cryptographic proofs for remote storage models and
play

Cryptographic proofs for remote storage: models and construction - PowerPoint PPT Presentation

Apr 11, 2023 •287 likes •842 views

Cryptographic proofs for remote storage: models and construction Julien Lavauzelle 1 , Franoise Levy-dit-Vehel 1,2 1 LIX & INRIA Saclay, Universit Paris-Saclay 2 ENSTA ParisTech Journes codage & cryptographie 2018, Aussois, France

  1. Cryptographic proofs for remote storage: models and construction Julien Lavauzelle 1 , Françoise Levy-dit-Vehel 1,2 1 LIX & INRIA Saclay, Université Paris-Saclay 2 ENSTA ParisTech Journées codage & cryptographie 2018, Aussois, France 12/10/2018

  2. 1. Proofs-of-* for secure remote storage 2. A generic construction of proof-of-retrievability Model and definition A generic construction of PoR Some instances J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 1/17

  3. 1. Proofs-of-* for secure remote storage 2. A generic construction of proof-of-retrievability Model and definition A generic construction of PoR Some instances J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 1/17

  4. Informal issue Checking storage properties on remote servers , e.g. verifying that: ◮ the server actually stores the file, ◮ the server has fully deleted some data, ◮ a file is retrievable from the server, ◮ some space is used/available on a server. J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 2/17

  5. Informal issue Checking storage properties on remote servers , e.g. verifying that: ◮ the server actually stores the file, ◮ the server has fully deleted some data, ◮ a file is retrievable from the server, ◮ some space is used/available on a server. Practical application: ◮ cryptocurrency based on a decentralized cloud storage network ◮ Storj, FileCoin, SpaceMint. J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 2/17

  6. PoR and PDP Proof of Retrievability (PoR): 1 a verifier checks extractability of a file m . 1 introduced in PoRs: Proofs of Retrievability for Large Files , Juels, Kaliski CCS’07 J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 3/17

  7. PoR and PDP Proof of Retrievability (PoR): 1 a verifier checks extractability of a file m . Verifier Prover κ ← KeyGen ( 1 λ ) w ← Init ( m , κ ) Initialisation w delete m , (most of) w 1 introduced in PoRs: Proofs of Retrievability for Large Files , Juels, Kaliski CCS’07 J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 3/17

  8. PoR and PDP Proof of Retrievability (PoR): 1 a verifier checks extractability of a file m . Verifier Prover κ ← KeyGen ( 1 λ ) w ← Init ( m , κ ) Initialisation w delete m , (most of) w u ← R Q u r u r u ← Resp ( u , w ) Verification 0/1 ← Check ( u , r u , κ ) 1 introduced in PoRs: Proofs of Retrievability for Large Files , Juels, Kaliski CCS’07 J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 3/17

  9. PoR and PDP Proof of Retrievability (PoR): 1 a verifier checks extractability of a file m . Verifier Prover κ ← KeyGen ( 1 λ ) w ← Init ( m , κ ) Initialisation w delete m , (most of) w u ← R Q u r u r u ← Resp ( u , w ) Verification 0/1 ← Check ( u , r u , κ ) { ( u , r u ) : u ∈ Q} Extraction m / ⊥ ← Extract ( { ( u , r u ) : u ∈ Q} , κ ) 1 introduced in PoRs: Proofs of Retrievability for Large Files , Juels, Kaliski CCS’07 J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 3/17

  10. PoR and PDP Proof of Retrievability (PoR): 1 a verifier checks extractability of a file m . Verifier Prover κ ← KeyGen ( 1 λ ) w ← Init ( m , κ ) Initialisation w delete m , (most of) w u ← R Q u r u r u ← Resp ( u , w ) Verification 0/1 ← Check ( u , r u , κ ) { ( u , r u ) : u ∈ Q} Extraction m / ⊥ ← Extract ( { ( u , r u ) : u ∈ Q} , κ ) A Proof of Data Possession (PDP) is essentially a PoR without explicit extractor. 1 introduced in PoRs: Proofs of Retrievability for Large Files , Juels, Kaliski CCS’07 J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 3/17

