CN113505392B - Secret sharing method and device - Google Patents

Secret sharing method and device Download PDF

Info

Publication number
CN113505392B
CN113505392B CN202110853166.8A CN202110853166A CN113505392B CN 113505392 B CN113505392 B CN 113505392B CN 202110853166 A CN202110853166 A CN 202110853166A CN 113505392 B CN113505392 B CN 113505392B
Authority
CN
China
Prior art keywords
secret
storage node
shard
confusion
sliced
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110853166.8A
Other languages
Chinese (zh)
Other versions
CN113505392A (en
Inventor
张龙
范瑞彬
张开翔
毛嘉宇
储雨知
王越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202110853166.8A priority Critical patent/CN113505392B/en
Publication of CN113505392A publication Critical patent/CN113505392A/en
Application granted granted Critical
Publication of CN113505392B publication Critical patent/CN113505392B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a secret sharing method and a secret sharing device, wherein the method comprises the steps that when a first sliced storage node detects a secret sliced update indication of a kth period, a first secret polynomial without a constant term is constructed, m first confusion slices are generated based on the first secret polynomial, at least one first confusion slice is distributed to a second sliced storage node, and the secret sliced of the kth period conforming to a threshold secret sharing mechanism is generated according to the received at least one second confusion slice and the secret sliced of the first sliced storage node in the kth-1 period. Wherein the threshold secret sharing mechanism is such that the original secret can be determined from the secret shards of at least t kth periods. Therefore, the scheme can timely and effectively complete the periodic updating flow of the secret shards aiming at each shard storage node, so that the secret attacker cannot acquire enough secret shards in the life cycle of the secret, and the security of the secret data can be effectively improved.

