Secret Sharing Schemes Based on Minimum ... - Semantic Scholar
Secret Sharing Schemes Based on Minimum Bandwidth Regenerating Codes Masazumi Kurihara(Univ. of Electro‐Communications) Hidenori Kuwakado (Kobe Univ.) ISITA2012, Honolulu, Hawaii, U.S.A., Oct. 28 ‐ 31, 2012
1
Outline 1. Introduction Distributed storage system, Regenerating Code, and Secrecy
2.
, , The
3.
, ,
, , ,
Minimum Bandwidth Regenerating(MBR) Codes MBR code proposed by Rashmi, Shah and Kumar
Secure Regenerating(SR) Codes
The secure regenerating(SR) code based on the
, ,
MBR code
4. Evaluation 5. Conclusions
2
Distributed Storage System Storage node (Storage capacity symbols over .) Share (Share size symbols )
Data collector(end‐user)
1 k Message (B symbols)
2
k shares Reconstruction Message
f
n Encoding and i distributing n 3
Typical repair method using a reconstruction ( Repair‐bandwidth
)
Share (Share size symbols ) 1
The failed node
Repair‐bandwidth k
Message (B symbols)
2
k shares Reconstruction Message
n Encoding and i distributing n
Re‐encoding Share
( size ) 4
Regenerating Codes •
For the repair problem, Dimakis et al. proposed a new concept of code called “regenerating code”. Dimakis, Godfrey, Wu, Wainwright and Ramchandran[Dimakis, et al., 2010]
• •
The code is defined by six parameters , , , , , . The code have the following two properties: – Reconstruction Property: • An end‐user(called data‐collector) is permitted to connect to any active nodes to reconstruct a message. – Regeneration Property: active nodes • A failed node is permitted to connect to any (called helper‐nodes) to repair itself.
•
They showed that the regenerating code can reduce the repair‐bandwidth.
5
Method using a regenerating code for repair ( Repair‐bandwidth = piece‐vector size = Share (Share size symbols )
) The failed node
1 Message (B symbols)
Helper‐node 2
Piece (Piece size symbols)
d pieces
)
piece‐vector( ( piece‐vector size
)
( repair‐bandwidth) n
Helper‐node i
Helper‐node n
Piece
Piece
Regenerating
Share 6
Regenerating Codes • Furthermore, they showed the trade‐off between a storage‐ capacity and a repair‐bandwidth. • In the trade‐off, there are two special types of regenerating codes as follows: (for fixed , and ) – An Minimum Bandwidth Regenerating(MBR) code • First minimizing , and then minimizing . ,
• An MBR code satisfies
.
– An Minimum Storage Regenerating(MSR) code • The minimization in the reverse order. • An MSR code satisfies
,
. 7
Secrecy on Distributed storage System • A regenerating code may be similar to a secret sharing scheme. • The secret sharing scheme(SSS) produces shares in such a way that a share does not give any information about a secret. • However, in general, the SSS does not have the regeneration property. • On the other hand, in the concept of a regenerating code, the regenerating code does not have the secrecy property.
8
Prior work(related work) for secure MBR codes • Pawar, Rouayheb and Ramchandran[Pawar, et al., 2011] – The first secure regenerating code based on an MBR code. – However, the secure regenerating code is confined to the case of 1.
• Shah, Rashmi and Kumar[Shah, et al., 2011]
– An ℓ, ℓ′ secure Product‐Matrix Minimum Bandwidth Regenerating(PM‐MBR) code for . – The code is also based on an MBR code. – The parameters and are chosen independently.
• Our proposal , , , this study.
secure regenerating(SR) code for
in
– Shah et al.’s code and our code are based on the same MBR code. – Our code is different from their code. 9
Secrecy on Regenerating Code • • • •
Let denote a random variable with a uniform distribution over representing a secret where . Let , … , denote random variables representing shares from the secret . denote random variables representing piece‐vectors. Let , … , For a regenerating code, we have to consider the following two secrecy conditions: 1. Secrecy for shares: , For any shares , … , | ,…, , where . 2. Secrecy for piece‐vectors: For any piece‐vectors , … , , | ,…, , where . 10
MBR codes [Rashmi, et al., 2011](Section 2) • Rashmi, Shah and Kumar proposed an , , MBR code for all values of , , where . [Rashmi, et al., 2011] • The parameters of the ,
, , 1,
MBR code satisfy as follows: 1 2 1 2
• Hence, the , , MBR code is defined by the three parameters , and from the above relations.
11
A message matrix • •
of the
MBR code
The , , MBR code with message symbols is obtained from the following message matrix which is a symmetric matrix. The message symbols are substituted for components of the message matrix as follows:
d k
k u1,1 uk,1 M uk1,1 ud,1
u1,k
uk,k uk1,k ud,k
u1,k1 u1,d uk,k uk,d 0 0 0 0
d
B message symbols
k
d k
d
12
Encoding, Shares and Reconstruction • For each node ∈ 1, … , ,
, a share
,…,
where 1, , , … , associated with node . • Hence, shares , … , ,…,
,
:
is defined as ∈
∈
is a coding vector
are obtained as follows: ,…,
• The message matrix can be reconstructed from any shares by using the reconstruction method by Rashmi et al. 13
( , , , ) Secure Regenerating(SR) codes (Section 3) • An , , , Secure Regenerating(SR) code is based on an , , MBR code and have the following properties: 1. The three parameters , , are derived from the underlying , , MBR code. 2. The new parameter 0 is a secrecy parameter. 3. The parameter means the perfect secrecy condition as follows: for any , … , ∈ 1, … , , ,…, and ,…, .
14
Construction of Secure Regenerating(SR) Code
an
• To construct an , , , secure regenerating(SR) code, instead of message symbols, we substitute secret symbols and random symbols for components of the message matrix . – The numbers follows:
and
are defined by the secrecy parameter 2
2 and
as
1 ,
1 .
• The idea of the construction is simple. • However, we have carefully to choose the components of the message matrix as follows: 15
A message matrix for the underlying MBR code • When
4,
6 ,
18,
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
u1,2 u1,3 u1,4 u1,5 u1,6 u2,2 u2,3 u2,4 u2,5 u2,6 u3,2 u2,3 u3,4 u3,5 u3,6 u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 u6,2 u6,3 u6,4 0 0
B message symbols
k 4
16
A message Matrix secure regenerating(SR) code
for the • When
4,
6,
2 ,
18,
11 and
7.
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
LS
secret symbols
u1,2 u1,3 u1,4 u1,5 u1,6 2 nd k m 2 broken lines u2,2 u2,3 u2,4 u2,5 u2,6 1st u3,2 u2,3 u3,4 u3,5 u3,6 2 nd 1st m 2 broken lines u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 LR random symbols u6,2 u6,3 u6,4 0 0 17
• The shares for the secret are derived from the encoding method of the underlying , , MBR code as follows: ,…,
,…,
.
• We can execute a reconstruction and a regeneration for the , , , secure regenerating(SR) code in the same way as the underlying , , MBR code.
18
Evaluation (shares) (Section 4) • Theorem: For any shares
,…,
of the
, , ,
secure
regenerating(SR) code,
,…,
where
, and the function ,
1 2
1 ,
1
1
0,
.
In particular, – –
•
0
is a quadratic polynomial in in the range
• •
2
is defined by
,…, ,…,
, 0,
: Perfect secrecy : Reconstruction
The reason using the function is that we are interested not only in a perfect secrecy, but also in a ramp type’s secrecy. 19
versus 4,
When
6,
2 ,
quadratic function in t 1 2
2
1 0
Uncertainty
,…,
Perfect secrecy
3 7
Reconstruction
1
2
3
4
5
Number of shares 20
Evaluation(piece‐vectors) • Similarly, we have the following theorem for piece‐vectors.
• Theorem: For any piece‐vectors
of
secure regenerating(SR) code, • In particular, – –
: Perfect secrecy : Reconstruction 21
Conclusions(Section 5) 1.
We have proposed a construction of an , , , secure regenerating(SR) code based on an , , MBR code.
We have showed the secrecy ability of the , , , secure regenerating(SR) code is as follows: 1. ,…, for any shares. 2. ,…, for any piece‐vectors. 3. We have explained that the , , , secure regenerating(SR) code is a (non‐linear) ramp scheme. 2.
