JP5065755B2 - Distributed information generating apparatus, confidential information restoring apparatus, distributed information generating method, confidential information restoring method and program - Google Patents

Description

  The present invention relates to a distributed information generation apparatus, a confidential information restoration apparatus, a distributed information generation method, a confidential information restoration method, and a program using a secret sharing method and a data division conversion method.

  In general, an encryption method using a secret key is a method for concealing data. At present, for example, the American standard encryption AES (Advanced Encryption Standard) shown in Non-Patent Document 2 is one of the most used ciphers. Such encryption can prevent leakage of data itself.

  However, the encrypted data itself or the encryption key may be destroyed due to storage damage or destroyed by an unauthorized person attack, making it impossible to use the data itself. For this reason, when encrypting, a method is often used in which a plurality of copies of encrypted data and an encryption key are created and stored in a plurality of secure locations. Since the copy of the encryption key is placed in a plurality of different locations, there is a problem that the possibility of leakage is increased. In addition, by placing the encrypted data itself in a plurality of different locations, there is a problem that it becomes easy for an unauthorized person to be handed over and there is a high possibility of being challenged to decrypt it.

  In view of these problems, the concept of the secret sharing method as described in Non-Patent Document 1 was introduced by Shamir. The secret sharing method according to Non-Patent Document 1 is a method called (k, n) threshold method, in which secret information is distributed into n pieces of information called shared information (shares) that have no meaning, and k shares of the secret information are distributed. This is a method that allows the original secret information to be restored by collecting.

  In addition, when k is smaller than n, the original secret information can be restored even if nk of the shares are lost. Therefore, the method is attracting attention as a method for simultaneously realizing information concealment and backup. That is, the method described in Non-Patent Document 1 is known as a method having information-theoretic safety that “the secret information cannot be determined even with an infinite calculation time”, and has a strong safety. ing.

However, it is theoretically proved that the method having complete information theoretical security in the secret sharing method does not make the size of each share smaller than the size of the secret information. For this reason, there is a technique for reducing the size of the share by using a technique called a ramp-type secret sharing method that may permit leakage of a part of secret information. (For example, see Non-Patent Documents 3 and 4.)
A. Shamir, “How to Share a Secret”, Commun. of the ACM, vol. 22 no. 11 pp. 612-613, 1979. NIST, FIPS197, http: // csrc. nist. gov / publications / fips / fips197 / fips-197. pdf, 2001. G. R. Blackley and C.C. Meadows, “Security of Ramp Schemas” Proc. CRYPTO'84, LNCS 196, Springer-Verlag, pp. 242-269, 1985. H. Yamamoto, “On Secret Sharing Systems Using (k, L, n) —Threshold Scheme”, IEICE Trans. Fundamentals (Japan Edition), vol. J68-A, no. 9, pp. 945-952.

  By the way, when considering the current network system and the like, the storage capacity of the node to which the share is distributed and the network infrastructure capability connecting the nodes are very biased. For example, in general, a mobile phone terminal has a small storage capacity and the wireless infrastructure is not very high-speed communication, but a file server connected by an optical infrastructure has a large storage capacity and can perform high-speed communication.

  Also, it is difficult to say that the reliability is uniform across all nodes. Using the above example, the mobile phone terminal is likely to be lost or stolen, but the file server itself is as It can be said that there is no risk of theft. Therefore, when the ramp-type secret sharing method is used to reduce data, shares are generated in the same way without considering the difference in the situation of nodes in the real world. There is a problem that leakage can easily occur.

  Therefore, the present invention has been made in view of the above-described problems, and is a secure distributed information generating device, confidential information restoring device, and distributed information generating method capable of reducing network communication capacity and storage usage by an arbitrary size. It is an object to provide a method and program for restoring confidential information.

