Proofs of retrievability and proofs of replication are two cryptographic tools that enable a remote server to prove that the users’ data has been correctly stored. Nevertheless, the literature either requires the users themselves to perform expensive verification jobs, or relies on a “fully trustworthy” third party auditor (TPA) to execute the public verification. In addition, none of existing solutions consider the underlying incentive issues behind a rational server who is motivated to collect users’ data but tries to evade the replication checking in order to save storage resources. In this article, we propose the first decentralized system for proofs of data retrievability and replication—${\sf BOSSA}$BOSSA, which is incentive-compatible for each party and realizes automated auditing atop off-the-shelf blockchain platforms. We deal with issues such as proof enforcements to catch malicious behaviors, new metrics to measure the contributions, and reward distributions to create a fair reciprocal environment. ${\sf BOSSA}$BOSSA also incorporates privacy-enhancing techniques to prevent decentralized peers (including blockchain nodes) from inferring private information about the outsourced data. Security analysis is presented in the context of integrity, privacy, and reliability. We implement a prototype based on ${\sf BOSSA}$BOSSA leveraging the smart contracts of Ethereum blockchain. Our extensive experimental evaluations demonstrate the practicality of our proposal.

中文翻译：

---

BOSSA：用于数据可检索和复制证明的去中心化系统

可检索性证明和复制证明是两种加密工具，可让远程服务器证明用户的数据已正确存储。然而，文献要么要求用户自己执行昂贵的验证工作，要么依赖“完全值得信赖的”第三方审计师 (TPA) 来执行公开验证。此外，现有解决方案都没有考虑到理性服务器背后的潜在激励问题，该服务器有动机收集用户数据，但试图逃避复制检查以节省存储资源。在本文中，我们提出了第一个用于数据可检索和复制证明的去中心化系统——${\sf BOSSA}$博萨，这对各方都是激励兼容的，并在现成的区块链平台上实现自动化审计。我们处理诸如捕获恶意行为的证明执行、衡量贡献的新指标以及奖励分配以创建公平的互惠环境等问题。${\sf BOSSA}$博萨还结合了隐私增强技术，以防止分散的对等方（包括区块链节点）推断有关外包数据的私人信息。安全分析是在完整性、隐私和可靠性的背景下呈现的。我们实现了一个基于原型${\sf BOSSA}$博萨利用以太坊区块链的智能合约。我们广泛的实验评估证明了我们建议的实用性。