GIT-CERCS-05-04
Arun Subbiah, Douglas Blough,
Practical Share Renewal for Large Amounts of Data
Threshold secret sharing schemes encode data into several shares such that a
threshold number of shares can be used to recover the data. Such schemes
provide
confidentiality of stored data without using encryption, thus avoiding the
problems associated with key management. To provide long-term confidentiality,
proactive secret sharing techniques can be used, where shares are refreshed or
renewed periodically so that an adversary who obtains fewer than the threshold
shares in each time period does not learn any information on the encoded data.
Share renewal is an expensive process, in terms of the computation and network
communication involved. In the proactive model, this share renewal process must
complete as soon as possible so that an adversary who compromises servers in
the present time period does not learn shares stored in the last time period.
This paper proposes an algorithm where the shares of all the stored data are
renewed
by the share renewal of only one secret. The computation and network
communication overheads are thus drastically reduced, allowing for the share
renewal of all the stored data to complete quickly. These benefits are gained
at the expense of some performance penalty during reads and writes, which is
shown to be worthwhile.