[go: up one dir, main page]

CN119172077A - Data distributed storage method and system based on secret sharing technology - Google Patents

Data distributed storage method and system based on secret sharing technology Download PDF

Info

Publication number
CN119172077A
CN119172077A CN202411687177.3A CN202411687177A CN119172077A CN 119172077 A CN119172077 A CN 119172077A CN 202411687177 A CN202411687177 A CN 202411687177A CN 119172077 A CN119172077 A CN 119172077A
Authority
CN
China
Prior art keywords
data
key
data block
reconstructed
symmetric key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411687177.3A
Other languages
Chinese (zh)
Inventor
李捷明
王彦功
孙源
储佳祥
黄浩
李显亮
安振君
唐黎明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Software Technology Co Ltd
Original Assignee
Inspur Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Software Technology Co Ltd filed Critical Inspur Software Technology Co Ltd
Priority to CN202411687177.3A priority Critical patent/CN119172077A/en
Publication of CN119172077A publication Critical patent/CN119172077A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data distributed storage method and a system based on a secret sharing technology, belongs to the technical field of data storage, and aims to solve the technical problem of how to realize the safety and privacy of data in distributed storage based on the secret sharing technology. The method comprises the steps of dividing original data into a plurality of data blocks, encrypting the data blocks through a symmetric key, dividing the symmetric key into a plurality of key fragments based on a Shamir threshold scheme, storing the plurality of key fragments into a plurality of different nodes in a distributed mode, dividing the encrypted data blocks into a plurality of data fragments based on the Shamir threshold scheme, storing the plurality of data fragments into a plurality of different nodes in a distributed mode, reconstructing the symmetric key by the key fragments collected based on the Shamir threshold scheme, reconstructing the encrypted data blocks by the data fragments collected by a preset number based on the Shamir threshold scheme, decrypting the reconstructed encrypted data blocks based on the reconstructed symmetric key, and recovering the data blocks.