Description

Secret sharing method and device
Technical Field
The embodiment of the invention relates to the field of financial science and technology (Fintech), in particular to a secret sharing method and device.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changed into financial technology, but due to the requirements of safety and instantaneity of the financial industry, the technology is also required to be higher. In the financial field, in order to prevent secret data (such as sensitive information of customers) in financial service data from being revealed, the secret data is generally stored. Based on this, how to effectively save secret data so as to satisfy the security requirement of the secret data becomes an urgent problem to be solved.
At present, in order to ensure the security of secret data, a secret distributor cuts the secret data into w parts of sliced data in a mode of constructing a secret polynomial, and then the w parts of sliced data are respectively sent to w secret storage parties for storage. When the secret data needs to be restored, only t secret storage parties in the w secret storage parties are required to provide respective fragment data, so that the secret data can be restored. Wherein 0<t is less than or equal to w. However, in this processing manner, if the life cycle of the secret data is long, the secret attacker has enough time to crack enough pieces of data, so that there is a risk of leakage of the secret data, and the security of the secret data cannot be ensured.
In view of the foregoing, there is a need for a secret sharing method for effectively improving the security of secret data.
Disclosure of Invention
The embodiment of the invention provides a secret sharing method and device, which are used for effectively improving the security of secret data.
In a first aspect, an embodiment of the present invention provides a secret sharing method, which is applicable to a secret sharing system having m sliced storage nodes, and the method includes:
When the first fragmentation storage node detects a secret fragmentation updating instruction of a kth period, constructing a first secret polynomial without a constant term; k is an integer greater than or equal to 1;
The first shard storage node generates m first confusion shards based on the first secret polynomial, and distributes at least one first confusion shard to the second shard storage node; the first sliced storage node is any one of the m sliced storage nodes; the second sliced storage node is any one of the m sliced storage nodes except the first sliced storage node;
The first sliced storage node generates a secret slice conforming to a kth period of a threshold secret sharing mechanism according to the received at least one second confusion slice and the secret slice of the first sliced storage node in the kth period of the-1 th period; wherein the second obfuscated shard is generated by a second shard storage node according to a second secret polynomial without a constant term; the threshold secret sharing mechanism is used for determining an original secret according to the secret shards of at least t kth periods; and t is an integer greater than 0 and less than or equal to m.
In the above technical solution, if the life cycle of the secret data is long, the secret attacker has enough time to crack enough pieces of data, so that the secret data is at risk of leakage, and the security of the secret data cannot be ensured. Based on the above, the technical scheme in the invention can start the process of updating the secret shards of the first shard storage node in the k-1 th period by periodically updating the secret shards of the shard storage node, namely, when the first shard storage node detects the secret shard updating instruction in the k-th period. Specifically, when the secret shard update indication of the kth period is detected, a first secret polynomial without a constant term is constructed, m first confusion shards for updating the secret shards can be generated based on the first secret polynomial, and then at least one first confusion shard is distributed to the second shard storage node. At the same time, at least one second confusion slice is received, and the received at least one second confusion slice and the secret slice of the first slice storage node in the k-1 period generate the secret slice of the k period which accords with the threshold secret sharing mechanism. Therefore, the scheme can timely and effectively complete the periodic updating flow of the secret shards aiming at each shard storage node, so that the secret attacker cannot acquire enough secret shards in the life cycle of the secret, and the security of the secret data can be effectively improved. Moreover, the scheme can also ensure that the secret shards based on at least t kth periods can still accurately restore the original secret.
Optionally, the constructing a first secret polynomial without a constant term includes:
the first fragment storage node generates t-1 first random numbers;
And the first sharding storage node constructs a first secret polynomial without the constant term according to the t-1 first random numbers.
According to the technical scheme, the first secret polynomial without the constant term is constructed based on the t-1 random numbers, so that support can be provided for subsequently generating the first confusion fragments for updating the secret fragments, the original secret can be timely and accurately restored later, meanwhile, the security of the secret fragments can be ensured, and a secret attacker is prevented from cracking to acquire the secret fragments.
Optionally, before constructing the first secret polynomial without constant terms, the method further comprises:
for each sliced storage node, the sliced storage node determines that the secret slices in the kth period have leakage risk, and generates a secret slice update indication in the kth period; the secret shard update indication is used to instruct each shard storage node to update a secret shard each at the kth-1 cycle.
In the above technical solution, when any one of the sliced storage nodes senses that the secret slices in the kth-1 period may have been revealed or stolen, and senses that a secret attacker is about to possess at least t secrets, the sliced storage node can start the updating process of the secret slices, and generate a secret slice updating instruction at the same time, so as to inform other sliced storage nodes to start the updating process of the secret slices. Thus, the scheme can ensure that a secret attacker cannot acquire enough secret fragments in the life cycle of the original secret, thereby effectively ensuring the security of the original secret.
Optionally, the generating, by the first sliced storage node, a secret slice of a kth cycle according to the received at least one second confusion slice and the secret slice of the first sliced storage node in the kth-1 cycle includes:
the first sliced storage node generates a secret slice which accords with a k period of a threshold secret sharing mechanism according to the received at least one second confusion slice, the first reserved confusion slice and the secret slice of the first sliced storage node in the k-1 period; the first reserved confusion slice is a first confusion slice other than the at least one first confusion slice of the m first confusion slices.
According to the technical scheme, the secret shard of the kth period meeting the threshold secret sharing mechanism can be accurately generated by receiving at least one second confusion shard, the first reserved confusion shard and the secret shard of the first shard storage node in the kth period, so that the dynamic updating of the secret shard of the kth period can be effectively completed, and support is provided for effectively ensuring the security of the original secret.
Optionally, distributing at least one first obfuscated tile to a second tile storage node, including:
The first fragment storage node sends m-1 first confusion fragments in the m first confusion fragments to m-1 second fragment storage nodes respectively;
before generating the secret shard conforming to the kth period of the threshold secret sharing mechanism, further comprising:
The first shard storage node receives second confusion shards generated by m-1 second shard storage nodes respectively.
According to the technical scheme, the m-1 first confusion fragments in the generated m first confusion fragments are respectively sent to the m-1 second fragmentation storage nodes, so that the problem that a secret attacker can obtain the first confusion fragments to crack updated secret fragments when attacking the first fragmentation storage nodes due to the fact that the first confusion fragments are mostly stored in the first fragmentation storage nodes can be avoided, and the leakage risk of original secrets is avoided.
Optionally, before constructing the first secret polynomial without constant terms, the method further comprises:
The secret distribution node constructs a third secret polynomial with constant terms based on the original secret in the 0 th period;
the secret distribution node determines m secret patches of the 0 th period based on the third secret polynomial;
the secret distribution node sends m secret fragments of the 0 th period to m fragment storage nodes respectively; each shard storage node is configured to store a received secret shard of cycle 0.
In the above technical solution, when the 0 th period starts the segmentation of the original secret, the secret distribution node may implement the confusion encryption for the original secret by constructing the third secret polynomial with constant terms based on the original secret. Meanwhile, based on a third secret polynomial, m secret patches of the 0 th period can be generated and distributed to m patch storage nodes for storage. Since the secret piece of each 0 th cycle only contains a part of the original secret and the whole of the original secret cannot be obtained, the security of the original secret can be ensured.
Optionally, the secret distribution node determines m 0 th period secret patches based on the third secret polynomial, including:
The secret distribution node generates m second random numbers;
And the secret distribution node determines m secret patches of the 0 th period according to the m second random numbers and the third secret polynomial.
In the above technical solution, in order to ensure randomness and unpredictability of each split secret piece, and in order to ensure security of an original secret, the solution generates m random numbers, and substitutes the m random numbers into the third secret polynomial respectively, so as to generate m secret pieces of 0 th period.
In a second aspect, an embodiment of the present invention further provides a secret sharing apparatus adapted for use in a secret sharing system having m sliced storage nodes, the apparatus comprising:
a construction unit configured to construct a first secret polynomial without a constant term when a secret slice update instruction of a kth period is detected; k is an integer greater than or equal to 1;
The processing unit is used for generating m first confusion fragments based on the first secret polynomial and distributing at least one first confusion fragment to a second fragment storage node; the first sliced storage node is any one of the m sliced storage nodes; the second sliced storage node is any one of the m sliced storage nodes except the first sliced storage node; generating a secret shard conforming to a kth period of a threshold secret sharing mechanism according to the received at least one second confusion shard and the secret shard of the first shard storage node in the kth period of 1; wherein the second obfuscated shard is generated by a second shard storage node according to a second secret polynomial without a constant term; the threshold secret sharing mechanism is used for determining an original secret according to the secret shards of at least t kth periods; and t is an integer greater than 0 and less than or equal to m.
Optionally, the construction unit is specifically configured to:
Generating t-1 first random numbers;
And constructing a first secret polynomial of the non-constant term according to the t-1 first random numbers.
Optionally, the processing unit is further configured to:
before constructing a first secret polynomial without constant terms, determining, for each shard storage node, that secret shards in a kth period have a risk of leakage, and generating a secret shard update indication in the kth period; the secret shard update indication is used to instruct each shard storage node to update a secret shard each at the kth-1 cycle.
Optionally, the processing unit is specifically configured to:
Generating a secret patch of a kth period conforming to a threshold secret sharing mechanism according to the received at least one second confusion patch, the first reserved confusion patch and the secret patch of the first patch storage node of the kth period of the first-1 period; the first reserved confusion slice is a first confusion slice other than the at least one first confusion slice of the m first confusion slices.
Optionally, the processing unit is specifically configured to:
Respectively transmitting m-1 first confusion fragments in the m first confusion fragments to m-1 second fragment storage nodes;
Optionally, the processing unit is further configured to:
the second obfuscated shards generated by each of the m-1 second shard storage nodes are received before generating the secret shards conforming to the kth period of the threshold secret sharing mechanism.
Optionally, the processing unit is further configured to:
constructing a third secret polynomial with constant terms based on the original secret at the 0 th period before constructing the first secret polynomial without constant terms;
determining m secret patches of the 0 th period based on the third secret polynomial;
respectively transmitting m secret fragments of the 0 th period to m fragment storage nodes; each shard storage node is configured to store a received secret shard of cycle 0.
Optionally, the processing unit is specifically configured to:
Generating m second random numbers;
And determining m secret patches of the 0 th period according to the m second random numbers and the third secret polynomial.
In a third aspect, an embodiment of the present invention provides a computing device, including at least one processor and at least one memory, where the memory stores a computer program that, when executed by the processor, causes the processor to perform the secret sharing method as described in any of the first aspects above.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium storing a computer program executable by a computing device, the program, when run on the computing device, causing the computing device to perform the secret sharing method as described in any of the first aspects above.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a secret sharing system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a secret sharing method according to an embodiment of the present invention;
Fig. 3 is a schematic structural diagram of a secret sharing apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
To facilitate an understanding of embodiments of the present invention, a secret sharing system architecture suitable for use with embodiments of the present invention is first described with reference to the system architecture shown in FIG. 1. As shown in fig. 1, the secret sharing system architecture may be a secret distribution node 101 and an secure secret sharing system 102. Among other things, secure secret sharing system 102 may include at least one sharded storage node, such as sharded storage node 1021, sharded storage node 1022, sharded storage node 1023, and the like. The secret distribution node 101 and the at least one sliced storage node may be communicatively connected through a wired manner, or may be communicatively connected through a wireless manner, which is not limited by the embodiment of the present invention.
In order to ensure security of the secret data, the secret distribution node 101 typically splits the secret data into a plurality of secret pieces and distributes the plurality of secret pieces to the plurality of pieces of storage nodes. Then, any of the sharded storage nodes can periodically and dynamically update the secret shards, for example, when the secret shards of the node are perceived to be leaked or stolen, and when the secret attacker is perceived to be likely to have at least t secret shards, the process of updating the secret shards can be started, and meanwhile, a secret shard update instruction is generated. The plurality of storage nodes start updating respective secret patches based on the secret patch update indication, and at least t updated secret patches can still accurately restore the secret data. Illustratively, the secret distribution node 101 splits a certain secret data into w shares, obtains w shares of secret shards, and distributes the w shares of secret shards to w shard storage nodes for storage. If a certain sliced storage node (such as sliced storage node 1021) senses that its own secret slice is leaked or stolen, and senses that a secret attacker may be about to have at least t secret slices, a process of updating the secret slices can be started, and secret slice update instructions are distributed to other sliced storage nodes except the sliced storage node 1021, so that each sliced storage node can update the secret slices simultaneously. At least t updated secret patches can still accurately restore the secret data.