  11. Other proofs for remote storage Proving deletion of data : ◮ Proof of Secure Erasure (PoSE) 2 [ One-time computable self-erasing functions , Dziembowski, Kazan, Wichs TCC’11] 2 originally introduced by Perito and Tsudik, Secure code update for embedded devices via proofs of secure erasure (ESORICS 2010) J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 4/17

  12. Other proofs for remote storage Proving deletion of data : ◮ Proof of Secure Erasure (PoSE) 2 [ One-time computable self-erasing functions , Dziembowski, Kazan, Wichs TCC’11] Proving that some space/time is invested: ◮ Proof of Space (PoS) [ Proofs of Space , Dziembowski, Faust, Kolmogorov, Pietrzak, CRYPTO’15] 2 originally introduced by Perito and Tsudik, Secure code update for embedded devices via proofs of secure erasure (ESORICS 2010) J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 4/17

  13. Other proofs for remote storage Proving deletion of data : ◮ Proof of Secure Erasure (PoSE) 2 [ One-time computable self-erasing functions , Dziembowski, Kazan, Wichs TCC’11] Proving that some space/time is invested: ◮ Proof of Space (PoS) [ Proofs of Space , Dziembowski, Faust, Kolmogorov, Pietrzak, CRYPTO’15] Proving robust storage: ◮ Proof of replication (PoReP) , e.g. in FileCoin ◮ With public audit: public incompressible encodings (PIE) [Cecchetti, Miers, Juels, IACR eprint’18] 2 originally introduced by Perito and Tsudik, Secure code update for embedded devices via proofs of secure erasure (ESORICS 2010) J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 4/17

  14. 1. Proofs-of-* for secure remote storage 2. A generic construction of proof-of-retrievability Model and definition A generic construction of PoR Some instances J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 4/17

  15. 1. Proofs-of-* for secure remote storage 2. A generic construction of proof-of-retrievability Model and definition A generic construction of PoR Some instances J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 4/17

  16. Formal definitions for PoRs Verifier Prover κ ← KeyGen ( 1 λ ) w ← Init ( m , κ ) Initialisation w delete m , w u ← R Q u r u r u ← Resp ( u , w ) Verification 0/1 ← Check ( u , r u , κ ) { ( u , r u ) } Extraction m / ⊥ ← Extract ( { ( u , r u ) : u ∈ Q} , κ ) J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 5/17

  17. Formal definitions for PoRs Verifier Prover κ ← KeyGen ( 1 λ ) w ← Init ( m , κ ) Initialisation w delete m , w u ← R Q u r u r u ← Resp ( u , w ) Verification 0/1 ← Check ( u , r u , κ ) { ( u , r u ) } Extraction m / ⊥ ← Extract ( r , κ ) Hypothesis (following [Paterson, Stinson, Upadhyay, J. Math. Crypto.’13]): response algorithm Resp is non-adaptive and deterministic. ⇒ One can consider the response word r = ( r u : u ∈ Q ) J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 5/17

  18. Security model For some response word r and secret data κ , we define the success : succ ( r , κ ) : = Pr u ← R Q ( Check ( u , r u , κ ) = 1 ) . J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 6/17

  19. Security model For some response word r and secret data κ , we define the success : succ ( r , κ ) : = Pr u ← R Q ( Check ( u , r u , κ ) = 1 ) . Soundness. A PoR is ( ε , τ ) -sound if for every prover r ,  �  m ← R M Extract ( r , κ ) � = m � � κ ← R KeyGen ( 1 λ )  �   ≤ τ . Pr and  �  w ← Init ( m , κ )  � succ ( r , κ ) ≥ 1 − ε � r ← Resp ( · , w ) � J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 6/17

  20. Security model For some response word r and secret data κ , we define the success : succ ( r , κ ) : = Pr u ← R Q ( Check ( u , r u , κ ) = 1 ) . Soundness. A PoR is ( ε , τ ) -sound if for every prover r ,  �  m ← R M Extract ( r , κ ) � = m � � κ ← R KeyGen ( 1 λ )  �   ≤ τ . Pr and  �  w ← Init ( m , κ )  � succ ( r , κ ) ≥ 1 − ε � r ← Resp ( · , w ) � Goal: τ ≪ 1, for constant ε > 0. J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 6/17

  21. 1. Proofs-of-* for secure remote storage 2. A generic construction of proof-of-retrievability Model and definition A generic construction of PoR Some instances J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 6/17

  22. Outline Our main goals ◮ sublinear communication complexity for the verification ◮ low additional storage ◮ few computation during the verification step ( e.g. Resp and Check ) ◮ analysable/quantifiable soundness J. Lavauzelle — Cryptographic proofs for remote storage: models and construction JC2 2018 7/17

Recommend

Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA

Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA

Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 (Based on slides by Stphanie Delaune, Bruno Blanchet,

1.36k views • 96 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Challenges with provable security Building or verifying reductionist proofs is hard Proofs are long and error-prone Rely on unstated and unverified

921 views • 78 slides
The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of

The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of

The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of Software Chinese Academy of Sciences BASICS09, Shanghai, China October 13, 2009 Background Formal verification of security protocols from

312 views • 28 slides
Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute, Spain Computer-aided cryptography Develop tool-assisted methodologies for helping the design, analysis, and implementation of cryptographic

533 views • 26 slides
Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute, Spain Computer-aided cryptography Develop tool-assisted methodologies for helping the design, analysis, and implementation of cryptographic

451 views • 43 slides
Programming Language Techniques for Cryptographic Proofs Gilles Barthe 1 egoire 2 eguelin 1

Programming Language Techniques for Cryptographic Proofs Gilles Barthe 1 egoire 2 eguelin 1

Programming Language Techniques for Cryptographic Proofs Gilles Barthe 1 egoire 2 eguelin 1 Benjamin Gr Santiago Zanella-B 1 IMDEA Software, Madrid, Spain 2 INRIA Sophia Antipolis - M editerran ee, France ITP 2010 Formal verification

521 views • 31 slides
Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala MIT CSAIL g i t h u b . c o m / m i t - p l v / fi a t - c

655 views • 53 slides
CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3

CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3

CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3 Santiago Zanella 1 , 3 1 Microsoft Research - INRIA Joint Centre, France 2 IMDEA Software, Madrid, Spain 3 INRIA Sophia Antipolis - Mditerrane,

580 views • 35 slides
Computer-aided cryptographic proofs Gilles Barthe & Yassine Lakhnech IMDEA Software

Computer-aided cryptographic proofs Gilles Barthe & Yassine Lakhnech IMDEA Software

Computer-aided cryptographic proofs Gilles Barthe & Yassine Lakhnech IMDEA Software Institute, Madrid, Spain Universit Joseph Fourier & CNRS, Grenoble, France Based on joint work with J.M. Crespo, F. Dupressoir, B. Grgoire, C. Kunz,

746 views • 52 slides
CertiCrypt: formal certification of code-based cryptographic proofs Gilles Barthe Benjamin Gr

CertiCrypt: formal certification of code-based cryptographic proofs Gilles Barthe Benjamin Gr

CertiCrypt: formal certification of code-based cryptographic proofs Gilles Barthe Benjamin Gr egoire Santiago Zanella B eguelin Romain Janvier F ederico Olmedo IMDEA Software INRIA Sophia Antipolis INRIA-Microsoft Research Joint

760 views • 45 slides
On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage Aaram Yun , Chunhui Shi, Yongdae Kim University of Minnesota CCSW 2009, 13 Nov 2009 Cryptographic network file system How to achieve a

348 views • 16 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Modern

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Modern

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Modern cryptography Shannon 49 Mathematical proof of security Perfect secrecy is impossible Diffie & Hellman 76 Computational

