Provable Data Possession Using Sigma-protocols

We introduce a scheme for Provable Data Possession (PDP) that allows a client which has stored data at an untrusted server to verify that the server possesses the original data that it stored without retrieving it. This work is the first attempt to build a PDP scheme using the concept of sigma protocols. The client maintains a constant amount of data to verify the proof. The challenge-response protocol that is derived from the sigma protocol transmits a small, constant amount of data. This minimizes network communication. We present a provably-secure Sigma-PDP scheme that is more efficient than previous solutions in terms of both computation and communication complexity because of a major reduction in the number of exponentiations involved in the proof of possession. In addition to minimizing computation at the server we reduce client computation. We eliminate any exponentiation at the server while the previous solutions have a fixed set of at least c exponentiations to generate the proof, where c is a constant that is approximately equal to 500. We limit the exponentiations at the client to 5, irrespective of the challenge size while the previous solution needs at least c exponentiations in order to check the validity of the proof.