, Equation (4) turns into a proper inclusion as long as q is not a prime. Besides, by definition of lifted codes
The restriction of f along L i can be interpolated as a univariate polynomial f |L i (T ) of degree at most q ? 2, since (f (Q)) Q?L i lies in the Reed-Solomon code RS q (q ? 1), by definition of lifted codes, Therefore f |L i (T ) = 0, and f vanishes on L i. Repeating arguments in the proof of Lemma 5.5, we get a ? deg f ? 2q ? 2, and d min ,
Similarly to Proposition 5.6, we can then prove that practical PoRs can be constructed with the family of lifted codes Lift ,
, and (Q, V ) its associated verification structure. If every ? w is sufficiently uniform, then the PoR scheme associated to C and (Q, V ) is (?, ? )-sound for every ? < 1 and ? = O( 1 (1??)q 2 )
, The crucial improvement is that lifted codes potentially have much higher dimension than ReedMuller codes
Remote Data Checking using Provable Data Possession, ACM Trans. Inf. Syst. Secur, vol.14, issue.1, 2011. ,
Designs and Their Codes, Cambridge Tracts in Mathematics, 1992. ,
Proofs of Retrievability: Theory and Implementation, Proceedings of the first ACM Cloud Computing Security Workshop, pp.43-54, 2009. ,
Proofs of Retrievability via Hardness Amplification, Theory of Cryptography, 6th Theory of Cryptography Conference, vol.5444, pp.109-127, 2009. ,
New Affine-Invariant Codes from Lifting, ITCS '13, pp.529-540, 2013. ,
PORs: Proofs of Retrievability for Large Files, Proceedings of the 2007 ACM Conference on Computer and Communications Security, pp.584-597, 2007. ,
A Cooperative Internet Backup Scheme, USENIX Annual Technical Conference, pp.29-41, 2003. ,
New Proofs of Retrievability using Locally Decodable Codes, IEEE International Symposium on Information Theory, pp.1809-1813, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01413159
A Dynamic Proof of Retrievability (PoR) Scheme with O(log n) Complexity, Proceedings of IEEE International Conference on Communications, pp.912-916, 2012. ,
The Complexity of Online Memory Checking, J. ACM, vol.56, issue.1, 2009. ,
A Coding Theory Foundation for the Analysis of General Unconditionally Secure Proof-ofRetrievability Schemes for Cloud Storage, J. Mathematical Cryptology, vol.7, issue.3, pp.183-216, 2013. ,
, J. Mathematical Cryptology, vol.12, issue.4, pp.203-220, 2018.
Efficient Proofs of Retrievability with Public Verifiability for Dynamic Cloud Storage, 2016. ,
Compact Proofs of Retrievability, J. Cryptology, vol.26, issue.3, pp.442-483, 2013. ,
Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing, IEEE Trans. Parallel Distrib. Syst, vol.22, issue.5, pp.847-859, 2011. ,
, We here confirm our heuristic on the fact that ? w is sufficiently uniform, by providing experimental estimates of ?
, as presented in Section 5.2.1. We also fix the word w ? F n q uploaded on the server during the initialisation step. Remark that, for varying w, all ? w are equivalently distributed. Indeed, if ? ? S(F q ) n satisfies ?(w) = w , then the distribution of permutations picked from ? w can be obtained by applying ? to permutations picked from ? w. Hence, without loss of generality we assume that w = 0. Proposition 3.16 claims that in this context, ? should be O(1/q) since ? = 2 and ? q. For convenience, Setup. We consider PoR schemes using Reed-Muller codes C = RM q
, ? Test 1. We sample N challenges u, and for each sample, we fix t ? and r u in {x ? F q , |Z u | = t}. Then, we estimate p ? by running M trials and computing the average
, ? Test 2. A challenge u is fixed, and for several values of t, we pick N responses r u randomly in {x ? F q , |Z u | = t}. For every r u , we estimate p ? with M samples. We collect the maximum value of ? M
, A challenge u is fixed, as well as a response r u to this challenge which satisfies |Z u | = t for several values of t ? [2, We then run M trials and collect ? M (p ? ), vol.3
, At the end of the document, Figures 5, 6 and 7 confirm that, for fixed N and q, and for any Test i we use