To address the challenge of balancing data integrity guarantees with system overhead in untrusted storage environments (e.g., public clouds), this paper proposes Partial Asynchronous Checking (PAC), a novel integrity verification mechanism. PAC introduces the “deferred-write commitment” model, decoupling write operations from integrity verification to overcome the performance bottlenecks of conventional synchronous checking—while preserving strong read-time integrity. Its hybrid architecture integrates cryptographic commitments, asynchronous verification scheduling, and lightweight metadata validation, substantially reducing verification overhead. Experimental evaluation demonstrates that PAC achieves 5.5× higher throughput and lower latency compared to state-of-the-art schemes, attaining up to 85% of the performance of non-integrity-protected baselines. Thus, PAC achieves a substantial trade-off between security and efficiency, enabling practical integrity assurance in high-performance cloud storage systems.

Storage integrity is essential to systems and applications that use untrusted storage (e.g., public clouds, end-user devices). However, known methods for achieving storage integrity either suffer from high (and often prohibitive) overheads or provide weak integrity guarantees. In this work, we demonstrate a hybrid approach to storage integrity that simultaneously reduces overhead while providing strong integrity guarantees. Our system, partially asynchronous integrity checking (PAC), allows disk write commitments to be deferred while still providing guarantees around read integrity. PAC delivers a 5.5X throughput and latency improvement over the state of the art, and 85% of the throughput achieved by non-integrity-assuring approaches. In this way, we show that untrusted storage can be used for integrity-critical workloads without meaningfully sacrificing performance.