KR101129335B1 - Data distribution storing and restoring methods and apparatuses - Google Patents

Abstract

A method and apparatus for distributed storage and retrieval of a large amount of data using an AONT encryption mode to improve safety and applying an XOR operation in terms of efficiency are provided. Based on a plurality of random numbers, the plain text is divided into a plurality of split values. The plurality of split values are arranged in ascending or descending order in proportion to the divided size. The last split value is lowered as it is, followed by the last split value, the split value immediately preceding it, and the result of performing the XOR operation. If the split size is different from the previous plain text split size, the rear part plain text value is adjusted from the front to the same size as the previous size, and the last part is deleted, and the XOR of the plain text split value sorted in ascending or descending order is deleted. Perform the operation. The above steps are repeated a plurality of times to construct a plurality of secret distributed data, each distributed and stored in a plurality of databases.

Description

Data distribution storing and restoring methods and apparatuses

The present invention relates to data distribution storage and retrieval, and more particularly, to a method and apparatus for distributed storage and retrieval of data.

While there are not a lot of confidential information that companies have in paper form, it is expected that the rapid digitization of such data will proceed in the future, so that not only the PC search in the company but also the search in the shared PC in the meeting room and the mobile terminal from the external business trip are accessed. Is also increasing. In addition, in the ubiquitous era, unlike the past, a large amount of data is generated through various distribution channels. For example, data is stored in real time, such as customer information and sensor information of CRM. As the ubiquitous computing environment is in full swing, data to be managed in real time, such as user's location information, is increasing exponentially, and most companies are expected to manage large databases in the future. However, privacy vulnerabilities by malicious attackers or internal users can occur from network vulnerabilities and various types of users, so security measures are urgently needed. It is practically difficult to maintain security only by the existing encryption method in a large database system, and in order to compensate for this, data distributed security management has been spotlighted as a very secure method. However, if the existing secret distribution method is applied to it, the secret distribution information (Share) becomes the same as the original data size, which is not suitable for large databases.

Due to the rapid distribution and continuous increase of large amounts of data on the Internet, the cost and scalability of service systems have become an important factor in securing the competitiveness of Internet service providers. Global Internet service companies such as Google and Yahoo recognize the importance of the Internet service platform, conduct their own research and development, and develop and utilize large-scale cluster-based distributed computing platform technology based on low-cost commercial nodes.

As a result of the continuous increase in the amount of Internet service data, there is an active movement to apply distributed computing technology to the process of processing information from a large amount of raw data, to manage and store structured information, and to analyze useful information.

Representative applications that require large data processing and storage management have been proposed to provide not only Internet services but also other application areas such as business intelligence to provide cloud services. Cloud services include IaaS, which provides computing infrastructure as a service, PaaS, which provides a software platform for developing and operating applications, and SaaS, which provides software and services needed by individuals and businesses. Are distinguished. In particular, PaaS services have different components of the software platform depending on the application field. One of the services currently being discussed as PaaS services is large-scale data management and processing services. This is because the amount of data is continuously increasing, which requires large data processing and management in many applications.

In addition, as the network environment has evolved, the use of network-connected storage has increased, and a safe and efficient network storage environment capable of storing data at various locations on the network has been implemented as the storage capacity of the terminal increases. Access rights to the data can be set in various ways according to the department or position. The data will not only be exchanged through a database that is controlled for access, but also in various forms, such as moving data by mail, instant messenger or USB memory.

In this way, data can be distributed in a distributed computing environment where a large amount of data, such as the use of medical data, image content, or corporate trade secret management, is used in a smaller terminal. Will be exchanged.

Medical data may also be stored in data centers outside medical institutions. Here, in addition to writing or reading medical records using a PC, a nurse or a patient himself or herself checks and inputs information within a range of access authority through each weighting using a ubiquitous terminal. In the present invention, security management of distributed and stored data is performed by using a weight for setting a range of authority.

