Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Secret sharing
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Computationally secure secret sharing== The disadvantage of unconditionally secure secret sharing schemes is that the storage and transmission of the shares requires an amount of storage and bandwidth resources equivalent to the size of the secret times the number of shares. If the size of the secret were significant, say 1 GB, and the number of shares were 10, then 10 GB of data must be stored by the shareholders. Alternate techniques have been proposed for greatly increasing the efficiency of secret sharing schemes, by giving up the requirement of unconditional security. One of these techniques, known as ''secret sharing made short'',<ref>{{cite conference |url=http://www.cs.cornell.edu/courses/cs754/2001fa/secretshort.pdf |title=Secret Sharing Made Short |first=Hugo|last=Krawczyk|year=1993 |conference=CRYPTO '93 }}</ref> combines Rabin's information dispersal algorithm<ref>{{cite journal |last1=Rabin |first1=Michael O. |year=1989 |title=Efficient dispersal of information for security, load balancing, and fault tolerance |journal=Journal of the ACM |volume=36 |issue=2 |pages= 335β348|doi= 10.1145/62044.62050 |citeseerx=10.1.1.116.8657 |s2cid=13166422 }}</ref> (IDA) with Shamir's secret sharing. Data is first encrypted with a randomly generated key, using a symmetric encryption algorithm. Next this data is split into N pieces using Rabin's IDA. This IDA is configured with a threshold, in a manner similar to secret sharing schemes, but unlike secret sharing schemes the size of the resulting data grows by a factor of (number of fragments / threshold). For example, if the threshold were 10, and the number of IDA-produced fragments were 15, the total size of all the fragments would be (15/10) or 1.5 times the size of the original input. In this case, this scheme is 10 times more efficient than if Shamir's scheme had been applied directly on the data. The final step in secret sharing made short is to use Shamir secret sharing to produce shares of the randomly generated symmetric key (which is typically on the order of 16β32 bytes) and then give one share and one fragment to each shareholder. A related approach, known as AONT-RS,<ref>{{cite conference |url=http://web.eecs.utk.edu/~plank/plank/papers/FAST-2011.pdf |title=AONT-RS: Blending Security and Performance in Dispersed Storage Systems |first=Jason |last=Resch |author2=Plank, James |date=February 15, 2011 |conference=Usenix FAST'11 |conference-url=http://www.usenix.org/events/fast11/ }}</ref> applies an [[All-or-nothing transform]] to the data as a pre-processing step to an IDA. The All-or-nothing transform guarantees that any number of shares less than the threshold is insufficient to decrypt the data.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)