The present invention proposes the following items in order to solve the above problems.
(1) In the present invention, distributed information stored in n-L first node groups (n> L, n, and L are all positive integers) and L second node groups are stored. A distributed information generation device for generating confidential information dividing means for dividing the confidential information S into two pieces of information of information sizes A and B (for example, corresponding to the data division conversion unit 11 in FIG. 1), and the division The distributed information A is distributed to n pieces of distributed information W ₀ ,..., W _n−1 (for example, equivalent to the secret sharing unit 13 in FIG. 1), and the divided information B is copied. Replication means for generating L pieces of information (for example, corresponding to the data duplication unit 12 in FIG. 1), and L pieces of shared information W _n−L ,. Remove the W _n-1, connecting means for generating the connection information in conjunction with the L information the replication (e.g., And corresponding to one of the data combination unit 14), the distributed n-L pieces of shared information W _0, · · _·, a first transmission means for transmitting the _{W n-L-1} to the first node group (For example, corresponding to the information transmission unit 15a of FIG. 1) and second transmission means for transmitting L pieces of connection information output from the connection means to the second node group (for example, information transmission of FIG. 1) A distributed information generating apparatus characterized by comprising the following:

According to this invention, the confidential information dividing means divides the confidential information S into two pieces of information consisting of information sizes A and B, and the distributing means divides the divided information A into n pieces of distributed information W ₀ , .., W _n−1 , and the duplicating unit duplicates the divided information B to generate L pieces of information. Then, the connecting means extracts L pieces of shared information W _n−L ,..., W _n−1 out of the n pieces of distributed information, and connects them with the copied L pieces of information. And the first transmission means transmits the distributed n−L pieces of distributed information W ₀ ,..., W _n-L-1 to the first node group, and the second transmission means. Transmits the L pieces of connection information output from the connection means to the second node group. Therefore, since the distributed information is divided into two pieces of information having different information sizes and stored in the respective node groups, the distributed information according to the difference in reliability, the difference in storage capacity, and the difference in communication path state in each node group Information management becomes possible.

  (2) The present invention proposes a shared information generating apparatus according to (1), wherein the confidential information dividing means can arbitrarily change the information sizes A and B.

  According to the present invention, since the confidential information dividing means can arbitrarily change the information sizes A and B, it is flexible according to the difference in reliability, the difference in storage capacity, and the difference in communication path state in each node group. The size of information to be divided can be determined.

  (3) In the distributed information generating apparatus according to (1), the second node group is a highly reliable node group with sufficient storage capacity and network communication capacity, and the first node group The distributed information generating apparatus is characterized in that the storage capacity and the network communication capacity are weak and the node group is less reliable than the second node group.

  According to the present invention, the second node group is a highly reliable node group with sufficient storage capacity and network communication capacity, the first node group has weak storage capacity and network communication capacity, and the second Because the node group is less reliable than the node group, the management of the divided distributed information is shared according to the storage capacity and network communication capacity of the first node group and the second node group. Can do.

  (4) In the shared information generating apparatus according to (1), when the confidential information dividing unit divides the confidential information S using a secret key, the distributing unit secretly stores the information A. Proposed is a distributed information generation apparatus characterized in that information is distributed by connecting keys.

  According to the present invention, when the confidential information dividing means divides the confidential information S using the secret key, the distributing means connects the secret key to the information A and distributes the information. A format in which the secret information S is divided using a key can also be handled.

(5) In the present invention, distributed information to be stored in a first node group consisting of n−L (n> L, n, and L are all positive integers) and a second node group consisting of L pieces. A distributed information generation method for generating a first step (for example, corresponding to step S101 in FIG. 3) for dividing confidential information S into two pieces of information consisting of information sizes A and B, and the divided information A second step (for example, corresponding to step S102 in FIG. 3) for distributing A into n pieces of distributed information W ₀ ,..., W _n−1 , and L pieces of the divided information B are duplicated. , W _n− , _{L n} pieces of distributed information W _n−L ,..., W _n− among the n pieces of distributed information. Remove the _1, fourth stearyl generating the connection information in conjunction with the L information the replication Flop (e.g., corresponding to step S104 of FIG. 3) to send and the distributed n-L pieces of shared information _W 0, · · _·, the _{W n-L-1} to the first node group (e.g. , Corresponding to step S105 in FIG. 3), transmitting the L pieces of connection information generated in the fourth step to the second node group (for example, corresponding to step S106 in FIG. 3), And a distributed information generation method characterized by comprising:

