CN116260577A - Threshold secret sharing method and system based on regenerated codes - Google Patents

Threshold secret sharing method and system based on regenerated codes Download PDF

Info

Publication number
CN116260577A
CN116260577A CN202211631813.1A CN202211631813A CN116260577A CN 116260577 A CN116260577 A CN 116260577A CN 202211631813 A CN202211631813 A CN 202211631813A CN 116260577 A CN116260577 A CN 116260577A
Authority
CN
China
Prior art keywords
secret
participants
matrix
threshold
share
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211631813.1A
Other languages
Chinese (zh)
Other versions
CN116260577B (en
Inventor
李挥
孟详帧
王晓鹏
侯韩旭
彭明
张彩芳
殷伟娟
马化军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Digital Internet Co ltd
Foshan Saisichen Technology Co ltd
Original Assignee
Jiangsu Digital Internet Co ltd
Foshan Saisichen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Digital Internet Co ltd, Foshan Saisichen Technology Co ltd filed Critical Jiangsu Digital Internet Co ltd
Priority to CN202211631813.1A priority Critical patent/CN116260577B/en
Publication of CN116260577A publication Critical patent/CN116260577A/en
Application granted granted Critical
Publication of CN116260577B publication Critical patent/CN116260577B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a threshold secret sharing method and system based on a regenerated code, comprising the following steps: step S1, performing secret processing by regenerating codes, and firstly confirming by a secret distributor
Figure DEST_PATH_IMAGE001
Threshold for individual secret participants and secret reconstruction
Figure 4528DEST_PATH_IMAGE002
Determining the threshold value of secret share restoration according to the principle of the regenerated code
Figure DEST_PATH_IMAGE003
Coefficient matrix
Figure 29991DEST_PATH_IMAGE004
Message matrix
Figure DEST_PATH_IMAGE005
And calculates the coding matrix
Figure 419515DEST_PATH_IMAGE006
The method comprises the steps of carrying out a first treatment on the surface of the Step S2, secret share distribution, secret distributor will
Figure 877041DEST_PATH_IMAGE001
The secret shares are distributed to the user via a secure transmission channel
Figure 268577DEST_PATH_IMAGE001
A secret participant; step S3, restoring the secret share, when the secret share of the participant is lost, by at least the other
Figure 887777DEST_PATH_IMAGE003
The bit participants repair the lost secret; step S4, reconstruction of the original secret by at least
Figure 967860DEST_PATH_IMAGE002
The secret shares of the bit participants are calculated to obtain the original secret information. The invention is more in line with the running mode of the computer, can effectively improve the processing speed, introduces the function of secret share restoration and expands the application range of secret sharing.

