Proofs of Retrievability are protocols which allow a Client to store data remotely and to efficiently ensure, via audits, that the entirety of that data is still intact. Dynamic Proofs of Retrievability (DPoR) also support efficient retrieval and update of any small portion of the data.We propose a novel protocol for arbitrary outsourced data storage that achieves both low remote storage size and audit complexity.A key ingredient, that can be also of intrinsic interest, reduces to efficiently evaluating a secret polynomial at given public points, when the (encrypted) polynomial is stored on an untrusted Server.The Server performs the evaluations and also returns associated certificates. A Client can check that the evaluations are correct using the certificates and some pre-computed keys, more efficiently than re-evaluating the polynomial.Our protocols support two important features: the polynomial itself can be encrypted on the Server, and it can be dynamically updated by changing individual coefficients cheaply without redoing the entire setup.Our methods rely on linearly homomorphic encryption and pairings, and our implementation shows good performance for polynomial evaluations with millions of coefficients, and efficient DPoR with terabytes of data.For instance, for a 1TB database, compared to the state of art, we can reduce the Client storage by 5000x, communication size by 20x, and client-side audit time by 2x, at the cost of one order of magnitude increase in server-side audit time.

翻译：可检索性证明是一种协议，允许客户端远程存储数据，并通过审计高效确保数据的完整性。动态可检索性证明（DPoR）还支持任意小块数据的高效检索与更新。针对任意外包数据存储，我们提出了一种新型协议，该协议同时实现了低远程存储代价与低审计复杂度。其中一个关键组成部分（本身也可能具有独立研究价值）被简化为：当（加密的）多项式存储在不可信服务器上时，在给定公开点上高效评估一个秘密多项式。服务器执行评估并同时返回相关证书。客户端可利用证书和预计算的密钥，比重新评估多项式更高效地验证评估结果的正确性。我们的协议支持两个重要特性：多项式本身可在服务器端进行加密，且可通过廉价地修改单个系数实现动态更新，而无需重做整个初始化过程。该方法基于线性同态加密与双线性配对技术，实验表明，在评估包含数百万系数的多项式以及处理TB级数据的高效DPoR场景中均表现出良好性能。例如，对于1TB数据库，与现有技术相比，我们可将客户端存储开销降低5000倍、通信开销降低20倍、客户端审计时间降低2倍，同时服务器端审计时间增加约一个数量级。