It should be noted that the structure shown in fig. 1 is merely an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 exemplarily shows a flow of a secret sharing method provided by an embodiment of the present invention, which may be performed by a secret sharing apparatus. The secret sharing method in the embodiment of the invention is suitable for a secret sharing system with m sliced storage nodes.
As shown in fig. 2, the process specifically includes:
step 201, the secret distribution node constructs a third secret polynomial with constant terms based on the original secret at cycle 0.
In the embodiment of the invention, in order to restore the original secret based on some secret fragments after the original secret is segmented, the technical scheme in the embodiment of the invention constructs a (t, m) threshold, and t is more than 0 and less than or equal to m. And carrying out specific operation on the original secret to obtain m secret fragments, and distributing the m secret fragments to m fragment storage nodes for storage. The original secret can be restored when at least t of the sharded storage nodes provide secret shards. Based on this, the secret distribution node constructs a third secret polynomial with constant terms for hiding the original secret at cycle 0 (i.e. the time when the original secret is initially split, or before the first time the secret split is updated by the split storage node). The (t, m) threshold slice restoration refers to that after an original secret is decomposed into m slices, the original secret can be restored only after t slices are collected. That is, m is the number of sharded storage nodes storing the secret shards and t is the minimum number of secret shards needed to recover the original secret.
Illustratively, at cycle 0 (or time called first secret-slice distribution), the secret-slice node constructs a secret polynomial that is used to hide the original secret S. Wherein, the secret polynomial is:
f(x)=S+a1*x1+a2*x2+…+at-1*xt-1modp
Where S is used to represent the original secret, p is used to represent the prime number, and S < p.
Step 202, the secret distribution node determines m 0 th period secret patches based on the third secret polynomial.
In the embodiment of the invention, after constructing a third secret polynomial with constant terms, the secret distribution node can generate m secret patches with the 0 th period based on the third secret polynomial. Specifically, the secret distribution node generates m second random numbers, and substitutes the m random numbers into the third secret polynomial respectively, so that m secret patches with the 0 th period can be generated. Therefore, the scheme can ensure the randomness and unpredictability of each split secret piece after splitting, and can also ensure the security of the original secret.
Illustratively, the secret distribution node randomly selects or generates m unequal numbers x, i.e., { x 1,x2,...,xm }, using a random number generation algorithm. Then, the m unequal numbers x are substituted into the third secret polynomials constructed as described above, respectively, so that m secret patches of the 0 th period, that is, { (x 1,y1),(x2,y2),...,(xm,ym) } can be determined. Wherein the ith secret slice is the secret slice in the 0 th periodI.e./>0≤i≤m。
In step 203, the secret distribution node sends m secret patches of the 0 th period to m patch storage nodes respectively.
In the embodiment of the invention, the secret distribution node sends m secret patches of the 0 th period to m patch storage nodes respectively, wherein each patch storage node is used for storing the received secret patches of the 0 th period. Since the secret piece of each 0 th cycle only contains a part of the original secret and the whole of the original secret cannot be obtained, the security of the original secret can be ensured.
Illustratively, the secret distribution node slices the secretDistributed to the sharded storage nodes P i. Wherein i is more than or equal to 0 and less than or equal to m. To this end, each sharded storage node P i has a secret shard/>, within cycle 0Meanwhile, the secret distribution node discloses p and destroys the third secret polynomial with constant terms so as to prevent a secret attacker from stealing the third secret polynomial.
In step 204, the first shard storage node constructs a first secret polynomial without a constant term when detecting a secret shard update indication of the kth period.
In the embodiment of the invention, because the prior art scheme has the condition that the life cycle of the original secret is longer, a secret attacker can obtain enough secret fragments in enough time, for example, the fragment storage node is attacked by viruses or the secret fragments are leaked due to other reasons, and the like, so that the original secret can be restored based on the obtained secret fragments. Therefore, in order to ensure that a secret attacker cannot acquire enough secret fragments in the life cycle of the original secret, any fragment storage node can periodically update the secret fragments after receiving the secret fragments in the 0 th cycle, and meanwhile destroy the original secret fragments of the fragment storage node. Therefore, the secret sharding information acquired by the secret attacker in the previous period is completely invalid, and meanwhile, the secret sharding information in the previous period can be ensured not to generate unsafe influence on the generation of new secret shards and the original secret.
The update period of the secret slice can be a flexibly changed time, namely a secret slice update process. When any fragment storage node determines that the secret fragments in the kth period are at leakage risk, a secret fragment update instruction of the kth period can be generated; the secret shard update indication is used to instruct the respective shard storage node to update the respective secret shard at the kth-1 cycle. That is, when any one of the sliced storage nodes senses that the secret slices of the storage node in the k-1 period may have been revealed or stolen, and senses that a secret attacker is about to possess at least t secrets, the sliced storage node can start to start the updating process of the secret slices, and meanwhile generates a secret slice updating instruction so as to inform other sliced storage nodes to start the updating process of the secret slices. Thus, the scheme can ensure that a secret attacker cannot acquire enough secret fragments in the life cycle of the original secret, thereby effectively ensuring the security of the original secret. Or the update period of the secret shard may be a fixed time, such as 10 days, 20 days, 30 days, etc. But this fixed time is set on the premise that the secret attacker cannot acquire enough secret slices within this fixed time by either prior art or existing means. When the first sliced storage node detects the secret sliced update indication, a first secret polynomial without constant terms is constructed, namely, the first sliced storage node generates t-1 first random numbers, and the first secret polynomial without constant terms is constructed according to the t-1 first random numbers. Therefore, support can be provided for subsequently generating the first confusion fragments for updating the secret fragments, so that the original secret can be accurately restored in time, and meanwhile, the security of the secret fragments can be ensured, so that a secret attacker is prevented from cracking and acquiring the secret fragments. Wherein the first sliced storage node is any one of the m sliced storage nodes.
Illustratively, any of the sharded storage nodes P i may start to initiate the update flow of the secret shards when it senses that its secret shards in the k-1 th period may have been compromised or stolen, and senses that a secret attacker is about to possess at least t secrets, and generates a secret shard update indication to inform other sharded storage nodes to also start to initiate the update flow of the secret shards. Or when a set secret-slice update period (for example, 30 days) arrives, any slice storage node P i can start to start the secret-slice update flow, and generate a secret-slice update instruction at the same time, so as to inform other slice storage nodes to start the secret-slice update flow.
First, any of the shard storage nodes P i, after detecting the secret shard update instruction, sets a prime number q, and acts on the finite field Z q. At the beginning of the kth period, t-1 numbers are randomly selected in Z q and are marked as: a ij, j= {1,2, …, t-1}.
Any sliced storage node P i then constructs a first secret polynomial of non-constant term according to a ij. The first secret polynomial is:
at the same time, the first secret polynomial also satisfies
In step 205, the first shard storage node generates m first confusion shards based on the first secret polynomial, and distributes at least one first confusion shard to the second shard storage node.
In the embodiment of the invention, the first fragment storage node can randomly select m random numbers, or generate m random numbers through a random number generation algorithm, and substitutes the m random numbers into the first secret polynomial to obtain m first confusion fragments. At least one first obfuscated tile is then distributed to a second tile storage node. The first shard storage node may distribute one or a part of the m first confusion shards to one second shard storage node, or may distribute a part of the m first confusion shards to a plurality of second shard storage nodes, or may send m-1 first confusion shards in the m first confusion shards to m-1 second shard storage nodes respectively. Wherein the second sliced storage node is any one of the m sliced storage nodes except the first sliced storage node.
Illustratively, any of the shard storage nodes P i may calculate m first confusing shards by the following formula. The formula for calculating the first confusion piece is as follows:
Wherein, Used for representing the first confusion piece, 1.ltoreq.j.ltoreq.m, and q used for representing prime numbers.
Any of the shard storage nodes P i (e.g., P 1) may then store one of the m first confusing shards (e.g.) Distributed to a second shard storage node (e.g., P 2), or some of the m first confusing shards (e.g./>)And/>) Distributed to the second shard storage nodes (e.g., P 2 and P 3), or m-1 of the m first confusing shards may be sent to m-1 second shard storage nodes (other shard storage nodes than P 1), respectively.
In step 206, the first sliced storage node generates a secret slice of the kth period according to the received at least one second confusion slice and the secret slice of the first sliced storage node in the kth-1 period.
In the embodiment of the invention, the first sliced storage node can generate the secret slice conforming to the kth period of the threshold secret sharing mechanism according to the received second mixed slice and the secret slice of the first sliced storage node in the kth-1 period. Or the secret shard of the kth period conforming to the threshold secret sharing mechanism may be generated based on the received portion of the second confusion shard and the secret shard of the first shard storage node at the kth period. Or the secret shard of the kth period conforming to the threshold secret sharing mechanism can be generated according to the received m-1 second confusion shards and the secret shards of the first shard storage node in the kth period. Specifically, the first shard storage node may generate a secret shard of a kth cycle according to the received second confusion shard, the first reserved confusion shard, and the secret shard of the first shard storage node in the kth cycle of the threshold secret sharing mechanism, where the first reserved confusion shard is another first confusion shard except the sent second confusion shard of the m first confusion shards. Or the first shard storage node may generate a secret shard of the kth cycle according to the received partial second confusion shard, the first reserved confusion shard, and the secret shard of the first shard storage node in the kth cycle of the threshold secret sharing mechanism, where the first reserved confusion shard is another first confusion shard except the partial second confusion shard sent out in the m first confusion shards. Or the first shard storage node may generate a secret shard of the kth cycle according to the received m-1 second confusion shards, the first reserved confusion shard, and the secret shard of the first shard storage node in the kth cycle of the threshold secret sharing mechanism, where the first reserved confusion shard is a first confusion shard of the m first confusion shards except the m-1 second confusion shards. Wherein the second obfuscated tile is generated by the second tile storage node according to a second secret polynomial without a constant term.
Wherein, for the first shard storage node, the new secret shard of itself can be determined by the following formula. The formula for determining the new secret shard is as follows:
Wherein, Secret sharding for representing sharded storage node P i in the kth cycle,/>Secret sharding for representing sharded storage node P i in the k-1 th cycle,/>For representing an accumulated value of at least one first confusion slice. Thus, each secret-slice storage node P i can complete the old secret slice/>, in the kth periodTo new secret shard/>Dynamic updating of (a).
Illustratively, any of the sharded storage nodes P i (e.g., P 1) may store data based on a received one of the second confusing shards (e.g.) Remove/>The other first confusion fragments and the secret fragments of the first fragment storage node in the k-1 period generate secret fragments which accord with the k period of the threshold secret sharing mechanism. Or may be based on the received portion of the second confusion slice (e.g./>And/>) Remove/>And/>The other first confusion fragments and the secret fragments of the first fragment storage node in the k-1 period generate secret fragments which accord with the k period of the threshold secret sharing mechanism. Or the first shard storage node may generate a secret shard of the kth cycle according to the received m-1 second confusion shards, the first confusion shards except the m-1 first confusion shards sent out, and the secret shard of the first shard storage node in the kth cycle of the threshold secret sharing mechanism. The original secret can still be accurately determined according to the secret patches of at least t kth periods; t is an integer greater than 0 and less than or equal to m.
Wherein for each secret-slice storage node P i, the old secret slice is already unused, so that the old secret slice needs to be destroyed immediately in order to prevent a secret attacker from stealing the old secret slice.
Further, by deforming the above formula for determining the new secret shard, it can be obtained:
From the above formula, it can be seen that updating the secret piece in the k-1 th period can be equivalent to changing the secret polynomial of the hidden secret from f k-1 (x) to f k (x). Let x=0, due to And f k-1 (0) =s, therefore,/>The above formula also shows that the secret shard newly generated in the kth period also accords with the threshold secret sharing mechanism, that is, according to the secret shard of any kth period greater than or equal to t, the original secret can still be accurately restored, and the original secret is kept unchanged.
When the original secret needs to be restored, the original secret can be restored by providing the secret shards of at least t shard storage nodes in the m shard storage nodes. As can be seen from the above formula, f k(0)=fk-1 (0) =s.
Meanwhile, according to the Lagrangian interpolation theorem, for any polynomial, there is:
through the above formula, when x=0, a formula for determining the original secret can be obtained as follows:
Then, the new secret piece generated in at least t kth periods is substituted into the formula for determining the original secret, so that the original secret S can be obtained, that is, the original secret S can be accurately restored.
Illustratively, it is assumed that there are three secret patches, e.g., (x 1,y1)、(x2,y2)、(x3,y3) for each of the three kth cycles, that the original secret can be restored. Therefore, the three secret fragments can be substituted into the above formula for determining the original secret, so that the original secret S can be obtained, that is:
The above embodiments show that, in the prior art, if the life cycle of the secret data is long, the secret attacker has enough time to crack enough pieces of data, so that the secret data is at risk of leakage, and thus the security of the secret data cannot be ensured. Based on the above, the technical scheme in the invention can start the process of updating the secret shards of the first shard storage node in the k-1 th period by periodically updating the secret shards of the shard storage node, namely, when the first shard storage node detects the secret shard updating instruction in the k-th period. Specifically, when the secret shard update indication of the kth period is detected, a first secret polynomial without a constant term is constructed, m first confusion shards for updating the secret shards can be generated based on the first secret polynomial, and then at least one first confusion shard is distributed to the second shard storage node. At the same time, at least one second confusion slice is received, and the received at least one second confusion slice and the secret slice of the first slice storage node in the k-1 period generate the secret slice of the k period which accords with the threshold secret sharing mechanism. Therefore, the scheme can timely and effectively complete the periodic updating flow of the secret shards aiming at each shard storage node, so that the secret attacker cannot acquire enough secret shards in the life cycle of the secret, and the security of the secret data can be effectively improved. Moreover, the scheme can also ensure that the secret shards based on at least t kth periods can still accurately restore the original secret.
Based on the same technical concept, fig. 3 exemplarily shows a secret sharing apparatus provided by an embodiment of the present invention, which may perform a flow of a secret sharing method. The secret sharing device in the embodiment of the invention is suitable for a secret sharing system with m sliced storage nodes.
As shown in fig. 3, the apparatus includes:
A construction unit 301 for constructing a first secret polynomial without a constant term upon detection of a secret patch update indication of a kth period; k is an integer greater than or equal to 1;
A processing unit 302, configured to generate m first confusion slices based on the first secret polynomial, and distribute at least one first confusion slice to a second slice storage node; the first sliced storage node is any one of the m sliced storage nodes; the second sliced storage node is any one of the m sliced storage nodes except the first sliced storage node; generating a secret shard conforming to a kth period of a threshold secret sharing mechanism according to the received at least one second confusion shard and the secret shard of the first shard storage node in the kth period of 1; wherein the second obfuscated shard is generated by a second shard storage node according to a second secret polynomial without a constant term; the threshold secret sharing mechanism is used for determining an original secret according to the secret shards of at least t kth periods; and t is an integer greater than 0 and less than or equal to m.
Optionally, the construction unit 301 is specifically configured to:
Generating t-1 first random numbers;
And constructing a first secret polynomial of the non-constant term according to the t-1 first random numbers.
Optionally, the processing unit 302 is further configured to:
before constructing a first secret polynomial without constant terms, determining, for each shard storage node, that secret shards in a kth period have a risk of leakage, and generating a secret shard update indication in the kth period; the secret shard update indication is used to instruct each shard storage node to update a secret shard each at the kth-1 cycle.
Optionally, the processing unit 302 is specifically configured to:
Generating a secret patch of a kth period conforming to a threshold secret sharing mechanism according to the received at least one second confusion patch, the first reserved confusion patch and the secret patch of the first patch storage node of the kth period of the first-1 period; the first reserved confusion slice is a first confusion slice other than the at least one first confusion slice of the m first confusion slices.
Optionally, the processing unit 302 is specifically configured to:
Respectively transmitting m-1 first confusion fragments in the m first confusion fragments to m-1 second fragment storage nodes;
Optionally, the processing unit 302 is further configured to:
the second obfuscated shards generated by each of the m-1 second shard storage nodes are received before generating the secret shards conforming to the kth period of the threshold secret sharing mechanism.
Optionally, the processing unit 302 is further configured to:
constructing a third secret polynomial with constant terms based on the original secret at the 0 th period before constructing the first secret polynomial without constant terms;
determining m secret patches of the 0 th period based on the third secret polynomial;
respectively transmitting m secret fragments of the 0 th period to m fragment storage nodes; each shard storage node is configured to store a received secret shard of cycle 0.
Optionally, the processing unit 302 is specifically configured to:
Generating m second random numbers;
And determining m secret patches of the 0 th period according to the m second random numbers and the third secret polynomial.
Based on the same technical concept, the embodiment of the present invention further provides a computing device, as shown in fig. 4, including at least one processor 401 and a memory 402 connected to the at least one processor, where in the embodiment of the present invention, a specific connection medium between the processor 401 and the memory 402 is not limited, and in fig. 4, the processor 401 and the memory 402 are connected by a bus, for example. The buses may be divided into address buses, data buses, control buses, etc.
In the embodiment of the present invention, the memory 402 stores instructions executable by the at least one processor 401, and the at least one processor 401 may perform the steps included in the secret sharing method by executing the instructions stored in the memory 402.
Where the processor 401 is a control center of a computing device, various interfaces and lines may be utilized to connect various portions of the computing device, through execution or execution of instructions stored in the memory 402, and invocation of data stored in the memory 402, to effect data processing. Alternatively, the processor 401 may include one or more processing units, and the processor 401 may integrate an application processor and a modem processor, wherein the application processor mainly processes an operating system, a user interface, an application program, etc., and the modem processor mainly processes an issue instruction. It will be appreciated that the modem processor described above may not be integrated into the processor 401. In some embodiments, processor 401 and memory 402 may be implemented on the same chip, and in some embodiments they may be implemented separately on separate chips.
The processor 401 may be a general purpose processor such as a Central Processing Unit (CPU), digital signal processor, application SPECIFIC INTEGRATED Circuit (ASIC), field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc., that may implement or perform the methods, steps, and logic diagrams disclosed in embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the secret sharing method embodiments may be embodied directly in hardware processor execution or in a combination of hardware and software modules in a processor.
Memory 402 is a non-volatile computer-readable storage medium that can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 402 may include at least one type of storage medium, which may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), magnetic Memory, magnetic disk, optical disk, and the like. Memory 402 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 402 in embodiments of the present invention may also be circuitry or any other device capable of performing memory functions for storing program instructions and/or data.
Based on the same technical idea, an embodiment of the present invention further provides a computer-readable storage medium storing a computer program executable by a computing device, which when run on the computing device causes the computing device to perform the steps of the secret sharing method described above.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (10)

1.A secret sharing method, adapted for use in a secret sharing system having m sliced storage nodes, the method comprising:
When the first fragmentation storage node detects a secret fragmentation updating instruction of a kth period, constructing a first secret polynomial without a constant term; k is an integer greater than or equal to 1;
The first shard storage node generates m first confusion shards based on the first secret polynomial, and distributes at least one first confusion shard to the second shard storage node; the first sliced storage node is any one of the m sliced storage nodes; the second sliced storage node is any one of the m sliced storage nodes except the first sliced storage node;
The first sliced storage node generates a secret slice conforming to a kth period of a threshold secret sharing mechanism according to the received at least one second confusion slice and the secret slice of the first sliced storage node in the kth period of the-1 th period; wherein the second obfuscated shard is generated by a second shard storage node according to a second secret polynomial without a constant term; the threshold secret sharing mechanism is used for determining an original secret according to the secret shards of at least t kth periods; and t is an integer greater than 0 and less than or equal to m.
2. The method of claim 1, wherein constructing a first secret polynomial without a constant term comprises:
the first fragment storage node generates t-1 first random numbers;
And the first sharding storage node constructs a first secret polynomial without the constant term according to the t-1 first random numbers.
3. The method of claim 1, further comprising, prior to constructing the first secret polynomial without the constant term:
for each sliced storage node, the sliced storage node determines that the secret slices in the kth period have leakage risk, and generates a secret slice update indication in the kth period; the secret shard update indication is used to instruct each shard storage node to update a secret shard each at the kth-1 cycle.
4. The method of claim 1, wherein the first sliced storage node generates a kth period of the secret slices that meet a threshold secret sharing mechanism based on the received at least one second confusing slice and the secret slices of the first sliced storage node at the kth-1 period, comprising:
the first sliced storage node generates a secret slice which accords with a k period of a threshold secret sharing mechanism according to the received at least one second confusion slice, the first reserved confusion slice and the secret slice of the first sliced storage node in the k-1 period; the first reserved confusion slice is a first confusion slice other than the at least one first confusion slice of the m first confusion slices.
5. The method of claim 4, wherein distributing at least one first obfuscated tile to a second tile storage node comprises:
The first fragment storage node sends m-1 first confusion fragments in the m first confusion fragments to m-1 second fragment storage nodes respectively;
before generating the secret shard conforming to the kth period of the threshold secret sharing mechanism, further comprising:
The first shard storage node receives second confusion shards generated by m-1 second shard storage nodes respectively.
6. The method of claim 1, further comprising, prior to constructing the first secret polynomial without the constant term:
The secret distribution node constructs a third secret polynomial with constant terms based on the original secret in the 0 th period;
the secret distribution node determines m secret patches of the 0 th period based on the third secret polynomial;
the secret distribution node sends m secret fragments of the 0 th period to m fragment storage nodes respectively; each shard storage node is configured to store a received secret shard of cycle 0.
7. A method as defined in claim 6, wherein the secret distribution node determines m 0 th period secret shards based on the third secret polynomial, comprising:
The secret distribution node generates m second random numbers;
And the secret distribution node determines m secret patches of the 0 th period according to the m second random numbers and the third secret polynomial.
8. A secret sharing system, wherein the secret sharing system comprises m sliced storage nodes, wherein the m sliced storage nodes comprise a first sliced storage node, and the first sliced storage node comprises a construction unit and a processing unit;
The construction unit is used for constructing a first secret polynomial without a constant term when the secret slice updating indication of the kth period is detected; k is an integer greater than or equal to 1;
The processing unit is used for generating m first confusion fragments based on the first secret polynomial and distributing at least one first confusion fragment to a second fragment storage node; the second sliced storage node is any one of the m sliced storage nodes except the first sliced storage node; generating a secret shard conforming to a kth period of a threshold secret sharing mechanism according to the received at least one second confusion shard and the secret shard of the first shard storage node in the kth period of 1; wherein the second obfuscated shard is generated by a second shard storage node according to a second secret polynomial without a constant term; the threshold secret sharing mechanism is used for determining an original secret according to the secret shards of at least t kth periods; and t is an integer greater than 0 and less than or equal to m.
9. A computing device comprising at least one processor and at least one memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the method of any of claims 1 to 7.
10. A computer readable storage medium, characterized in that it stores a computer program executable by a computing device, which when run on the computing device, causes the computing device to perform the method of any of claims 1 to 7.
CN202110853166.8A 2021-07-27 2021-07-27 Secret sharing method and device Active CN113505392B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110853166.8A CN113505392B (en) 2021-07-27 2021-07-27 Secret sharing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110853166.8A CN113505392B (en) 2021-07-27 2021-07-27 Secret sharing method and device

Publications (2)

Publication Number Publication Date
CN113505392A CN113505392A (en) 2021-10-15
CN113505392B true CN113505392B (en) 2024-06-21

Family

ID=78014806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110853166.8A Active CN113505392B (en) 2021-07-27 2021-07-27 Secret sharing method and device

Country Status (1)

Country Link
CN (1) CN113505392B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114297487A (en) * 2021-12-27 2022-04-08 深圳前海微众银行股份有限公司 Anti-fraud secret sharing method and device
CN115277215A (en) * 2022-07-29 2022-11-01 中国银行股份有限公司 Network payment encryption method, network payment decryption method, device and equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110297831A (en) * 2019-07-01 2019-10-01 电子科技大学 A kind of block chain fragment storage method based on threshold secret sharing

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8077862B2 (en) * 2007-10-29 2011-12-13 Red Hat, Inc. Sharing a secret using polynomials
CN112184274A (en) * 2019-07-02 2021-01-05 阿里巴巴集团控股有限公司 Online fulfillment system and method
CN112751665B (en) * 2019-10-30 2022-12-09 阿里巴巴(中国)网络技术有限公司 Secure multi-party computing method, device, system and storage medium
CN111447057B (en) * 2020-03-25 2023-04-28 南方电网科学研究院有限责任公司 Safe storage method and device based on threshold secret sharing technology
CN112989321A (en) * 2021-03-02 2021-06-18 北京思特奇信息技术股份有限公司 Secret sharing algorithm-based key management method and system
CN112926051B (en) * 2021-03-25 2022-05-06 支付宝(杭州)信息技术有限公司 Multi-party security computing method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110297831A (en) * 2019-07-01 2019-10-01 电子科技大学 A kind of block chain fragment storage method based on threshold secret sharing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于椭圆曲线密码体制的先应式秘密共享方案;高照锋;叶延风;庄毅;;计算机技术与发展;20070710(07);全文 *

Also Published As

Publication number Publication date
CN113505392A (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN107005574B (en) Block generation method and device and block chain network
CN113505392B (en) Secret sharing method and device
US10439804B2 (en) Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes
JP7089303B2 (en) Inference device, processing system, inference method and inference program
US20180198632A1 (en) Method for providing a space puzzle
WO2019055039A1 (en) Firmware security
WO2023124364A1 (en) Anti-fraud secret sharing methods and apparatuses
CN111404892B (en) Data supervision method and device and server
CN113225297A (en) Data hybrid encryption method, device and equipment
CN112367168A (en) Method and device for generating key of block chain user
CN112287366A (en) Data encryption method and device, computer equipment and storage medium
KR100746033B1 (en) Apparatus and method for measuring integrity
KR101714770B1 (en) ID Dynamic Allocating Method for CAN Communication System, and CAN Communication System
US11121867B2 (en) Encryption methods based on plaintext length
JPH10240128A (en) Ciphering device, cryptographic key generation method and method of managing cryptographic key, and prime number generation device and method therefor
KR102306676B1 (en) Method and system for generating host keys for storage devices
CN116260572B (en) Data hash processing method, data verification method and electronic equipment
CN109951275B (en) Key generation method and device, computer equipment and storage medium
KR20140134796A (en) Method and apparatus for managing distribution of file to recover original file with at least pre-determined number file fragments with random sizes
CN111680325A (en) Data escorting method and device
CN111010275A (en) Key management method, method for generating key and key management system
US10805079B2 (en) Method for securing an automated system
CN109150534B (en) Terminal device and data processing method
CN110851849A (en) Encryption method and device for free map image data
CN114692125A (en) Password generation system, method and device based on distributed quasi-prime numbers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant