WO2013080290A1 - Dispositif de division de données et programme de division de données - Google Patents

Dispositif de division de données et programme de division de données Download PDF

Info

Publication number
WO2013080290A1
WO2013080290A1 PCT/JP2011/077431 JP2011077431W WO2013080290A1 WO 2013080290 A1 WO2013080290 A1 WO 2013080290A1 JP 2011077431 W JP2011077431 W JP 2011077431W WO 2013080290 A1 WO2013080290 A1 WO 2013080290A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
divided
secret
partial
matrix
Prior art date
Application number
PCT/JP2011/077431
Other languages
English (en)
Japanese (ja)
Inventor
松本 勉
武暢 清藤
佐藤 敦
昭輝 鴨志田
敏文 新谷
Original Assignee
国立大学法人 横浜国立大学
株式会社野村総合研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国立大学法人 横浜国立大学, 株式会社野村総合研究所 filed Critical 国立大学法人 横浜国立大学
Priority to PCT/JP2011/077431 priority Critical patent/WO2013080290A1/fr
Priority to JP2013500690A priority patent/JP5530025B2/ja
Publication of WO2013080290A1 publication Critical patent/WO2013080290A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Definitions

  • the present invention relates to a technique for concealing electronic data, and in particular, a technique that is effective when applied to a data division apparatus and a data division program used to divide important data into a plurality of non-important data using a secret sharing technique. It is about.
  • important data when important data is stored, it is also stored by taking measures to conceal the data and prevent falsification.
  • important data is encrypted and stored using an encryption key.
  • the encrypted data includes all important data information. Therefore, for example, when encrypted data is acquired by a third party, important data is easily restored when the encryption key is also acquired and decrypted by the third party for some reason. Even if the encryption key is not acquired, since the encryption key has a finite length, theoretically, there is a possibility that important data may be restored from the encrypted data after a finite number of trials.
  • secret sharing technology is also used as a method for strongly concealing important data.
  • important data is divided into a number of non-critical data that cannot be recovered by itself (important data cannot be recovered or guessed), and some non-critical data is obtained by a third party.
  • Non-Patent Document 1 Various methods have been proposed as secret sharing methods, and for example, a (k, n) threshold secret sharing method described in Non-Patent Document 1 has been used.
  • (k, n) threshold secret sharing secret data to be kept secret is divided into n pieces of divided data. By collecting at least k pieces (k ⁇ n) or more of the n pieces of divided data, the secret data can be restored from these pieces of divided data.
  • the number of collected divided data is less than k, it is impossible to restore secret data from these divided data or to infer the contents (to obtain information on the secret data).
  • (k, n) threshold secret sharing technique In this (k, n) threshold secret sharing technique, generally, operations for dividing and restoring secret data are performed using polynomial operations and remainder operations. However, when these calculations are performed by information processing on a computer, the calculation load increases. Therefore, if the amount of secret data increases, CPU (Central Processing Unit) resources are consumed in large quantities, and processing performance deteriorates. Have the problem of In contrast, (k, n) threshold secret sharing processing is described as a bitwise exclusive OR (eXclusive OR: hereinafter referred to as “XOR”), and a “+” operator. A method of realizing by calculation is also proposed.
  • eXclusive OR hereinafter referred to as “XOR”
  • Patent Document 1 a plurality of original partial data (secret partial data) is generated by dividing original data (secret data) into predetermined lengths.
  • a random number having the same length as the secret data or a random number shorter than the secret data is divided for each predetermined length to generate a plurality of random number partial data, and a predetermined definition formula
  • a technique for efficiently dividing secret data by relatively simple processing by performing exclusive OR operation of secret part data and random number part data based on the above and generating a plurality of divided data is performed by performing exclusive OR operation of secret part data and random number part data based on the above and generating a plurality of divided data .
  • the size of the secret data is the same as the size of each of the n pieces of divided data generated by performing the secret sharing.
  • the total amount of the n divided data after the execution is n times the data amount of the secret data, and there is a problem that resources such as storage capacity and network bandwidth when storing the data are wasted. Have.
  • a technique for reducing the data amount of divided data generated by secret sharing has been proposed in consideration of use in an actual system.
  • a so-called ramp type (k, L, n) threshold secret sharing technique as described in Non-Patent Document 2 has been proposed.
  • the size of each of the generated n pieces of divided data can be reduced to 1 / L of the size of the secret data, instead of relaxing the security condition for the confidentiality of the data. That is, the data amount of all n pieces of divided data can be reduced to 1 / L in the case of (k, n) threshold secret sharing.
  • the secret data can be restored by collecting at least k of the n divided data, as in the case of (k, n) threshold secret sharing. is there.
  • the number of collected divided data is (k ⁇ L) or less (1 ⁇ L ⁇ k)
  • the secret data will not be restored / estimated, but even if it is less than k
  • these mobile terminals usually have less processing power than desktop PCs, and the network for accessing the server or the like for storing the divided data is also wireless. In many cases, such as communication, there is no bandwidth. Therefore, particularly efficient and high-speed processing is required for secret sharing processing, and the amount of divided data to be generated is also required to be small.
  • the security condition is slightly relaxed, but the size of each of the n pieces of divided data is reduced to 1 / L.
  • the total data amount can be reduced to 1 / L.
  • a method has been proposed in which the XOR operation of data obtained by dividing secret data and random numbers is used to increase the efficiency and speed of generation of divided data by arithmetic processing in a computer.
  • an object of the present invention is to conceal secret data by dividing it into n pieces of divided data by (k, L, n) ramp type threshold secret sharing, and from (k, L, n, n)
  • the data dividing apparatus divides secret data into n pieces of divided data by (k, L, n) ramp type threshold secret sharing, and the n pieces of divided data are different from each other.
  • a data dividing device for distributed storage in a storage device which has the following characteristics.
  • the data dividing device divides the unit secret data of length S extracted from the secret data into a plurality of secret part data, and is a random number that is the same length as the secret part data and half the number of the secret part data Generate partial data and define an XOR operation for generating divided partial data from one or more of the secret part data, the random part data, and one or more of the secret part data and the random part data Based on the divided matrix, a plurality of the divided partial data are generated, and the plurality of divided partial data generated by the XOR operation including the different random number partial data are concatenated to obtain n types of length S / L.
  • a division processing unit that generates unit divided data and generates n pieces of divided data by connecting the unit divided data for each type is provided.
  • the present invention can also be applied to a program that causes a computer to function as the above-described data dividing device.
  • a data dividing device divides secret data into n pieces of divided data by (k, L, n) ramp type threshold secret sharing, and these divided data are respectively sent to different servers or the like.
  • the data is stored in a storage device in a distributed manner.
  • the ramp-type secret sharing is used, although the security condition is slightly relaxed, the size of each of the n pieces of divided data is reduced to 1 / L, and the total data amount is (k, n).
  • the threshold secret sharing case it is reduced to 1 / L. This reduces the amount of resources used such as network bandwidth and storage area when transmitting and storing each divided data.
  • (k, L, n) ramp type threshold secret sharing in order to reduce the amount of CPU resources used by increasing the efficiency and speed of processing, as with known techniques,
  • the divided data is generated based on the XOR operation of the secret partial data obtained by dividing the secret data and the random number partial data having the same length as that suitable for the bit operation.
  • ramp-type threshold secret sharing a calculation formula and a calculation procedure for performing an XOR operation are adjusted, and a plurality of secret sharing is performed from secret data. The overall processing performance is improved when generating divided data and when restoring secret data from a plurality of divided data.
  • FIG. 1 is a diagram showing an outline of a configuration example of a data dividing apparatus according to an embodiment of the present invention.
  • secret data 400 that is a target of secret sharing is created by the user, such as an information processing terminal such as a PC or a mobile terminal used by the user, or a file server to which the plurality of information processing terminals are connected. Or a general computer device holding the same.
  • the data dividing apparatus 100 can be connected to a plurality of servers 200 via a network 300 such as the Internet.
  • the number of servers 200 may be n or more in the (k, L, n) ramp-type threshold secret sharing (four in this embodiment because it is (3, 2, 4) ramp-type threshold secret sharing). desirable.
  • Each of these servers 200 stores the divided data 410 generated by secret sharing from the secret data 400 by the data dividing device 100 and transmitted via the network 300 in a storage device such as an HDD (Hard Disk Drive). It consists of file servers, storage devices, etc.
  • HDD Hard Disk Drive
  • the data dividing device 100 is implemented by, for example, a division processing unit 110, a distribution management unit 120, a restoration processing unit 130, and an interface implemented as a software program that runs on an OS (Operating System) (not shown).
  • OS Operating System
  • Each part such as the part 140 is included.
  • the division processing unit 110 is based on, for example, a division matrix 111 that defines an arithmetic expression by XOR described later and a divided intermediate expression 112 from secret data 400 instructed to be securely stored by a user via an interface unit 140 described later. Then, according to a predetermined procedure, (k, L, n) ramp-type threshold secret sharing (in this embodiment, (3, 2, 4) ramp-type threshold secret sharing) is distributed to n servers 200 (this embodiment) In this embodiment, four pieces of divided data 410 are generated. Further, it has a random number generation unit 113 that generates a random number used in the above-described XOR calculation.
  • the random number generation method is not particularly limited, and any known technique can be used as long as it can generate a random number having a predetermined length or more.
  • the distribution management unit 120 transmits, for example, each divided data 410 generated from the secret data 400 by the division processing unit 110 to each server 200 according to a predetermined condition based on the setting content of the setting information 122 and stores the divided data. Information relating to which server 200 stores each piece of divided data 410 is recorded in the distribution status 121 and managed.