According to the present invention, the confidential information S is divided into two pieces of information consisting of information sizes A and B, and the divided information A is distributed into n pieces of distributed information W ₀ ,..., W _n−1 . At the same time, the divided information B is duplicated to generate L information, and L pieces of shared information W _n−L ,..., W _n−1 are extracted from the _n pieces of distributed information. The linked information is generated by linking with the copied L pieces of information. Then, the distributed n−L pieces of distributed information W ₀ ,..., W _n-L-1 are transmitted to the first node group, and the generated L pieces of connection information are transmitted to the second node group. Send. Therefore, since the distributed information is divided into two pieces of information having different information sizes and stored in the respective node groups, the distributed information according to the difference in reliability, the difference in storage capacity, and the difference in communication path state in each node group Information management becomes possible.

(6) In the present invention, distributed information to be stored in a first node group consisting of n−L (n> L, n, and L are all positive integers) and a second node group consisting of L pieces. A program for causing a computer to execute the distributed information generation method to be generated, and the first step of dividing the confidential information S into two pieces of information having information sizes A and B (for example, corresponding to step S101 in FIG. 3) ), A second step of distributing the divided information A into n pieces of distributed information W ₀ ,..., W _n−1 (for example, corresponding to step S102 in FIG. 3), and the divided information A third step (for example, equivalent to step S103 in FIG. 3) for duplicating information B to generate L information, and L pieces of distributed information W _n−L among the distributed n pieces of distributed information , _..., takes out the _{W n-1,} the duplicate the L A fourth step of generating connection information in conjunction with broadcast (e.g., Figure corresponds to step S104 of 3) and, the distributed n-L pieces of shared information _{W 0, ···, W n-} L- ₁ is transmitted to the first node group (for example, corresponding to step S105 in FIG. 3), and the L pieces of connection information generated in the fourth step are transmitted to the second node group (for example, A program for causing a computer to execute the fifth step (corresponding to step S106 in FIG. 3) is proposed.

According to the present invention, the confidential information S is divided into two pieces of information consisting of information sizes A and B, and the divided information A is distributed into n pieces of distributed information W ₀ ,..., W _n−1 . At the same time, the divided information B is duplicated to generate L information, and L pieces of shared information W _n−L ,..., W _n−1 are extracted from the _n pieces of distributed information. The linked information is generated by linking with the copied L pieces of information. Then, the distributed n−L pieces of distributed information W ₀ ,..., W _n-L-1 are transmitted to the first node group, and the generated L pieces of connection information are transmitted to the second node group. Send. Therefore, since the distributed information is divided into two pieces of information having different information sizes and stored in the respective node groups, the distributed information according to the difference in reliability, the difference in storage capacity, and the difference in communication path state in each node group Information management becomes possible.

  (7) In the present invention, confidential information is transmitted from the shared information generating apparatus according to (1) and stored in the first node group and the linked information stored in the second node group. A confidential information restoring device for restoring information, wherein the first receiving unit receives the shared information from a predetermined number of nodes in the first node group (for example, corresponding to the information receiving unit 21a in FIG. 4). A second receiving unit (for example, corresponding to the information receiving unit 21b in FIG. 4) that receives the connection information from one or more nodes in the second node group, and a reception by the second receiving unit. A dividing unit (for example, corresponding to the data dividing unit 22 in FIG. 4) for separating the shared information and the information B from the connected information, and the distributed information received by the first receiving unit and the distribution separated by the dividing unit Restore information A from information A reproducing means (for example, corresponding to the secret information restoring unit 23 in FIG. 4), a reproducing means for reproducing the confidential information by connecting the information B obtained by the dividing means and the information A obtained by the restoring means ( For example, there is proposed a confidential information restoration device characterized by comprising the data restoration unit 24 in FIG.

