[justincormack]

There are ways to do that, proof of possession. What they need is proof you have multiple copies, but you can easily pretend to have multiple copies if they are identical by running the proof on another copy.

You can probably do it by mixing the data with some extra data so replicated copies actually look different so you have to do proof of possession on each replica, and you dont even know they are replicas.

[nicoburns]

Why do we even want a given node to have multiple copies of the same data?

[katzenjam]

If I understand right, GP's saying we need proof that the nodes storing the data are collectively storing multiple copies (as opposed to being sybil identities for a single node that's getting paid multiple times for storing a single copy).

GP suggests making each copy unique. It seems to me that the difficult part is making it cheap for uploaders, verifiers and downloaders to translate between the original data and the various unique copies, without also making it cheap for storers to do so (otherwise they could just store the original data and generate parts of the copies on the fly when challenged).

A similar problem arises in memory-hard functions used for password hashing, such as scrypt and Argon2. Those functions are designed to ensure that you have to use a large amount of memory to compute the function - or at least, to ensure that a space/time tradeoff that allows you to use a smaller amount of memory is very expensive. I wonder if techniques from memory-hard functions could be useful in proof of (unique) storage?

[nicoburns]

Ah, got it. Thanks :)

[hathathat]

You don't, but if you're the best bid for storing one copy your the best bid for storing all n copies!