Description

Data distributed storage method and system based on secret sharing technology
Technical Field
The invention relates to the technical field of data storage, in particular to a data distributed storage method and system based on a secret sharing technology.
Background
With the widespread use of distributed storage technology, security and privacy issues for data storage are increasingly important. Conventional distributed storage systems typically employ block encryption to secure data, but may still be exposed to data privacy if certain storage nodes are attacked or compromised. To enhance storage security, secret sharing techniques may be further used to secondarily encrypt the encrypted data to ensure that even if some storage nodes fail or are attacked, the attacker cannot recover the complete data.
How to realize the security and privacy of data in distributed storage based on secret sharing technology is a technical problem to be solved.
Disclosure of Invention
The technical task of the invention is to provide a data distributed storage method and a system based on a secret sharing technology aiming at the defects, so as to solve the technical problem of how to realize the safety and privacy of data in distributed storage based on the secret sharing technology.
In a first aspect, the present invention provides a data distributed storage method based on a secret sharing technology, including the steps of:
Dividing original data into a plurality of data blocks, and encrypting the data blocks through a symmetric key for each data block to generate an encrypted data block;
The key secret sharing is that the symmetric key is divided into a plurality of key fragments based on a Shamir threshold scheme, and the key fragments are stored to a plurality of different nodes in a distributed mode;
for each encrypted data block, dividing the encrypted data block into a plurality of data fragments based on a Shamir threshold scheme, and storing the data fragments into a plurality of different nodes in a distributed manner, wherein the data fragments and the key fragments can be distributed on different nodes or the same node;
And data recovery, namely collecting a preset number of key fragments based on a Shamir threshold scheme for a symmetric key, and carrying out symmetric key reconstruction based on the collected key fragments to obtain a reconstructed symmetric key, collecting a preset number of data fragments based on the Shamir threshold scheme for each encrypted data block, carrying out encrypted data block reconstruction based on the collected data fragments to obtain a reconstructed encrypted data block, and decrypting the reconstructed encrypted data block based on the reconstructed symmetric key to recover the original data block.
Preferably, when secret key sharing is performed, the symmetric key is divided into the symmetric keys based on a Shamir threshold schemeSlicing the key, and dividing the keyThe individual key is distributed and stored toA plurality of different nodes and defining a need to collect at leastReconstructing and recovering the symmetric key by the key fragments;
Correspondingly, at the time of data recovery, based on the Shamir threshold scheme, at least Collecting key shards on individual nodes based on at least the collectionAnd performing symmetric key reconstruction by the Lagrange difference method by the key fragments, wherein the calculation formula of the symmetric key reconstruction is as follows:
;
Wherein, AndEach representing the number of the key fragment,Represent the firstThe number of key fragments is divided into a number of key fragments,Representing the reconstructed symmetric key.
Preferably, when sharing data secret, the encryption data block is divided into the blocks based on a Shamir threshold schemeSlicing the data, and dividing the data into piecesThe individual data are distributed and stored toA plurality of different nodes and defining a need to collect at leastReconstructing and recovering the encrypted data block by the key fragments;
Correspondingly, at the time of data recovery, based on the Shamir threshold scheme, at least Collecting data shards on individual nodes based on at least the collectionAnd (3) carrying out encryption data block reconstruction by using a Lagrange difference method on each data slice, wherein the calculation formula of the encryption data block reconstruction is as follows:
;
Wherein, AndEach of which represents the number of a data slice,Represent the firstEach encrypted data blockCorresponding firstThe data of the data is divided into slices,Representing the reconstructed encrypted data block.
Preferably, when the data is divided into blocks, the data block is encrypted by an AES encryption algorithm based on a symmetric key to generate an encrypted data block.
In a second aspect, the present invention is a data distributed storage system based on a secret sharing technology, for implementing data distributed storage by a data distributed storage method based on a secret sharing technology as set forth in any one of the first aspects, where the system includes a data blocking module, a secret key secret sharing module, a data secret sharing module, and a data recovery module;
the data block dividing module is used for dividing original data into a plurality of data blocks, and encrypting the data blocks through a symmetric key for each data block to generate an encrypted data block;
The secret key sharing module is used for dividing the symmetric key into a plurality of key fragments based on a Shamir threshold scheme and storing the key fragments into a plurality of different nodes in a distributed mode;
For each encrypted data block, dividing the encrypted data block into a plurality of data fragments based on a Shamir threshold scheme, and storing the plurality of data fragments into a plurality of different nodes in a distributed manner, wherein the data fragments and the key fragments can be distributed on different nodes or the same node;
The data recovery module is used for collecting a preset number of key fragments based on a Shamir threshold scheme for a symmetric key and carrying out symmetric key reconstruction based on the collected key fragments to obtain a reconstructed symmetric key, collecting a preset number of data fragments based on the Shamir threshold scheme for each encrypted data block and carrying out encrypted data block reconstruction based on the collected data fragments to obtain a reconstructed encrypted data block, and decrypting the reconstructed encrypted data block based on the reconstructed symmetric key to recover the original data block.
