Pepal: Penalizing multimedia breaches and partial leakages

Storage of media files by users at a third party, like cloud services or escrows, is increasing every day along with the risk of stored files being leaked through breaches from third parties. In this article, we study the problem of handling either intentional or unintentional multimedia storage breaches by the entity hosting the data. To address the problem, we design the Pepal: protocol where the sender forwarding multimedia data to a receiver can penalize the receiver through loss of cryptocurrency even for partial data leakage. Pepal: achieves this by augmenting a blockchain on-chain smart contract between the two parties with an off-chain cryptographic protocol. The protocol involves a new primitive doubly oblivious transfer (DOT), which, when combined with robust watermarking and a claim-or-refund blockchain contract, provides the necessary framework for a provably secure protocol. Any public data leakage by the receiver leads to the sender learning the receiver’s crypto-currency secret key, which allows him to transfer the claim-or-refund deposit of the receiver. The Pepal: protocol also ensures that the malicious sender cannot steal the deposit, even by leaking the original multimedia document in any form. We analyze our DOT-based design against partial adversarial leakages and show it to be robust against even small leakages. The prototype implementation of our Pepal: protocol shows our system to be efficient and easy to deploy in practice.