4.
The , , , secure regenerating(SR) code achieves the upper bound of the secrecy capacity , , , , 1; , .
22
Additional Slides
23
Distributed Storage System • There are storage nodes in a network. • The storage capacity of each node is symbols over a finite field
.
• Encoding and Distribution: • A message consisting of message symbols is encoded to shares in such a way that the message can be reconstructed from any shares, and the shares are stored across storage nodes. • The share‐size equals to the storage capacity. • In the system, the message can be reconstructed from active nodes even if several nodes fail.
24
Repairing a failed node • On the other hand, we have to repair the failed node to maintain the system, that is, the failed node have to regenerate the share of itself. • In a typical repair method, the failed node can regenerate the share by using a reconstruction. • However, the reconstruction spends the network traffic because the message‐size is greater than the share‐size . • The amount of downloaded data for repair is called the repair‐bandwidth. • In the case of a reconstruction, the repair‐bandwidth is , which is the message‐size. 25
Regenerating Codes • They showed that the regenerating code can reduce the repair‐bandwidth.
• The data‐size of downloaded data(called piece) from each helper‐node is symbols. Consequently, the repair band‐ width is . • The vector consisting of pieces is called a piece‐vector.
26
Secrecy on Regenerating Code • Let denote a random variable with a uniform distribution over representing a secret where . • Let , … , denote random variables representing shares from the secret . • The reconstruction can be represented as follows: | ,…, 0. for any shares , … , , denote random variables representing piece‐ Let , … , vectors. • The regeneration can be represented as follows: | 0. for a failed node ,
•
• From the regeneration property, we have
|
|
. 27
Regeneration for the code
MBR
• Two pages.
28
Regeneration for the
MBR code
• Suppose that a node fails and helper‐nodes , … , are active. • Each helper node computes a piece for the failed node as follows: 1 ∈ , where ∈ ,…, , and send it to the failed node. • As a result, the failed node obtains the piece‐vector as follows: , ,…, , ∈ • Note that the repair‐bandwidth equals to the size of piece‐ vector. 29
Regeneration for the
MBR code
• The failed node can regenerate the share from the piece‐ vector as follows: where the (i.e., |
,…,
matrix 0.)
,…,
is nonsingular
• Form the above relation between and , the piece‐vector is also determined from the share (i.e., | 0). • Hence, for the “
,…,
, ,
MBR code, ” is equivalent to “
|
,…,
”. 30
The difference between Shah et al.’ code and our code (four pages) • When their code and our code have the same secrecy ability. ‐PM‐secure‐MBR code secure regenerating code
• Their code and our code differ in the position of random symbols and that of secret symbols in a message matrix as follows: 31
Message Matrix for the underlying MBR code • When
4,
6 ,
18,
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
u1,2 u1,3 u1,4 u1,5 u1,6 u2,2 u2,3 u2,4 u2,5 u2,6 u3,2 u2,3 u3,4 u3,5 u3,6 u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 u6,2 u6,3 u6,4 0 0
B message symbols
k 4
32
Our code secure regenerating code )
( the • When
4,
6,
2 ,
18,
11 and
7.
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
LS
secret symbols
u1,2 u1,3 u1,4 u1,5 u1,6 2 nd k m 2 broken lines u2,2 u2,3 u2,4 u2,5 u2,6 1st u3,2 u2,3 u3,4 u3,5 u3,6 2 nd 1st m 2 broken lines u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 LR random symbols u6,2 u6,3 u6,4 0 0 33
Shah et al.’s secure MBR code[Shah, et al., 2012] ‐PM‐secure‐MBR code ) ( the • When
4,
6,
2 ,
18,
11 and
7.
d 6 k 4 u1,1 u 2,1 u3,1 M ' u4,1 u5,1 u6,1
LR
random symbols
u1,2 u1,3 u1,4 u1,5 u1,6 1st m 2 lines u2,2 u2,3 u2,4 u2,5 u2,6 2 nd u3,2 u2,3 u3,4 u3,5 u3,6 1st k m 2 lines u4,2 u4,3 u4,4 u4,5 u4,6 2 nd u5,2 u5,3 u5,4 0 0 LS secret symbols u6,2 u6,3 u6,4 0 0 34
Proof(two pages) • The idea of construction of the secure regenerating code is simple. • However, many pages are expended to proof the secrecy of the secure regenerating code.
35
• It is a key point of the proof that the nonsingular.
submatrix is
Matrix expression
• [
Rearranging Vector expression
• The
O components of
LR
random symbols
LS
secret symbols
shares are linearly independent.
36
Secrecy capacity and its upper bound • Four pages
37
Secrecy capacity and its upper bound •
The secrecy capacity is defined to be the maximum amount of data that can be stored in the distributed storage system such that the reconstruction property and two the conditions are simultaneously satisfied for all possible data‐collectors and eavesdroppers, that is, , , , , ; , sup ,…, 0 |
•
,…, ,…,
, , , , ; ,
Furthermore, we have the following upper bound of , , , , ; ,
1
:
,
,
•
Both the secrecy capacity and the upper bound are the refined versions of that proposed by Pawar et al.[Pawar, et al.,2011].
38
For an MBR code, we can assume that without loss of generality • In particular, for an MBR code, when a regenerating function is bijective, the following two propositions are true because | 0 and | 0. • •
|
,…,
implies
,…,
implies
• Hence, we can assume that for an MBR code. • Consequently, ,…, | ,…, .
|
,…, ,…,
. .
without loss of generality is equivalent to
39
Secrecy capacity and its upper bound for secure regenerating code an •
For an , , , secure regenerating (secure MBR) code, that is, we have the following simplified expressions:
•
The secrecy capacity : , , ,
,
1;
,
sup ,…, |
•
0
,…, ,…,
The upper bound of the secrecy capacity: , , ,
•
,
,
1;
,
1
Both the secrecy capacity and the upper bound are identical to that of Pawar et al.[Pawar, et al.,2011].
40
Evaluation(upper bound) • Finally, for the parameters of an , , , secure regenerating code, the upper bound of the secrecy capacity is simplifies to , , ,
,
1;
,
1
• Hence, the , , , secure regenerating code achieves the upper bound of the secrecy capacity because of .
41
1
Outline 1. Introduction Distributed storage system, Regenerating Code, and Secrecy
2.
, , The
3.
, ,
, , ,
Minimum Bandwidth Regenerating(MBR) Codes MBR code proposed by Rashmi, Shah and Kumar
Secure Regenerating(SR) Codes
The secure regenerating(SR) code based on the
, ,
MBR code
4. Evaluation 5. Conclusions
2
Distributed Storage System Storage node (Storage capacity symbols over .) Share (Share size symbols )
Data collector(end‐user)
1 k Message (B symbols)
2
k shares Reconstruction Message
f
n Encoding and i distributing n 3
Typical repair method using a reconstruction ( Repair‐bandwidth
)
Share (Share size symbols ) 1
The failed node
Repair‐bandwidth k
Message (B symbols)
2
k shares Reconstruction Message
n Encoding and i distributing n
Re‐encoding Share
( size ) 4
Regenerating Codes •
For the repair problem, Dimakis et al. proposed a new concept of code called “regenerating code”. Dimakis, Godfrey, Wu, Wainwright and Ramchandran[Dimakis, et al., 2010]
• •
The code is defined by six parameters , , , , , . The code have the following two properties: – Reconstruction Property: • An end‐user(called data‐collector) is permitted to connect to any active nodes to reconstruct a message. – Regeneration Property: active nodes • A failed node is permitted to connect to any (called helper‐nodes) to repair itself.
•
They showed that the regenerating code can reduce the repair‐bandwidth.
5
Method using a regenerating code for repair ( Repair‐bandwidth = piece‐vector size = Share (Share size symbols )
) The failed node
1 Message (B symbols)
Helper‐node 2
Piece (Piece size symbols)
d pieces
)
piece‐vector( ( piece‐vector size
)
( repair‐bandwidth) n
Helper‐node i
Helper‐node n
Piece
Piece
Regenerating
Share 6
Regenerating Codes • Furthermore, they showed the trade‐off between a storage‐ capacity and a repair‐bandwidth. • In the trade‐off, there are two special types of regenerating codes as follows: (for fixed , and ) – An Minimum Bandwidth Regenerating(MBR) code • First minimizing , and then minimizing . ,
• An MBR code satisfies
.
– An Minimum Storage Regenerating(MSR) code • The minimization in the reverse order. • An MSR code satisfies
,
. 7
Secrecy on Distributed storage System • A regenerating code may be similar to a secret sharing scheme. • The secret sharing scheme(SSS) produces shares in such a way that a share does not give any information about a secret. • However, in general, the SSS does not have the regeneration property. • On the other hand, in the concept of a regenerating code, the regenerating code does not have the secrecy property.
8
Prior work(related work) for secure MBR codes • Pawar, Rouayheb and Ramchandran[Pawar, et al., 2011] – The first secure regenerating code based on an MBR code. – However, the secure regenerating code is confined to the case of 1.
• Shah, Rashmi and Kumar[Shah, et al., 2011]
– An ℓ, ℓ′ secure Product‐Matrix Minimum Bandwidth Regenerating(PM‐MBR) code for . – The code is also based on an MBR code. – The parameters and are chosen independently.
• Our proposal , , , this study.
secure regenerating(SR) code for
in
– Shah et al.’s code and our code are based on the same MBR code. – Our code is different from their code. 9
Secrecy on Regenerating Code • • • •
Let denote a random variable with a uniform distribution over representing a secret where . Let , … , denote random variables representing shares from the secret . denote random variables representing piece‐vectors. Let , … , For a regenerating code, we have to consider the following two secrecy conditions: 1. Secrecy for shares: , For any shares , … , | ,…, , where . 2. Secrecy for piece‐vectors: For any piece‐vectors , … , , | ,…, , where . 10
MBR codes [Rashmi, et al., 2011](Section 2) • Rashmi, Shah and Kumar proposed an , , MBR code for all values of , , where . [Rashmi, et al., 2011] • The parameters of the ,
, , 1,
MBR code satisfy as follows: 1 2 1 2
• Hence, the , , MBR code is defined by the three parameters , and from the above relations.
11
A message matrix • •
of the
MBR code
The , , MBR code with message symbols is obtained from the following message matrix which is a symmetric matrix. The message symbols are substituted for components of the message matrix as follows:
d k
k u1,1 uk,1 M uk1,1 ud,1
u1,k
uk,k uk1,k ud,k
u1,k1 u1,d uk,k uk,d 0 0 0 0
d
B message symbols
k
d k
d
12
Encoding, Shares and Reconstruction • For each node ∈ 1, … , ,
, a share
,…,
where 1, , , … , associated with node . • Hence, shares , … , ,…,
,
:
is defined as ∈
∈
is a coding vector
are obtained as follows: ,…,
• The message matrix can be reconstructed from any shares by using the reconstruction method by Rashmi et al. 13
( , , , ) Secure Regenerating(SR) codes (Section 3) • An , , , Secure Regenerating(SR) code is based on an , , MBR code and have the following properties: 1. The three parameters , , are derived from the underlying , , MBR code. 2. The new parameter 0 is a secrecy parameter. 3. The parameter means the perfect secrecy condition as follows: for any , … , ∈ 1, … , , ,…, and ,…, .
14
Construction of Secure Regenerating(SR) Code
an
• To construct an , , , secure regenerating(SR) code, instead of message symbols, we substitute secret symbols and random symbols for components of the message matrix . – The numbers follows:
and
are defined by the secrecy parameter 2
2 and
as
1 ,
1 .
• The idea of the construction is simple. • However, we have carefully to choose the components of the message matrix as follows: 15
A message matrix for the underlying MBR code • When
4,
6 ,
18,
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
u1,2 u1,3 u1,4 u1,5 u1,6 u2,2 u2,3 u2,4 u2,5 u2,6 u3,2 u2,3 u3,4 u3,5 u3,6 u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 u6,2 u6,3 u6,4 0 0
B message symbols
k 4
16
A message Matrix secure regenerating(SR) code
for the • When
4,
6,
2 ,
18,
11 and
7.
