Proof of retrievability with public verifiability resilient against related-key attacks

Hui Cui, Yi Mu, Man Ho Allen Au

Research output: Journal article publicationJournal articleAcademic researchpeer-review

17 Citations (Scopus)


Modern technologies such as cloud computing, grid computing and software as a service all require data to be stored by the third parties. A specific problem encountered in this context is to convince a verifier that a user's data are kept intact at the storage servers. An important approach to achieve this goal is called proof of retrievability, by which a storage server can assure a verifier via a concise proof that a user's file is available. However, for most publicly verifiable systems, existing proof of retrievability solutions do not take physical attacks into consideration, where an adversary can observe the outcome of the computation with methods like fault injection techniques. In fact, the authors find that giving the adversary the ability to obtain the information about the relations between the private keys, those systems are not secure anymore. Motivated by the need of preventing this kind of attacks, they present the security model for related-key attacks in publicly verifiable proofs of retrievability, where the adversary can subsequently observe the outcome of the publicly verifiable proof of retrievability under the modified key. After pointing out a linear related-key attack on an existing proof of retrievability system with public verifiability, they present a secure and efficient proof of retrievability with public verifiability, against related-key attacks.
Original languageEnglish
Pages (from-to)43-49
Number of pages7
JournalIET Information Security
Issue number1
Publication statusPublished - 1 Jan 2015
Externally publishedYes

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Proof of retrievability with public verifiability resilient against related-key attacks'. Together they form a unique fingerprint.

Cite this