As it is urgent to solve the problem of secure storage management of data, data is encrypted in consideration of security risks. However, encryption requires a lot of time or memory to decrypt. In the encryption method such as AES (Advanced Encryption Standard), the entire secret information is encrypted, so if the key is decrypted, the secret information can be completely leaked. Thus, there are difficulties in key distribution and management.

Unlike the encryption method, the secret distribution method has no key lifetime, so there is no problem of renewing the certificate, and the operation cost can be greatly reduced. However, in the conventional secret distribution method, when the original data is distributed and stored, the size of the original data is the same as the size of the secret distributed information (Share), which is distributed information, and the amount of data to be stored increases. Recently, it is known that by performing proper conversion (encryption mode) on plain text before encryption, it is possible to improve safety without deteriorating the efficiency of the existing encryption scheme.

Disclosure of Invention The present invention has been made to solve a conventional problem, and an object thereof is to provide a method and apparatus for distributed storage and restoration of large-capacity data using an AONT encryption mode to improve security and applying XOR operation in terms of efficiency.

In order to achieve the above object, the data distributed storage method according to the present invention comprises the steps of: (i) dividing the plain text into a plurality of split values based on a plurality of random numbers; (ii) sorting the plurality of split values in ascending or descending order in proportion to the divided size; (iii) The last split value is lowered as it is, followed by the split value immediately preceding the last value, and the result value of the XOR operation, which is calculated to the first split value to obtain the result value. If the size of the rear plain text split is different from the size of the previous plain text split, the rear part of the plain text is adjusted to the same size as the previous size, and the last part is deleted. The plain text split is sorted in the ascending or descending order. Performing an XOR operation on the; And (iv) repeating steps (ii) and (iii) a plurality of times to construct a plurality of secret distributed data, each of which is distributed and stored in a plurality of databases.

According to an aspect of the present invention, there is provided a method for distributing and storing data, comprising: (a) reading a plurality of secret distributed data stored in a plurality of databases and performing aggregation; (b) If it is different from the previous size, the last split value is lowered as it is and the XOR operation is performed with the lowered value as it is. The result of the previous and XOR operation and the XOR operation are again performed. Performing an XOR operation on the aggregation result value in such a manner that a small part of the back is repeatedly used if large; And (c) sorting the result of the XOR operation in ascending order based on the stored seed data. And (d) repeating steps (a) to (c) a plurality of times to restore the plain text.

The distributed data storage device includes a random number generator for generating a plurality of random numbers; A seed buffer which stores the generated plurality of random numbers as a seed value; A division unit that divides the plain text into a plurality of division values based on the plurality of random numbers; An alignment unit to sort the plurality of split values in ascending or descending order in proportion to the divided size; And the last split value is lowered as it is, and then the last split value and the previous split value and the result of XOR operation are prepended, and the result is calculated by calculating to the first split value and If the size of the plain text split is different from the size of the previous plain text split, the last part is deleted after adjusting the size of the split back plain text from the front, and then deletes the last part. It characterized in that it comprises an XOR operator for performing the XOR operation.

The data recovery apparatus according to the present invention reads a plurality of stored secret distributed data to perform aggregation, and if it is different from the previous size, directly lowers the last split value and performs the XOR operation with the lowered value. An XOR operation for performing the XOR operation on the aggregation result value by repeatedly performing the XOR operation with the result value which has undergone the XOR operation and repeating the small part of the rear part when the size of the front part is large; An alignment unit to sort the calculation result of the XOR operation unit in ascending order based on the stored seed data; And a reversing unit for reversing the calculation result values of the XOR operator arranged by the sorting unit and reordering the seed data as seed data.

Method and apparatus according to an embodiment of the present invention has the following advantages over the conventional secret distribution algorithm.

Minimize Redundancy

The total sum of secret distributed data is the same size as plain text, which is a big difference from the existing secret distributed methods. That is, the existing threshold-based secret distribution scheme has redundancy, and this has a problem in that the total size of the secret distribution increases by the number of secret pieces. In the present invention, since the total size of secret dispersion is the same as that of the plain text, redundancy can be minimized and efficient processing is possible.

Size variability

The existing secret distribution method cannot variably handle the size of secret distribution information (share). That is, the size of the secret distributed information is output in the same manner as the plain text, and this point has a problem in that, in reality, it does not have a variety of handling for each secret distributed information. In the method of the present invention, the size of each secret distribution information is variable, and the size of each secret distribution information can be freely adjusted. This has the advantage of easy handling of secret distributed information.

Cryptographic characteristics

The method of the present invention has cryptographic characteristics in that the size of the plain text and the size of the result are the same. This characteristic is similar to the existing encryption method, but it can store and store as much data as can be stored or stored for a large amount of plain text, and the difference is that decryption is not determined by ownership of the key. There is. This is a big advantage that there is no hassle of key management.

Variability in Number of Secret Pieces

In the existing threshold-based secret distribution algorithm, the number of secret fragments is determined at the secret distribution stage, and once divided into secret fragments, the number of secret fragments cannot be readjusted. However, since the method of the present invention has the property of merging secret fragments, the number of secret fragments can be freely adjusted even after generating all secret fragments. This facilitates the handling of secret pieces.

Fast Secret Dispersion / Restore

The method of the present invention operates on the basis of XOR and pseudorandom numbers, which is very efficient compared to Shamir's algorithm. In addition, there is an advantage that the entire length that can be calculated by the storage device can be processed at a time without being limited by the block unit in the calculation process.

Large Database Suitability

The handling requirements for large databases include the following: (1) High speed processing should be possible. (2) Data input should be reduced as much as possible. (3) Larger database should be input more data.

As the above-mentioned main features of the method of the present invention, it is possible to perform high-speed processing based on XOR and pseudorandom numbers, the absence of redundancy, and the ability to variably control the secret dispersion size. It satisfies all two requirements. That is, the present invention is suitable for a large database.

The present invention is expected to be used as an algorithm that can maintain availability and efficiently distribute and manage a large amount of large data such as highly confidential medical data and trade secrets containing personal information of customers.

1 is a diagram illustrating an OAEP encryption mode.
2 is a diagram illustrating an efficient non-separated encryption mode.
3 is a diagram illustrating a secret distribution algorithm according to an embodiment of the present invention.
4 is a block diagram showing a software function according to an embodiment of the present invention.
5 is a block diagram showing the configuration of a data distribution device according to an embodiment of the present invention.
6 and 7 are diagrams illustrating a data distribution process by the data distribution apparatus illustrated in FIG. 5.
8 is a block diagram showing the configuration of a data recovery apparatus according to an embodiment of the present invention.
9 and 10 are diagrams illustrating a data restoration process by the data restoration apparatus illustrated in FIG. 5.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

는 EXCLUSIVE-OR(XOR) 연산,?는 비트 연결, m는 평문, s는 평문 블록 수, 및 R은 라운드 회수를 나타낸다.The terms used in the present invention are as follows.

Denotes an EXCLUSIVE-OR (XOR) operation,? Denotes a bit connection, m denotes plaintext, s denotes the number of plaintext blocks, and R denotes the number of rounds.

Optimal Asymmetric Encryption Padding (OAEP) Encryption Mode

OAEP was introduced in 1994 by Bellare and Rogaway. 1 is a diagram illustrating an OAEP encryption mode. Referring to FIG. 1, the user sets encryption mode f: {0, 1} ^k → {0,1} ^k as a security parameter k. The size of the plain text is n bits, and k ₀ and k ₁ are selected such that n = k-k ₀ -k ₁ . Here, H: {0, 1} ^{n + k1} → {0,1} ^k0 is a hash function and H: {0, 1} ^k0 → {0,1} ^{n + k1} is a generator. Plain text is m ∈ {0,1} ⁿ and r ∈ {0,1} ^k0 is chosen at random.

m ∈ {0,1} ⁿ

r ∈ {0,1} ^k0

G(r)X = (m? 0) ^k1

G (r)

H(X)Y = r

H (X)

c = f (X? Y)

AONT (All Or Nothing Transform) Encryption Mode

로 나타낸다. 여기서, h: {0, 1}^*→ {0,1}^l는 해쉬 함수이고 g: {0, 1}^l→ {0,1}^* 는 발생기(generator)로 한다. m을 L 비트의 평문, 송신자와 수신자가 공유하는 비밀키를 k로 한다. 난수 r과 평문 m을 다음과 같이 암호화한다. 이때, 암호문은 c = c⁽¹⁾?c⁽²⁾이다. 도 2는 효율적인 비분리 암호화 모드를 나타낸다.AONT is composed of a scramble section for converting plain text without using a secret key and an encryption section for encrypting data using a secret key. 2 is a diagram illustrating an efficient non-separated encryption mode. Bit concatenation?

Respectively. Where h: {0, 1} ^* → {0,1} ^l is a hash function and g: {0, 1} ^l → {0,1} ^* is a generator. Let m be the L-bit plaintext and the secret key shared by the sender and receiver. Encrypt the random number r and the plaintext m as follows: At this time, the ciphertext is c = c ⁽¹⁾ -c ⁽²⁾ . 2 shows an efficient non-separated encryption mode.

g(r) c ⁽¹⁾ = m

g (r)

k

h(c⁽¹⁾)c ⁽²⁾ = r

k

h (c ⁽¹⁾ )

Non-separated encryption mode is similar to Optimal Asymmetric Encryption Padding (OAEP). Conventional OAEP does not use a secret key in scrambled part, but this encryption mode uses a secret key. Therefore, the processing speed can be improved by adding an encryption function to the OAEP to omit the encryption unit.

In the AONT encryption mode of the present invention, high-speed processing is possible based on OAEP, the number and size of distributed data can be set flexibly, and the sum of the distributed data sizes is the same as the original data size.

XOR threshold secret distribution

A secret distribution scheme was proposed by Shamir in 1979. Among them, Shamir's (k, n) threshold secret distribution method, which uses polynomial interpolation, divides secret information into n distribution information, and restores the original secret information when any k of n distribution information is collected. to be. At this time, the k-1st polynomial must be processed when the information is distributed and restored. However, polynomial operations become a problem when the magnitude of the computational load is applied to real applications.

石津 晴 崇, 荻 原 利 彦, "A Study on the Long-Term Storage of Electronic Data," Lectures on Electronic Information and Communication 2004, D-9-10, 2004., J. Kurihara, S. Kiyomoto, K. Fukushima, and T. Tanaka, "A fast (3, n) -threshold secret sharing scheme using exclusive-or operations," IEICE Trans. Fundamentals, vol. E91-A, No. 1.pp. 127-138, Jan. 2008., and in the third document Y. Fujii, M. Tada, N. Hosaka, K. Tochikubo, and T. Kato, "A fast (2, n) -threshold scheme and its application," Proc. In CSS2005, pp.631-636, 2005, we proposed a fast threshold secret distribution method that can perform distributed reconstruction of secret information only by XOR operation.

In the present invention, an exclusive logical OR that enables distributed recovery of secret information at high speed is used. Meanwhile, Kurihara et al. Proposed an XOR-based (k, n) threshold secret distribution scheme in 2008. This algorithm is an algorithm that can extend the threshold k, and generates a secret distributed fragment by generating a random number necessary for the plaintext S and the secret distributed operation and taking an XOR thereof.

AONT-based data distribution security management method

In the following, we propose a new algorithm using AONT transform and XOR operation. Secret distribution algorithm according to an embodiment of the present invention is shown in FIG. The method according to the present invention generates a secret piece S _n having a size of z _n / l for a plain text P having a size of l, and the sum of the total secret piece sizes and the size of the plain text are the same, Can be expressed as:

It has a great advantage over the conventional Shamir method or the secret distribution method proposed by Kurihara. That is, in the conventional secret distribution method, since the sum of each fragment size is equal to the plaintext size ㅧ n, the storage space of the database requires the same storage space as the plaintext for each database. Is equivalent to n / l of storage space for each database. This feature is well suited for large databases.

Hereinafter, a data dispersing apparatus according to an embodiment of the present invention will be described with reference to FIGS. 4 and 5. 4 is a block diagram showing a software function according to an embodiment of the present invention.

5 is a block diagram showing the configuration of a data distribution device according to an embodiment of the present invention.

The data distribution apparatus according to the exemplary embodiment of the present invention includes a random number generator 110, a seed buffer 120, a divider 130, an alignment unit 140, and an XOR operator 150.

The random number generator 110 generates a plurality of random numbers. The seed buffer 120 stores the generated plurality of random numbers as a seed value. The division unit 130 divides the plain text 10 into a plurality of division values based on the plurality of random numbers.

The sorter 140 sorts the plurality of split values in ascending or descending order in proportion to the divided size.

The XOR operator 150 lowers the last split value as it is, and then attaches the last split value, the split value immediately preceding the split value, and the result value of the XOR operation, and calculates the split value up to the first split value. If the rear plain text split size is different from the front plain text split size, the rear part plain text value is adjusted from the front to the same size as the front size, and the last part is deleted, and the ascending or descending order is sorted. Performs an XOR operation on the plain text split value. The XOR operator 150 performs an XOR operation on the inverted result value of the result values in descending order in the even round.

Hereinafter, a data distribution storage method according to an embodiment of the present invention will be described with reference to FIGS. 6 and 7. 6 and 7 are diagrams illustrating a data distribution process by the data distribution apparatus illustrated in FIG. 5.

4 to 6, the random number generator 110 generates a plurality of random numbers, and the division unit 120 divides the plain text m based on the plurality of random numbers. After the sorting unit 130 sorts the divided plain text in ascending or descending order, the XOR operator 140 performs an XOR operation with each divided plain text. In this process, the even numbered rounds are inverted against the result in descending order. After performing 16 iterations, the fragments are divided into secret scatter pieces for the result value, and each secret scatter piece (Share) is distributed and managed in the DB 300. The data distributed storage method will be described in detail below.

① For the plaintext m of size L, the random number generator 110 generates a uniform number of random numbers r _i (i = 1, 2,... T) less than L as appropriate. Here, a random number generator of BBS is used.

② divide the plaintext m into m ₁ , m ₂ , .... m _s (i = 1,2, .... s) based on the random number r, i.e. random numbers of 3, 5, 2, 3, 1. Reconstruct in ascending order proportional to the size of the partition. At this time, the size is the same as the plain text even if reconstructed.

③ The plain text m _s ? M ₂ ? ....? M ₁ sorted in ascending order generates the result value 02 through the XOR operation of the XOR operator 150. In the XOR operation, the splitting value m ₁ at the end is lowered as it is, followed by the plaintext splitting value immediately preceding the last m _1, and the result of the XOR operation. As a result of calculating this to the first plaintext split value m _s , 02 can be obtained as shown in Equation 2 below.

   In this case, when the size of the rear plain text split is different from the size of the previous plain text split, the operation is possible only when the size of the previous plain text split is the same. Delete and perform XOR operation.

④ Next, 7, 02 to 02 with reference back to the random number r _i from the result S S _1, S _2, the _{...., S s (i = 1,2} , .... s After dividing by), it is reconstructed in descending order as shown in Equation 3 below.

Invert the values reconstructed in descending order and perform the XOR operation as in ③ above to generate a result value (S _O3 ) of 03.

⑤ of the procedures previously described 016 results S _O16 is repeated 16 times to produce when and configure the final secret based on the decomposition fragment of the resulting 016 value distribution information (Share) and a plurality, that is, k number of databases (300 ).

Table 1 summarizes the secret distribution algorithm according to an embodiment of the present invention.

Input: P ∈ {0,1} ^nl
Output: S ₁ , ..., S _n

1. R _i (i = 1, ..., t) is generated by the BBS random number generator 110.
Calculate set S ⊂ {S ₀ , ..., S _{t -1} } which LENGTH (S _i ) = r _i and S _i = SUBSTRING (P) r _i ^{ri + 1}
3.for R ← 0 to 16 do
4.for i ← 0 to n-1 do
5.if R mod 1 = 0 then
6. b ← MAX (S)
7. a _i ← b
8. discard MAX (S)
9. else
10.b ← MIN (S)
11.a _i ← Invert (b)
12. discard MIN (S)
13. end if
14. end for i
15.for j ← 0 to n-1 do
16.if j = n-1 then
17.S _j ← S _j || (a _j )
18. else
19.S _j ← (a _j PADD (a _{j + 1} ) ^aj )
20. end if
21.end for j
22. end for R
23. return (S ₁ , ..., S _n )

Hereinafter, a data recovery apparatus according to an embodiment of the present invention will be described with reference to FIGS. 4 and 8. 8 is a block diagram showing the configuration of a data recovery apparatus according to an embodiment of the present invention.

4 and 8, a data recovery apparatus according to an embodiment of the present invention includes an XOR operator 210, an alignment unit 220, and a reversing unit 240.

The XOR operator 210 performs aggregation by reading a plurality of secret distributed data stored in a plurality of databases 300, and if it is different from the previous size, lowers the splitting value of the last end as it is and performs the XOR operation with the lowered value. The XOR operation is performed again with the result value which went through the previous and XOR operation, and if the size of the front part is large, the XOR operation is performed on the aggregation result value by repeatedly using the small part of the rear part. .

The sorter 220 sorts the calculation result of the XOR operator in ascending order based on the seed data stored in the seed buffer 230.

The reversing unit 240 reverses the calculation result values of the XOR operation unit 210 arranged by the alignment unit 220 and rearranges the seed data as seed data.

Hereinafter, a data restoration method according to an embodiment of the present invention will be described with reference to FIGS. 9 and 10. 9 and 10 are diagrams illustrating a data restoration process by the data restoration apparatus illustrated in FIG. 5.

Referring to FIG. 9, each secret distributed data is aggregated in a distributed and stored DB 300.

Each secret distributed data repeats the XOR operation and the ascending / descending order in the reverse order of the data distribution step. In this process, the plain text can be restored by repeating the repetition 16 times in the odd round in the descending order.

① First, data is distributed and stored in k databases 300 to perform aggregation. The XOR operation is performed on the divided 016 value. Here, if the XOR operation is performed as in the dispersion step ③, and it is different from the previous size during the XOR operation, instead of deleting the last part in order to match the size of the partition value to be calculated as in the distributed storage process, here, first, the last The XOR operation is performed by lowering the partition value as it is and performing the XOR operation with the lowered value. Instead of the XOR operation immediately before and after, the XOR operation is performed again with the result value after the XOR operation. At this time, if the size of the front part is large, repeat the small part of the back.

② Divide the result into a random number and take the reverse. Referring to FIG. 9, the current order is sorted in descending order and is in the order of 5, 3, 3, 2, and 1, and is rearranged by seed values 3, 5, 2, 3, and 1. In this case, in the case of overlapping 3 and 3, the first one is used first. Here, random values within the same seed range can be known. When distributed, the BBS random number generator generates random numbers for each round, and stores them in the seed buffer 230. Referring to FIG. 10, an ascending order must be performed. The stored seed values are (2,4,3,1,4), and the ascending order can be arranged in the order of 1,2,3,4,4. And after performing the XOR operation, rearrange it to seed (2,4,3,1,4).

③ The plain text value 10 can be finally obtained by repeating ① and ② above.

Table 2 summarizes the secret recovery algorithm according to the embodiment of the present invention.

Input: S ₁ , ..., S _n
Output: Plaintext P

Generate r _i (i = 1, ..., t) by the BBS random number generator.
Calculate set S ⊂ {S ₀ , ..., S _t-1 } which LENGTH (S _i ) = r _i and S _i = SUBSTRING (P) r _i ^{ri + 1}
3.for R ← 0 to 16 do
4.for i ← 0 to n-1 do
5.if R mod 1 = 1 then
6. b ← MAX (S)
7. a _i ← b
8. discard MAX (S)
9. else
10.b ← MIN (S)
11.a _i ← Invert (b)
12. discard MIN (S)
13. end if
14. end for i
15.for j ← n-1 to 0 do
16.if j = n-1 then
17.S _j ← S _j || (a _j )
18. else
19.S _j ← (a _j PADD (S _{j + 1} ) ^aj )
20. end if
21.end for j
22. end for R
23. return (S ₁ , ..., S _n )

Table 3 summarizes the method and the existing algorithm of the present invention.

Shamir (conventional) Kurihara (conventional) Invention method Secret piece average size l l n / l Whether safety can be proved ○ △ ○ Whether high speed processing is possible ㅧ ○ ○ Large DBMS Suitability ㅧ △ ○ Secret piece size variability ㅧ ㅧ ○ Secret piece count variability ㅧ ㅧ ○

In Table 3, ○ represents excellent, Δ represents normal, and ㅧ represents inadequate.

Claims (7)

(i) dividing the plain text into a plurality of split values based on the plurality of random numbers;
(ii) sorting the plurality of split values in ascending or descending order in proportion to the divided size;
(iii) The last split value is lowered as it is, followed by the split value immediately preceding the last value, and the result value of the XOR operation, which is calculated to the first split value to obtain the result value. If the size of the rear plain text split is different from the size of the previous plain text split, the rear part of the plain text is adjusted to the same size as the previous size, and the last part is deleted. The plain text split is sorted in the ascending or descending order. Performing an XOR operation on the; And
(iv) using the result of step (iii) as the plurality of split values, repeating steps (ii) and (iii) a plurality of times to construct a plurality of secret distributed data, each distributed and stored in a plurality of databases; Including,
An XOR operation on the ascending or descending sorted plaintext split values in step (iii), performing an XOR operation on the inverted result values for the descending result values in the even rounds,
And the size of the plain text is equal to the total sum size of the plurality of secret distributed data. delete (a) performing aggregation by reading a plurality of secret distributed data distributed and stored in a plurality of databases;
(b) If it is different from the previous size, the last split value is lowered as it is and the XOR operation is performed with the lowered value as it is. The result of the previous and XOR operation and the XOR operation are again performed. Performing an XOR operation on the aggregation result value in such a manner that a small part of the back is repeatedly used if large; And
(c) sorting the result of the XOR operation in ascending order based on the stored seed data; And
(d) repeating steps (a) to (c) a plurality of times to restore the plain text,
Reversing the sorted XOR arithmetic result and reordering it as seed data, but using a preceding value first when there is a duplicate value among the arithmetic result,
And a total sum size of the plurality of secret distributed data is equal to the size of the plain text. delete A random number generator for generating a plurality of random numbers;
A seed buffer which stores the generated plurality of random numbers as a seed value;
A division unit that divides the plain text into a plurality of division values based on the plurality of random numbers;
An alignment unit to sort the plurality of split values in ascending or descending order in proportion to the divided size; And
The last split value is lowered as it is, followed by the last split value, the split value immediately preceding it, and the result of performing the XOR operation. If the split size is different from the previous plain text split size, the rear part plain text value is adjusted from the front to the same size as the previous size, and the last part is deleted, and the XOR of the plain text split value sorted in ascending or descending order is deleted. Including an XOR operation unit for performing the operation,
The XOR operator performs an XOR operation on the inverted result value of the result value in descending order in the even round.
And the size of the plain text is equal to the total sum size of the plurality of secret distributed data. delete A data restoration apparatus for performing the data restoration method according to claim 3,
Aggregate by reading a lot of stored secret distributed data, and if it is different from the previous size, lower the last split value as it is, and perform the lowered value and the XOR operation. An XOR operation unit performing an XOR operation on the aggregation result value by repeatedly performing a small XOR operation after the XOR operation is repeated;
An alignment unit to sort the calculation result of the XOR operation unit in ascending order based on the stored seed data; And
Revert the data including a reversing unit reversing the calculation result values of the XOR operation unit sorted by the sorting unit and reordering as seed data, and using the preceding value first when there are duplicate values among the calculation result values. Device.

Images