Description

Threshold secret sharing method and system based on regenerated codes
Technical Field
The invention relates to an (n, k) threshold secret sharing method, in particular to a threshold secret sharing method of a regeneration code based on binary addition, convolution and displacement operation, and further relates to a threshold secret sharing system adopting the threshold secret sharing method of the regeneration code based on binary addition, convolution and displacement operation.
Background
Frequent communications are indispensable to people in daily life and work. With the continuous progress of human society, communication modes and technologies have been developed and advanced. From the fact that people can only transmit information by means of things, sounds and the like, to the fact that information is transmitted by means of words, to the fact that electronic information technology is used for transmitting information, finally, networks are widely used for transmitting information at present, communication methods of people are more and more efficient, time and space ranges of information storage and transmission are also more and more wide, and unprecedented convenience is brought to society. The development of communication technology is a key problem of attention while meeting the daily life requirements of people and effectively protecting data resources and communication safety. In 1949, shannon, the father of the information theory, proposed the communication theory of the security system, which makes cryptography a branch of mathematical discipline, and lays the foundation of modern cryptography.
In order to securely transfer information, people generally adopt an encryption form, cryptography is gradually prosperous, and among a plurality of secure encryption communication modes, a mode with wider application range exists: secret sharing. In 1979, the concept of secret sharing was first proposed by Shamir and Blakley, respectively, and their technical solutions have been widely used for the sake of simplicity and practicality. The secret sharing technology comprises participants, a distributor and a secret 3 parts, wherein for positive integers k and n (k is less than or equal to n, n participants are specified, the distributor distributes the secret to each participant, after the participants take respective secret shares, at least k secret shares of the participants participate in secret reconstruction, and the secret can be obtained, or else the secret cannot be obtained.
This classical scheme is called (n, k) threshold secret sharing, with the key being two: the original secret cannot be recovered without meeting the specified conditions, and the secret can still be completely acquired within a certain secret share loss range. The general flow of secret sharing is divided into three parts, the first being the processing and distribution of the secret, the second being the preservation of the secret shares, and the third being the reconstruction process of the secret. The second part is secured relatively by different propagation paths and other protection means, and the key of secret sharing is the first part and the third part, and the currently commonly used schemes include shamir scheme, blakley scheme, remainder theorem and the like.
The two processes of splitting and reconstructing the secret are described below in the blakley scheme. Secret processing and distribution: the core idea of this scheme is that the secret distributor saves the secret content as a point on the limited dimension k-space and constructs n plane equations through this point, then distributes the n equations to n secret participants. Secret reconstruction: when k plane equations are gathered, the equations can be solved to obtain accurate information of the point, and when k is not satisfied, the information cannot be obtained.
By way of example: in the secret processing and distribution process, n and k are first defined by the secret distributor, for example, n=4, k=3; representing the correct secret in a point in k-dimensional space, e.g. (5,14,6); n planes are constructed through this point, for example: x+y+z=25, 2x+y+z=30, x+y+2z=31, x+2y+z=39; n plane equations are issued as secret shares to n participants.
Secret reconstruction: aggregating secret shares of any k persons, a system of equations is constructed, such as: x+y+z=25, 2x+y+z=30, x+y+2z=31; solving the set of equations for the k dimensions, k unknowns, the original secret can be reconstructed, e.g., 5,14,6.
In the common schemes, if a shamir scheme, a blakley scheme, a residual theorem and other schemes are adopted, the original secret information is hidden in a mathematical calculation mode, so that the mathematical calculation amount is large; moreover, the design priority of the scheme is focused on the processing of the small secrets, the implementation difficulty of larger data content is higher, and the larger the data is, the larger the calculation cost is. Therefore, today, in informatization, a method suitable for computer operation should be searched for secret sharing, so as to improve efficiency and reduce time cost.
In modern storage, in order to effectively save ever-increasing data, current storage system architectures are evolving gradually, from traditional stand-alone storage to more scalable distributed storage. In distributed storage, in order to prevent the problem of data loss caused by failure of physical storage, a multi-copy strategy and an erasure code strategy are mainly used at present. The multi-copy policy is to copy the original data into N copies, for example, the Google file system adopts a three-copy technology to ensure the reliability of the data. Erasure coding strategies are originally a type of forward error correction code used in communication technology, simply by increasing computation to reduce storage overhead. One of the more common erasure codes is the maximum separable distance code (Maximum Distance Separate codes, abbreviated MDS code), which generally comprises two parameters, n and k. In the (n, k) MDS code, the original data is divided into k parts, n-k parts of redundant data are generated through the coding rule, and any k parts of data can reconstruct the original data. The erasure code strategy widely used in the local storage system, if applied in the distributed environment, has a repair bandwidth of single point failure equal to the original data volume, and the storage file is usually larger, so that network congestion is easily caused.
