BOSSA: A Decentralized System for Proofs of Data Retrievability and Replication

Proofs of retrievability and proofs of replication are two cryptographic tools that enable a remote server to prove that the users' data has been correctly stored. Nevertheless, the literature either requires the users themselves to perform expensive verification jobs, or relies on a "fully trustworthy" third party auditor (TPA) to execute the public verification. In addition, none of existing solutions consider the underlying incentive issues behind a rational server who is motivated to collect users' data but tries to evade the replication checking in order to save storage resources. In this article, we propose the first decentralized system for proofs of data retrievability and replication-BOSSA, which is incentive-compatible for each party and realizes automated auditing atop off-the-shelf blockchain platforms. We deal with issues such as proof enforcements to catch malicious behaviors, new metrics to measure the contributions, and reward distributions to create a fair reciprocal environment. BOSSA also incorporates privacy-enhancing techniques to prevent decentralized peers (including blockchain nodes) from inferring private information about the outsourced data. Security analysis is presented in the context of integrity, privacy, and reliability. We implement a prototype based on BOSSA leveraging the smart contracts of Ethereum blockchain. Our extensive experimental evaluations demonstrate the practicality of our proposal.