  According to this invention, the first receiving means receives the distributed information from a predetermined number of nodes in the first node group, and the second receiving means has one or more of the second node groups. Receive link information from a node. Then, the dividing unit separates the shared information and the information B from the connection information received by the second receiving unit, and the restoration unit separates the shared information received by the first receiving unit and the shared information separated by the dividing unit. The information A is restored from the above, and the reproduction means reproduces the confidential information by connecting the information B obtained by the dividing means and the information A obtained by the restoration means. Accordingly, the secret information can be completely restored from the shared information generated in the shared information generating device described in (1) and transmitted to each node group with a simple configuration.

  (8) The present invention is classified from the shared information stored in the first node group and the linked information stored in the second node group, which is transmitted from the distributed information generation apparatus according to (1). A confidential information restoring method for restoring information, the first step of receiving the distributed information from a predetermined number of nodes in the first node group (for example, corresponding to step S201 in FIG. 5), A second step of receiving the connection information from one or more nodes in the second node group (for example, corresponding to step S202 in FIG. 5), and the distribution information from the connection information received in the second step Information is obtained from a third step (for example, corresponding to step S203 in FIG. 5) for separating information B, the shared information received by the first step, and the shared information separated by the third step. A fourth step (for example, corresponding to step S204 in FIG. 5) for restoring A and the information B obtained by the third step and the information A obtained by the fourth step are concatenated. A confidential information restoration method is proposed, which comprises a fifth step (for example, corresponding to step S205 in FIG. 5) for reproducing information.

  According to this invention, distributed information is received from a predetermined number of nodes in the first node group, and connection information is received from one or more nodes in the second node group. Then, the shared information and the information B are separated from the connection information received in the second step, and the information A is restored from the shared information received in the first step and the shared information separated in the third step. The information B obtained by the third step and the information A obtained by the fourth step are connected to reproduce the confidential information. Accordingly, the secret information can be completely restored from the shared information generated in the shared information generating device described in (1) and transmitted to each node group with a simple configuration.

  (9) The present invention provides a secret from the shared information stored in the first node group and the linked information stored in the second node group, which is transmitted from the shared information generating apparatus described in (1). A program for causing a computer to execute a confidential information restoration method for restoring information, wherein a first step of receiving the distributed information from a predetermined number of nodes in the first node group (for example, FIG. 5) In step S201), a second step of receiving the connection information from one or more nodes in the second node group (for example, corresponding to step S202 in FIG. 5), and in the second step A third step (for example, corresponding to step S203 in FIG. 5) for separating the shared information and the information B from the received link information, the shared information received by the first step, and the third A fourth step (for example, corresponding to step S204 in FIG. 5) for restoring information A from the distributed information separated in the step, information B obtained in the third step, and the fourth step A fifth step (for example, corresponding to step S205 in FIG. 5) for reproducing the confidential information by concatenating the received information A and a program to be executed by the computer are proposed.

  According to this invention, distributed information is received from a predetermined number of nodes in the first node group, and connection information is received from one or more nodes in the second node group. Then, the shared information and the information B are separated from the connection information received in the second step, and the information A is restored from the shared information received in the first step and the shared information separated in the third step. The information B obtained by the third step and the information A obtained by the fourth step are connected to reproduce the confidential information. Accordingly, the secret information can be completely restored from the shared information generated in the shared information generating device described in (1) and transmitted to each node group with a simple configuration.

  According to the present invention, there is an effect that it is possible to appropriately execute management of distributed data that is secure and has destruction resistance while considering the storage capacity of the node, communication infrastructure, reliability, and the like.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<Configuration of distributed information generation device>
The configuration of the shared information generation apparatus will be described with reference to FIG.
As shown in FIG. 1, the shared information generation apparatus includes a data division conversion unit 11, a data duplication unit 12, a secret sharing unit 13, a data connection unit 14, and information transmission units 15a and 15b. . Note that the node that stores the distributed information includes a first node group including n−L (n> L, n, and L are positive integers) and a second node group including L. ing.

