proofs of retrievability using locally decodable codes
play

Proofs of Retrievability Using Locally Decodable Codes Julien - PowerPoint PPT Presentation

Apr 28, 2023 •93 likes •529 views

Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise Levy-dit-Vehel GRACE team, LIX & INRIA, Palaiseau, France 2016 IEEE International Symposium on Information Theory July 13, 2016 Issue Server Client Huge

  1. Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Françoise Levy-dit-Vehel GRACE team, LIX & INRIA, Palaiseau, France 2016 IEEE International Symposium on Information Theory July 13, 2016

  2. Issue Server Client Huge fi le (e.g. 10 GB) 1/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  3. Issue Server Client Huge fi le (e.g. 10 GB) 1/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  4. Issue Server Client ? Is the file retrievable? 1/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  5. Definition (Proof of Retrievability) Proof of Retrievability (PoR) = 3 procedures: ◮ Initialization [ Client ] : F �→ Init ( F ) = ( ˜ F , data F ) Then, the client uploads ˜ F on the server. 2/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  6. Definition (Proof of Retrievability) Proof of Retrievability (PoR) = 3 procedures: ◮ Initialization [ Client ] : F �→ Init ( F ) = ( ˜ F , data F ) Then, the client uploads ˜ F on the server. ◮ Verification [ Client ← → Server ] : ( ˜ Client ( data F ) Server F ) c Pick a challenge c Compute an answer r r Verif data F ( c , r ) ∈ { true , false } 2/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  7. Definition (Proof of Retrievability) Proof of Retrievability (PoR) = 3 procedures: ◮ Initialization [ Client ] : F �→ Init ( F ) = ( ˜ F , data F ) Then, the client uploads ˜ F on the server. ◮ Verification [ Client ← → Server ] : ( ˜ Client ( data F ) Server F ) c Pick a challenge c Compute an answer r r Verif data F ( c , r ) ∈ { true , false } ◮ Extraction [ Client ← → Server ]. We want that Extract ( data F ) = F holds w.h.p. 2/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  8. A security model Definition ( τ -faulty server). Let τ ∈ [ 0 , 1 ] , P be a PoR and X the distribution of challenges. A τ -faulty server A for P is an algorithm such that, for all encoded files ˜ F : Verif data F ( x , A ( ˜ � � F , x )) = false < τ . P x ∼ X Rem: this also includes malicious servers. 3/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  9. A security model Definition ( τ -faulty server). Let τ ∈ [ 0 , 1 ] , P be a PoR and X the distribution of challenges. A τ -faulty server A for P is an algorithm such that, for all encoded files ˜ F : Verif data F ( x , A ( ˜ � � F , x )) = false < τ . P x ∼ X Rem: this also includes malicious servers. Definition (PoR soundness). Let τ, ε ∈ [ 0 , 1 ] . A PoR is said ( τ, ε ) -sound if, for all τ -faulty servers A and all files F : � � P Extract ( data F ) = F ≥ 1 − ε , where the probability is taken over extraction procedure randomness. 3/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  10. The seminal example A. Juels, B. Kaliski Jr., PORs: Proofs of Retrievability for large files. in Proceedings of the 2007 ACM Conference on Computer and Communications Security, Alexandria, USA, 2007. x 2 x 2 x 1 x 1 x 3 x 3 x 0 x 0 x 4 x 4 x 9 x 9 x 8 x 8 x 5 x 5 x 6 x 6 x 7 x 7 4/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  11. The seminal example A. Juels, B. Kaliski Jr., PORs: Proofs of Retrievability for large files. in Proceedings of the 2007 ACM Conference on Computer and Communications Security, Alexandria, USA, 2007. x 2 x 1 x 3 x 0 x 4 x 9 x 8 x 5 x 6 x 7 4/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  12. The seminal example A. Juels, B. Kaliski Jr., PORs: Proofs of Retrievability for large files. in Proceedings of the 2007 ACM Conference on Computer and Communications Security, Alexandria, USA, 2007. x 2 x 1 x 4 ,x 7 ? x 3 x 0 x 4 x 9 x 8 x 5 x 6 x 7 4/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  13. The seminal example A. Juels, B. Kaliski Jr., PORs: Proofs of Retrievability for large files. in Proceedings of the 2007 ACM Conference on Computer and Communications Security, Alexandria, USA, 2007. x 2 x 1 x 4 ,x 7 ? x 3 x 0 x 4 x 9 x 8 x 5 x 6 x 7 4/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  14. The seminal example A. Juels, B. Kaliski Jr., PORs: Proofs of Retrievability for large files. in Proceedings of the 2007 ACM Conference on Computer and Communications Security, Alexandria, USA, 2007. x 2 x 1 x 4 ,x 7 ? x 3 x 0 x 4 x 9 x 8 x 5 x 6 x 7 4/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  15. Other features ◮ Low communication; ◮ low server overhead and low client storage; ◮ low algorithmic complexity; ◮ unbounded use. 5/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  16. Towards structure verification JK’07 main drawbacks: ◮ bounded use; ◮ quite big client storage. 6/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  17. Towards structure verification JK’07 main drawbacks: ◮ bounded use; ◮ quite big client storage. Our idea: ◮ check the structure of the file instead of file values; ◮ use locally decodable codes which provide a local structure. 6/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  18. Error-correcting codes F q = { t 1 , . . . , t q } a finite field. F q ev 1 : F q [ T ] → q f �→ ( f ( t 1 ) , . . . , f ( t q )) F q m ev m : F q [ X 1 , . . . , X m ] → q f �→ ( f ( x )) x ∈ F m q Example: full length Reed-Solomon code ( n = q ). C = RS q ( k ) = { ev 1 ( f ) , f ∈ F q [ X ] , deg f < k } f ( x i ) c = ∈ C F q 7/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  19. Affine lifting of codes Let C ⊆ { ev ( f ) , f ∈ F q [ T ] } be a (univariate) base code . The (multivariate) lifted code Lift m ( C ) is the code: L = Lift m ( C ) = { ev m ( g ) , g ∈ F q [ X 1 , . . . , X m ] , ∀ affine line ℓ, ev 1 ( g | ℓ ) ∈ C} F q ∈ C F q Alan Guo, Swastik Kopparty, Madhu Sudan, New Affine-Invariant Codes from Lifting in Proceedings of ITCS’13, Berkeley, USA, 2013. 8/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  20. LiftPoR: Initialization and verification Consider L = Lift m ( C ) . ◮ Initialization: � data F = ∅ Init ( F ) = ˜ F = Enc L ( F ) 9/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  21. LiftPoR: Initialization and verification Consider L = Lift m ( C ) . ◮ Initialization: � data F = ∅ Init ( F ) = ˜ F = Enc L ( F ) ◮ Verification: Client Server ˜ ∅ F ℓ Randomly pick a line ℓ ⊂ F m q c = { ˜ Read values ˜ F [ x ] } x ∈ ℓ ˜ c If ˜ c ∈ C , then return true . Else return false . 9/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  22. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  23. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  24. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  25. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  26. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  27. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. ◮ Decode the remaining erasures with the decoding algorithm of C . 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  28. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. ◮ Decode the remaining erasures with the decoding algorithm of C . ∈ C 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  29. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. ◮ Decode the remaining erasures with the decoding algorithm of C . 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

  30. LiftPoR: Extraction Tab : F m q → F q ◮ Initialize file Tab with q m erasures. ◮ While there remains ≥ q m − 1 erasures : – run a verification test; – if success: update the file, – otherwise, do nothing. ◮ Decode the remaining erasures with the decoding algorithm of C . 10/17 Julien Lavauzelle, Françoise Levy-dit-Vehel ISIT’16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Locally decodable codes: from computational complexity to cloud computing Sergey Yekhanin

Locally decodable codes: from computational complexity to cloud computing Sergey Yekhanin

Locally decodable codes: from computational complexity to cloud computing Sergey Yekhanin Microsoft Research Error-correcting codes: paradigm 2 E() 2 E() +noise 0110001 011000100101 01*00*10010*

500 views • 34 slides
Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable Codes Dana Dachman-Soled University of Maryland Joint work with: Mukul Kulkarni and Aria Shahverdi, University of Maryland Talk is also based on

572 views • 35 slides
Outsourced Storage &amp; Proofs of Retrievability Hovav Shacham, UC San Diego Brent Waters, SRI

Outsourced Storage &amp; Proofs of Retrievability Hovav Shacham, UC San Diego Brent Waters, SRI

Outsourced Storage &amp; Proofs of Retrievability Hovav Shacham, UC San Diego Brent Waters, SRI International The Setting Client stores (long) file with server - Wants to be sure its actually there Motivation: online backup; SaaS

698 views • 25 slides
Proofs of Retrievability via Fountain Code Sumanta Sarkar and Reihaneh Safavi-Naini Department of

Proofs of Retrievability via Fountain Code Sumanta Sarkar and Reihaneh Safavi-Naini Department of

Proofs of Retrievability via Fountain Code Sumanta Sarkar and Reihaneh Safavi-Naini Department of Computer Science, University of Calgary, Canada Foundations and Practice of Security October 25, 2012 Outsourcing Data into Cloud Storage

375 views • 37 slides
Locally Checkable Proofs Mika G o os &amp; Jukka Suomela Helsinki Institute for Information

Locally Checkable Proofs Mika G o os &amp; Jukka Suomela Helsinki Institute for Information

Locally Checkable Proofs Mika G o os &amp; Jukka Suomela Helsinki Institute for Information Technology HIIT G o os, Suomela (HIIT) Locally Checkable Proofs 7th June 2011 1 / 15 Basic Question 1 What global information can we infer

727 views • 39 slides
Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

1.06k views • 89 slides
Locally repairable codes on multiple scales Ragnar Freij-Hollanti Aalto University, Finland

Locally repairable codes on multiple scales Ragnar Freij-Hollanti Aalto University, Finland

Locally repairable codes on multiple scales Ragnar Freij-Hollanti Aalto University, Finland ragnar.freij@aalto.fi Istanbul, 5.11.2015 Designs and Applications of Random Network Codes 1 / 25 LRC on multiple scales Based on joint work with

587 views • 25 slides
Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Introduction / Motivation Symbolic Method Experiments Conclusion Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS In` es Ben El Ouahma Quentin Meunier Karine Heydemann Emmanuelle Encrenaz

271 views • 25 slides
Optimal Locally Repairable Constacyclic Codes of Prime Power Lengths Wei Zhao 1 , 2 , Kenneth W.

Optimal Locally Repairable Constacyclic Codes of Prime Power Lengths Wei Zhao 1 , 2 , Kenneth W.

Optimal Locally Repairable Constacyclic Codes of Prime Power Lengths Wei Zhao 1 , 2 , Kenneth W. Shum 1 and Shenghao Yang 1 1 The Chinese University of Hong Kong, Shenzhen 2 University of Science and Technology of China ISIT 2020 Zhao, Shum, Yang

614 views • 26 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
G ENERALIZED R EED -S OLOMON CODES (GRS CODES ) A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR

G ENERALIZED R EED -S OLOMON CODES (GRS CODES ) A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR

A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR CORRECTING PAIR I NTRODUCTION TO C ODING T HEORY MDS CODES A CHARACTERIZATION OF MDS CODES THAT GRS CODES HAVE AN ERROR CORRECTING PAIR ECP M OTIVATION O UR GOAL ARQUEZ -C ORBELLA 1 R. P ELLIKAAN

689 views • 19 slides
Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and Formal Verification work co-funded by the PRINCE project Sabine Azzi, Bruno Barras, Maria Christofi , David Vigilant PROOFS workshop 2015, September

493 views • 45 slides
Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and

Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and

Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and RS) codes: R6 Reed-Solomon codes RS codes: R5.13 Mikael Skoglund, Information Theory 1/15 The BCH Bound Theorem : Let C be cyclic of

276 views • 8 slides
Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10 - 12 September 2016, Hamburg) Gyesik Lee Hankyong National University 1 Overview 1. Verification of proofs 2. Hales proof of the Kepler

651 views • 43 slides
Demographic matrix models An eigenvalue eigenvector pair for the matrix A is any scalar and

Demographic matrix models An eigenvalue eigenvector pair for the matrix A is any scalar and

Demographic matrix models An eigenvalue eigenvector pair for the matrix A is any scalar and vector w that satisfy Aw w (technically w is a right eigenvector). Eigenvectors and ( h i ll i i h i ) Ei d eigenvalues are found

51 views • 3 slides
Continuous-time Principal-Agent Problem in Partially Observed System and Path-dependent FBSDEs

Continuous-time Principal-Agent Problem in Partially Observed System and Path-dependent FBSDEs

Finite Horizon Principal-Agent Problem Principal-Agent Problem with Uncertain Parameter Path-dependent FBSDEs Continuous-time Principal-Agent Problem in Partially Observed System and Path-dependent FBSDEs Kaitong HU CMAP, Ecole Polytechnique

549 views • 39 slides
Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP) Case Study - X.500

515 views • 12 slides
Announc nouncem ements Homework 2 will be released today Available on the course website

Announc nouncem ements Homework 2 will be released today Available on the course website

Announc nouncem ements Homework 2 will be released today Available on the course website If you cannot see it, try refreshing the page Due in two weeks : 11/20/19 11:59pm Submit through GradeScope 1 Reflection Attack and

510 views • 34 slides
Dense map inference with user-defined priors: from priorlets to scan eigenvariations Paloma de

Dense map inference with user-defined priors: from priorlets to scan eigenvariations Paloma de

Dense map inference with user-defined priors: from priorlets to scan eigenvariations Paloma de la Puente Andrea Censi Universidad Politcnica de Madrid California Institute of Technology INDUSTRIAL ES ETSII | UPM Introduction SLAM =

451 views • 30 slides
Unweaving the Impact of Aspect Changes in AspectJ p Luca Cavallaro Mattia Monga g Problem

Unweaving the Impact of Aspect Changes in AspectJ p Luca Cavallaro Mattia Monga g Problem

Unweaving the Impact of Aspect Changes in AspectJ p Luca Cavallaro Mattia Monga g Problem Outline Problem Outline Small changes can have major and nonlocal effects in programs For Aspect Oriented software the problem is even

274 views • 14 slides
Todays Presenters Melanie Morgan Jennifer Trail Director, Director, Madison County (NC)

Todays Presenters Melanie Morgan Jennifer Trail Director, Director, Madison County (NC)

Todays Presenters Melanie Morgan Jennifer Trail Director, Director, Madison County (NC) Glenns Ferry (ID) Public Libraries Public Library Brianna Hoffman Betha Gutsche WebJunction WebJunction Project Coordinator Programs Manager

961 views • 75 slides
Dr Richard Birchenall Chief Development Officer UK PEWOS The Joint Electronic Warfare Operational

Dr Richard Birchenall Chief Development Officer UK PEWOS The Joint Electronic Warfare Operational

Dr Richard Birchenall Chief Development Officer UK PEWOS The Joint Electronic Warfare Operational Support Centre Part of United Kingdom Defence Intelligence Unique agency providing UK Freedom of Action Provides Mission Critical Capabilities

248 views • 11 slides

More recommend