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
LS
secret symbols
u1,2 u1,3 u1,4 u1,5 u1,6 2 nd k m 2 broken lines u2,2 u2,3 u2,4 u2,5 u2,6 1st u3,2 u2,3 u3,4 u3,5 u3,6 2 nd 1st m 2 broken lines u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 LR random symbols u6,2 u6,3 u6,4 0 0 17
• The shares for the secret are derived from the encoding method of the underlying , , MBR code as follows: ,…,
,…,
.
• We can execute a reconstruction and a regeneration for the , , , secure regenerating(SR) code in the same way as the underlying , , MBR code.
18
Evaluation (shares) (Section 4) • Theorem: For any shares
,…,
of the
, , ,
secure
regenerating(SR) code,
,…,
where
, and the function ,
1 2
1 ,
1
1
0,
.
In particular, – –
•
0
is a quadratic polynomial in in the range
• •
2
is defined by
,…, ,…,
, 0,
: Perfect secrecy : Reconstruction
The reason using the function is that we are interested not only in a perfect secrecy, but also in a ramp type’s secrecy. 19
versus 4,
When
6,
2 ,
quadratic function in t 1 2
2
1 0
Uncertainty
,…,
Perfect secrecy
3 7
Reconstruction
1
2
3
4
5
Number of shares 20
Evaluation(piece‐vectors) • Similarly, we have the following theorem for piece‐vectors.
• Theorem: For any piece‐vectors
of
secure regenerating(SR) code, • In particular, – –
: Perfect secrecy : Reconstruction 21
Conclusions(Section 5) 1.
We have proposed a construction of an , , , secure regenerating(SR) code based on an , , MBR code.
We have showed the secrecy ability of the , , , secure regenerating(SR) code is as follows: 1. ,…, for any shares. 2. ,…, for any piece‐vectors. 3. We have explained that the , , , secure regenerating(SR) code is a (non‐linear) ramp scheme. 2.
4.
The , , , secure regenerating(SR) code achieves the upper bound of the secrecy capacity , , , , 1; , .
22
Additional Slides
23
Distributed Storage System • There are storage nodes in a network. • The storage capacity of each node is symbols over a finite field
.
• Encoding and Distribution: • A message consisting of message symbols is encoded to shares in such a way that the message can be reconstructed from any shares, and the shares are stored across storage nodes. • The share‐size equals to the storage capacity. • In the system, the message can be reconstructed from active nodes even if several nodes fail.
24
Repairing a failed node • On the other hand, we have to repair the failed node to maintain the system, that is, the failed node have to regenerate the share of itself. • In a typical repair method, the failed node can regenerate the share by using a reconstruction. • However, the reconstruction spends the network traffic because the message‐size is greater than the share‐size . • The amount of downloaded data for repair is called the repair‐bandwidth. • In the case of a reconstruction, the repair‐bandwidth is , which is the message‐size. 25
Regenerating Codes • They showed that the regenerating code can reduce the repair‐bandwidth.
• The data‐size of downloaded data(called piece) from each helper‐node is symbols. Consequently, the repair band‐ width is . • The vector consisting of pieces is called a piece‐vector.
26
Secrecy on Regenerating Code • Let denote a random variable with a uniform distribution over representing a secret where . • Let , … , denote random variables representing shares from the secret . • The reconstruction can be represented as follows: | ,…, 0. for any shares , … , , denote random variables representing piece‐ Let , … , vectors. • The regeneration can be represented as follows: | 0. for a failed node ,
•
• From the regeneration property, we have
|
|
. 27
Regeneration for the code
MBR
• Two pages.
28
Regeneration for the
MBR code
• Suppose that a node fails and helper‐nodes , … , are active. • Each helper node computes a piece for the failed node as follows: 1 ∈ , where ∈ ,…, , and send it to the failed node. • As a result, the failed node obtains the piece‐vector as follows: , ,…, , ∈ • Note that the repair‐bandwidth equals to the size of piece‐ vector. 29
Regeneration for the
MBR code
• The failed node can regenerate the share from the piece‐ vector as follows: where the (i.e., |
,…,
matrix 0.)
,…,
is nonsingular
• Form the above relation between and , the piece‐vector is also determined from the share (i.e., | 0). • Hence, for the “
,…,
, ,
MBR code, ” is equivalent to “
|
,…,
”. 30
The difference between Shah et al.’ code and our code (four pages) • When their code and our code have the same secrecy ability. ‐PM‐secure‐MBR code secure regenerating code
• Their code and our code differ in the position of random symbols and that of secret symbols in a message matrix as follows: 31
Message Matrix for the underlying MBR code • When
4,
6 ,
18,
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
u1,2 u1,3 u1,4 u1,5 u1,6 u2,2 u2,3 u2,4 u2,5 u2,6 u3,2 u2,3 u3,4 u3,5 u3,6 u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 u6,2 u6,3 u6,4 0 0
B message symbols
k 4
32
Our code secure regenerating code )
( the • When
4,
6,
2 ,
18,
11 and
7.
d 6 k 4 u1,1 u 2,1 u3,1 M u4,1 u5,1 u6,1
LS
secret symbols
u1,2 u1,3 u1,4 u1,5 u1,6 2 nd k m 2 broken lines u2,2 u2,3 u2,4 u2,5 u2,6 1st u3,2 u2,3 u3,4 u3,5 u3,6 2 nd 1st m 2 broken lines u4,2 u4,3 u4,4 u4,5 u4,6 u5,2 u5,3 u5,4 0 0 LR random symbols u6,2 u6,3 u6,4 0 0 33
Shah et al.’s secure MBR code[Shah, et al., 2012] ‐PM‐secure‐MBR code ) ( the • When
4,
6,
2 ,
18,
11 and
7.
d 6 k 4 u1,1 u 2,1 u3,1 M ' u4,1 u5,1 u6,1
LR
random symbols
u1,2 u1,3 u1,4 u1,5 u1,6 1st m 2 lines u2,2 u2,3 u2,4 u2,5 u2,6 2 nd u3,2 u2,3 u3,4 u3,5 u3,6 1st k m 2 lines u4,2 u4,3 u4,4 u4,5 u4,6 2 nd u5,2 u5,3 u5,4 0 0 LS secret symbols u6,2 u6,3 u6,4 0 0 34
Proof(two pages) • The idea of construction of the secure regenerating code is simple. • However, many pages are expended to proof the secrecy of the secure regenerating code.
35
• It is a key point of the proof that the nonsingular.
submatrix is
Matrix expression
• [
Rearranging Vector expression
• The
O components of
LR
random symbols
LS
secret symbols
shares are linearly independent.
36
Secrecy capacity and its upper bound • Four pages
37
Secrecy capacity and its upper bound •
The secrecy capacity is defined to be the maximum amount of data that can be stored in the distributed storage system such that the reconstruction property and two the conditions are simultaneously satisfied for all possible data‐collectors and eavesdroppers, that is, , , , , ; , sup ,…, 0 |
•
,…, ,…,
, , , , ; ,
Furthermore, we have the following upper bound of , , , , ; ,
1
:
,
,
•
Both the secrecy capacity and the upper bound are the refined versions of that proposed by Pawar et al.[Pawar, et al.,2011].
38
For an MBR code, we can assume that without loss of generality • In particular, for an MBR code, when a regenerating function is bijective, the following two propositions are true because | 0 and | 0. • •
|
,…,
implies
,…,
implies
• Hence, we can assume that for an MBR code. • Consequently, ,…, | ,…, .
|
,…, ,…,
. .
without loss of generality is equivalent to
39
Secrecy capacity and its upper bound for secure regenerating code an •
For an , , , secure regenerating (secure MBR) code, that is, we have the following simplified expressions:
•
The secrecy capacity : , , ,
,
1;
,
sup ,…, |
•
0
,…, ,…,
The upper bound of the secrecy capacity: , , ,
•
,
,
1;
,
1
Both the secrecy capacity and the upper bound are identical to that of Pawar et al.[Pawar, et al.,2011].
40
Evaluation(upper bound) • Finally, for the parameters of an , , , secure regenerating code, the upper bound of the secrecy capacity is simplifies to , , ,
,
1;
,
1
• Hence, the , , , secure regenerating code achieves the upper bound of the secrecy capacity because of .
41