The regenerated code is an erasure code that satisfies the MDS condition. The provision of the regenerated code provides a new option for reducing the repair bandwidth, which can be reduced by data computation, in its design where the storage node has computational power. In the design of the regenerated code, in addition to meeting the requirements of the MDS code (n, k), there are four key parameters (d, α, β, γ): and when one node fails, the newly added node contacts d surviving nodes, and the data with the volume of beta bits is respectively retrieved from the d nodes to recover lost data, the total repair bandwidth is gamma=dbeta, and the data of each node is reconstructed without completely decoding the file. The reproduction codes can be classified into functional repair (which does not require the same as the original data) and precise repair (which accurately restores the lost data); in consideration of overhead of storage and bandwidth, the precision repair regeneration codes can be divided into two types, i.e., minimum storage regeneration codes and minimum bandwidth regeneration codes. Based on the product matrix construction of the regenerated code, the Hou provides the regenerated code based on binary addition, convolution and displacement operation, namely the regenerated code used in the method can accord with the binary operation mode of a computer, reduces the complexity of operation and improves the coding efficiency of the regenerated code.
Disclosure of Invention
The invention aims to provide a (n, k) threshold secret sharing method of a regenerated code based on binary addition, convolution and displacement operation, which aims to improve the processing speed of secret sharing, shorten the processing time and realize secret reconstruction and restoration so as to meet the secret sharing requirement in practical application. On the basis, a secret sharing system adopting the secret sharing method of the regeneration code based on binary addition, convolution and displacement operation is further provided.
In this regard, the present invention provides a threshold secret sharing method based on a regenerated code, including the steps of:
step S1, carrying out secret processing through a regeneration code, firstly confirming n secret participants and a secret reconstruction threshold k through a secret distributor, then determining a secret share restoration threshold d, a coefficient matrix ψ and a message matrix M according to the principle of the regeneration code, and calculating a coding matrix C, wherein d is more than or equal to k, and n represents the number of people of the secret participants;
step S2, distributing the secret shares, namely distributing n secret shares to n secret participants through a secure transmission channel by a secret distributor, and destroying a message matrix M and a coding matrix C to finish a secret distribution process;
step S3, repairing the secret share, when the secret share of the secret participant is lost, repairing the lost secret by other at least d secret participants;
and S4, reconstructing the original secret, and calculating through at least k secret shares of the secret participants to obtain the original secret information.
A further development of the invention is that said step S1 comprises the sub-steps of:
step S101, the secret distributor confirms n secret participants and a threshold k for secret reconstruction;
step S102, a secret distributor determines a threshold value d of secret share restoration according to the principle of regenerating codes, wherein d is more than or equal to k;
step S103, the secret distributor splits the original secret data and determines a message matrix M according to the values of a secret reconstruction threshold k and a secret share restoration threshold d;
step S104, the secret distributor determines a coefficient matrix ψ (n x d) corresponding to the number n of secret participants and the message matrix M;
in step S105, the secret distributor calculates the coding matrix C of the coefficient matrix ψ and the message matrix M.
A further improvement of the present invention is that in the step S103, the secret distributor splits the original secret file into a plurality of parts, taking the way of minimum bandwidth regeneration code as an example, taking the first (k (k+1))/2 parts to form the upper triangle part of the k rows and k columns symmetric matrix S, filling the remaining k (d-k) parts into the matrix T of k rows and (d-k) columns, and passing through the formula
Figure BDA0004006087520000041
A message matrix M of d rows and d columns is obtained.
A further improvement of the present invention is that in the step S104, the secret distributor determines the coefficient matrix as ψ= [ ΦΔ ], where Φ is an n-row k-column matrix, Δ is an n-row (d-k) column matrix, and any d-row linear independence in the coefficient matrix ψ is satisfied, and any k-row linear independence in the matrix Φ is satisfied.
A further improvement of the present invention is that in said step S105, the coding matrix C is obtained by multiplying the coefficient matrix ψ and the message matrix M.
A further improvement of the present invention is that in said step S2, the secret distributor discloses the coefficient matrix ψ obtained in step S1, splits the encoding matrix C into n secret shares, and then
Figure BDA0004006087520000042
Distributed to n secret participants via a secure transmission channel, wherein +.>
Figure BDA0004006087520000043
An i-th row representing a coefficient matrix ψ; />
Figure BDA0004006087520000044
An i-th row representing the encoding matrix C for use as a secret share; and destroying the message matrix M and the code matrix C obtained in the step S1 to complete the secret distribution process.
A further development of the invention is that said step S3 comprises the sub-steps of:
step S301, the participant f who lost the secret share contacts the other d participants to help repair the secret share;
step S302, the other d participants calculate the secret shares held by themselves
Figure BDA0004006087520000045
Psi with the lost person f Product under binary addition, convolution and displacement operation and will +.>
Figure BDA0004006087520000046
Sent to participants f, ψ of lost secret shares f A row vector representing a coefficient matrix corresponding to the participant f who loses the secret share;
step S303, the lost secret share participants f aggregate d participants
Figure BDA0004006087520000047
Is psi repair Summarizing the calculation results of d participants +.>
Figure BDA0004006087520000048
Is psi repairf ,/>
Figure BDA0004006087520000049
Ψ repair D rows and d columns of coefficient submatrices when repairing d participants;
step S304, participant f who lost the secret share calculates ψ repair Is represented as z e (1+f (z)), where z represents a right shift operation, e represents the number of bits moved, and f (z) is a polynomial without a constant term;
step S304, participant f calculation of lost secret sharez ef =(1+f(z)) -1 ·adj(Ψ repair )·Ψ repairf Wherein adj (ψ) repair ) Is psi repair Is obtained by shifting e bits left after the right calculation of the equation is completed f After the transposition is continued, the product is obtained
Figure BDA0004006087520000051
The secret share is restored, < >>
Figure BDA0004006087520000052
A row vector representing the coding matrix corresponding to the participant f who lost the secret share.
A further development of the invention is that said step S4 comprises the sub-steps of:
step S401, when the original secret is needed, the decryptor collects the secret shares of k secret sharers;
step S402, the decryptor gathers k participants
Figure BDA0004006087520000053
Is psi DC Summarizing the calculation results of k participants +.>
Figure BDA0004006087520000054
Is C DC ,Ψ DC Representing a submatrix of k rows and d columns coefficients, C, during secret reconstruction DC Representing the encoded submatrix at secret reconstruction;
step S403, decryptor extracts from coefficient submatrices ψ DC Separating out phi DC ,Φ DC Representing k rows and k columns of coefficient submatrices at secret reconstruction and computing Φ DC Is represented as z e (1+f (z)), where z represents a right shift operation, e represents the number of bits moved, and f (z) is a polynomial without a constant term;
step S404, decryptor calculates z e M=(1+f(z)) -1 ·adj(Φ DC ) C, wherein adj (Φ) DC ) Is phi DC Is obtained by shifting e bits left after the right calculation of the equation is completedAnd then the original message matrix M is spliced through the numerical values of k and d, so that the original secret data can be obtained.
The invention is further improved in that in the steps S1-S4, namely in the whole secret sharing process, the number of the coefficient matrix row vectors of the regenerated codes is the number of secret participants in the process; the repair of the secret share is closely related to the value of d; the construction and deconstructment of the original secret to the message matrix is always closely related to the values of k and d.
The invention also provides a threshold secret sharing system based on the regeneration code, which adopts the threshold secret sharing method based on the regeneration code and comprises the following steps:
the secret processing module performs secret processing through the regeneration codes, firstly confirms n secret participants and a secret reconstruction threshold k through a secret distributor, then determines a secret share restoration threshold d, a coefficient matrix ψ and a message matrix M according to the principle of the regeneration codes, calculates a coding matrix C, wherein d is more than or equal to k, and n represents the number of people of the secret participants;
the secret distribution module distributes the result obtained by the secret processing module as secret shares to all secret participants, and destroys the message matrix M and the coding matrix C to complete the secret distribution process;
the secret restoration module realizes restoration of lost secret shares through the reproduction characteristic of the reproduction code, and when the secret shares of the secret participants are lost, the lost secret is restored through other at least d secret participants;
and the secret reconstruction module is used for reconstructing the original secret according to the decoding principle of the regenerated code, and calculating the secret shares of at least k secret participants to obtain the original secret information.
Compared with the prior art, the invention has the beneficial effects that: firstly, secret processing is carried out through a regenerated code, namely secret data processing is realized through binary addition, convolution and displacement operation modes, so that the method can be more in line with the operation mode of a computer, and the processing speed is effectively improved; secondly, the property of the regenerated code is used for carrying out the whole process of secret sharing, so that the requirement of secret sharing can be met, the restoration function of secret share is introduced according to the characteristic of the regenerated code, and the application range of secret sharing is enlarged. The invention can effectively improve the processing speed of secret sharing, shorten the processing time, and realize secret reconstruction and repair so as to meet the requirements of practical application.
Drawings
FIG. 1 is a schematic workflow diagram of one embodiment of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The secret sharing flow comprises secret processing, secret distribution, secret reconstruction and other processes, and is similar to the encoding and decoding processes in the distributed storage erasure code file processing; the repair function of the regenerated code is a function not found in secret sharing, such as applying the regenerated code in secret sharing can produce good results, and is therefore incorporated in the present application. The process description of the present application takes the minimum bandwidth regenerated code (abbreviated as MBR) as an example, and the method can be generally used for minimum storage regenerated code.
First we introduce operations based on binary addition, convolution and displacement, which will be finite fields
Figure BDA0004006087520000061
Conversion of medium-complex polynomial multiplication into binary F more computer-friendly 2 Operation, during a specific operation, each partitioned small data block is first considered as a binary sequence, such as an infinitely long sequence a = (a) 0 ,a 1 ,a 2 ,a 3 ,…),b:=(b 0 ,b 1 ,b 2 ,b 3 …). The sequence may be represented by a polynomial, e.g., a=a 0 +a 1 z+a 2 z 2 + …, where a (z) is a representation of a formalized power series of a. The operation includes the following operations: addition, a+b= (a) 0 +b 0 ,a 1 +b 1 ,a 2 +b 2 …); the convolution multiplication is performed by,
Figure BDA0004006087520000062
division operations, e.g. b divided by a, with a constant term a being a 0 =1, the quotient can be defined as a new polynomial f (z) = Σ j f j z j The polynomial terms satisfy
Figure BDA0004006087520000063
The shift, operator z, is used to represent a shift-to-right operation, the power of which represents the number of bits shifted, e.g., za= 0+a 0 z+a 1 z 2 +a 2 z 3 + …. The power series set is marked as F 2 [[z]]The set of polynomials is denoted as F 2 [z]. For example, if a (z) and b (z) both contain L-bits, there is a (z) +zb (z) = (a) 0 ,a 1 +b 0 ,a 2 +b 1 ,…,a L-1 +b L-2 ,b L-1 ) The length is L+1. The mathematical operation methods used in the present application are all the operation methods.
