JP2012054840A - Secret sharing system, device, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce a cost to a resource provider while keeping confidentiality and availability.SOLUTION: In a secret sharing system of an embodiment, secret information is distributed into n pieces of first distributed information based on a (k, n) threshold secret sharing scheme (where 2≤k<n). In the secret sharing system, i pieces of the first distributed information (where 1≤i<k), are selected out of the n pieces of the first distributed information. In the secret sharing system, the selected first distributed information is distributed into n' pieces of second distributed information based on a (k', n') threshold secret sharing scheme using accepted second threshold k' and second distribution number n' ( where 2≤k'<n'). In the secret sharing system, k or more pieces of the first distributed information except for the selected first distributed information out of the n pieces of the first distributed information are individually distributed to each first preservation server device, and the n' pieces of second distributed information are individually distributed to each second preservation server device.

Description

  Embodiments described herein relate generally to a secret sharing system, an apparatus, and a program.

  In recent years, the importance of information security technology for electronically stored data has increased. Information security technology aims to ensure confidentiality, integrity, and availability. Recently, there has been a tendency to place importance on confidentiality due to increasing interest in information leakage.

  In general, an encryption technique is used as a technique for ensuring the confidentiality of electronic data. The encryption technique is a technique that makes it difficult to restore secret information when the correct encryption key is not known by encrypting electronic data to be kept secret (hereinafter referred to as “secret information”).

  In addition to such an encryption technique, a secret sharing technique has attracted attention as a technique for ensuring the confidentiality of electronic data.

  The secret sharing technology generates a plurality of shared information constituting the secret information from the secret information, and restores the original secret information from the set of shared information satisfying a predetermined subset of the obtained shared information However, this is a technique that has the feature that the original secret information does not leak at all from a set of distributed information that does not satisfy a predetermined subset.

  The difference between the encryption technology and the secret sharing technology is that the encryption technology is computational theory, whereas the secret sharing technology is information theoretical.

  Furthermore, the secret sharing technique can not only ensure confidentiality but also ensure availability in the information security technique. As described above, in the secret sharing technique, it is not necessary to collect all shared information in order to restore the original secret information, and it is only necessary to collect shared information that satisfies a predetermined subset. For this reason, if a plurality of subsets that can restore the original secret information are determined in advance, even if some shared information becomes unavailable, the shared information excluding the unavailable shared information is collected. The original secret information can be restored.

  A typical method of this secret sharing technique is the (k, n) threshold secret sharing method devised in 1979 by Shamir. In the (k, n) threshold secret sharing method, secret information is divided into n pieces of shared information, and the secret information can be restored from arbitrary k pieces of shared information. The secret information cannot be restored from the distributed information.

  In such a secret sharing technique, it is known that the data size of each piece of shared information cannot be made smaller than the data size of the original secret information in order to ensure information theoretical security. For this reason, for example, when the secret information is divided into n pieces of shared information, the data size of the n pieces of shared information becomes n times that of the original secret information.

  However, in recent years, for example, services that provide enormous resources (hereinafter referred to as resource providing services) by cloud computing or the like have become widespread, and users can leave confidential information to resource providers that are third parties. It is possible. As the resources, for example, computer resources such as a central processing unit (CPU), a memory, and a hard disk (HDD) are provided as appropriate. When such a resource providing service is available, since a large amount of hard disks can be used, the above-described inconvenience that the data size of the n pieces of distributed information is n times the original secret information can be compensated. .

  Here, a secret sharing system using a resource providing service will be described.

  In the secret sharing system 10, as shown in FIG. 4, the dealer apparatus 300 is connected to the storage server apparatuses 320, 330, and 340 via the network 310.

  The dealer apparatus 300 stores the original secret information, and executes a process for distributing and restoring the secret information. The dealer apparatus 300 includes a control unit 301, an information distribution unit 302, an information combination unit 303, a communication unit 304, and a storage unit 305. The storage server devices 320, 330, and 340 are server devices owned by the resource provider, and include storage units 321, 331, and 341 and communication units 322, 332, and 342, respectively.

  Next, an operation in which the dealer apparatus 300 executes the distribution process on the original secret information and distributes the distributed information to the three storage server apparatuses will be described.

  First, the information distribution unit 302 performs a distribution process on the secret information stored in the storage unit 305 in the dealer apparatus 300 in accordance with an instruction from the control unit 301. This distributed processing is based on the (2, 3) threshold secret sharing method (k = 2, n = 3).

  After the distribution process, the communication unit 304 in the dealer apparatus 300 distributes the three pieces of distributed information divided by the information distribution unit 302 to the storage server apparatuses 320, 330, and 340 via the network 310, respectively.

  The storage server devices 320, 330, and 340 receive the distributed information addressed to the own device transmitted from the dealer device 300 via the communication units 322, 332, and 342, and store them in the storage units 321, 331, and 341, respectively. To do.

  Next, an operation in which the dealer apparatus 300 collects the shared information stored in the three storage server apparatuses 320, 330, and 340 and restores the original secret information will be described.

  First, the communication unit 304 in the dealer apparatus 300 transmits a read request for reading the distributed information stored in each of the storage server apparatuses 320, 330, and 340 via the network 310, and responds to the read request. The distributed information returned is received. The dealer apparatus 300 transmits a read request to k or more storage server apparatuses (k = 2) or more. Further, the storage server device that is the transmission target of the read request is arbitrarily selected according to the user's operation.

  Thereafter, the information combining unit 303 combines the received shared information and restores the original secret information in accordance with an instruction from the control unit 301.

JP 2008-98894 A JP 2004-274320 A A. Shamir: “How to share a secret”, Communications of the ACM, 22, 11, pp.612-613 (1979)

  However, in the secret sharing system as described above, when k or more storage server devices 320, 330, and 340 with insufficient confidentiality and availability are used, the distribution stored in the storage server devices 320, 330, and 340 is distributed. There is a concern that information is leaked and the original confidential information is restored to a third party. Further, when this storage server device is stopped due to a failure or the like, there is a concern that the dealer device cannot collect the distributed information necessary for restoring the secret information and cannot restore the original secret information when necessary.

  In order to eliminate such worries, if all the distributed information is stored in the storage server apparatus in which confidentiality and availability are sufficiently maintained, there is a disadvantage that the cost becomes high.

  An embodiment disclosed in the present specification is intended to provide a secret sharing system that can suppress costs to resource providers while maintaining sufficient confidentiality and availability.

  The secret sharing system according to the embodiment includes a secret sharing apparatus, a plurality of first storage server apparatuses, and a plurality of second storage server apparatuses.

  The secret sharing apparatus according to the embodiment distributes secret information to a number of distributed information pieces, and restores the secret information from a plurality of distributed information pieces that are equal to or greater than an arbitrary threshold value. Possible threshold secret sharing schemes can be implemented.

  The plurality of first storage server devices according to the embodiments have confidentiality and availability, and individually store the distributed information distributed from the secret sharing device.

  The plurality of second storage server devices according to the embodiments have confidentiality and availability lower than the confidentiality and availability, and individually store the distributed information distributed from the secret sharing device.

  Here, in the secret sharing apparatus, the storage means temporarily stores the secret information.

  The secret sharing apparatus accepts input of a first threshold value k and a first sharing number n out of the threshold value and the sharing number in accordance with a user operation.

  In the secret sharing apparatus, the storage is performed based on the (k, n) threshold secret sharing method (where 2 ≦ k <n) using the received first threshold k and the first sharing number n. The secret information in the means is distributed to n pieces of first shared information.

  In the secret sharing apparatus, i first shared information (where 1 ≦ i <k) is selected from the n first shared information.

  The secret sharing apparatus accepts input of a second threshold k ′ and a second sharing number n ′ out of the threshold and the sharing number in accordance with the user operation.

  In the secret sharing apparatus, the received second threshold value k ′ and the second sharing number n ′ are used (k ′, n ′) threshold secret sharing method (where 2 ≦ k ′ <n ′). The selected first shared information is distributed to n ′ pieces of second shared information.

  In the secret sharing apparatus, k or more pieces of first shared information excluding the selected first shared information among the n first shared information are individually distributed to each first storage server apparatus.

  In the secret sharing apparatus, the n ′ pieces of second shared information are individually distributed to the second storage server apparatuses.

It is a schematic diagram which shows an example of a structure of the secret sharing system which concerns on one Embodiment. It is a flowchart which shows an example of the operation | movement in the embodiment. It is a schematic diagram which shows an example of a process of the information distribution part in the embodiment. It is a schematic diagram which shows an example of a structure of the secret sharing system using a resource provision service.

  Hereinafter, an embodiment will be described with reference to the drawings. Each of the following devices can be implemented for each device with either a hardware configuration or a combination configuration of hardware resources and software. As the software of the combined configuration, a program that is installed in advance on a computer of a corresponding device from a network or a storage medium and that realizes the function of the corresponding device is used.

  FIG. 1 is a schematic diagram illustrating an example of a configuration of a secret sharing system according to an embodiment.

  In the secret sharing system 1, the dealer apparatus 100 is connected to two first storage server apparatuses 120 and 130 and three second storage server apparatuses 140, 150, and 160 via a network 110. In the present embodiment, the system configuration includes two first storage server devices and three second storage server devices. However, the present invention is not limited to these numbers.

  In the embodiment, the first storage server devices 120 and 130 are storage server devices with high reliability, and the second storage server devices 140, 150, and 160 are storage server devices with low reliability. Further, in this specification, the “reliable storage server device” means that the confidentiality and availability of the stored confidential information is sufficiently maintained, but the cost for storing the confidential information is high. Indicates a storage server device, and “low-reliability storage server device” means that the confidentiality and availability of stored confidential information is not sufficiently maintained, but the cost for storing the confidential information is low. The storage server apparatus is shown.

  In other words, the first storage server devices 120, 130 have confidentiality and availability, and the second storage server devices 140, 150, 160 are more sensitive than the confidentiality and availability of the first storage server devices 120, 130. Has low confidentiality and availability. The first storage server devices 120 and 130 are provided at a predetermined cost, and the second storage server devices 140, 150, and 160 are provided at a lower cost than the cost of the first storage server devices 120 and 130. . In addition, the level of confidentiality and availability is ultimately determined by the user's subjectivity, but in general, products that have obtained certification based on ISO / IEC 15408 IT security evaluation standards have obtained certification. It can be judged that the confidentiality and availability are higher than those of products that do not.

  Since the first storage server devices 120 and 130 have the same functional block configuration, the first storage server device 120 will be described below as a representative example. Similarly, since the second storage server devices 140, 150, and 160 have the same functional block configuration, the second storage server device 140 will be described below as a representative example.

  The dealer apparatus 100 disperses the secret information into a distributed number of distributed information, and a threshold that can restore the secret information from a plurality of distributed information that is equal to or greater than an arbitrary threshold value. A secret sharing apparatus of the value secret sharing method is realized. Here, the threshold value secret sharing method is called (k, n) threshold value secret sharing method when the number of distributions is n and the threshold value is k.

  In the embodiment, the (k, n) threshold secret sharing method can be executed by replacing the threshold k and the number of distributions n with other characters. For example, (k ′, n ′) A threshold secret sharing method or the like is applicable. In this case, the secret information is distributed to n ′ pieces of shared information, and the secret information can be restored from any k ′ pieces of shared information among the n ′ pieces of shared information. .

  The dealer apparatus 100 includes a control unit 101, an information distribution unit 102, a distributed information selection unit 103, a communication unit 104, an information combination unit 105, and a storage unit 106.

  The control unit 101 executes a process of receiving input of the first threshold value k and the first distribution number n among the above-described threshold value and the distribution number in accordance with a user operation. Further, the control unit 101 executes a process of receiving input of the second threshold value k ′ and the second distribution number n ′ out of the threshold value and the distribution number described above according to the operation of the user. The control unit 101 also executes processing for controlling operations of the units 102, 103,.

  In the embodiment, the first threshold value k indicates the same value as the number of first storage server devices, and the second distribution number n ′ indicates the same value as the number of second storage server devices. Supplementally, the number of first storage server devices may be k or more and less than n, but it is more preferable that the number of the first storage server devices is close to k from the viewpoint of suppressing the cost to the resource provider while maintaining confidentiality. Further, the number of second storage server devices may be k ′ or more and n ′ or less, but is preferably closer to n ′ from the viewpoint of maintaining high availability. That is, a small amount of shared information (eg, k pieces) is stored in the first storage server device with high reliability, and a large amount of shared information (eg, n 'pieces) is stored in the second storage server device with low reliability. This is preferable from the viewpoint of suppressing the cost to the resource provider while maintaining confidentiality and availability. From the same viewpoint, the number of second storage server devices (for example, n ′) is larger than the number of first shared information items (for example, nk) that are not distributed to the first storage server device (for example, n−k). , Nk <n ′).

  The information distribution unit 102 executes a process of distributing the secret information based on the (k, n) threshold value secret sharing method (where 2 ≦ k <n). Specifically, it has the following functions (f102-1) and (f102-2).

  (f102-1) Based on the (k, n) threshold secret sharing method (where 2 ≦ k <n) using the first threshold value k and the first distribution number n received by the control unit 101 A function of distributing the secret information in the unit 106 into n pieces of first shared information.

  (f102-2) (k ′, n ′) threshold secret sharing method (where 2 ≦ k ′ <n ′) using the second threshold k ′ and the second distribution number n ′ received by the control unit 101 ) To distribute the first shared information selected by the shared information selection unit 103 into n ′ pieces of second shared information.

  The shared information selection unit 103 executes a process of selecting i pieces of first shared information (where 1 ≦ i <k) among the n pieces of first shared information distributed in the information distribution unit 102. The first shared information selected by the shared information selection unit 103 is distributed to n ′ pieces of second shared information by the information distribution unit 102.

  The communication unit 104 executes a process of distributing each piece of distributed information distributed in the information distribution unit 102 to each storage server device 120, 130,. A process of reading the distributed information distributed is executed. Specifically, it has the following functions (f104-1) to (f104-3).

  (f104-1) Among the n pieces of first shared information distributed by the information distributing unit 102, k or more pieces of first shared information excluding the selected first shared information are converted into the first storage server devices 120 and 130. The n 'second shared information distributed by the information distributing unit 102 is distributed to the second storage server devices 140, 150, 160 individually.

  (f104-2) A function of transmitting a read request for reading each distributed information distributed to each storage server device 120, 130,..., 160 in accordance with the operation of the user.

  (f104-3) A function of receiving the first shared information and the second shared information returned from each of the storage server devices 120, 130,..., 160 in response to the transmitted read request.

  The information combining unit 105 performs processing for combining the distributed information received by the communication unit 104 and restoring the original information. Specifically, it has the following functions (f105-1) to (f105-3).

  (f105-1) When the received first shared information is k or more, the secret information is restored from the k or more first shared information based on the (k, n) threshold secret sharing method Function to do.

  (f105-2) When the received first shared information is less than k and (ki) or more, the received second shared information is changed to the (k ′, n ′) threshold secret sharing method. A function of restoring the selected i pieces of first shared information based on.

  (f105-3) Based on the (k, n) threshold secret sharing scheme from the restored i first shared information and the received first (k−i) or more first shared information. Function to restore confidential information.

  The storage unit 106 is a storage device that can be read / written from each of the units 101 to 105, and secret information is temporarily stored therein. Further, the storage unit 106 may temporarily store data in the middle of processing of the units 101 to 105 and the first shared information and the second shared information as processing results.

  Next, the first storage server device 120 and the second storage server device 140 will be described.

  The first storage server device 120 includes a storage unit 121 and a communication unit 122.

  The storage unit 121 stores first shared information distributed individually from the dealer apparatus 100.

  When receiving the first shared information distributed individually from the dealer apparatus 100, the communication unit 122 executes a process of writing the first shared information into the storage unit 121. Further, when receiving a read request from the dealer device 100, the communication unit 122 reads the first shared information from the storage unit 121 and executes a process of returning the first shared information to the dealer device 100.

  Similar to the first storage server device 120, the second storage server device 140 includes a storage unit 141 and a communication unit 142.

  The storage unit 141 stores second shared information distributed individually from the dealer apparatus 100.

  When receiving the second shared information distributed individually from the dealer apparatus 100, the communication unit 142 executes a process of writing the second shared information into the storage unit 141. In addition, when receiving a read request from the dealer apparatus 100, the communication unit 142 executes a process of reading the second shared information from the storage unit 141 and returning the second shared information to the dealer apparatus 100.

  Next, the operation of the secret sharing system configured as described above will be described with reference to the flowchart of FIG. 2 and the schematic diagram of FIG. In the following description, an example in which the (k, n) threshold secret sharing method and the (k ′, n ′) threshold secret sharing method show the same (2,3) threshold secret sharing method is shown as an example. However, the present invention is not limited to this, and the same can be executed even when the threshold secret sharing methods are different from each other.

  First, the control unit 101 accepts an input of “2” for k indicating the number of pieces of shared information (first threshold value) from which the secret information 200 can be restored according to a user operation. , And accepts an input of “3” for n indicating the number of pieces of shared information to be generated (first shared number) (step S1).

  Subsequently, the information distribution unit 102 uses the first threshold value “2” and the first distribution number “3” (2, 3) based on the threshold value secret distribution method to store the secret stored in the storage unit 106. The information 200 is dispersed into three pieces of shared information to generate first shared information 201a, 201b, 201c (step S2). The first shared information 201a, 201b, 201c generated in step S2 is stored in the storage unit 106.

  Next, the shared information selection unit 103 selects less than two pieces of first shared information among the generated first shared information 201a, 201b, and 201c (step S3). Here, it is assumed that the shared information selection unit 103 selects the first shared information 201a among the generated first shared information 201a, 201b, and 201c.

  Subsequently, the control unit 101 inputs 2 to k ′ indicating the number of shared information (second threshold value) that can restore the first shared information 201a selected in step S3 according to the operation of the user. And the first shared information 201a is distributed, and 3 inputs for n ′ indicating the number of generated shared information (second shared number) are received (step S4).

  Next, the information sharing unit 102 selects the first shared information 201a selected based on the (2, 3) threshold secret sharing method using the second threshold value “2” and the second sharing number “3”. Are distributed into three pieces of shared information to generate second shared information 202a, 202b, 202c (step S5). Note that the second shared information 202a, 202b, and 202c generated in step S5 is stored in the storage unit 106 in the same manner as the first shared information 201a, 201b, and 201c.

  Thereafter, the communication unit 104 individually distributes the first shared information 201b and 201c to the first storage server devices 120 and 130, and distributes the second shared information 202a, 202b, and 202c to the second storage server devices 140, 150, and 160. (Step S6).

  Next, the confidentiality and availability of the above secret sharing system will be described.

  First, we will discuss confidentiality.

  Since the first storage server devices 120 and 130 have high reliability, the confidentiality of the first shared information 201b and 201c in the storage units 121 and 131 is sufficiently maintained.

  On the other hand, since the second storage server devices 140, 150, and 160 have low reliability, the confidentiality of the second shared information 202a, 202b, and 202c in each storage unit 141, 151, and 161 is not sufficiently maintained. However, even if all the second shared information 202a, 202b, 202c in the second storage server device 140, 150, 160 is leaked, one second shared information 202a, 202b, 202c Only the first shared information 201a is restored. Since one piece of the first shared information 201a is less than the threshold value “2” of the (2, 3) threshold secret sharing method, the secret information 200 is not leaked.

  Therefore, in addition to sufficiently maintaining confidentiality by the first storage server devices 120 and 130 with high reliability, the second shared information has leaked from the second storage server devices 140, 150, and 160 with low reliability. Even in this case, since confidential information can be prevented from leaking, confidentiality is sufficiently maintained.

  Next, availability will be described.

  Since the first storage server devices 120 and 130 have high reliability, the availability of the first shared information 201b and 201c in the storage units 121 and 131 is sufficiently maintained. In a normal case, since the secret information may be restored from the first shared information 201b, 201c in the first storage server device 120, 130 having high availability, the availability is sufficiently maintained.

  Even if one of the first storage server devices 120 and 130 is stopped due to maintenance or the like, as long as two of the second storage server devices 140, 150, and 160 are operating, the second storage server The first shared information 201a is restored from the second shared information in the device, and the secret information 200 is restored from the first shared information 201a and the first shared information stored in the operating first storage server device. be able to.

  Therefore, since the availability is sufficiently maintained by the first storage server devices 120 and 130 with high reliability, the secret information can be restored even when one of the first storage server devices 120 and 130 is stopped. Availability is well maintained.

  According to the present embodiment described above, the first storage server device 120, 130 with high reliability and cost and the second storage server device 140, 150, 160 with low reliability and cost are used together, and the reliability is high. The secret information 200 cannot be restored only from the low storage server devices 140, 150, and 160 so as to maintain confidentiality, and the secret information 200 can be restored without using k high-reliability first storage server devices 120 and 130. Since the availability is maintained in such a way as to be possible, the cost to the resource provider can be suppressed while sufficiently maintaining confidentiality and availability.

  Supplementally, the second storage server device 140, the second shared information obtained by further secret-sharing less than k (eg, one) first shared information in the (k, n) threshold secret sharing method in the first stage. With the configuration distributed to 150 and 160, the confidential information 200 is kept from being restored only by the storage server devices 140, 150, and 160 having low reliability.

  In addition, the second shared server device 140, 150, 160 distributes the second shared information obtained by further secretly sharing the i first shared information 201a of less than k pieces to the second storage server device 140, 150, 160. 1) the first shared information can be restored. Therefore, even when the number of highly reliable first storage server devices 120, 130 is reduced to ki units (eg, k-1 units), the secret information 200 is stored. It can be restored to maintain availability.

  Note that the methods described in the above embodiments are, as programs that can be executed by a computer, magnetic disks (floppy (registered trademark) disks, hard disks, etc.), optical disks (CD-ROMs, DVDs, etc.), magneto-optical disks. (MO), stored in a storage medium such as a semiconductor memory, and distributed.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Furthermore, the storage medium in each embodiment is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in each of the above embodiments is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  The computer in each embodiment executes each process in each of the above embodiments based on a program stored in a storage medium, and a single device such as a personal computer or a plurality of devices are connected to a network. Any configuration of the system or the like may be used.

  In addition, the computer in each embodiment is not limited to a personal computer, and includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. Yes.

  In addition, although some embodiment of this invention was described, these embodiment is shown as an example and is not intending limiting the range of invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

  DESCRIPTION OF SYMBOLS 1,10 ... Secret sharing system, 100, 300 ... Dealer apparatus, 101, 301 ... Control part, 102, 302 ... Information distribution part, 103 ... Distributed information selection part, 104, 122, 132, 142, 152, 162, 304 , 322, 332, 342 ... communication unit, 105, 303 ... information combination unit, 106, 121, 131, 141, 151, 161, 305, 321, 331, 341 ... storage unit, 110, 310 ... network, 120, 130 ... first storage server device, 140,150,160 ... second storage server device, 200 ... secret information, 201a, 201b, 201c ... first shared information, 202a, 202b, 202c ... second shared information, 320, 330, 340 ... Storage server device.

Claims (5)

A threshold secret sharing method that distributes secret information to a number of distributed information and can restore the secret information from a plurality of distributed information that is equal to or greater than an arbitrary threshold. An executable secret sharing device; and
A plurality of first storage server devices that have confidentiality and availability and individually store the distributed information distributed from the secret sharing device;
A secret sharing system comprising: a plurality of second storage server devices individually having the confidentiality and availability lower than the confidentiality and availability, and individually storing the distributed information distributed from the secret sharing device;
The secret sharing device
Storage means for temporarily storing the secret information;
Means for receiving an input of a first threshold value k and a first distribution number n out of the threshold value and the distribution number in accordance with a user operation;
Based on the (k, n) threshold secret sharing method (where 2 ≦ k <n) using the received first threshold value k and the first distribution number n, the secret information in the storage means is expressed as n. Means for distributing the first shared information pieces;
Means for selecting i pieces of first shared information (where 1 ≦ i <k) among the n pieces of first shared information;
Means for accepting an input of a second threshold value k ′ and a second variance number n ′ of the threshold value and the variance number in response to an operation of the user;
Based on the threshold secret sharing method (where 2 ≦ k ′ <n ′) using the received second threshold value k ′ and the second distribution number n ′ (k ′, n ′) Means for distributing the first shared information to n ′ pieces of second shared information;
Means for individually distributing k or more pieces of first shared information excluding the selected first shared information among the n pieces of first shared information to each first storage server device;
Means for individually distributing the n ′ pieces of second shared information to each of the second storage server devices. The secret sharing system according to claim 1,
The secret sharing device
Means for transmitting a read request for reading each distributed information distributed to each storage server device in accordance with a user operation;
Means for receiving first shared information and second shared information returned from each storage server device in response to the transmitted read request;
Means for reconstructing the secret information based on the (k, n) threshold secret sharing scheme from the k or more first shared information when the received first shared information is k or more;
When the received first shared information is less than k and (ki) or more, based on the (k ′, n ′) threshold secret sharing method from the received second shared information, Means for restoring the selected i pieces of first shared information;
Based on the (k, n) threshold secret sharing scheme from the restored i first shared information and the received less than k first (k−i) first shared information, A secret sharing system, further comprising: means for restoring secret information. A plurality of first storage server devices each having confidentiality and availability and individually storing distributed distributed information, and each distributed information having confidentiality and availability lower than the confidentiality and availability. Can communicate with each of a plurality of second storage server devices stored in the server, and the secret information is distributed into a number of distributed information items of the number of distributions. A secret sharing apparatus capable of executing a threshold secret sharing method capable of restoring the secret information from a number of pieces of shared information,
Storage means for temporarily storing the secret information;
Means for receiving an input of a first threshold value k and a first distribution number n out of the threshold value and the distribution number in accordance with a user operation;
Based on the (k, n) threshold secret sharing method (where 2 ≦ k <n) using the received first threshold value k and the first distribution number n, the secret information in the storage means is expressed as n. Means for distributing the first shared information pieces;
Means for selecting i pieces of first shared information (where 1 ≦ i <k) among the n pieces of first shared information;
Means for accepting an input of a second threshold value k ′ and a second variance number n ′ of the threshold value and the variance number in response to an operation of the user;
Based on the threshold secret sharing method (where 2 ≦ k ′ <n ′) using the received second threshold value k ′ and the second distribution number n ′ (k ′, n ′) Means for distributing the first shared information to n ′ pieces of second shared information;
Means for individually distributing k or more pieces of first shared information excluding the selected first shared information among the n pieces of first shared information to each first storage server device;
Means for individually distributing the n ′ pieces of second shared information to each of the second storage server devices. The secret sharing apparatus according to claim 3,
Means for transmitting a read request for reading each distributed information distributed to each storage server device in accordance with a user operation;
Means for receiving first shared information and second shared information returned from each storage server device in response to the transmitted read request;
Means for reconstructing the secret information based on the (k, n) threshold secret sharing scheme from the k or more first shared information when the received first shared information is k or more;
When the received first shared information is less than k and (ki) or more, based on the (k ′, n ′) threshold secret sharing method from the received second shared information, Means for restoring the selected i pieces of first shared information;
Based on the (k, n) threshold secret sharing scheme from the restored i first shared information and the received less than k first (k−i) first shared information, A secret sharing apparatus, further comprising: means for restoring secret information. A plurality of first storage server devices each having confidentiality and availability and individually storing distributed distributed information, and each distributed information having confidentiality and availability lower than the confidentiality and availability. Can communicate with each of a plurality of second storage server devices stored in the server, and the secret information is distributed into a number of distributed information items of the number of distributions. A secret sharing apparatus program capable of executing a threshold secret sharing method capable of restoring the secret information from a number of pieces of shared information,
The secret sharing device;
Means for receiving an input of a first threshold value k and a first distribution number n out of the threshold value and the distribution number in response to a user operation
Based on the (k, n) threshold secret sharing method (where 2 ≦ k <n) using the received first threshold k and the first sharing number n, the storage means of the secret sharing apparatus Means for distributing secret information to n pieces of first shared information;
Means for selecting i pieces of first shared information (where 1 ≦ i <k) among the n pieces of first shared information;
Means for receiving an input of a second threshold value k ′ and a second variance number n ′ of the threshold value and the variance number in accordance with an operation of the user;
Based on the threshold secret sharing method (where 2 ≦ k ′ <n ′) using the received second threshold value k ′ and the second distribution number n ′ (k ′, n ′) Means for distributing the first shared information into n ′ pieces of second shared information;
Means for individually distributing k or more pieces of first shared information excluding the selected first shared information among the n pieces of first shared information to each of the first storage server devices;
Means for individually distributing the n ′ pieces of second shared information to the second storage server devices;
Program to function as.

Images