Preferably, the secret key sharing module is used for dividing the symmetric key into the symmetric keys based on a Shamir threshold schemeSlicing the key, and dividing the keyThe individual key is distributed and stored toA plurality of different nodes and defining a need to collect at leastReconstructing and recovering the symmetric key by the key fragments;
correspondingly, the data recovery module is used for at least selecting from the following based on the Shamir threshold scheme Collecting key shards on individual nodes based on at least the collectionAnd performing symmetric key reconstruction by the Lagrange difference method by the key fragments, wherein the calculation formula of the symmetric key reconstruction is as follows:
;
Wherein, AndEach representing the number of the key fragment,Represent the firstThe number of key fragments is divided into a number of key fragments,Representing the reconstructed symmetric key.
Preferably, the data secret sharing module is used for dividing the encrypted data block into blocks based on a Shamir threshold schemeSlicing the data, and dividing the data into piecesThe individual data are distributed and stored toA plurality of different nodes and defining a need to collect at leastReconstructing and recovering the encrypted data block by the key fragments;
correspondingly, the data recovery module is used for at least selecting from the following based on the Shamir threshold scheme Collecting data shards on individual nodes based on at least the collectionAnd (3) carrying out encryption data block reconstruction by using a Lagrange difference method on each data slice, wherein the calculation formula of the encryption data block reconstruction is as follows:
;
Wherein, AndEach of which represents the number of a data slice,Represent the firstEach encrypted data blockCorresponding firstThe data of the data is divided into slices,Representing the reconstructed encrypted data block.
Preferably, the data blocking module is configured to encrypt the data block by an AES encryption algorithm based on a symmetric key, and generate an encrypted data block.
The data distributed storage method and system based on the secret sharing technology have the following advantages:
1. The data privacy protection is enhanced, namely, secondary encryption is carried out through a secret sharing technology, so that even if part of storage nodes are attacked or revealed, an attacker cannot recover complete data, and the storage safety is greatly improved;
2. the anti-attack capability is improved, namely even if some storage nodes fail or are attacked, the data can still be recovered through the rest effective node fragments, so that the fault tolerance of the system is enhanced;
3. the security and performance are balanced, namely, the blocking encryption and secret sharing technology is adopted, so that the data security is ensured, and meanwhile, the expenditure of storage and calculation is not obviously increased, and the method is suitable for a large-scale distributed storage scene;
4. And the centralized node is prevented from becoming a single point of failure by adopting a distributed storage and secret sharing technology without centralized dependence and independent of single centralized service.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments or the description of the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
The invention is further described below with reference to the accompanying drawings.
Fig. 1 is a flow chart of a data distributed storage method based on the secret sharing technology in embodiment 1.
Detailed Description
The invention will be further described with reference to the accompanying drawings and specific examples, so that those skilled in the art can better understand the invention and implement it, but the examples are not meant to limit the invention, and the technical features of the embodiments of the invention and the examples can be combined with each other without conflict.
The embodiment of the invention provides a data distributed storage method and a system based on a secret sharing technology, which are used for solving the technical problem of how to realize the safety and privacy of data in distributed storage based on the secret sharing technology.
Example 1:
The invention discloses a data distributed storage method based on a secret sharing technology, which comprises four steps of data blocking, secret key secret analysis, data secret analysis and data recovery.
And S100, data blocking, namely dividing the original data into a plurality of data blocks, and encrypting the data blocks through a symmetric key for each data block to generate an encrypted data block.
As a specific implementation of the data block, the data block is encrypted by an AES encryption algorithm based on a symmetric key, and an encrypted data block is generated.
Step S200, secret key sharing, namely dividing the symmetric key into a plurality of key fragments based on a Shamir threshold scheme, and storing the key fragments into a plurality of different nodes in a distributed mode.
As a specific implementation of secret key analysis, when secret key sharing is performed, the symmetric key is divided into the symmetric keys based on a Shamir threshold schemeSlicing the key, and dividing the keyThe individual key is distributed and stored toA plurality of different nodes and defining a need to collect at leastAnd reconstructing and recovering the symmetric key by the key fragments.
Step S300 data secret sharing, namely dividing each encrypted data block into a plurality of data fragments based on a Shamir threshold scheme, and storing the data fragments into a plurality of different nodes in a distributed mode, wherein the data fragments and the key fragments can be distributed on different nodes or the same node.
As a specific implementation of data secret sharing, the encryption data block is divided into blocks based on a Shamir threshold schemeSlicing the data, and dividing the data into piecesThe individual data are distributed and stored toA plurality of different nodes and defining a need to collect at leastAnd reconstructing and recovering the encrypted data block by the key fragments.
And S400, recovering data, namely collecting a preset number of key fragments based on a Shamir threshold scheme for a symmetric key, and carrying out symmetric key reconstruction based on the collected key fragments to obtain a reconstructed symmetric key, collecting a preset number of data fragments based on the Shamir threshold scheme for each encrypted data block, carrying out encrypted data block reconstruction based on the collected data fragments to obtain a reconstructed encrypted data block, and decrypting the reconstructed encrypted data block based on the reconstructed symmetric key to recover the original data block.