  The data division conversion unit 11 divides the confidential information S into two pieces of information including information size A (fragment A in the figure) and B (fragment B in the figure). For this division conversion, an All-Or-Nothing Transform (AONT), a method of simply dividing binaries by encryption, or the like is used. Further, the division size of information in the division conversion can be arbitrarily changed. Therefore, it is possible to determine the information size to be flexibly divided according to the difference in reliability, the difference in storage capacity, and the difference in communication path state in each node group.

  The data duplication unit 12 duplicates the fragment B divided by the data division conversion unit 11 to generate L pieces of information.

The secret sharing unit 13 distributes the fragment A divided by the data division conversion unit 11 by the secret sharing method, and generates n pieces of shared information W ₀ ,..., W _n−1 . In addition, in the division conversion in the data division conversion unit 11, when the division conversion method using the secret key is used, the concatenation of the secret key and the fragment A is distributed by the secret sharing method. In addition to the secret sharing method proposed by Shamir shown in Non-Patent Document 2, the secret sharing method uses the ramp-type secret sharing method shown in Non-Patent Documents 3 and 4, the fast secret sharing method using XOR, and the like. be able to.

The data concatenation unit 14 extracts L pieces of shared information W _n−L ,..., W _n−1 from the fragment A (n pieces of shared information) divided by the data division conversion unit 11, and the data duplication unit 12, L pieces of linked data (W _n−L || B),..., (W _n−1 || B) are generated. Here, || indicates binary concatenation.

The information transmission unit 15a transmits n−L pieces of distributed information W ₀ ,..., W _n−L−1 to the first node group. The information transmission unit 15b transmits L pieces of connection information output from the data connection unit 14 to the second node group.

  Here, the second node group is a highly reliable node group with sufficient storage capacity and network communication capacity, and the first node group is weak in storage capacity and network communication capacity, In comparison, a node group with low reliability is assumed. Thereby, it is possible to share the management of the divided distributed information according to the storage capacity and network communication capacity of the first node group and the second node group.

<Structure of distributed information>
FIG. 2 shows the structure of the distributed information. According to this figure, the secret information is divided into fragment A (information A) and fragment B (information B) by division conversion. The divided fragment B (information B) is duplicated into L fragments B (information B), and the fragment A (information A) is converted into n pieces of distributed information by secret sharing.

  Of the n pieces of secret information that are secretly shared, L pieces are linked to the duplicated L pieces B (information B) and separated from the remaining n−L pieces of shared information. Then, the concatenated L pieces of distributed information are transmitted to the second node group, and the remaining n−L pieces of distributed information are transmitted to the first node group.

<Distributed information generation processing>
Next, the shared information generation process will be described with reference to FIG.
First, the confidential data S is divided and converted to obtain fragments A (information A) and B (information B) (step S101). Next, information A is distributed by the secret sharing method to generate n pieces of shared information W ₀ ,..., W _n−1 (step S102). On the other hand, the information B is duplicated to generate L pieces of information (step S103).

Next, L pieces of shared information W _n−L ,..., W _n−1 are extracted from the information A (n pieces of shared information), and are linked to the information B copied in the data replicating unit 12, and L The pieces of concatenated data (W _n−L || B),..., (W _n−1 || B) are generated (step S104).

Then, n−L pieces of distributed information W ₀ ,..., W _n−L-1 are transmitted to the first node group (step S105), and L pieces of connection information are transmitted to the second node group. (Step S106).

  Therefore, according to the shared information generating apparatus in the present embodiment, the shared information is divided into two pieces of information having different information sizes and stored in the respective node groups. Management of distributed information according to the difference in the communication channel state and the difference in the communication channel state becomes possible.

