Password-authenticated proofs of retrievability for multiple devices checking cloud data

Hui Cui, Zhiguo Wan, Huayi Qi, Baodong Qin, Xun Yi

Research output: Contribution to journalArticleResearchpeer-review


Traditional privately-verifiable proofs of retrievability (PoR) require users to securely generate and store secret keys for data storage and retrieval. This incurs significant inconveniences for users who multiple devices to store and retrieve their data, as secret keys need to be installed on all of these devices. In this paper, we propose a cryptographic primitive called password-authenticated proofs of retrievability (PAPoR), where users are able to use memorable passwords to outsource their data to a cloud and retrieve their data for integrity check. In a PAPoR scheme, users are required to register their passwords with the cloud server before issuing storage and retrieval requests. During the storage and retrieval phases, users communicate with the cloud server to recover secrets tied to the passwords. These secrets are used to complete the storage and retrieval tasks. After describing a formal security definition for the PAPoR framework, we give a concrete construction and the security analysis, and discuss several variants to improve its security. In addition, we implement the given PAPoR construction to evaluate its performance.

Original languageEnglish
Article number103480
Number of pages10
JournalJournal of Information Security and Applications
Publication statusPublished - Jun 2023


  • Cloud computing
  • Integrity
  • Outsourcing
  • Passwords
  • Proofs of retrievability

Cite this