As a specific implementation of data recovery, first, at least one from the group based on the Shamir threshold schemeCollecting key shards on individual nodes based on at least the collectionAnd performing symmetric key reconstruction by the Lagrange difference method by the key fragments, wherein the calculation formula of the symmetric key reconstruction is as follows:
;
Wherein, AndEach representing the number of the key fragment,Represent the firstThe number of key fragments is divided into a number of key fragments,Representing the reconstructed symmetric key.
Second, from at least the Shamir threshold based schemeCollecting data shards on individual nodes based on at least the collectionAnd (3) carrying out encryption data block reconstruction by using a Lagrange difference method on each data slice, wherein the calculation formula of the encryption data block reconstruction is as follows:
;
Wherein, AndEach of which represents the number of a data slice,Represent the firstEach encrypted data blockCorresponding firstThe data of the data is divided into slices,Representing the reconstructed encrypted data block.
And finally, decrypting the reconstructed encrypted data block through the reconstructed symmetric key to recover the data block, wherein the calculation formula is as follows:
;
Representing recovery The number of data blocks in a block of data,Representing the decryption function.
The method of the embodiment carries out secondary encryption on the data by combining a blocking encryption mechanism of the distributed storage and a privacy calculation method of a secret sharing technology, ensures the safety and the privacy of the data in the distributed storage, and not only carries out blocking encryption on the data, the storage security of the foundation is improved, the encrypted data block is further encrypted by combining the secret sharing technology, and high security and privacy of the data are ensured even if part of storage nodes fail or are attacked.
Example 2:
The invention discloses a data distributed storage system based on a secret sharing technology, which comprises a data blocking module, a secret key secret sharing module, a data secret sharing module and a data recovery module.
The data block module is used for dividing the original data into a plurality of data blocks, and encrypting the data blocks through a symmetric key for each data block to generate an encrypted data block.
As a specific implementation of the data block module, the module is configured to encrypt a data block by an AES encryption algorithm based on a symmetric key, and generate an encrypted data block.
The secret key sharing module is used for dividing the symmetric key into a plurality of key fragments based on a Shamir threshold scheme and storing the key fragments into a plurality of different nodes in a distributed mode.
As a specific implementation of the secret key sharing module, the module is used for dividing the symmetric key into segments based on a Shamir threshold scheme during secret key sharingSlicing the key, and dividing the keyThe individual key is distributed and stored toA plurality of different nodes and defining a need to collect at leastAnd reconstructing and recovering the symmetric key by the key fragments.
The data secret sharing module is used for dividing each encrypted data block into a plurality of data fragments based on a Shamir threshold scheme, and storing the data fragments into a plurality of different nodes in a distributed mode, wherein the data fragments and the key fragments can be distributed on different nodes or the same node.
As a specific implementation of data secret sharing, the module is used for dividing the encrypted data block into blocks based on a Shamir threshold schemeSlicing the data, and dividing the data into piecesThe individual data are distributed and stored toA plurality of different nodes and defining a need to collect at leastAnd reconstructing and recovering the encrypted data block by the key fragments.
The data recovery module is used for collecting a preset number of key fragments based on a Shamir threshold scheme for a symmetric key and carrying out symmetric key reconstruction based on the collected key fragments to obtain a reconstructed symmetric key, collecting a preset number of data fragments based on the Shamir threshold scheme for each encrypted data block and carrying out encrypted data block reconstruction based on the collected data fragments to obtain a reconstructed encrypted data block, and decrypting the reconstructed encrypted data block based on the reconstructed symmetric key to recover the original data block.
As a specific implementation of the data recovery module, first, the module performs the following operations from at least one of the following based on the Shamir threshold schemeCollecting key shards on individual nodes based on at least the collectionAnd performing symmetric key reconstruction by the Lagrange difference method by the key fragments, wherein the calculation formula of the symmetric key reconstruction is as follows:
;
Wherein, AndEach representing the number of the key fragment,Represent the firstThe number of key fragments is divided into a number of key fragments,Representing the reconstructed symmetric key.
Second, the module is configured to perform operations from at least one of the following based on a Shamir threshold schemeCollecting data shards on individual nodes based on at least the collectionAnd (3) carrying out encryption data block reconstruction by using a Lagrange difference method on each data slice, wherein the calculation formula of the encryption data block reconstruction is as follows:
;
Wherein, AndEach of which represents the number of a data slice,Represent the firstEach encrypted data blockCorresponding firstThe data of the data is divided into slices,Representing the reconstructed encrypted data block.
Finally, the module is used for decrypting the reconstructed encrypted data block through the reconstructed symmetric key to recover the data block, and the calculation formula is as follows:
;
Representing recovery The number of data blocks in a block of data,Representing the decryption function.
The system of the present embodiment may implement the method disclosed in embodiment 1 to implement data distributed storage.
While the invention has been illustrated and described in detail in the drawings and in the preferred embodiments, the invention is not limited to the disclosed embodiments, and it will be appreciated by those skilled in the art that many more embodiments of the invention can be made by combining the means of the various embodiments described above, which are also within the scope of the invention.