Second, parameters required for secret sharing using a regenerated code include:
Figure BDA0004006087520000064
Figure BDA0004006087520000071
this example is illustrated by the construction of a product matrix of minimum bandwidth regenerated codes, which can construct an MBR of arbitrary k.ltoreq.d.ltoreq.n-1, typically such that when the volume of data retrieved from each helping participant, β=1, α, B satisfies the condition: α=d, b= (k (k+1))/2+k (d-k).
The secret processing process and the coding process of the regenerated code correspond to each other, and firstly, the segmented secret data block is regarded as F 2 [z]In (2) and constructing a message matrix, the coefficient matrix is defined simply as
Figure BDA0004006087520000072
The use of regeneration codes in the present application requires that the sub-coefficient matrix be reversible during secret reconstruction and secret repair. For example phi DC M=c, require Φ DC Is of the determinant det (phi) DC ) Not equal to 0, then det (Φ) DC ) Can be expressed as z e (1+f (z)) wherein e is a non-negative integer and f (z) is a polynomial that does not include a constant term, thus (1+f (z)) -1 ∈F 2 [[z]]. By adj (phi) DC ) Represents phi DC E is used to represent the identity matrix, and adj (Φ) DC )·Φ DC =det(Φ DC ) E, combine with Φ DC M=c obtainable result z e M=(1+f(z)) -1 ·adj(Φ DC ) C. The decoded result can be obtained by shifting the result left by e bits only, which is the key of secret reconstruction and secret restoration.
In combination with the above description, the specific implementation methods of binary addition, convolution and displacement operation are used in secret sharing, and the secret sharing method and system of the regeneration code based on binary addition, convolution and displacement operation are provided.
When the regenerated code based on binary addition, convolution and displacement operation is used for (n, k) threshold secret sharing, compared with a classical (n, k) threshold secret sharing scheme, other processes are consistent except for the process of secret processing by using a BASIC regenerated code method in the process of processing and reconstructing the secret; a function of secret share restoration is introduced, and the key of the function and secret reconstruction is that a sub-coefficient matrix determinant formed by secret shares of participants involved in secret restoration and reconstruction is not 0.
As shown in fig. 1, the present embodiment provides a threshold secret sharing method based on a regeneration code, which includes the following steps:
step S1, carrying out secret processing through a regeneration code, firstly confirming n secret participants and a secret reconstruction threshold k through a secret distributor, then determining a secret share restoration threshold d, a coefficient matrix ψ and a message matrix M according to the principle of the regeneration code, and calculating a coding matrix C, wherein d is more than or equal to k, and n represents the number of people of the secret participants;
step S2, secret share distribution, wherein a secret distributor distributes n secret shares to n secret participants through a secure transmission channel, and destroys a message matrix M and a coding matrix C to complete a secret distribution process;
step S3, repairing the secret shares, when the secret shares of the secret participants are lost, repairing the lost secret by other at least d secret participants;
and S4, reconstructing the original secret, and calculating through at least k secret shares of the secret participants to obtain the original secret information.
In this embodiment, the method for sharing the threshold secret based on the regenerated code refers to a method for sharing the (n, k) threshold secret of the regenerated code based on binary addition, convolution and displacement operation; the threshold secret sharing system based on the regenerated code refers to an (n, k) threshold secret sharing system based on the regenerated code of binary addition, convolution and displacement operation; binary addition based refers to finite field
Figure BDA0004006087520000081
Conversion of medium-complex polynomial multiplication into binary F more computer-friendly 2 And (5) calculating. Secret participants may be referred to as participants.
Step S1 of this embodiment includes the following substeps:
step S101, the secret distributor confirms n secret participants and a threshold k for secret reconstruction;
step S102, a secret distributor determines a threshold d (d is more than or equal to k) of secret share restoration according to the principle of regenerating codes;
step S103, the secret distributor splits the original secret data and determines a message matrix M according to the values of a secret reconstruction threshold k and a secret share restoration threshold d;
step S104, the secret distributor determines a coefficient matrix ψ (n x d) corresponding to the number n of secret participants and the message matrix M;
in step S105, the secret distributor calculates the coding matrix C of the coefficient matrix ψ and the message matrix M.
In step S103 described in this embodiment, the secret distributor splits the original secret file into a plurality of parts, taking the mode of minimum bandwidth regeneration code as an example, taking the first (k (k+1))/2 parts to form the upper triangle part of the k rows and k columns symmetric matrix S, filling the remaining k (d-k) parts into the matrix T of k rows and (d-k) columns, and passing through the formula
Figure BDA0004006087520000091
A message matrix M of d rows and d columns is obtained.
In step S104 described in this embodiment, the secret distributor determines the coefficient matrix as ψ= [ ΦΔ ], where Φ is an n-row k-column matrix, Δ is an n-row (d-k) column matrix, and any d-row linear independence in the coefficient matrix ψ in binary addition, convolution and displacement operation is satisfied, and any k-row linear independence in the matrix Φ is satisfied.
In step S105 described in this embodiment, the coding matrix C is obtained by multiplying the coefficient matrix ψ and the message matrix M by using binary addition, convolution and shift operation. I.e. the coding matrix C is obtained from the coefficient matrix ψ and the message matrix M in binary addition, convolution and displacement operations.
For example, consider a (k, d) = (3, 4) scene, where data needs to be decomposed into (3× (3+1))/2+3 (4-3) =9 blocks. The message matrix M can be expressed as:
Figure BDA0004006087520000092
coefficient matrix
Figure BDA0004006087520000093
Multiplying by M->
Figure BDA0004006087520000094
Can be expressed as
s 1 (z)+z i-1 s 2 (z)+z 2(i-1) s 3 (z)+z 3(i-1) s 7 (z),
s 2 (z)+z i-1 s 4 (z)+z 2(i-1) s 5 (z)+z 3(i-1) s 8 (z),
s 3 (z)+z i-1 s 5 (z)+z 2(i-1) s 6 (z)+z 3(i-1) s 9 (z),
s 7 (z)+z i-1 s 8 (z)+z 2(i-1) s 9 (z)。
In step S2 of this embodiment, the secret distributor discloses the coefficient matrix ψ obtained in step S1, splits the encoding matrix C into n secret shares, and then divides the n secret shares into n secret shares
Figure BDA0004006087520000095
Distributed to n secret participants via a secure transmission channel, wherein +.>
Figure BDA0004006087520000096
An i-th row representing a coefficient matrix ψ; />
Figure BDA0004006087520000097
An i-th row representing the encoding matrix C for use as a secret share; and then destroying the message matrix M and the code matrix C obtained in the step S1 to finish the secret distribution process.
Step S3 in this embodiment includes the following substeps:
step S301, the participant f who lost the secret share contacts the other d participants to help repair the secret share;
step S302, the other d participants calculate the secret shares held by themselves
Figure BDA0004006087520000098
Psi with the lost person f Product under binary addition, convolution and displacement operation and will +.>
Figure BDA0004006087520000099
Sent to participants f, ψ of lost secret shares f A row vector representing a coefficient matrix corresponding to the participant f who loses the secret share;
still taking (k, d) = (3, 4) as an example, each
Figure BDA00040060875200000910
Can be regarded as a matrix of 1 row and 4 columns, each +.>
Figure BDA00040060875200000911
Also a matrix of 1 row and 4 columns, then ψ f For a matrix of 4 rows and 1 columns, the two can be multiplied to obtain a matrix of 1 row and 1 column, namely a unique result: />
Figure BDA0004006087520000101
Step S303, the lost secret share participant f gathers the other d participants
Figure BDA0004006087520000102
Is psi repair Summarizing the calculation results of d participants +.>
Figure BDA0004006087520000103
Is psi repairf ,/>
Figure BDA0004006087520000104
Ψ repair D rows and d columns of coefficient submatrices when repairing d participants;
step S304, participant f who lost the secret share calculates ψ repair Is represented as z e (1+f (z)), where z represents a right shift operation, e represents the number of bits moved, and f (z) is a polynomial without a constant term;
step S304, participant f who lost the secret share calculates z ef =(1+f(z)) -1 ·adj(Ψ repair )·Ψ repairf Wherein adj (ψ) repair ) Is psi repair Is obtained by shifting e bits left after the right calculation of the equation is completed f After continuing to transposeObtaining the product
Figure BDA0004006087520000105
The secret share is restored, < >>
Figure BDA0004006087520000106
A row vector representing the corresponding encoding matrix of the secret share remover f.
Step S4 of this embodiment includes the following substeps:
step S401, when the original secret is needed, the decryptor collects the secret shares of k secret sharers;
step S402, the decryptor gathers k participants
Figure BDA0004006087520000107
Is psi DC Summarizing the calculation results of k participants +.>
Figure BDA0004006087520000108
Is C DC ,Ψ DC Representing a submatrix of k rows and d columns coefficients, C, during secret reconstruction DC Representing the encoded submatrix at secret reconstruction;
step S403, decryptor extracts from coefficient submatrices ψ DC Separating out phi DC ,Φ DC Representing k rows and k columns of coefficient submatrices at secret reconstruction and computing Φ DC Is represented as z e (1+f (z)), where z represents a right shift operation, e represents the number of bits moved, and f (z) is a polynomial without a constant term;
step S404, decryptor calculates z e M=(1+f(z)) -1 ·adj(Φ DC ) C, wherein adj (Φ) DC ) Is phi DC After the calculation on the right side of the equation is completed, the original message matrix M is obtained by shifting e bits to the left, and then the original message matrix M is spliced by the numerical values of k and d, so that the original secret data can be obtained.
The embodiment also provides a threshold secret sharing system based on the regeneration code, which adopts the threshold secret sharing method based on the regeneration code and comprises the following steps:
the secret processing module carries out secret processing through a regeneration code of binary addition, convolution and displacement operation, firstly, n secret participants and a secret reconstruction threshold k are confirmed through a secret distributor, then a secret share restoration threshold d, a coefficient matrix ψ and a message matrix M are determined according to the principle of the regeneration code, and a coding matrix C is calculated, wherein d is more than or equal to k, and n represents the number of the secret participants;
the secret distribution module distributes the result obtained by the secret processing module as secret shares to all secret participants, and destroys the message matrix M and the coding matrix C to complete the secret distribution process;
the secret restoration module realizes restoration of lost secret shares through the regeneration characteristics of regeneration codes of binary addition, convolution and displacement operation, and when the secret shares of the secret participants are lost, the restoration of lost secrets is carried out through other at least d secret participants;
and the secret reconstruction module is used for reconstructing the secret according to the decoding principle of the regeneration codes of binary addition, convolution and displacement operation, and calculating the secret share of at least k secret participants to obtain the original secret information.
In summary, in this embodiment, the regenerated code based on binary addition, convolution and displacement operation is used in (n, k) threshold secret sharing, and first, secret processing is performed through the regenerated code, that is, secret data processing is implemented by using binary addition, convolution and displacement operation modes, which can more conform to the operation mode of a computer, so as to effectively improve the processing speed; secondly, the property of the regenerated code is used for carrying out the whole process of secret sharing, so that the requirement of secret sharing can be met, the restoration function of secret share is introduced according to the characteristic of the regenerated code, and the application range of secret sharing is enlarged. The embodiment can effectively improve the processing speed of secret sharing, shorten the processing time, and realize secret reconstruction and repair so as to meet the requirements of practical application.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.

Claims (10)

1. A method for threshold secret sharing based on a regenerated code, comprising the steps of:
step S1, carrying out secret processing through a regeneration code, firstly confirming n secret participants and a secret reconstruction threshold k through a secret distributor, then determining a secret share restoration threshold d, a coefficient matrix ψ and a message matrix M according to the principle of the regeneration code, and calculating a coding matrix C, wherein d is more than or equal to k, and n represents the number of people of the secret participants;
step S2, distributing the secret shares, namely distributing n secret shares to n secret participants through a secure transmission channel by a secret distributor, and destroying a message matrix M and a coding matrix C to finish a secret distribution process;
step S3, repairing the secret share, when the secret share of the secret participant is lost, repairing the lost secret by other at least d secret participants;
and S4, reconstructing the original secret, and calculating through at least k secret shares of the secret participants to obtain the original secret information.
2. The method for threshold secret sharing based on the regenerated code according to claim 1, wherein the step S1 comprises the following sub-steps:
step S101, the secret distributor confirms n secret participants and a threshold k for secret reconstruction;
step S102, a secret distributor determines a threshold value d of secret share restoration according to the principle of regenerating codes, wherein d is more than or equal to k;
step S103, the secret distributor splits the original secret data and determines a message matrix M according to the values of a secret reconstruction threshold k and a secret share restoration threshold d;
step S104, the secret distributor determines a coefficient matrix ψ (n x d) corresponding to the number n of secret participants and the message matrix M;
in step S105, the secret distributor calculates the coding matrix C of the coefficient matrix ψ and the message matrix M.
3. The method for threshold secret sharing based on the regenerated code according to claim 2, wherein in step S103, the secret distributor splits the original secret file into a plurality of parts, takes the first (k (k+1))/2 parts to form the upper triangle part of the k rows and k columns symmetric matrix S, fills the remaining k (d-k) parts into the k rows and k columns matrix T, and passes the formula
Figure FDA0004006087510000011
A message matrix M of d rows and d columns is obtained.
4. The method according to claim 2, wherein in step S104, the secret distributor determines the coefficient matrix as ψ= [ ΦΔ ], where Φ is n rows and k columns, Δ is n rows (d-k) columns, and satisfies any d row linear independence in the coefficient matrix ψ and satisfies any k row linear independence in the matrix Φ.
5. The threshold secret sharing method based on the regeneration code according to claim 2, wherein in the step S105, the coding matrix C is obtained by multiplying the coefficient matrix ψ and the message matrix M.
6. The method according to any one of claims 1 to 5, wherein in step S2, the secret distributor discloses the coefficient matrix ψ obtained in step S1, splits the coding matrix C into n secret shares, and then divides the n secret shares
Figure FDA0004006087510000021
Distributed to n secret participants via a secure transmission channel, wherein +.>
Figure FDA0004006087510000022
An i-th row representing a coefficient matrix ψ; />
Figure FDA0004006087510000023
An i-th row representing the encoding matrix C for use as a secret share; and then destroying the message matrix M and the code matrix C obtained in the step S1 to finish the secret distribution process.
7. The method for threshold secret sharing based on the regenerated code according to claim 6, wherein the step S3 comprises the sub-steps of:
step S301, the participant f who lost the secret share contacts the other d participants to help repair the secret share;
step S302, the other d participants calculate the secret shares held by themselves
Figure FDA0004006087510000024
Psi with the lost person f Product under binary addition, convolution and displacement operation and will +.>
Figure FDA0004006087510000025
Sent to participants f, ψ of lost secret shares f A row vector representing a coefficient matrix corresponding to the participant f who loses the secret share;
step S303, the lost secret share participant f gathers the other d participants
Figure FDA0004006087510000026
Is psi repair Summarizing the calculation of d participants +.>
Figure FDA0004006087510000027
Is psi repairf ,/>
Figure FDA0004006087510000028
Ψ repair Is dD rows and d columns of coefficient submatrices when the participants repair;
step S304, participant f who lost the secret share calculates ψ repair Is represented as z e (1+f (z)), where z represents a right shift operation, e represents the number of bits moved, and f (z) is a polynomial without a constant term;
step S304, participant f who lost the secret share calculates z ef =(1+f(z)) -1 ·adj(Ψ repair )·Ψ repairf Wherein adj (ψ) repair ) Is psi repair Is obtained by shifting e bits left after the calculation is completed f After the transposition is continued, the product is obtained
Figure FDA0004006087510000029
The secret share is restored, < >>
Figure FDA00040060875100000210
A row vector of the corresponding coding matrix representing the participant f who lost the secret share.
8. The method for threshold secret sharing based on the regenerated code according to claim 6, wherein the step S4 comprises the sub-steps of:
step S401, when the original secret is needed, the decryptor collects the secret shares of k secret sharers;
step S402, the decryptor gathers k participants
Figure FDA00040060875100000211
Is psi DC Summarizing the calculation results of k participants +.>
Figure FDA00040060875100000212
Is C DC ,Ψ DC Representing a submatrix of k rows and d columns coefficients, C, during secret reconstruction DC Representing the encoded submatrix at secret reconstruction;
step S403, decryptor slaveCoefficient submatrix ψ DC Separating out phi DC ,Φ DC Representing k rows and k columns of coefficient submatrices at secret reconstruction and computing Φ DC Is represented as z e (1+f (z)), where z represents a right shift operation, e represents the number of bits moved, and f (z) is a polynomial without a constant term;
step S404, decryptor calculates z e M=(1+f(z)) -1 ·adj(Φ DC ) C, wherein adj (Φ) DC ) Is phi DC After the calculation on the right side of the equation is completed, the original message matrix M is obtained by shifting e bits to the left, and then the original message matrix M is spliced by the numerical values of k and d, so that the original secret data can be obtained.
9. A method of threshold secret sharing based on a regenerative code according to any of claims 1 to 8, wherein the number of line vectors of the coefficient matrix of the regenerative code in the whole secret sharing process is the number of secret participants in the process.
10. A threshold secret sharing system based on a regeneration code, wherein a threshold secret sharing method based on a regeneration code as claimed in any one of claims 1 to 9 is used, and comprising:
the secret processing module performs secret processing through the regeneration codes, firstly confirms n secret participants and a secret reconstruction threshold k through a secret distributor, then determines a secret share restoration threshold d, a coefficient matrix ψ and a message matrix M according to the principle of the regeneration codes, calculates a coding matrix C, wherein d is more than or equal to k, and n represents the number of people of the secret participants;
the secret distribution module distributes the result obtained by the secret processing module as secret shares to all secret participants, and destroys the message matrix M and the coding matrix C to complete the secret distribution process;
the secret restoration module is used for restoring lost secret shares through the regeneration codes, and restoring lost secrets through other at least d secret participants when the secret shares of the secret participants are lost;
and the secret reconstruction module is used for reconstructing the original secret according to the regeneration code, and calculating the secret shares of at least k secret participants to obtain the original secret information.
CN202211631813.1A 2022-12-19 2022-12-19 Threshold secret sharing method and system based on regenerated codes Active CN116260577B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211631813.1A CN116260577B (en) 2022-12-19 2022-12-19 Threshold secret sharing method and system based on regenerated codes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211631813.1A CN116260577B (en) 2022-12-19 2022-12-19 Threshold secret sharing method and system based on regenerated codes

Publications (2)

Publication Number Publication Date
CN116260577A true CN116260577A (en) 2023-06-13
CN116260577B CN116260577B (en) 2023-12-08

Family

ID=86687023

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211631813.1A Active CN116260577B (en) 2022-12-19 2022-12-19 Threshold secret sharing method and system based on regenerated codes

Country Status (1)

Country Link
CN (1) CN116260577B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624866A (en) * 2012-01-13 2012-08-01 北京大学深圳研究生院 Data storage method, data storage device and distributed network storage system
CN105282171A (en) * 2015-11-06 2016-01-27 北京大学深圳研究生院 Safe and reliable distributed cloud storage method
US20170017581A1 (en) * 2015-05-27 2017-01-19 California Institute Of Technology Communication Efficient Secret Sharing
CN108810063A (en) * 2017-11-21 2018-11-13 北京大学深圳研究生院 Secure distribution and restorative procedure, the system and medium of data under a kind of cloudy storage environment
CN109120398A (en) * 2018-08-03 2019-01-01 河南师范大学 A kind of privacy sharing method and apparatus based on block catenary system
CN112242878A (en) * 2019-07-17 2021-01-19 丁爱民 Erasure code data segmentation security method and device
CN113242124A (en) * 2021-05-17 2021-08-10 长沙理工大学 Verifiable multi-secret sharing scheme based on characteristic values
CN113254410A (en) * 2021-05-29 2021-08-13 陕西师范大学 Provable and safe public verification multi-level multi-secret sharing method and system
CN113591116A (en) * 2021-08-04 2021-11-02 天津大学 Efficient threshold verifiable multi-secret sharing method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624866A (en) * 2012-01-13 2012-08-01 北京大学深圳研究生院 Data storage method, data storage device and distributed network storage system
US20170017581A1 (en) * 2015-05-27 2017-01-19 California Institute Of Technology Communication Efficient Secret Sharing
CN105282171A (en) * 2015-11-06 2016-01-27 北京大学深圳研究生院 Safe and reliable distributed cloud storage method
CN108810063A (en) * 2017-11-21 2018-11-13 北京大学深圳研究生院 Secure distribution and restorative procedure, the system and medium of data under a kind of cloudy storage environment
CN109120398A (en) * 2018-08-03 2019-01-01 河南师范大学 A kind of privacy sharing method and apparatus based on block catenary system
CN112242878A (en) * 2019-07-17 2021-01-19 丁爱民 Erasure code data segmentation security method and device
CN113242124A (en) * 2021-05-17 2021-08-10 长沙理工大学 Verifiable multi-secret sharing scheme based on characteristic values
CN113254410A (en) * 2021-05-29 2021-08-13 陕西师范大学 Provable and safe public verification multi-level multi-secret sharing method and system
CN113591116A (en) * 2021-08-04 2021-11-02 天津大学 Efficient threshold verifiable multi-secret sharing method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MASAZUMI KURIHARA: "Secret sharing schemes based on minimum bandwidth regenerating codes", 《2012 INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS》 *
宋海龙;王伟平;: "基于精确再生码的秘密共享方案", 中南大学学报(自然科学版), no. 04 *
邓锐: "分布式存储系统中再生码的性能分析和优化设计", 《中国优秀硕士学位论文全文库》 *

Also Published As

Publication number Publication date
CN116260577B (en) 2023-12-08

Similar Documents

Publication Publication Date Title
Catrina et al. Secure multiparty linear programming using fixed-point arithmetic
Shor Fault-tolerant quantum computation
US20130067030A1 (en) Streaming network coding
US11500725B2 (en) Methods for data recovery of a distributed storage system and storage medium thereof
US20050111657A1 (en) Weighted secret sharing and reconstructing method
CN113391946B (en) Coding and decoding method for erasure codes in distributed storage
Das et al. Practical asynchronous high-threshold distributed key generation and distributed polynomial sampling
Senthoor et al. Theory of communication efficient quantum secret sharing
CN115333726A (en) Fixed point number secure multiplication method based on vector space secret sharing
CN109547160B (en) Cyclic shift network coding construction method
CN116260577B (en) Threshold secret sharing method and system based on regenerated codes
Son et al. Distributed matrix multiplication using group algebra for on-device edge computing
WO2014059651A1 (en) Method for encoding, data-restructuring and repairing projective self-repairing codes
Çalkavur A study on multisecret-sharing schemes based on linear codes
Xhemrishi et al. Computational code-based privacy in coded federated learning
Manasse et al. A reed-solomon code for disk storage, and efficient recovery computations for erasure-coded disk storage
WO2022107323A1 (en) Secure computation system, secure computation server device, secure computation method, and secure computation program
Senthoor et al. Universal communication efficient quantum threshold secret sharing schemes
Porwal et al. A threshold secret sharing technique based on matrix manipulation
Wang LT codes for efficient and reliable distributed storage systems revisited
Ding et al. Entropy bound for the classical capacity of a quantum channel assisted by classical feedback
Wang Efficient LDPC code based secret sharing schemes and private data storage in cloud without encryption
Meng et al. A Secret Sharing Scheme Based on Binary Addition and Shift Implementable Convolutional Regenerating Code
RU2774103C1 (en) Method for forming encryption/decryption key
CN116366073A (en) MDS array code encoding method for triple redundancy or quadruple redundancy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant