Sian-Jheng Lin,Wei-Ho Chung

DOI: https://doi.org/10.1109/LCOMM.2012.112012.121322

IF: 3.5529

2012-01-01

IEEE Communications Letters

Abstract:The (n, k) information dispersal algorithm (IDA) is the art of converting a file into n pieces of shadows, and any k out of the n shadows suffice for reconstructing the file. The IDA is applicable to the distributed communication and storage systems. This letter proposes an efficient (n, k) IDA for the case n/2≤k<;n over Fermat field GF(2r+1). We first present the IDA under conditions of n-k in the power of 2 and n as multiple of n-k, and then extend the algorithm to the general case. For a reasonably large file, both encoder and decoder achieveΘ(nlog(n-k)) operations in processing k symbols.

Sian-Jheng Lin,Wei-Ho Chung

DOI: https://doi.org/10.1109/TIFS.2013.2270892

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The $(n,k)$ information dispersal algorithm (IDA) is a coding technique converting a digital source file into $n$ small digital files (shadows), and the receipt of any $k$ out of the $n$ shadows can losslessly reconstruct the source file. This paper presents an encoding and two decoding algorithms of $(n,k)$ IDA via the fast Fermat number transform (FNT). The proposed encoding algorithm requires $O(n\\log k)$ arithmetic operations, and the two decoding algorithms have complexities $O(n\\log k)$ and $O(k\\log ^{2}k)$ for a reasonably large file. As compared with existing work, the proposed algorithms generate significant improvement in the throughput in the low code rate $k/n\\leq 1/2$ settings.

Katarzyna Kapusta,Gerard Memmi,Hassan Noura

DOI: https://doi.org/10.48550/arXiv.1705.09872

2017-05-28

Abstract:The family of Information Dispersal Algorithms is applied to distributed systems for secure and reliable storage and transmission. In comparison with perfect secret sharing it achieves a significantly smaller memory overhead and better performance, but provides only incremental confidentiality. Therefore, even if it is not possible to explicitly reconstruct data from less than the required amount of fragments, it is still possible to deduce some information about the nature of data by looking at preserved data patterns inside a fragment. The idea behind this paper is to provide a lightweight data fragmentation scheme, that would combine the space efficiency and simplicity that could be find in Information Dispersal Algorithms with a computational level of data confidentiality.

Cryptography and Security

Zhenfei Zhao,KaYin Chau,Zheming Lu

2011-01-01

Abstract:Recently, a reversible secret sharing scheme has been developed for encrypting a secret image in a set of camouflage images. The key advantage lies in that both the secret and cover images can be accurately reconstructed during decryption. This paper proposes a high capacity data hiding scheme integrated in reversible secret sharing. In secret sharing, some extra confidential data are also hidden in camouflage images by means of a double module mechanism. As a multilevel histogram shifting strategy is employed, a high capacity can be achieved. In the decoder, not only the cover and secret images but also the confidential data can be perfectly recovered. The confidential data can be some affiliated information of the secret image or for validity authentication. Experimental results demonstrate the effectiveness of the proposed method.

K. V. Rashmi,Nihar B. Shah,Kannan Ramchandran,P. Vijay Kumar

DOI: https://doi.org/10.1109/tit.2017.2769101

IF: 2.5

2018-03-01

IEEE Transactions on Information Theory

Abstract:Repair operations in erasure-coded distributed storage systems involve a lot of data movement. This can potentially expose data to malicious acts of passive eavesdroppers or active adversaries, putting security of the system at risk. This paper presents coding schemes and repair algorithms that ensure security of the data in the presence of passive eavesdroppers and active adversaries while maintaining high availability, reliability, and resource efficiency in the system. The proposed codes are optimal in that they meet previously proposed lower bounds on storage and network-bandwidth requirements for a wide range of system parameters. The results thus establish the secure storage capacity of such systems. The proposed codes are based on an optimal class of codes called product-matrix codes. The constructions presented for security from active adversaries provide an additional appealing feature of “on-demand security,” where the desired level of security can be chosen separately for each instance of repair, and the proposed algorithms remain optimal simultaneously for all possible security levels. This paper also provides necessary and sufficient conditions governing the transformation of any (non-secure) code into one providing on-demand security.

computer science, information systems,engineering, electrical & electronic

LI Liangbin,WANG Jinlin,CHEN Jun

DOI: https://doi.org/10.3969/j.issn.2095-347x.2011.05.001

2011-01-01

Abstract:Data dispersal is a key technology for survivable storage system,based on the analysis of features and shortcomings of existing data dispersal scheme,a verifiable short secret sharing data dispersal scheme supporting general access structure is proposed.The fragment generated by our scheme is composed of cipher-text portion and cipher-key portion.Firstly the original data is encrypted and dispersed with erasure coding,secondly the cipher-key is dispersed with an improved verifiable secret sharing algorithm,and dispersal of the cipher-key must depend on the cipher-text portion.Comparing to existing work,our scheme achieves high performance in all aspects of space cost,secrecy and verifiability,and the general access structure is also supported.

Zhuojun Zhuang,Bin Dai,Yuan Luo,A. J. Han Vinck

DOI: https://doi.org/10.1049/iet-com.2014.0870

IF: 1.345

2015-01-01

IET Communications

Abstract:Incorporating information security and error correction in network coding, which has various applications in communication theory, for example, secret key sharing through a network, is of special interest and has been widely studied. To make a more intensive analysis of secure error-correcting network codes, we investigate how to secure k source symbols transmission in a multicast network against an adversary that can obtain k(1) source symbols as side information, eavesdrop mu channels and contaminate d channels. We introduce relative network generalised Hamming weight (RNGHW) with network error correction (NEC), or briefly NEC-RNGHW, to measure the equivocation to the adversary. Network generalised singleton bound on NEC-RNGHW is obtained and code constructions achieving the bound are provided. By these constructions, the maximum rate of a secure linear multicast is n - 2d - mu - k(1), where n is the minimum value of the maxflows from a source node to sink nodes. We also characterise the equivocation by the relative profiles of a linear code and a subcode, and tighten the singleton bound on equivocation by the generalised Griesmer bound on relative profiles.

Hung–Min Sun,Shiuh-Pyng Shieh

DOI: https://doi.org/10.1109/24.693779

IF: 5.883

1997-01-01

IEEE Transactions on Reliability

Abstract:This paper investigates the (m,n) information dispersal scheme (IDS) used to support fault-tolerant distributed servers in a distributed system. In an (m,n)-IDS, a file M is broken into n pieces such that any m pieces collected suffice for reconstructing M. The reliability of an (m,n)-IDS is primarily determined by 3 important factors: n=information dispersal degree (IDD), n/m=information expansion ratio (IER), P/sub s/=success-probability of acquiring a correct piece. It is difficult to determine the optimal IDS with the highest reliability from very many choices. Our analysis shows: several novel features of (m,n)-IDS which can help reduce the complexity of finding the optimal IDS with the highest reliability; that an IDS with a higher IER might not have a higher reliability, even when P/sub s//spl rarr/1. Based on the theorems given herein, we have developed a method that reduces the complexity for computing the highest reliability from, O(/spl nu/) [/spl nu/=number of servers] to O(1) when the 'upper bound of the IER'=1, or O(/spl nu//sup 2/) to O(1) when the 'upper bound of the IER'>1.

Michael Dikshtein,Nir Weinberger,Shlomo Shamai

2023-05-02

Abstract:We consider the problem of reliable communication over a discrete memoryless channel (DMC) with the help of a relay, termed the information bottleneck (IB) channel. There is no direct link between the source and the destination, and the information flows in two hops. The first hop is a noisy channel from the source to the relay. The second hop is a noiseless but limited-capacity backhaul link from the relay to the decoder. We further assume that the relay is oblivious to the transmission codebook. We examine two mismatch scenarios. In the first setting, we assume the decoder is restricted to use some fixed decoding rule, which is mismatched to the actual channel. In the second setting, we assume that the relay is restricted to use some fixed compression metric, which is again mismatched to the statistics of the relay input. We establish bounds on the random- coding capacity of both settings, some of which are shown to be ensemble tight.

Information Theory

Yi Wang,Rongmao Chen,Xinyi Huang,Jianting Ning,Baosheng Wang,Moti Yung

DOI: https://doi.org/10.1007/978-3-030-92075-3_15

2021-01-01

Abstract:Our context is anonymous encryption schemes hiding their receiver, but in a setting which allows authorities to reveal the receiver when needed. While anonymous Identity-Based Encryption (IBE) is a natural candidate for such fair anonymity (it gives trusted authority access by design), the de facto security standard (a.k.a. IND-ID-CCA) is incompatible with the ciphertext rerandomizability which is crucial to anonymous communication. Thus, we seek to extend IND-ID-CCA security for IBE to a notion that can be meaningfully relaxed for rerandomizability while it still protects against active adversaries. To the end, inspired by the notion of replayable adaptive chosen-ciphertext attack (RCCA) security (Canetti et al., Crypto'03), we formalize a new security notion called Anonymous Identity-Based RCCA (ANON-ID-RCCA) security for rerandomizable IBE and propose the first construction with rigorous security analysis. The core of our scheme is a novel extension of the double-strand paradigm, which was originally proposed by Golle et al. (CT-RSA'04) and later extended by Prabhakaran and Rosulek (Crypto'07), to the well-known Gentry-IBE (Eurocrypt'06). Notably, our scheme is the first IBE that simultaneously satisfies adaptive security, rerandomizability, and recipient-anonymity to date. As the application of our new notion, we design a new universal mixnet in the identitybased setting that does not require public key distribution (with fair anonymity). More generally, our new notion is also applicable to most existing rerandomizable RCCA-secure applications to eliminate the need for public key distribution infrastructure while allowing fairness.

Hsuan-Yin Lin,Siddhartha Kumar,Eirik Rosnes,Alexandre Graell i Amat

DOI: https://doi.org/10.48550/arXiv.1806.01342

2018-09-18

Abstract:We consider private information retrieval (PIR) for distributed storage systems (DSSs) with noncolluding nodes where data is stored using a non maximum distance separable (MDS) linear code. It was recently shown that if data is stored using a particular class of non-MDS linear codes, the MDS-PIR capacity, i.e., the maximum possible PIR rate for MDS-coded DSSs, can be achieved. For this class of codes, we prove that the PIR capacity is indeed equal to the MDS-PIR capacity, giving the first family of non-MDS codes for which the PIR capacity is known. For other codes, we provide asymmetric PIR protocols that achieve a strictly larger PIR rate compared to existing symmetric PIR protocols.

Information Theory

Hung-Min Sun,Shiuh-Pyng Shieh

DOI: https://doi.org/10.1109/icpads.1994.590356

1994-01-01

Abstract:In an (m, n) Information Dispersal Scheme (IDS), the sender node decomposes a message M of length L into n pieces S/sub i/, 1/spl les/i/spl les/n, each of length L/m, such that any m pieces collected by the receiver node over different paths suffice for reconstructing M. Because of variations of network traffic, the number n of available vertex-disjoint paths for the transmission from the sender node to the receiver node may vary in time. It is very difficult to determine the best n and m which gives the highest communication reliability, when given the maximum number of available disjoint paths and an upper bound for the information expansion rate (n/m). In this research, we discovered several interesting features of (m, n) IDSs which can help reduce the complexity for computing the highest communication reliability. From these findings, we propose a method for determining the optimal IDS.

Maheswaran Sathiamoorthy,Megasthenis Asteris,Dimitris Papailiopoulos,Alexandros G. Dimakis,Ramkumar Vadali,Scott Chen,Dhruba Borthakur

DOI: https://doi.org/10.48550/arXiv.1301.3791

2013-01-16

Information Theory

Abstract:Distributed storage systems for large clusters typically use replication to provide reliability. Recently, erasure codes have been used to reduce the large storage overhead of three-replicated systems. Reed-Solomon codes are the standard design choice and their high repair cost is often considered an unavoidable price to pay for high storage efficiency and high reliability. This paper shows how to overcome this limitation. We present a novel family of erasure codes that are efficiently repairable and offer higher reliability compared to Reed-Solomon codes. We show analytically that our codes are optimal on a recently identified tradeoff between locality and minimum distance. We implement our new codes in Hadoop HDFS and compare to a currently deployed HDFS module that uses Reed-Solomon codes. Our modified HDFS implementation shows a reduction of approximately 2x on the repair disk I/O and repair network traffic. The disadvantage of the new coding scheme is that it requires 14% more storage compared to Reed-Solomon codes, an overhead shown to be information theoretically optimal to obtain locality. Because the new codes repair failures faster, this provides higher reliability, which is orders of magnitude higher compared to replication.

Adi Shamir

DOI: https://doi.org/10.1145/359168.359176

IF: 22.7

1979-11-01

Communications of the ACM

Abstract:In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D . This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.

computer science, theory & methods, software engineering, hardware & architecture

Weifeng Wu,Fagen Li

DOI: https://doi.org/10.3837/tiis.2015.05.020

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

Hsuan-Yin Lin,Siddhartha Kumar,Eirik Rosnes,Alexandre Graell i Amat

DOI: https://doi.org/10.48550/arXiv.1808.09018

2018-08-28

Abstract:We consider private information retrieval (PIR) for distributed storage systems (DSSs) with noncolluding nodes where data is stored using a non maximum distance separable (MDS) linear code. It was recently shown that if data is stored using a particular class of non-MDS linear codes, the MDS-PIR capacity, i.e., the maximum possible PIR rate for MDS-coded DSSs, can be achieved. For this class of codes, we prove that the PIR capacity is indeed equal to the MDS-PIR capacity, giving the first family of non-MDS codes for which the PIR capacity is known. For other codes, we provide asymmetric PIR protocols that achieve a strictly larger PIR rate compared to existing symmetric PIR protocols.

Information Theory

Fengcheng Lyu,Zhiping Shi,Rui Tang,Liuyue Gan,Yajun Ren

DOI: https://doi.org/10.1007/978-981-10-6571-2_114

2019-01-01

Abstract:With the symmetric cryptosystem based on error correcting codes and the concept of equivalent matrix, this paper puts forward a secure communication scheme based on linear block codes. The proposed scheme realizes the secure and reliable integrated communication by hiding and changing the coding matrix (parity check matrix or generator matrix) randomly and simultaneously without decreasing the error correction ability of linear block codes. And also, based on RDF (Random Difference Families), we propose a design method of QC-LDPC codes based on the proposed secure and reliable communication framework. The proposed QC-LDPC codes have a large number of performance equivalent parity check matrix with the same parameters. At the same time, the LDPC codes hold better reliability of transmission and flexibility of design. Finally, the security and reliability of the proposed LDPC codes are verified by analysis and simulations.

Qifa Yan,Xiaohu Tang,Zhengchun Zhou

2024-07-24

Abstract:In this work, a distributed server system composed of multiple servers that holds some coded files and multiple users that are interested in retrieving the linear functions of the files is investigated, where the servers are robust, blind and adversarial in the sense that any $J$ servers can together recover all files, while any $I$ colluding servers cannot obtain any information about the files, and at most $A$ servers maliciously provides erroneous information. In addition, the file library must be secure from a wiretapper who obtains all the signals, and the demands of any subset of users must kept private from the other users and servers, even if they collude. A coding scheme is proposed by incorporating the ideas of Shamir's secret sharing and key superposition into the framework of Placement Delivery Array (PDA), originally proposed to characterize the single-server coded caching system without any security or privacy constraints. It is shown that PDAs associated to Maddah-Ali and Niesen's coded caching scheme results in an achievable memory-storage-communication region, such that the storage size and communication load were optimal to within a multiplicative gap, except for the small memory regime when the number of files was smaller than the number of users.

Information Theory

Nicolas Alhaddad,Sisi Duan,Mayank Varia,Haibin Zhang

2021-01-01

Abstract:Erasure coding is a key tool to reduce the space and communication overhead in fault-tolerant distributed computing. State-of-the-art distributed primitives, such as asynchronous verifiable information dispersal (AVID), reliable broadcast (RBC), multi-valued Byzantine agreement (MVBA), and atomic broadcast, all use erasure coding. This paper introduces an erasure coding proof (ECP) system, which allows the encoder to prove succinctly and noninteractively that an erasure-coded fragment is consistent with a constant-sized commitment to the original data block. Each fragment can be verified independently of the other fragments. Our proof system is based on polynomial commitments, with new batching techniques that may be of independent interest. To illustrate the benefits of our ECP system, we show how to build the first AVID protocol with optimal message complexity, word complexity, and communication complexity.

Shaofeng Zou,Yingbin Liang,Lifeng Lai,Shlomo Shamai

DOI: https://doi.org/10.48550/arXiv.1404.6474

2014-04-26

Abstract:A novel information theoretic approach is proposed to solve the secret sharing problem, in which a dealer distributes one or multiple secrets among a set of participants that for each secret only qualified sets of users can recover it by pooling their shares together while non-qualified sets of users obtain no information about the secret even if they pool their shares together. While existing secret sharing systems (implicitly) assume that communications between the dealer and participants are noiseless, this paper takes a more practical assumption that the dealer delivers shares to the participants via a noisy broadcast channel. An information theoretic approach is proposed, which exploits the channel as additional resources to achieve secret sharing requirements. In this way, secret sharing problems can be reformulated as equivalent secure communication problems via wiretap channels, and can be solved by employing powerful information theoretic security techniques. This approach is first developed for the classic secret sharing problem, in which only one secret is to be shared. This classic problem is shown to be equivalent to a communication problem over a compound wiretap channel. The lower and upper bounds on the secrecy capacity of the compound channel provide the corresponding bounds on the secret sharing rate. The power of the approach is further demonstrated by a more general layered multi-secret sharing problem, which is shown to be equivalent to the degraded broadcast multiple-input multiple-output (MIMO) channel with layered decoding and secrecy constraints. The secrecy capacity region for the degraded MIMO broadcast channel is characterized, which provides the secret sharing capacity region. Furthermore, these secure encoding schemes that achieve the secrecy capacity region provide an information theoretic scheme for sharing the secrets.

Information Theory