Claims (8)

1.一种基于秘密共享技术的数据分布式存储方法,其特征在于,包括如下步骤:1. A data distributed storage method based on secret sharing technology, characterized in that it includes the following steps: 数据分块:将原始数据划分为多个数据块,对于每个数据块,通过对称密钥对所述数据块进行加密,生成加密数据块;Data block division: divide the original data into multiple data blocks, and encrypt each data block using a symmetric key to generate an encrypted data block; 密钥秘密分享:基于Shamir门限方案将所述对称密钥分割为多个密钥分片,将所述多个密钥分片分布式存储到多个不同节点;Secret key sharing: split the symmetric key into multiple key fragments based on Shamir threshold scheme, and store the multiple key fragments in a distributed manner on multiple different nodes; 数据秘密分享:对于每个加密数据块,基于Shamir门限方案将所述加密数据块分割为多个数据分片,将所述多个数据分片分布式存储到多个不同节点,其中数据分片和密钥分片可分布于不同节点上或相同的节点上;Data secret sharing: For each encrypted data block, the encrypted data block is divided into multiple data slices based on the Shamir threshold scheme, and the multiple data slices are distributed and stored in multiple different nodes, where the data slices and key slices can be distributed on different nodes or on the same node; 数据恢复:对于对称密钥,基于Shamir门限方案收集预定数量的密钥分片、并基于收集的密钥分片进行对称密钥重构,得到重构的对称密钥,对于每个加密数据块,基于Shamir门限方案收集预定数量的数据分片、并基于收集的数据分片进行加密数据块重构,得到重构的加密数据块,并基于重构的对称密钥对所述重构的加密数据块进行解密,恢复出原始的数据块。Data recovery: For symmetric keys, a predetermined number of key shards are collected based on the Shamir threshold scheme, and the symmetric key is reconstructed based on the collected key shards to obtain a reconstructed symmetric key. For each encrypted data block, a predetermined number of data shards are collected based on the Shamir threshold scheme, and the encrypted data block is reconstructed based on the collected data shards to obtain a reconstructed encrypted data block. The reconstructed encrypted data block is decrypted based on the reconstructed symmetric key to restore the original data block. 2.根据权利要求1所述的基于秘密共享技术的数据分布式存储方法,其特征在于,密钥秘密分享时,基于Shamir门限方案将所述对称密钥分割为个密钥分片,将所述个密钥分片分布存储到个不同节点,并限定需要收集至少个密钥分片对所述对称密钥进行重构恢复;2. The data distributed storage method based on secret sharing technology according to claim 1 is characterized in that when the key is shared secretly, the symmetric key is divided into key shards, The key shards are distributed and stored in different nodes, and it is required to collect at least Reconstruct and recover the symmetric key using key shards; 对应的,数据恢复时,基于Shamir门限方案从至少个节点上收集密钥分片,基于收集的至少个密钥分片、通过拉格朗日差值法进行对称密钥重构,对称密钥重构计算公式如下:Correspondingly, when recovering data, the Shamir threshold scheme is used to recover data from at least The key shards are collected on nodes, based on at least The key is sharded and the symmetric key is reconstructed by Lagrange difference method. The calculation formula of symmetric key reconstruction is as follows: ; 其中,均表示密钥分片的编号,表示第个密钥分片,表示重构的对称密钥。in, and Both represent the key shard number. Indicates key shards, Represents the reconstructed symmetric key. 3.根据权利要求1所述的基于秘密共享技术的数据分布式存储方法,其特征在于,数据秘密分享时,基于Shamir门限方案将加密数据块分割为个数据分片,将所述个数据分片分布存储到个不同节点,并限定需要收集至少个密钥分片对所述加密数据块进行重构恢复;3. The data distributed storage method based on secret sharing technology according to claim 1 is characterized in that when data secrets are shared, the encrypted data blocks are divided into data shards, Data is distributed and stored in different nodes, and it is required to collect at least Reconstruct and restore the encrypted data block using key fragments; 对应的,数据恢复时,基于Shamir门限方案从至少个节点上收集数据分片,基于收集的至少个数据分片、通过拉格朗日差值法进行加密数据块重构,加密数据块重构计算公式如下:Correspondingly, when recovering data, the Shamir threshold scheme is used to recover data from at least The data is collected on the nodes, based on at least The encrypted data blocks are reconstructed by Lagrange difference method. The calculation formula for reconstructing the encrypted data blocks is as follows: ; 其中,均表示数据分片的编号,表示第个加密数据块对应的第个数据分片,表示重构的加密数据块。in, and Both represent the data shard number. Indicates Encrypted data blocks The corresponding data shards, Represents a reconstructed encrypted data block. 4.根据权利要求1-3任一项所述的基于秘密共享技术的数据分布式存储方法,其特征在于,数据分块时,基于对称密钥、通过AES加密算法对数据块进行加密,生成加密数据块。4. The data distributed storage method based on secret sharing technology according to any one of claims 1-3 is characterized in that when data is divided into blocks, the data blocks are encrypted based on a symmetric key and through an AES encryption algorithm to generate encrypted data blocks. 5.