Fujiwara M, Waseda A, Nojima R, Moriai S, Ogata W, Sasaki M
Quantum ICT Laboratory, National Institute of Information and Communications Technology (NICT), 4-2-1 Nukui-kita, Koganei, Tokyo 184-8795, Japan.
Security Fundamentals Laboratory, National Institute of Information and Communications Technology (NICT), 4-2-1 Nukui-kita, Koganei, Tokyo 184-8795, Japan.
Sci Rep. 2016 Jul 1;6:28988. doi: 10.1038/srep28988.
Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km).
分布式存储在实现网络中长时间可靠且安全的数据存储方面发挥着至关重要的作用。分布式存储系统由一台数据所有者机器、多个存储服务器以及连接它们的通道组成。在这样的系统中,秘密共享方案被广泛采用,即秘密数据被分割成多个片段并存储在每个服务器中。为了重构这些数据,数据所有者需要收集多个片段。沙米尔(k,n)阈值方案将数据分割成n个片段(份额)进行存储,并且至少需要收集k个片段才能进行重构,该方案提供了信息理论安全性,也就是说,即使攻击者能够收集到少于阈值k的份额,他们也无法获取任何有关数据的信息,即便拥有无限的计算能力。然而,在这种情况下,假设数据传输和认证必须是完全安全的,而这在实际中并非易事。在此,我们基于用户友好的单密码认证秘密共享方案和使用量子密钥分发的安全传输,提出了一种完全信息理论安全的分布式存储系统,并在东京都市区(≤90公里)进行了演示。