  • the setting information 122 includes, for example, access information (IP address, host name, etc.) for each server 200 serving as a distributed storage destination, and when there are more servers 200 than n (four in this embodiment), n Criteria and conditions for selecting individual servers 200 (for example, priority order of servers 200, an ordered list, a rotation method, and the like) can be set in advance.
  • the distribution management unit 120 is based on the content of the distribution status 121 and the setting content of the setting information 122 based on a request from the restoration processing unit 130 when the restoration processing unit 130 described below restores the secret data 400.
  • m pieces of divided data 410 for restoring the secret data 400 are collected from each server 200 and transferred to the restoration processing unit 130.
  • the divided data 410 is stored from the target server 200 according to the criteria, conditions, failure, and the like for selecting the target m servers 200. It is possible to set in advance a method for determining the server 200 as an alternative in the case where acquisition is not possible.
  • any of the n pieces of divided data 410 cannot be stored in each server 200 when the divided data 410 is distributed and stored due to a failure of the server 200, or more than k pieces cannot be collected when the divided data 410 is collected. In such a case, an error may be returned to the user.
  • the data dividing apparatus 100 and each server 200 transmit / receive the information after performing predetermined encryption on the divided data 410, respectively. The risk of leakage may be further reduced.
  • the restoration processing unit 130 divides the divided data 410 more than the number necessary for restoring the secret data 400. Request to get. Furthermore, from the acquired divided data 410, (k, L, n) ramp-type threshold secret sharing (this embodiment) is performed according to a predetermined procedure based on a restoration matrix 131 that defines an arithmetic expression by XOR described later and a restoration intermediate expression 132. In the embodiment, the secret data 400 is restored by (3, 2, 4) ramp-type threshold secret sharing).
  • the interface unit 140 has a user interface such as a screen display in the data dividing apparatus 100 (or a client terminal (not shown) for the data dividing apparatus 100) and an input / output function such as data transmission / reception.
  • the user can use the functions of the data dividing apparatus 100 by using, for example, a file management screen of a general OS.
  • the division processing unit 110 and the distribution management unit 120 automatically generate n pieces of divided data 410 (four pieces in the present embodiment) using the important data as secret data 400, and each piece of divided data 410 Can be distributed and stored in each server 200 without making the user aware of the above.
  • the secret data 400 is deleted from the data dividing device 100 (and the user's client terminal for the data dividing device 100).
  • the secret data 400 corresponds to the secret data 400 so that the user is not conscious on the file management screen. Create and keep a dummy file etc.
  • the user performs operations such as reference and editing of the secret data 400 by operating the dummy file of the secret data 400 managed in a specific folder on the file management screen.
  • the distributed management unit 120 and the restoration processing unit 130 automatically set m secret data 400 corresponding to the dummy file or the like from each server 200 (k ⁇ m ⁇ n, book
  • three or four pieces of divided data 410 are collected, and the secret data 400 can be restored and made available to the user.
  • FIG. 2 is a flowchart showing an outline of an example of a flow of division processing for generating the division data 410 from the secret data 400 by secret sharing in the division processing unit 110 of the data division device 100.
  • secret sharing processing is performed by (3, 2, 4) ramp-type threshold secret sharing.
  • FIG. 3 is a diagram showing an outline of an example of processing for generating four pieces of divided data 410 from the secret data 400 by (3, 2, 4) ramp-type threshold secret sharing.
  • the division processing unit 110 When the important data to be secret shared is designated by the user via the interface unit 140, the division processing unit 110 first sets the important data as the secret data 400, and has a predetermined length S from the top of the secret data 400.
  • the unit secret data is extracted (S01).
  • This unit secret data is data that becomes a processing unit when performing secret sharing processing by XOR operation, and in the present embodiment, the length S is an arbitrary length of multiple bits of 6.
  • the secret data 400 is padded with predetermined data such as zero to obtain the unit secret data of length S for the less than S And
  • the extracted unit secret data 401 is divided to generate six secret partial data (S02). Specifically, as shown in FIG. 3, the unit secret data 401 of length S extracted from the secret data 400 is divided into six equal parts, and six pieces of secret partial data 402 of length S / 6 (s1 to s6). ) Generate.
  • the random number generation unit 113 generates three random number partial data 403 having the same length (S / 6) as the secret partial data 402, which is half the number of the secret partial data 402 (S03). Specifically, as shown in FIG. 3, three pieces (r1 to r3) of random number partial data 403 having the same length S / 6 as the secret partial data 402 are generated.
  • the random number generation unit 113 may individually generate three of r1 to r3, or the random number generation unit 113 generates one random number longer than S / 2.
  • the division processing unit 110 may divide this and extract three random numbers having a length of S / 6.
  • the secret part data 402 (s1 to s6) and the random number part data 403 for each of the plurality of divided intermediate expressions 112 that are defined in advance for use in performing an XOR operation for generating divided part data, which will be described later.
  • a value is calculated by performing an XOR operation based on (r1 to r3) (S04).
  • This divided intermediate expression 112 is obtained by extracting an XOR operation expression that repeatedly appears a plurality of times as the divided intermediate expression 112 in the entire XOR operation for generating divided partial data described later.
  • the value of the divided intermediate expression 112 is calculated and held in advance, and the calculation result is used in the XOR operation based on the divided matrix 111, which will be described later. To increase speed and speed. Details of the divided intermediate expression 112 will be described later.
  • an XOR operation is performed based on the contents defined in the partition matrix 111, and the twelve divided part data 412 are obtained.
  • Generate (S05). Specifically, as shown in FIG. 3, a 9 ⁇ 1 matrix including a partition matrix 111 defining an XOR operation, random number partial data 403 (r1 to r3), and secret partial data 402 (s1 to s6).
  • 12 divided partial data 412 (a1 to a3, b1 to b3, c1 to c3, d1 to d3) each having a length S / 6 are obtained.
  • 12 divided partial data 412 are obtained by the following equations obtained by multiplication of the divided matrix 111 and the secret data matrix 114.
  • each divided intermediate expression 112 calculated in advance in step S04 is added to the portion of the XOR operation that coincides with each divided intermediate expression 112 in each of the above expressions. By substituting, the total number of XOR operations is reduced.
  • unit divided data 411a having a length of S / 2 is generated by concatenating divided partial data 412 of a1 to a3.
  • the divided partial data 412 of b1 to b3, c1 to c3, and d1 to d3 are respectively connected to generate unit divided data 411b to 411d.
  • the generated four unit divided data 411 are connected to the end of the corresponding divided data 410 (S07).
  • unit divided data 411a to 411d of length S / 2 are connected to the end of divided data A (410a) to divided data D (410d), respectively.
  • each unit divided data 411 itself is set as divided data 410.
  • Each piece of divided data 410 includes information for identifying whether it is of divided data A (410a), divided data B (410b), divided data C (410c), or divided data D (410d). Is added to the header or the like.
  • the unit divided data 411 constituting the divided data 410 is constituted by any divided partial data 412 of a1 to a3, b1 to b3, c1 to c3, or d1 to d3.
  • the unit secret data 401 is extracted by padding data such as zero because the length of the secret data 400 is less than S in step S01, the validity of the last unit secret data 401 is valid.
  • a length of information or the like may be added.
  • the four pieces of divided data 410 (divided data A to D) obtained by the above processing using the divided matrix 111 shown in FIG. 3 satisfy the requirement of (3, 2, 4) ramp-type threshold secret sharing. Is. That is, the information of the unit secret data 401 constituting the secret data 400 (the information of the secret partial data 402 of s1 to s6) cannot be obtained from each of the unit divided data 411 constituting each of the divided data 410.
  • the information of the divided partial data 412 of a1 to a3 can be obtained from the unit divided data 411a constituting the divided data A (410a). Even if the third party knows that the divided partial data 412 is generated from the three expressions of Expressions 1 to 3, r1 consisting of Expressions 1 to 3 Simultaneous equations with ⁇ r3 and s1 to s6 as variables cannot be solved.
  • any information (solution) of the secret partial data 402 of s1 to s6 cannot be obtained ( That is, the normalized information entropy is 1.) Accordingly, the confidentiality of the secret data 400 (unit secret data 401 including the secret partial data 402 of s1 to s6) is maintained. The same applies to the divided data 410 of the divided data B (410b) to the divided data D (410d).
  • each formula is expressed as “one or two or more different secret partial data 402 (s1 to s6) and one or two or more different random number partial data 403 (r1 If the division matrix 111 is configured as expressed as “XOR operation of r3”, each piece of divided data 410 (unit divided data 411) has randomness equivalent to that of random number data. Information of the secret data 400 (unit secret data 401) cannot be obtained from the data 410.
  • each of the three calculation formulas has only one random number partial data 403 that is different from each other (for example, Formula 1 is only r1, Formula 2 is only r2, and Formula 3 is only r3). It is said.
  • the secret data 400 can be restored. That is, it is possible to obtain all of the information of the unit secret data 401 (information of the secret partial data 402 of s1 to s6) constituting the secret data 400 from each of the unit divided data 411 constituting the three different divided data 410. it can.
  • the nine pieces of Equations 1 to 9 are used. A simultaneous equation consisting of independent equations will be obtained.
  • the partition matrix 111 used for the partitioning process in the (3, 2, 4) ramp-type threshold secret sharing shown in FIG. 3 is the restoration used for the restoration process of the secret data 400 from the partitioned data 410 described later.
  • the number of XOR operations in the entire division / restoration secret sharing process is adjusted to be small.
  • the number of XOR operations was analyzed to obtain a pattern with a small number, that is, a high processing efficiency as a whole.
  • the partition matrix 111 shown in FIG. 3 is the adjusted partition matrix 111 obtained by the above procedure.
  • the divided portion data 412 (a1 to a3, b1 to b3, c1 to c3, d1 to d3) is calculated based on the above equations 1 to 12 in step S05 in FIG.
  • the divided intermediate expression 112 is used so that the number of XOR operations to be performed (the “+” operator in Expressions 1 to 12) is reduced. That is, an XOR operation expression that appears repeatedly in the above formulas 1 to 12 is defined in advance as the divided intermediate expression 112, and the value of each divided intermediate expression 112 is calculated in advance in step S04 of FIG. .
  • FIG. 4 shows a case where the divided portion data 412 (a1 to a3, b1 to b3, c1 to c3, d1 to d3) is calculated from the secret portion data 402 (s1 to s6) and the random number portion data 403 (r1 to r3). It is the figure which showed the outline
  • the upper diagram of FIG. 4 schematically shows the contents of the partition matrix 111 shown in FIG. 3 as a table, and the rows and columns of the table correspond to the rows and columns of the partition matrix 111 shown in FIG. ing.
  • each row of the table of the partition matrix 111 shown in FIG. 4 shows the contents of the XOR operation shown in the above equations 1 to 12.
  • seven divided intermediate expressions 112 from t1 to t7 are defined, and these are columns in which “1” stands (each in FIG. 4). (Corresponding to the column of the division matrix 111 shown in the upper stage) represents the calculation of the following equation.
  • the number of XOR operations is greatly reduced to 25 (reduction rate 34.2%). Accordingly, rather than directly executing the XOR operation based on the partition matrix 111 (the above formulas 1 to 12), the split intermediate formula 112 (the above formulas 13 to 19) is calculated in advance, By performing the XOR operation based on the partition matrix 111 by using the above (Equation 1 ′ to Equation 12 ′ above), it is possible to increase the efficiency and speed of the processing relating to the XOR operation.
  • FIG. 5 is a flowchart showing an outline of an example of the flow of restoration processing for generating the secret data 400 from the divided data 410 by secret sharing in the restoration processing unit 130 of the data dividing device 100.
  • secret sharing processing is performed by (3, 2, 4) ramp-type threshold secret sharing.
  • FIG. 6 is a diagram showing an overview of an example of processing for generating (restoring) secret data 400 from three pieces of divided data 410 by (3, 2, 4) ramp-type threshold secret sharing.
  • restoration processing unit 130 when important data to be used for reference or editing, for example, important data to be restored is designated by the user via the interface unit 140, the restoration processing unit 130 The data is set as the secret data 400, and the distribution management unit 120 is requested and acquired as many pieces of divided data 410 as necessary (three or more in the present embodiment) to restore the data.
  • FIG. 6 a case is shown in which three pieces of divided data 410 of divided data 410a, 410b, 410c are used for restoration.
  • three pieces of divided data 410 of the divided data 410a, 410b, 410c are acquired via the distribution management unit 120 and used for restoration, and all four pieces of division data 410 are obtained via the distribution management unit 120.
  • the case where the data 410 is acquired and three of the divided data 410a, 410b, and 410c are used for restoration is included.
  • each unit divided data 411 (a, b, c) extracted from each divided data 410 (a, b, c) is unit divided data based on information added to a header or the like. 411a, 411b, 411c (or unit divided data 411d) is specified.
  • three divided partial data 412 are extracted from each extracted unit divided data 411 (S13). Specifically, as shown in FIG. 6, three unit divided data 411 (a, b, c) having a length S / 2 are divided into three equal parts, and divided partial data 412 having a length S / 6. Are generated three by one (a1 to a3, b1 to b3, c1 to c3).
  • a plurality of restoration intermediate formulas 132 defined for each combination of the types of the unit divided data 411 identified in step S12. For each, an XOR operation is performed based on the divided partial data 412 extracted in step S13 to calculate values (S14).
  • the restore intermediate formula 132 extracts an XOR formula that repeatedly appears multiple times as the restore intermediate formula 132 in the entire XOR calculation for generating secret partial data 402 described later. Is.
  • this restoration intermediate formula 132 is calculated and held in advance, and the calculation result is used in the XOR operation based on the restoration matrix 131, thereby eliminating the XOR operation with overlapping contents as much as possible and improving the processing efficiency. Increase speed.
  • the details of the restoration intermediate formula 132 will be described later.
  • Pieces of secret partial data 402 are generated (S15). Specifically, as shown in FIG. 6, a restoration matrix that defines an XOR operation for each combination of types of unit divided data 411 (in the example of FIG. 6, three unit divided data 411 of a, b, and c). 131 (restoration matrix 131a in the example of FIG. 6) and a divided data matrix 133a of 9 rows and 1 column whose elements are the divided partial data 412 (a1 to a3, b1 to b3, and c1 to c3 in the example of FIG. 6). By multiplication, six pieces of secret partial data 402 (s1 to s6) each having a length S / 6 are obtained.
  • unit secret data 401 is generated from the six secret partial data 402 (S16). Specifically, as shown in FIG. 6, the secret partial data 402 of s1 to s6 are concatenated to generate unit secret data 401 of length S. Next, the generated unit secret data 401 is linked to the end of the secret data 400 (S17). Specifically, as shown in FIG. 6, the unit secret data 401 having a length S is connected to the end of the secret data 400. If there is no secret data 400 to be linked, the unit secret data 401 itself is set as the secret data 400.
  • the secret data 400 (unit secret data 401 including the secret partial data 402 of s1 to s6) obtained based on the restoration matrix 131 as shown in FIG.
