application in Fabric. Every peer, before being added to the blockchain would be redirected to the SaaS for authentication. After authentication, it is allowed to enter into the blockchain by performing consensus mechanisms fi. Blockchain is a state-of-the-art technology developed primarily for Bitcoin cryptocurrency. It is a decentralized public ledger system which preserves the integrity of data transaction.
Each transaction in it is veri ed by consensus of a majority of the participants in the system. The entered information can never be erased. The blockchain has a certain and veri able record of every single transaction. Smart Contracts are transaction protocols which are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement.
It is used so that all participants can be certain of the outcome, without any involvement of a third party or time loss. Open navigation menu. Close suggestions Search Search. User Settings.
Skip carousel. Carousel Previous. Carousel Next. What is Scribd? Explore Ebooks. Bestsellers Editors' Picks All Ebooks. Explore Audiobooks. Bestsellers Editors' Picks All audiobooks. Explore Magazines. Editors' Picks All magazines.
0コメント