<Configuration of confidential information restoration device>
The configuration of the confidential information restoring device will be described with reference to FIG.
The confidential information restoring device according to the present embodiment corresponds to the above-described distributed information generating device, and the configuration thereof includes information receiving units 21a and 21b, a data dividing unit 22, as shown in FIG. The secret information restoring unit 23 and the data restoring unit 24 are included. Note that the confidential information restoration apparatus according to the present embodiment receives the shared information from each node group and restores the secret information, but when receiving the shared information from each node group, the shared information is restored. The combination of the shared information of the secret sharing method included in is required to be an element of the access structure. Here, the access structure is a set of combinations of shared information that can restore the secret information in the secret sharing method.

  The information receiving unit 21a receives distributed information from a predetermined number of nodes in the first node group. The information receiving unit 21b receives connection information from one or more nodes in the second node group. The data dividing unit 22 separates the shared information and the information B from the linked information received by the information receiving unit 21b.

  The secret information restoration unit 23 restores information A by executing a restoration process by the restoration method of the secret sharing method from the shared information received by the information receiving unit 21a and the shared information separated by the data dividing unit 22. When shared information is generated by split conversion using a secret key, it is split into secret key and information A in order to obtain link conversion information A and secret key concatenation information. The data restoring unit 24 concatenates the information B obtained by the data dividing unit 22 and the information A obtained by the secret information restoring unit 23 to restore the confidential information.

<Restoring confidential information>
Next, confidential information restoration processing will be described with reference to FIG.
First, distributed information is received from a predetermined number of nodes in the first node group (node group 1) (step S201). Furthermore, connection information is received from one or more nodes in the second node group (node group 2) (step S202).

Then, the concatenation information received in step S202 is divided to obtain shared information of the secret sharing scheme and split conversion information B (step S203). Further, the sharing information received in step S201 and the sharing information of the secret sharing method divided in step S203 are restored, and division conversion information A is obtained (step S204). Then, the information B obtained in step S203 and the information A obtained in step S204 are connected to restore the confidential information (step S205).

  Therefore, according to the confidential information restoring apparatus according to the present embodiment, the confidential information can be restored with a simple configuration from the distributed information generated by the distributed information generating apparatus and transmitted to each node group.

  The above-described confidential information distribution process and restoration process are recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a recording apparatus and executed, thereby realizing the control of the present invention. be able to. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

  Since the present invention is a method that takes into account the storage capacity, communication infrastructure, and reliability of the node, it can be distributed to multiple nodes in different situations via the network to protect corporate confidential data from leakage and destruction. It can be applied as a management method.

It is a block diagram of the distributed information generation apparatus which concerns on this embodiment. It is a figure which shows the structure of distributed information. It is a flow which shows the production | generation process of the shared information which concerns on this embodiment. It is a block diagram of the secret information decompression | restoration apparatus which concerns on this embodiment. It is a flow which shows the decompression | restoration process of the secret information which concerns on this embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 11 ... Data division | segmentation conversion part, 12 ... Data replication part, 13 ... Secret distribution part, 14 ... Data connection part, 15a, 15b ... Information transmission part, 21a, 21b ... Information Receiving unit, 22 ... data dividing unit, 23 ... secret information restoring unit, 24 ... data restoring unit

Claims (9)

