[tahoe-dev] verification of subset of file == proof of retrievability
Zooko Wilcox-O'Hearn
zooko at zooko.com
Wed Jun 13 16:57:01 UTC 2012
On Wed, Jun 13, 2012 at 3:34 AM, Brian Warner <warner at lothar.com> wrote:
>
> Well, we've never implemented a POR because we've never really wanted one. "Proof-of-retrievability" is achieved by just retrieving the data. What the cryptography literature calls proof-of-retention (or -retrievability, -data-posession, or -ownership) gives you is a way to *cheaply* (i.e. using less storage and bandwidth than the whole file) assert that some remote server still has the data they claimed to have, and haven't found some clever (i.e. cheaper) way to just pass the test without really holding the whole file.
Yes, I know what it means. Perhaps you didn't read my blog port
("rant") about this topic that I linked to in my previous post?
https://lafsgateway.zooko.com/uri/URI:DIR2-RO:d73ap7mtjvv7y6qsmmwqwai4ii:tq5tqejzulg7yj4h7nxuurpiuuz5jsgvczmdamcalpk2rc6gmbsq/klog.html#[[HAIL%3A%20A%20High-Availability%20and%20Integrity%20Layer%20for%20Cloud%20Storage]]
In that post I briefly mention what a Proof-of-Retrievability is, cite
HAIL (which is an improved successor to the Juels and Kaliski 2007
paper that you cited) and argue that Tahoe-LAFS protocol *as it
currently exists* is superior to HAIL for all practical purposes.
Well, we've never implemented a *client* to use our existing protocol
for Proof-of-Retrievability, yet. How we could do so was the topic of
my post to the Bitcoin forum that I pasted into my previous post,
including a 2-line bash/Python script that implements most of what is
needed.
This is funny! I had complained, in my blog post, about cryptographers
like Juels and company being unaware of that fact that Tahoe-LAFS's
protocol contains an integrated Proof-of-Retrievability scheme. Later
I admitted that the main reason they were unaware of it was that I
hadn't really explained it explicitly enough in the very compressed
5-page paper about Tahoe-LAFS (https://tahoe-lafs.org/~zooko/lafs.pdf
):
http://news.ycombinator.com/item?id=3998923
But this really puts the icing on that! The man who co-invented that
protocol and co-authored that paper is also unaware of that fact!
So I guess I really should let Dr. Juels off the hook. ;-)
Regards,
Zooko
More information about the tahoe-dev
mailing list