Data owners upload large files to cloud storage servers, but malicious servers may potentially tamper data. To check integrity of remote data, Proof of Retrievability (PoR) schemes were introduced. Existing PoR protocols assume that data owners and third-party auditors are honest and audit only the potentially malicious cloud server to check integrity of stored data. In this paper we consider a system where any party may attempt to cheat others and consider collusion cases. We design a protocol, Cumulus, that is secure under such adversarial assumptions and use blockchain smart contracts to act as mediator in case of dispute and payment settlement. We use state channels to reduce blockchain interactions in order to build a practical audit solution. The security of the protocol has been proven in Universal Composability (UC) framework. Finally, we illustrate several applications of our basic protocol and evaluate practicality of our approach via a prototype implementation for fairly selling large files over the Ethereum platform. We evaluate the prototype and show that our scheme has comparable performance.
Read full abstract