Communication Efficient Secret Sharing

A secret sharing scheme is a method to store information securely and reliably. Particularly, in a threshold secret sharing scheme, a secret is encoded into $n$ shares, such that any set of at least $t_1$ shares suffice to decode the secret, and any set of at most $t_2 < t_1$ shares reveal no information about the secret. Assuming that each party holds a share and a user wishes to decode the secret by receiving information from a set of parties; the question we study is how to minimize the amount of communication between the user and the parties. We show that the necessary amount of communication, termed "decoding bandwidth", decreases as the number of parties that participate in decoding increases. We prove a tight lower bound on the decoding bandwidth, and construct secret sharing schemes achieving the bound. Particularly, we design a scheme that achieves the optimal decoding bandwidth when $d$ parties participate in decoding, universally for all $t_1 \le d \le n$. The scheme is based on Shamir's secret sharing scheme and preserves its simplicity and efficiency. In addition, we consider secure distributed storage where the proposed communication efficient secret sharing schemes further improve disk access complexity during decoding.Comment: submitted to the IEEE Transactions on Information Theory. New references and a new construction adde

Communication Efficient Secret Sharing in the Presence of Malicious Adversary

Consider the communication efficient secret sharing problem. A dealer wants to share a secret with $n$ parties such that any $k\leq n$ parties can reconstruct the secret and any $z<k$ parties eavesdropping on their shares obtain no information about the secret. In addition, a legitimate user contacting any $d$, $k\leq d \leq n$, parties to decode the secret can do so by reading and downloading the minimum amount of information needed. We are interested in communication efficient secret sharing schemes that tolerate the presence of malicious parties actively corrupting their shares and the data delivered to the users. The knowledge of the malicious parties about the secret is restricted to the shares they obtain. We characterize the capacity, i.e. maximum size of the secret that can be shared. We derive the minimum amount of information needed to to be read and communicated to a legitimate user to decode the secret from $d$ parties, $k\leq d \leq n$. Error-correcting codes do not achieve capacity in this setting. We construct codes that achieve capacity and achieve minimum read and communication costs for all possible values of $d$. Our codes are based on Staircase codes, previously introduced for communication efficient secret sharing, and on the use of a pairwise hashing scheme used in distributed data storage and network coding settings to detect errors inserted by a limited knowledge adversary.Comment: Extended version of a paper submitted to ISIT 202

Storage Codes with Flexible Number of Nodes

This paper presents flexible storage codes, a class of error-correcting codes that can recover information from a flexible number of storage nodes. As a result, one can make a better use of the available storage nodes in the presence of unpredictable node failures and reduce the data access latency. Let us assume a storage system encodes $k\ell$ information symbols over a finite field $\mathbb{F}$ into $n$ nodes, each of size $\ell$ symbols. The code is parameterized by a set of tuples $\{(R_j,k_j,\ell_j): 1 \le j \le a\}$, satisfying $k_1\ell_1=k_2\ell_2=...=k_a\ell_a$ and $k_1>k_2>...>k_a = k, \ell_a=\ell$, such that the information symbols can be reconstructed from any $R_j$ nodes, each node accessing $\ell_j$ symbols. In other words, the code allows a flexible number of nodes for decoding to accommodate the variance in the data access time of the nodes. Code constructions are presented for different storage scenarios, including LRC (locally recoverable) codes, PMDS (partial MDS) codes, and MSR (minimum storage regenerating) codes. We analyze the latency of accessing information and perform simulations on Amazon clusters to show the efficiency of presented codes

Threshold changeable secret sharing schemes revisited

AbstractThis paper studies the methods for changing thresholds in the absence of secure channels after the setup of threshold secret sharing schemes. First, we construct a perfect (t,n) threshold scheme that is threshold changeable to t′>t, which is optimal with respect to the share size. This improves the scheme of Wang and Wong by relaxing the requirement from q≥n+v to q>n with the secret-domain Fqv. But these threshold changeable schemes along with most previously known schemes turn out to be insecure under the collusion attack of players holding initial shares. By adding a broadcast enforcement term we enhance the model with collusion security and N options of threshold change. Then we construct a computationally secure scheme under the enhanced model, which involves much shorter shares and broadcast messages than the perfect schemes. Finally, we discuss how to realize the enrollment and disenrollment of players, and particularly, how to deal with L-fold changes of access polices