Generic Secure Repair for Distributed Storage

This paper studies the problem of repairing secret sharing schemes, i.e., schemes that encode a message into n shares, assigned to n nodes, so that any n − r nodes can decode the message but any colluding z nodes cannot infer any information about the message. In the event of node failures so that shares held by the failed nodes are lost, the system needs to be repaired by reconstructing and reassigning the lost shares to the failed (or replacement) nodes. This can be achieved trivially by a trustworthy third-party that receives the shares of the available nodes, recompute and reassign the lost shares. The interesting question, studied in the paper, is how to repair without a trustworthy third-party. The main issue that arises is repair security: how to maintain the requirement that any colluding z nodes, including the failed nodes, cannot learn any information about the message, during and after the repair process? We solve this secure repair problem from the perspective of secure multi-party computation. Specifically, we design generic repair schemes that can securely repair any (scalar or vector) linear secret sharing schemes. We prove a lower bound on the repair bandwidth of secure repair schemes and show that the proposed secure repair schemes achieve the optimal repair bandwidth up to a small constant factor when n dominates z, or when the secret sharing scheme being repaired has optimal rate. We adopt a formal information-theoretic approach in our analysis and bounds. A main idea in our schemes is to allow a more flexible repair model than the straightforward one-round repair model implicitly assumed by existing secure regenerating codes. Particularly, the proposed secure repair schemes are simple and efficient two-round protocols.

[1]  R. Michael Buehrer,et al.  Toward Optimal Secure Distributed Storage Systems With Exact Repair , 2016, IEEE Transactions on Information Theory.

[2]  Swanand Kadhe,et al.  Weakly secure regenerating codes for distributed storage , 2014, 2014 International Symposium on Network Coding (NetCod).

[3]  Sriram Vishwanath,et al.  Secure Cooperative Regenerating Codes for Distributed Storage Systems , 2012, IEEE Transactions on Information Theory.

[4]  Wentao Huang,et al.  Secure RAID schemes from EVENODD and STAR codes , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[5]  Wentao Huang,et al.  Secure RAID schemes for distributed storage , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[6]  Nihar B. Shah,et al.  Information-Theoretically Secure Regenerating Codes for Distributed Storage , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[7]  Wentao Huang,et al.  Secret sharing with optimal decoding and repair bandwidth , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Ming Xian,et al.  On Secrecy Capacity of Minimum Storage Regenerating Codes , 2015, IEEE Transactions on Information Theory.

[10]  Sriram Vishwanath,et al.  Optimal Locally Repairable and Secure Codes for Distributed Storage Systems , 2012, IEEE Transactions on Information Theory.

[11]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[12]  Ethan L. Miller,et al.  POTSHARDS—a secure, recoverable, long-term archival storage system , 2009, TOS.

[13]  Wentao Huang,et al.  Communication Efficient Secret Sharing , 2015, IEEE Transactions on Information Theory.

[14]  Kannan Ramchandran,et al.  Securing Dynamic Distributed Storage Systems Against Eavesdropping and Adversarial Attacks , 2010, IEEE Transactions on Information Theory.

[15]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[16]  Vinod M. Prabhakaran,et al.  On the Communication Complexity of Secure Computation , 2013, IACR Cryptol. ePrint Arch..