1.01k views • 98 slides
Automated Game-Based Cryptographic Proofs Santiago Zanella B eguelin IMDEA Software Institute,

Automated Game-Based Cryptographic Proofs Santiago Zanella B eguelin IMDEA Software Institute,

Automated Game-Based Cryptographic Proofs Santiago Zanella B eguelin IMDEA Software Institute, Madrid, Spain 2011.11.14 SEFM 2011 Based on joint work with Gilles Barthe Benjamin Gr egoire Sylvain Heraud Federico Olmedo Yassine

1.32k views • 104 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July 18, 2014 Motivation Cryptography is a small but important part of security Proofs are a small but important part of cryptography Hard to

402 views • 17 slides
Proof Attempts Cooperating via Models Giles Reger With Dmitry Tishkovsky and Andrei Voronkov

Proof Attempts Cooperating via Models Giles Reger With Dmitry Tishkovsky and Andrei Voronkov

One Proof Many Models Two Proofs Many Models Many Proofs Many Models Proof Attempts Cooperating via Models Giles Reger With Dmitry Tishkovsky and Andrei Voronkov University of Manchester 15th September 2015 One Proof Many Models Two Proofs

1.37k views • 69 slides
Computer-aided cryptographic proofs and designs Gilles Barthe (IMDEA, Spain) Benjamin Grgoire

Computer-aided cryptographic proofs and designs Gilles Barthe (IMDEA, Spain) Benjamin Grgoire

Computer-aided cryptographic proofs and designs Gilles Barthe (IMDEA, Spain) Benjamin Grgoire (INRIA Sophia Antipolis, France) Juan Manuel Crespo (IMDEA, Spain) Francois Dupressoir (IMDEA, Spain) Csar Kunz (IMDEA/U. Politecnica Madrid,

815 views • 44 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Three Ways to Argue for Cryptographic Security Cryptanalysis

933 views • 75 slides
Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography Group Microsoft Research Applications/Scenarios Secure Outsourcing for Business Electronic Health Records Interactive Scientific Publishing

452 views • 4 slides
Lecture 5: Structuring Proofs Sections and Theories July 17, 2013 Instantiation Concrete

Lecture 5: Structuring Proofs Sections and Theories July 17, 2013 Instantiation Concrete

Lecture 5: Structuring Proofs Sections and Theories July 17, 2013 Instantiation Concrete schemes and abstract adversaries Reuse existing proofs when realizing cryptographic assumptions? (e.g., one-way trapdoor with RSA) Sections

574 views • 19 slides
Outsourced Storage & Proofs of Retrievability Hovav Shacham, UC San Diego Brent Waters, SRI

Outsourced Storage & Proofs of Retrievability Hovav Shacham, UC San Diego Brent Waters, SRI

Outsourced Storage & Proofs of Retrievability Hovav Shacham, UC San Diego Brent Waters, SRI International The Setting Client stores (long) file with server - Wants to be sure its actually there Motivation: online backup; SaaS

698 views • 25 slides
Expectations on Remote Data Supporting the Prometheus Remote Storage API Alfred Landrum Engineer

Expectations on Remote Data Supporting the Prometheus Remote Storage API Alfred Landrum Engineer

Expectations on Remote Data Supporting the Prometheus Remote Storage API Alfred Landrum Engineer @ Sysdig Twitter: @alfred-landrum Github: alfred-landrum Sysdig Backend Sysdig Dashboards/Alerts/Topology Host/Node based Agents Sysdig Data

544 views • 51 slides
8) Insecure Cryptographic Storage Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule |

8) Insecure Cryptographic Storage Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule |

8) Insecure Cryptographic Storage Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule | Haute ecole sp ecialis ee bernoise | Berne University of Applied Sciences 1 Table of Contents Presentation Examples Attacks

646 views • 26 slides
Proofs of Storage SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Proofs of Storage SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Proofs of Storage SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a vital resource Enterprises, governments, scientists, consumers, Computing is manageable at small scales e.g., PCs, laptops, smart

638 views • 47 slides

More recommend