A coding theory foundation for the analysis of general unconditionally secure proof-of-retrievability schemes for cloud storage

There has been considerable recent interest in “cloud storage” wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover or retrieve the file given any “proving algorithm” that has a sufficiently high success probability. This paper treats proof-of-retrievability schemes in the model of unconditional security, where an adversary has unlimited computational power. In this case retrievability of the file can be modelled as error-correction in a certain code. We provide a general analytical framework for such schemes that yields exact (non-asymptotic) reductions that precisely quantify conditions for extraction to succeed as a function of the success probability of a proving algorithm, and we apply this analysis to several archetypal schemes. In addition, we provide a new methodology for the analysis of keyed POR schemes in an unconditionally secure setting, and use it to prove the security of a modified version of a scheme due to Shacham and Waters under a slightly restricted attack model, thus providing the first example of a keyed POR scheme with unconditional security. We also show how classical statistical techniques can be used to evaluate whether the responses of the prover are accurate enough to permit successful extraction. Finally, we prove a new lower bound on storage and communication complexity of POR schemes.

💡 Research Summary

The paper addresses the fundamental problem of verifying that a remote server truly stores a client’s file in cloud storage, a task traditionally handled by Proof‑of‑Retrievability (POR) protocols. While most prior work assumes computational security—relying on hash functions, digital signatures, or public‑key cryptography—this study adopts an unconditional (information‑theoretic) security model, where the adversary has unlimited computational power but no additional secret information beyond what the protocol explicitly provides.

The authors’ central insight is to model the retrievability requirement as an error‑correction problem. A file is first encoded using a suitable error‑correcting code (e.g., Reed‑Solomon, BCH). Each codeword symbol corresponds to a piece of data that the server must be able to return correctly when challenged. The client issues a random challenge selecting a subset of symbols; the server’s responses are treated as received symbols of the code. If the server’s success probability (p) exceeds a threshold that depends precisely on the code’s minimum distance (d) and length (n), then an extractor can recover the entire original file by standard decoding. The paper derives exact, non‑asymptotic reductions of the form
\