A shared information generation apparatus that generates shared information to be stored in a first node group consisting of n−L (n> L, n, and L are all positive integers) and a second node group consisting of L. There,
Confidential information dividing means for dividing the confidential information S into two pieces of information consisting of information sizes A and B;
Disperse means for distributing the divided information A into n pieces of distributed information W ₀ ,..., W _n−1 ;
Duplicating means for duplicating the divided information B to generate L pieces of information;
A concatenation that extracts L pieces of distributed information W _n−L ,..., W _n−1 from the _n pieces of distributed information and concatenates them with the copied L pieces of information to generate connection information. Means,
_First distributed means for transmitting the distributed n−L pieces of distributed information W ₀ ,..., W _n-L-1 to the first node group;
Second transmission means for transmitting L pieces of connection information output from the connection means to the second node group;
A distributed information generating apparatus comprising:   2. The distributed information generating apparatus according to claim 1, wherein the confidential information dividing unit can arbitrarily change the information sizes A and B.   The second node group is a highly reliable node group with sufficient storage capacity and network communication capacity, and the first node group has weak storage capacity and network communication capacity, and the second node group The distributed information generation apparatus according to claim 2, wherein the distributed information generation apparatus is a group of nodes having low reliability as compared with a node group.   The information is distributed by connecting the secret key to the information A when the secret information dividing unit divides the secret information S using a secret key. 2. The distributed information generation device according to 1. A distributed information generation method for generating shared information to be stored in a first node group composed of n−L (n> L, n, and L are all positive integers) and a second node group composed of L. There,
A first step of dividing the confidential information S into two pieces of information consisting of information sizes A and B;
A second step of distributing the divided information A into n pieces of shared information W ₀ ,..., W _n−1 ;
A third step of replicating the divided information B to generate L pieces of information;
The L pieces of shared information W _n−L ,..., W _n−1 are extracted from the n pieces of distributed information and are connected to the duplicated L pieces of information to generate connection information. 4 steps,
The distributed n−L pieces of distributed information W ₀ ,..., W _n-L-1 are transmitted to the first node group, and the L pieces of connection information generated in the fourth step are transmitted. A fifth step of transmitting to the second group of nodes;
A distributed information generation method characterized by comprising: A distributed information generation method for generating distributed information to be stored in a first node group consisting of n−L (n> L, n, and L are all positive integers) and a second node group consisting of L. A program for causing a computer to execute,
A first step of dividing the confidential information S into two pieces of information consisting of information sizes A and B;
A second step of distributing the divided information A into n pieces of shared information W ₀ ,..., W _n−1 ;
A third step of replicating the divided information B to generate L pieces of information;
The L pieces of shared information W _n−L ,..., W _n−1 are extracted from the n pieces of distributed information and are connected to the duplicated L pieces of information to generate connection information. 4 steps,
The distributed n−L pieces of distributed information W ₀ ,..., W _n-L-1 are transmitted to the first node group, and the L pieces of connection information generated in the fourth step are transmitted. A fifth step of transmitting to the second group of nodes;
A program that causes a computer to execute. Confidential information restoration that restores confidential information from the shared information stored in the first node group and the linked information stored in the second node group, transmitted from the distributed information generating apparatus according to claim 1 A device,
First receiving means for receiving the shared information from a predetermined number of nodes in the first node group;
Second receiving means for receiving the connection information from one or more nodes of the second node group;
Dividing means for separating shared information and information B from the concatenated information received by the second receiving means;
Restoring means for restoring information A from the shared information received by the first receiving means and the shared information separated by the dividing means;
Reproducing means for reproducing the confidential information by connecting the information B obtained by the dividing means and the information A obtained by the restoring means;
An apparatus for restoring confidential information, comprising: Confidential information restoration that restores confidential information from the shared information stored in the first node group and the linked information stored in the second node group, transmitted from the distributed information generating apparatus according to claim 1 A method,
A first step of receiving the distributed information from a predetermined number of nodes in the first node group;
A second step of receiving the connection information from one or more nodes of the second node group;
A third step of separating shared information and information B from the connected information received in the second step;
A fourth step of restoring information A from the shared information received in the first step and the shared information separated in the third step;
A fifth step of reproducing the confidential information by connecting the information B obtained by the third step and the information A obtained by the fourth step;
A method for restoring confidential information, comprising: Confidential information restoration that restores confidential information from the shared information stored in the first node group and the linked information stored in the second node group, transmitted from the distributed information generating apparatus according to claim 1 A program for causing a computer to execute a method,
A first step of receiving the distributed information from a predetermined number of nodes in the first node group;
A second step of receiving the connection information from one or more nodes of the second node group;
A third step of separating shared information and information B from the connected information received in the second step;
A fourth step of restoring information A from the shared information received in the first step and the shared information separated in the third step;
A fifth step of reproducing the confidential information by connecting the information B obtained by the third step and the information A obtained by the fourth step;
A program that causes a computer to execute.

Images