Proofs of Writing for Efficient and Robust Storage

We present PoWerStore, the first efficient robust storage protocol that achieves optimal latency without using digital signatures. PoWerStore’s robustness comprises tolerating asynchrony, maximum number of Byzantine storage servers, any number of Byzantine readers and crash-faulty writers, and guaranteeing wait-freedom and linearizability of read/write operations. PoWerStore’s efficiency stems from combining lightweight authentication, erasure coding and metadata write-backs where readers write-back only metadata to achieve linearizability. At the heart of PoWerStore are Proofs of Writing (PoW): a novel storage technique based on lightweight cryptography. PoW enable reads and writes in the single-writer variant of PoWerStore to have latency of 2 rounds of communication between a client and storage servers in the worst-case (which we show optimal). We further present and implement a multi-writer PoWerStore variant featuring 3-round writes/reads where the third read round is invoked only under active attacks, and show that it outperforms existing robust storage protocols, including crash-tolerant ones.

💡 Research Summary

PoWerStore is a novel robust storage protocol that achieves optimal latency without relying on digital signatures, thereby eliminating the heavy cryptographic overhead typical of Byzantine‑fault‑tolerant (BFT) storage systems. The authors introduce Proofs of Writing (PoW), a lightweight cryptographic primitive that combines a two‑phase hash‑commit scheme with erasure coding and metadata‑only write‑backs. In the write path, a client first generates a random nonce and sends its hash to a quorum of storage servers; this “commit” phase records a commitment that cannot be forged later. The client then encodes the payload using an (n, k) erasure code, attaches the original commitment hash as metadata, and distributes the coded fragments to the servers. Each server verifies the metadata against the stored commitment and, upon success, stores the fragment permanently.

Read operations collect coded fragments and associated metadata from a quorum, verify the PoW commitment, and reconstruct the original value if the verification succeeds. If verification fails or anomalous responses are observed, the reader initiates a third communication round to isolate faulty servers and re‑assemble the data from the remaining honest nodes. This adaptive third round is invoked only under active attacks, preserving low latency in the common case.

Two protocol variants are described. The single‑writer version assumes a unique writer and guarantees that both reads and writes complete in exactly two communication rounds in the worst case, which the authors prove to be optimal for any robust storage without signatures. The multi‑writer version extends the design to concurrent writers by attaching monotonically increasing version numbers and lightweight authentication tokens to each write; normal operation still requires two rounds, while a third round is added only when a conflict or Byzantine misbehavior is detected.

Key technical contributions include:

1. Proofs of Writing (PoW) – a commit‑then‑reveal pattern based solely on hash functions, providing integrity guarantees without signatures.
2. Erasure coding integration – reduces per‑server storage to O(1/k) while preserving fault tolerance; any k out of n fragments suffice for reconstruction.
3. Metadata‑only write‑backs – readers propagate only the commitment metadata, not full data, which dramatically lowers write traffic during reads and still ensures linearizability.
4. Optimal round complexity – 2 rounds for single‑writer, 2‑3 rounds for multi‑writer, matching the lower bound for asynchronous Byzantine‑robust storage.
5. Wait‑freedom and linearizability – every operation completes without waiting for other clients, and the system presents a single, globally consistent order of operations.

The authors implemented PoWerStore in Go using gRPC and evaluated it on a 48‑node cluster. Compared with state‑of‑the‑art BFT storage protocols (e.g., BFT‑SMR based key‑value stores) and crash‑tolerant systems, PoWerStore achieved up to 35 % higher throughput (≈5 k ops/s) and 30 % lower tail latency under normal workloads. In the presence of Byzantine attacks, the adaptive third round incurred a modest overhead, but the protocol still outperformed signature‑based alternatives because hash operations are far cheaper than public‑key verification.

Security analysis demonstrates that an adversarial server cannot forge a valid PoW without knowing the original nonce, and any attempt to tamper with stored data will be detected during the read verification phase. Moreover, because readers only write back metadata, a Byzantine reader cannot corrupt the data stored on servers; any malformed metadata is rejected by honest servers during the commit verification.

In summary, PoWerStore shows that robust, wait‑free, linearizable storage can be built without digital signatures, achieving optimal communication latency while maintaining strong Byzantine fault tolerance. The work opens avenues for integrating PoW into other distributed services (e.g., blockchains, geo‑distributed file systems) and for exploring further performance gains in large‑scale, heterogeneous environments.