一种基于秘密共享技术的数据分布式存储系统,其特征在于,用于通过如权利要求1-4任一项所述的一种基于秘密共享技术的数据分布式存储方法实现数据分布式存储,所述系统包括数据分块模块、密钥秘密共享模块、数据秘密共享模块以及数据恢复模块;5. A data distributed storage system based on secret sharing technology, characterized in that it is used to implement data distributed storage through a data distributed storage method based on secret sharing technology as described in any one of claims 1 to 4, and the system includes a data block module, a key secret sharing module, a data secret sharing module and a data recovery module; 数据分块模块用于执行如下:将原始数据划分为多个数据块,对于每个数据块,通过对称密钥对所述数据块进行加密,生成加密数据块;The data block module is used to perform the following: divide the original data into multiple data blocks, and for each data block, encrypt the data block by using a symmetric key to generate an encrypted data block; 密钥秘密分享模块用于执行如下:基于Shamir门限方案将所述对称密钥分割为多个密钥分片,将所述多个密钥分片分布式存储到多个不同节点;The key secret sharing module is used to perform the following: split the symmetric key into multiple key fragments based on the Shamir threshold scheme, and store the multiple key fragments in a distributed manner to multiple different nodes; 数据秘密分享模块用于执行如下:对于每个加密数据块,基于Shamir门限方案将所述加密数据块分割为多个数据分片,将所述多个数据分片分布式存储到多个不同节点,其中数据分片和密钥分片可分布于不同节点上或相同的节点上;The data secret sharing module is used to perform the following: for each encrypted data block, split the encrypted data block into multiple data slices based on the Shamir threshold scheme, and store the multiple data slices in a distributed manner to multiple different nodes, wherein the data slices and the key slices can be distributed on different nodes or on the same node; 数据恢复模块用于执行如下:对于对称密钥,基于Shamir门限方案收集预定数量的密钥分片、并基于收集的密钥分片进行对称密钥重构,得到重构的对称密钥,对于每个加密数据块,基于Shamir门限方案收集预定数量的数据分片、并基于收集的数据分片进行加密数据块重构,得到重构的加密数据块,并基于重构的对称密钥对所述重构的加密数据块进行解密,恢复出原始的数据块。The data recovery module is used to perform the following: for a symmetric key, a predetermined number of key fragments are collected based on the Shamir threshold scheme, and the symmetric key is reconstructed based on the collected key fragments to obtain a reconstructed symmetric key; for each encrypted data block, a predetermined number of data fragments are collected based on the Shamir threshold scheme, and the encrypted data block is reconstructed based on the collected data fragments to obtain a reconstructed encrypted data block; and the reconstructed encrypted data block is decrypted based on the reconstructed symmetric key to recover the original data block. 6.根据权利要求5所述的基于秘密共享技术的数据分布式存储系统,其特征在于,密钥秘密分享模块用于基于Shamir门限方案将所述对称密钥分割为个密钥分片,将所述个密钥分片分布存储到个不同节点,并限定需要收集至少个密钥分片对所述对称密钥进行重构恢复;6. The data distributed storage system based on secret sharing technology according to claim 5 is characterized in that the key secret sharing module is used to split the symmetric key into key shards, The key shards are distributed and stored in different nodes, and it is required to collect at least Reconstruct and recover the symmetric key using key shards; 对应的,数据恢复模块用于基于Shamir门限方案从至少个节点上收集密钥分片,基于收集的至少个密钥分片、通过拉格朗日差值法进行对称密钥重构,对称密钥重构计算公式如下:Correspondingly, the data recovery module is used to recover at least The key shards are collected on nodes, based on at least The key is sharded and the symmetric key is reconstructed by Lagrange difference method. The calculation formula of symmetric key reconstruction is as follows: ; 其中,均表示密钥分片的编号,表示第个密钥分片,表示重构的对称密钥。in, and Both represent the key shard number. Indicates key shards, Represents the reconstructed symmetric key. 7.根据权利要求5所述的基于秘密共享技术的数据分布式存储系统,其特征在于,数据秘密分享模块用于基于Shamir门限方案将加密数据块分割为个数据分片,将所述个数据分片分布存储到个不同节点,并限定需要收集至少个密钥分片对所述加密数据块进行重构恢复;7. The data distributed storage system based on secret sharing technology according to claim 5 is characterized in that the data secret sharing module is used to divide the encrypted data block into data shards, Data is distributed and stored in different nodes, and it is required to collect at least Reconstruct and restore the encrypted data block using key fragments; 对应的,数据恢复模块用于基于Shamir门限方案从至少个节点上收集数据分片,基于收集的至少个数据分片、通过拉格朗日差值法进行加密数据块重构,加密数据块重构计算公式如下:Correspondingly, the data recovery module is used to recover at least The data is collected on the nodes, based on at least The encrypted data blocks are reconstructed by Lagrange difference method. The calculation formula for reconstructing the encrypted data blocks is as follows: ; 其中,均表示数据分片的编号,表示第个加密数据块对应的第个数据分片,表示重构的加密数据块。in, and Both represent the data shard number. Indicates Encrypted data blocks The corresponding data shards, Represents a reconstructed encrypted data block. 8.根据权利要求5-7任一项所述的基于秘密共享技术的数据分布式存储系统,其特征在于,数据分块模块用于基于对称密钥、通过AES加密算法对数据块进行加密,生成加密数据块。8. The data distributed storage system based on secret sharing technology according to any one of claims 5 to 7 is characterized in that the data block module is used to encrypt the data block based on a symmetric key and through an AES encryption algorithm to generate an encrypted data block.
CN202411687177.3A 2024-11-25 2024-11-25 Data distributed storage method and system based on secret sharing technology Pending CN119172077A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411687177.3A CN119172077A (en) 2024-11-25 2024-11-25 Data distributed storage method and system based on secret sharing technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411687177.3A CN119172077A (en) 2024-11-25 2024-11-25 Data distributed storage method and system based on secret sharing technology