  • the plurality of restoration matrices 131 defined for each type of combination of the unit divided data 411 identified in step S12 are inverse matrices obtained from the portion related to the combination in the divided matrix 111. is there.
  • FIG. 7 is a diagram showing an example of processing for obtaining the restoration matrix 131a used for restoring the secret data 400 from the divided data 410 (a, b, c) from the divided matrix 111.
  • the row corresponding to the divided data 410 (a, b, c) used in the restoration in the divided matrix 111 that is, the corresponding row.
  • Nine rows (shaded portions in the figure) from which the divided portion data 412 (a1 to a3, b1 to b3, c1 to c3) can be obtained are extracted, and 9 rows and 9 columns as shown in the lower left part of FIG. Get the submatrix of.
  • This inverse matrix becomes the restoration matrix 131a.
  • the element value “1” in the partition matrix 111 indicates a bit for determining an element to be XORed instead of the numerical value “1”. Therefore, for example, when the inverse matrix is obtained by using the sweep-out method, the restoration matrix 131 can be obtained by treating it as “1” even when the element value becomes ⁇ 1 by the subtraction process in the procedure. .
  • FIG. 8 is a diagram showing an example of processing for obtaining the restoration matrix 131b used for restoring the secret data 400 from the divided data 410 (a, b, d) from the divided matrix 111.
  • the row corresponding to the divided data 410 (a, b, d) used in the restoration in the divided matrix 111 that is, the divided partial data 412 (a1 to a3
  • Nine rows (shaded portions in the figure) from which b1 to b3 and d1 to d3) can be obtained are extracted to obtain a 9 ⁇ 9 submatrix as shown in the lower left part of FIG.
  • the inverse matrix obtained from this partial matrix is the restoration matrix 131b.
  • FIG. 9 is a diagram showing an example of processing for obtaining the restoration matrix 131c used for restoring the secret data 400 from the divided data 410 (a, c, d) from the divided matrix 111.
  • the row corresponding to the divided data 410 (a, c, d) used in the restoration in the divided matrix 111 that is, the divided partial data 412 (a1 to a3, 9 rows (shaded portions in the figure) from which c1 to c3 and d1 to d3) can be obtained are extracted to obtain a 9 ⁇ 9 submatrix as shown in the lower left part of FIG.
  • the inverse matrix obtained from this partial matrix is the restoration matrix 131c.
  • FIG. 10 is a diagram showing an example of processing for obtaining the restoration matrix 131d used for restoring the secret data 400 from the divided data 410 (b, c, d) from the divided matrix 111.
  • the row corresponding to the divided data 410 (b, c, d) used in the restoration in the divided matrix 111 that is, the divided partial data 412 (b1 to b3, b) corresponding thereto.
  • Nine rows (shaded portions in the figure) from which c1 to c3 and d1 to d3) can be obtained are extracted to obtain a 9 ⁇ 9 submatrix as shown in the lower left part of FIG.
  • the inverse matrix obtained from this partial matrix is the restoration matrix 131d.
  • FIG. 11 is a diagram showing an outline of an example of calculating the secret part data 402 (s1 to s6) from the divided part data 412 (a1 to a3, b1 to b3, c1 to c3). Similar to FIG. 4 described above, the upper diagram of FIG. 11 schematically shows the contents of the restoration matrix 131a shown in FIG. 7 as a table, and the rows and columns of the table are the restoration matrix shown in FIG. This corresponds to the row / column 131a.
  • five restoration intermediate expressions 132a w1 to w5 are defined, and these are columns in which “1” stands (each in FIG. 11). (Corresponding to the column of the restoration matrix 131a shown in the upper part) represents the calculation of the following equation.
  • the restoration intermediate equation 132a is calculated in advance (the above equations 26 to 30), and the restoration intermediate equation 132a is By using this to execute the XOR operation based on the restoration matrix 131a (formulas 20 ′ to 25 ′ described above), it is possible to increase the efficiency and speed of the processing relating to the XOR operation.
  • FIG. 12 is a diagram showing an outline of an example of calculating the secret part data 402 (s1 to s6) from the divided part data 412 (a1 to a3, b1 to b3, d1 to d3).
  • the upper diagram of FIG. 12 schematically shows the contents of the restoration matrix 131b shown in FIG. 8 as a table, and the rows and columns of the table correspond to the rows and columns of the restoration matrix 131b shown in FIG. ing.
  • five restoration intermediate expressions 132b of x1 to x5 are defined, and these are columns in which “1” stands (each in FIG. 12). (Corresponding to the column of the restoration matrix 131b shown in the upper part) represents the calculation of the following equation.
  • the formulas (not shown) for obtaining the six secret partial data 402 (s1 to s6) are represented by the following simplified formulas, respectively.
  • FIG. 13 is a diagram showing an outline of an example of calculating the secret part data 402 (s1 to s6) from the divided part data 412 (a1 to a3, c1 to c3, d1 to d3).
  • the upper diagram of FIG. 13 schematically shows the contents of the restoration matrix 131c shown in FIG. 9 as a table, and the rows and columns of the table correspond to the rows and columns of the restoration matrix 131c shown in FIG. ing.
  • five restoration intermediate expressions 132c from y1 to y5 are defined, and each of these is a column in which “1” stands (see FIG. 13). (Corresponding to the column of the restoration matrix 131c shown in the upper part) represents the calculation of the following equation.
  • multiplication of the restoration matrix 131c and the divided data matrix having the divided partial data 412 (a1 to a3, c1 to c3, d1 to d3) as elements is performed.
  • the formulas (not shown) for obtaining the six secret partial data 402 (s1 to s6) are represented by the following simplified formulas, respectively.
  • FIG. 14 is a diagram showing an outline of an example of calculating the secret part data 402 (s1 to s6) from the divided part data 412 (b1 to b3, c1 to c3, d1 to d3).
  • the upper diagram of FIG. 14 schematically shows the contents of the restoration matrix 131d shown in FIG. 10 as a table, and the rows and columns of the table correspond to the rows and columns of the restoration matrix 131d shown in FIG. ing.
  • two restoration intermediate expressions 132d z1 to z2 are defined, and each of these is a sequence in which “1” stands (see FIG. 14). (Corresponding to the column of the restoration matrix 131d shown in the upper stage) represents the calculation of the following equation.
  • z1 a1 + a3 Formula 53
  • z2 a2 + b1 Formula 54
  • multiplication of the restoration matrix 131d and the divided data matrix having the divided partial data 412 (b1 to b3, c1 to c3, d1 to d3) as elements is performed.
  • the formulas (not shown) for obtaining the six secret partial data 402 (s1 to s6) are represented by the following simplified formulas, respectively.
  • the adjusted partition matrix 111 and the partition intermediate expression 112, and the restoration matrix 131 and the restoration intermediate expression 132 in the case of using (3, 2, 4) ramp-type threshold secret sharing are specifically described.
  • the partition matrix 111 and the restoration matrix 131 are obtained with the same idea, and the middle of the partition It is possible to reduce the number of XOR operations by defining the expression 112 and the restoration intermediate expression 132, thereby making the processing more efficient and faster.
  • the secret data 400 is converted into the (k, L, n) ramp type threshold value.
  • the data is divided into n pieces of divided data 410 by secret sharing, and these divided data 410 are distributed and stored in different servers 200 or the like.
  • the confidentiality of the secret data 400 against loss, theft, unauthorized acquisition, etc. of the divided data 410 can be improved, and the availability of the secret data 400 against damage, loss, etc. of the divided data 410 can be increased.
  • the size of each of the n pieces of divided data 410 is reduced to 1 / L, and the total data amount is reduced to (k, n ) Reduced to 1 / L compared to threshold secret sharing. This makes it possible to reduce the amount of resources used such as the bandwidth and storage area of the network 300 when transmitting and storing each divided data 410.
  • secret sharing processing is performed by XOR calculation so as to be suitable for bit calculation in a computer. That is, an XOR operation of one or more of the secret partial data 402 obtained by dividing the secret data 400 and one of the random number partial data 403 that is the same length as the secret partial data 402 and half the secret partial data 402 is performed. Based on this, a plurality of divided portion data 412 is generated, and a plurality of divided portion data 412 generated by an XOR operation including different random number portion data 403 is concatenated to generate unit divided data 411 and divided data 400. This makes it possible to increase the efficiency and speed of the secret sharing process.
  • the present invention can be used for a data division apparatus and a data division program used to divide important data into a plurality of non-important data using a secret sharing technique and conceal it.
  • DESCRIPTION OF SYMBOLS 100 Data division
  • Network, 400 Secret data
  • 401 Unit secret data
  • 402 Secret partial data
  • 403 Random number partial data, 410, 410a to d ... Divided data, 411, 411a to d ... Unit divided data, 412 ... Divided partial data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention se rapporte à un dispositif de division de données qui permet l'optimisation et l'accélération globales d'un calcul OU exclusif lors de la division de données confidentielles en n éléments de données divisées au moyen d'un secret à seuil de rampe (k, L, n) partageant et dissimulant ces données, et lors de la restauration de données confidentielles à partir d'au moins k éléments de données divisées. Ce mode de réalisation représentatif se déroule de la manière suivante : des données confidentielles unitaires d'une longueur S qui sont extraites des données confidentielles sont divisées en une pluralité d'éléments de données formant une partie confidentielle, et des éléments de données formant une partie nombre aléatoire sont générés, le nombre d'éléments étant égal à la moitié du nombre d'éléments de données formant une partie confidentielle et la longueur de chaque élément étant identique à celle des éléments de données formant une partie confidentielle ; une pluralité d'éléments de données formant une partie divisée sont générés sur la base d'une matrice divisée qui a défini le calcul OU exclusif ayant servi à générer les données formant une partie confidentielle, les données formant une partie nombre aléatoire et les données formant une partie divisée à partir d'au moins un élément de données formant une partie confidentielle et un élément de données formant une partie nombre aléatoire ; n types de données divisées unitaires d'une longueur S/L sont générés par la liaison d'une pluralité d'éléments de données formant une partie divisée générés par le calcul OU exclusif et comprenant respectivement différents éléments de données formant une partie nombre aléatoire, puis les éléments de données divisées unitaires sont reliés par type et n éléments de données divisées sont générés.
PCT/JP2011/077431 2011-11-28 2011-11-28 Dispositif de division de données et programme de division de données WO2013080290A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2011/077431 WO2013080290A1 (fr) 2011-11-28 2011-11-28 Dispositif de division de données et programme de division de données
JP2013500690A JP5530025B2 (ja) 2011-11-28 2011-11-28 データ分割装置およびデータ分割プログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/077431 WO2013080290A1 (fr) 2011-11-28 2011-11-28 Dispositif de division de données et programme de division de données

Publications (1)

Publication Number Publication Date
WO2013080290A1 true WO2013080290A1 (fr) 2013-06-06

Family

ID=48534818

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/077431 WO2013080290A1 (fr) 2011-11-28 2011-11-28 Dispositif de division de données et programme de division de données

Country Status (2)

Country Link
JP (1) JP5530025B2 (fr)
WO (1) WO2013080290A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017040851A (ja) * 2015-08-21 2017-02-23 富士フイルム株式会社 秘密分散装置,データ復元装置,秘密分散方法,データ復元方法およびそれらの制御プログラム
JP6300293B1 (ja) * 2017-07-07 2018-03-28 株式会社Asj エンコード・デコード構造およびこれを用いた分散データシステム
WO2019008792A1 (fr) * 2017-07-07 2019-01-10 株式会社Asj Structure de codage/décodage et système de données de distribution l'utilisant

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005303776A (ja) * 2004-04-14 2005-10-27 Nippon Telegr & Teleph Corp <Ntt> 電子データ暗号化装置、電子データ復元装置及びプログラム
JP2006352357A (ja) * 2005-06-14 2006-12-28 Fujitsu Ltd 通信制御装置および通信制御方法
JP2009037093A (ja) * 2007-08-03 2009-02-19 Kddi Corp 分散情報生成装置、秘密情報復元装置、分散情報生成方法、秘密情報復元方法およびプログラム
JP2009182375A (ja) * 2008-01-29 2009-08-13 Kddi Corp 分散情報生成装置、秘密情報復元装置、分散情報生成方法、秘密情報復元方法およびプログラム
JP2011004206A (ja) * 2009-06-19 2011-01-06 Kddi Corp 分散情報生成装置、秘密情報復元装置、分散情報生成方法、秘密情報復元方法およびプログラム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005303776A (ja) * 2004-04-14 2005-10-27 Nippon Telegr & Teleph Corp <Ntt> 電子データ暗号化装置、電子データ復元装置及びプログラム
JP2006352357A (ja) * 2005-06-14 2006-12-28 Fujitsu Ltd 通信制御装置および通信制御方法
JP2009037093A (ja) * 2007-08-03 2009-02-19 Kddi Corp 分散情報生成装置、秘密情報復元装置、分散情報生成方法、秘密情報復元方法およびプログラム
JP2009182375A (ja) * 2008-01-29 2009-08-13 Kddi Corp 分散情報生成装置、秘密情報復元装置、分散情報生成方法、秘密情報復元方法およびプログラム
JP2011004206A (ja) * 2009-06-19 2011-01-06 Kddi Corp 分散情報生成装置、秘密情報復元装置、分散情報生成方法、秘密情報復元方法およびプログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TORU TAKAARA: "A Fast (k,L,n)-Threshold Secret Sharing ramp Scheme using XOR Operations", COMPUTER SECURITY SYMPOSIUM 2009, vol. 2, 19 October 2009 (2009-10-19), pages 949 - 954 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017040851A (ja) * 2015-08-21 2017-02-23 富士フイルム株式会社 秘密分散装置,データ復元装置,秘密分散方法,データ復元方法およびそれらの制御プログラム
JP6300293B1 (ja) * 2017-07-07 2018-03-28 株式会社Asj エンコード・デコード構造およびこれを用いた分散データシステム
WO2019008792A1 (fr) * 2017-07-07 2019-01-10 株式会社Asj Structure de codage/décodage et système de données de distribution l'utilisant
US11064024B1 (en) 2017-07-07 2021-07-13 Asj Inc. Encoding/decoding structure and distributed data system using the same

Also Published As

Publication number Publication date
JP5530025B2 (ja) 2014-06-25
JPWO2013080290A1 (ja) 2015-04-27

Similar Documents

Publication Publication Date Title
US10608813B1 (en) Layered encryption for long-lived data
US9209971B2 (en) Method and system for shielding data in untrusted environments
US20160344553A1 (en) Storing and retrieving ciphertext in data storage
CN104520873A (zh) 用于保护和恢复虚拟机的系统和方法
US10601580B2 (en) Secure order preserving string compression
WO2019114122A1 (fr) Procédé de chiffrement pour informations de connexion, dispositif, dispositif électronique et support
US10476663B1 (en) Layered encryption of short-lived data
CN110391895B (zh) 数据预处理方法、密文数据获取方法、装置和电子设备
WO2014007296A1 (fr) Système de cryptage à préservation de l&#39;ordre, dispositif de cryptage, dispositif de décryptage, procédé de cryptage, procédé de décryptage, et programmes pour ceux-ci
CN104618096A (zh) 保护密钥授权数据的方法、设备和tpm密钥管理中心
Latha et al. Block based data security and data distribution on multi cloud environment
Sivakumar et al. Securing data and reducing the time traffic using AES encryption with dual cloud
KR20200143197A (ko) 블록체인을 기반으로 데이터의 분산 암호화 관리를 가능하게 하는 데이터 관리 장치 및 그 동작 방법
JP2023008395A (ja) マルチパーティ型準同型暗号によるセキュアでロバストな連合学習システム及び連合学習方法
CN109544164A (zh) 一种基于互联网支付的加密系统、方法和存储介质
US20190132133A1 (en) Associating identical fields encrypted with different keys
CN112000978B (zh) 隐私数据的输出方法、数据处理系统及存储介质
JP5530025B2 (ja) データ分割装置およびデータ分割プログラム
US10929151B2 (en) Computer-implemented method for replacing a data string by a placeholder
US11356254B1 (en) Encryption using indexed data from large data pads
EP4080488B1 (fr) Système de génération de nombres aléatoires secrets, dispositif de calcul secret, procédé de génération de nombres aléatoires secrets, et programme
US9336363B2 (en) Method and system for secure deployment of information technology (IT) solutions in untrusted environments
CN116132065A (zh) 密钥确定方法、装置、计算机设备和存储介质
JP6693503B2 (ja) 秘匿検索システム、サーバ装置、秘匿検索方法、検索方法、およびプログラム
KR20150002821A (ko) 복수의 저장 서비스 제공자들에 분산 및 저장된 파일의 기밀성을 보호하기 위한 방법

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2013500690

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11876814

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11876814

Country of ref document: EP

Kind code of ref document: A1