Summary: The authors investigate the side channel vulnerability of client-side deduplication in cloud storage and argue that existing threat models need to be strengthened. They propose a stronger threat model in which the attacker can adjust the number of stored and unstored chunks of the uploaded file to get privacy. The authors further design two defense schemes, namely, the basic and the enhanced schemes, to reduce the probability of privacy leakage. They also give mathematical analysis and experimental evaluation to prove the effectiveness of the proposed defense schemes. Pros: 1. Interesting idea and simple implementation. 2. Very detailed analysis. 3. Comprehensive comparison with existing work. Cons: 1. Some of the languages are redundant and colloquial (e.g., Sec. 2), the authors need to improve the writing. 2. Notations used in the paper are sometimes confusing. In Sec. 2.1,$H$ is used for both hash function and hash values, whereas in Sec. 4, $h$ is used to denote hash value. In Sec. 4.2, since the subscripts $1$ and $2$ of $h_{12}$ are used for different purposes, the authors should at least use different fonts. Questions/Suggestions: 1. Can the authors elaborate more on the (average) cost of "*Learning the remaining information of specific files*" in Sec. 2.2. It seems that this attack is not practical in real-world scenarios. 2. In Sec. 3.3, can the authors elaborate more on why "*$P_{c}$ is equal to 1/2 for the adversary without any prior knowledge*." Is there any prerequisite? Since the full space of all possible files is far larger than the space of stored files (this should not be a prior knowledge and is common sense), $P_{c}$ should be 0 with no prior knowledge. 3. The authors propse two schemes, and the basic scheme is still side-channel vulnerable. Does that mean users should always use the "enhanced" scheme? If so, what is the context of the "basic scheme" in the paper. If not, when and where can users use the "basic scheme"? Overall Rating: Weak accept.