Publications (1)

Publication Number Publication Date
CN119172077A true CN119172077A (en) 2024-12-20

Family

ID=93882978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411687177.3A Pending CN119172077A (en) 2024-11-25 2024-11-25 Data distributed storage method and system based on secret sharing technology

Country Status (1)

Country Link
CN (1) CN119172077A (en)

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5600725A (en) * 1993-08-17 1997-02-04 R3 Security Engineering Ag Digital signature method and key agreement method
US20030084290A1 (en) * 2001-10-12 2003-05-01 Kumar Murty Distributed security architecture for storage area networks
US20060285682A1 (en) * 2005-06-03 2006-12-21 Sarangarajan A Authentication system executing an elliptic curve digital signature cryptographic process
US20190354985A1 (en) * 2018-05-15 2019-11-21 Capital One Services, Llc Generating a random verification code for a transaction
CN111639361A (en) * 2020-05-15 2020-09-08 中国科学院信息工程研究所 Block chain key management method, multi-person common signature method and electronic device
US20210105138A1 (en) * 2019-10-04 2021-04-08 Atakama LLC Encrypted search
US20210111876A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Secure session for decryption
US20210111889A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Relay network for encryption system
US20210111887A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Waterfall request for decryption
US20210119781A1 (en) * 2019-10-16 2021-04-22 Coinbase, Inc. Systems and methods for re-using cold storage keys
US20210144002A1 (en) * 2019-10-11 2021-05-13 Atakama LLC Secondary Channel Authentication of Public Keys
CN113079003A (en) * 2021-03-26 2021-07-06 中国科学院信息工程研究所 Distributed SM9 key generation method and system
CN116933299A (en) * 2023-09-18 2023-10-24 国网智能电网研究院有限公司 Tax electric data safety fusion method, tax electric node, equipment and medium
CN117118633A (en) * 2023-08-31 2023-11-24 蚂蚁区块链科技(上海)有限公司 Method for realizing distributed digital certificate, computer equipment and storage medium
CN117240467A (en) * 2023-08-31 2023-12-15 蚂蚁区块链科技(上海)有限公司 Method, system and node for realizing threshold signature
CN117318943A (en) * 2023-11-29 2023-12-29 江苏微知量子科技有限公司 Quantum distributed data storage and recovery method
CN117349888A (en) * 2023-10-19 2024-01-05 广州文远知行科技有限公司 Combined training method, system, equipment and storage medium for vehicle simulation model

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5600725A (en) * 1993-08-17 1997-02-04 R3 Security Engineering Ag Digital signature method and key agreement method
US20030084290A1 (en) * 2001-10-12 2003-05-01 Kumar Murty Distributed security architecture for storage area networks
US20060285682A1 (en) * 2005-06-03 2006-12-21 Sarangarajan A Authentication system executing an elliptic curve digital signature cryptographic process
US20190354985A1 (en) * 2018-05-15 2019-11-21 Capital One Services, Llc Generating a random verification code for a transaction
US20210105138A1 (en) * 2019-10-04 2021-04-08 Atakama LLC Encrypted search
US20210144002A1 (en) * 2019-10-11 2021-05-13 Atakama LLC Secondary Channel Authentication of Public Keys
US20210111876A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Secure session for decryption
US20210111889A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Relay network for encryption system
US20210111887A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Waterfall request for decryption
US20210119781A1 (en) * 2019-10-16 2021-04-22 Coinbase, Inc. Systems and methods for re-using cold storage keys
CN111639361A (en) * 2020-05-15 2020-09-08 中国科学院信息工程研究所 Block chain key management method, multi-person common signature method and electronic device
CN113079003A (en) * 2021-03-26 2021-07-06 中国科学院信息工程研究所 Distributed SM9 key generation method and system
CN117118633A (en) * 2023-08-31 2023-11-24 蚂蚁区块链科技(上海)有限公司 Method for realizing distributed digital certificate, computer equipment and storage medium
CN117240467A (en) * 2023-08-31 2023-12-15 蚂蚁区块链科技(上海)有限公司 Method, system and node for realizing threshold signature
CN116933299A (en) * 2023-09-18 2023-10-24 国网智能电网研究院有限公司 Tax electric data safety fusion method, tax electric node, equipment and medium
CN117349888A (en) * 2023-10-19 2024-01-05 广州文远知行科技有限公司 Combined training method, system, equipment and storage medium for vehicle simulation model
CN117318943A (en) * 2023-11-29 2023-12-29 江苏微知量子科技有限公司 Quantum distributed data storage and recovery method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHRISTIAN等: "An entropy-based demonstration of the security of shamir secret sharing scheme", 《IEEE》, 6 November 2014 (2014-11-06) *
阮星华;杨林;古力;徐敬东;: "一种安全增强的无线Ad Hoc网络门限签名方案", 计算机工程, no. 12, 20 June 2008 (2008-06-20) *

Similar Documents

Publication Publication Date Title
CN109150968B (en) Block chain distributed storage method based on secret sharing
TWI711287B (en) Block chain-based transaction consensus processing method and device, and electronic equipment
CN107317666B (en) Parallel full homomorphic encryption and decryption method supporting floating point operation
EP3831013A1 (en) System and method to protect data privacy of lightweight devices using blockchain and multi-party computation
US7860254B2 (en) Computer system security via dynamic encryption
JP3871996B2 (en) Data division management method and program
CN108768647B (en) Random number generation method for block chain
WO2007111086A1 (en) Disaster recovery device, disaster recovery program, its recording medium, and disaster recovery system
CN102710414A (en) Randomized document block encryption method
CN108197484B (en) Method for realizing node data security in distributed storage environment
CN112073372B (en) Dual encryption method and decryption method for communication message of power system and message interaction system
CN104660590A (en) Cloud storage scheme for file encryption security
EP3163789B1 (en) Forward-secure crash-resilient logging device
CN110263570B (en) Gene data desensitization method for realizing efficient similarity query and access control
CN110011786B (en) High-safety IP secret communication method
PH12022552174A1 (en) Blockchain-based random number generation method, system and storage medium
CN104881838A (en) A GF(23)-based (K,N) Meaningful Non-dilation Image Sharing and Reconstruction Method
CN106850597A (en) A kind of distributed cryptographic method and system
CN111682932B (en) Single-round image encryption method based on mixed chaotic mapping
CN119172077A (en) Data distributed storage method and system based on secret sharing technology
CN108880795A (en) A kind of block chain security mechanism and device
CN116886298A (en) Method and equipment for enhancing FF3 format reserved encryption security
Iwamura et al. Fast secure computation based on a secret sharing scheme for n< 2k− 1
Singh An advance cryptosystem using extended polybius square with qwerty pattern
CN106059748B (en) A kind of lightweight secure storage method of data regenerating code safely based on block

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination