We present a solution to the problem of information integrity protection in distributed systems which is robust against malicious parties, is space and communication efficient, and uses cryptography in a minimal way, Our solution builds on Rabin’s information dispersal algorithm (IDA). While the IDA scheme is able to deal with missing pieces of information, here we solve the more general secure information dispersal problem, in which recovery of information is possible even against modification of information shares by a possibly malicious adversary. Previous solutions to this problem suffer from space and communication blowup, or use costly cryptographic tools that limit the usefulness of the scheme. In contrast, our scheme uses crypt ography in a “minimal” way. It gets rid of the need of private and public key systems and, act ually, requires no secret keys at all. It permits recovery of the distributed information by any party in the system, and at the same time prevents any modification or loss of informat ion, as long as Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and Its date appear, and notice IS given that copying is by permission of the Association for Computtng Mach! nery. To copy otherwise, or to republlsh, requires a fee and/or specific permission. 12th ACM Symposium on Pnncl~les on Dlstrlbuted Computing, Ithaca NY 01993 ACM 0.89791 .613.1 /93/0008 /0207 .,.. $1 ,50 a honest majority of parties exist. The proposed solution is space optimal and flexible enough to replace the basic IDA algorithm in most applications that contemplate general faults. Our solution introduces a new cryptographic tool called distributed fingerprints, which consists of public fingerprints for data integrity having the “paradoxical” property that everyone in the system can compute them (using the same function and no secrets!) but no one can forge them. Distributed fingerprints may replace some of the (integrity) functions provided by signatures in distributed systems, but at a lower cost.
[1]
Adi Shamir,et al.
How to share a secret
,
1979,
CACM.
[2]
Michael O. Rabin,et al.
Efficient dispersal of information for security, load balancing, and fault tolerance
,
1989,
JACM.
[3]
R. J. McEliece,et al.
On sharing secrets and Reed-Solomon codes
,
1981,
CACM.
[4]
Hugo Krawczyk,et al.
Secret Sharing Made Short
,
1994,
CRYPTO.
[5]
Ivan Damgård,et al.
Collision Free Hash Functions and Public Key Signature Schemes
,
1987,
EUROCRYPT.
[6]
Moni Naor,et al.
Universal one-way hash functions and their cryptographic applications
,
1989,
STOC '89.
[7]
John Rompel,et al.
One-way functions are necessary and sufficient for secure signatures
,
1990,
STOC '90.
[8]
G. R. Blakley,et al.
Safeguarding cryptographic keys
,
1899,
1979 International Workshop on Managing Requirements Knowledge (MARK).
[9]
Moti Yung,et al.
Perfectly secure message transmission
,
1993,
JACM.
[10]
Ronald L. Rivest,et al.
The MD4 Message-Digest Algorithm
,
1990,
RFC.
[11]
F. Preparata.
Holographic dispersal and recovery of information
,
1989,
IEEE Trans. Inf. Theory.
[12]
J.L. Massey,et al.
Theory and practice of error control codes
,
1986,
Proceedings of the IEEE.
[13]
Alexander Russell.
Necessary and Sufficient Conditions For Collision-Free Hashing
,
1992,
CRYPTO.
[14]
Ronald L. Rivest,et al.
The MD4 Message-Digest Algorithm
,
1990,
RFC.