What is secret sharing?
What is secret sharing?
To protect important information from being leaked or stolen, various types of encryption methods have long been used. In the context of information security, encryption evokes an image of an original document being placed under lock and key. The original document will be leaked if someone steals the key or figures out how to open the lock. Secret-sharing technology resulted from a belief that a system for which no key is used is needed to protect this key.
This technology was conceived in 1979 by Dr. Shamir, famous as one of the co-inventors of the RSA cryptosystem, and is a method of encoding that makes it impossible to recover original information without k of the n fragments of distributed data present. In contrast to encryption, secret-sharing technology is characterized by the lack of any need for key management. As a specific example, original information might conceivably be divided into three fragments of distributed data through the use of secret-sharing technology. The original information can be recovered by collecting any two of these three fragments of distributed data but cannot be recovered with just one fragment of distributed data. Each fragment of distributed data is meaningless, which means that nothing can be discerned by extracting and taking a look inside just one fragment of distributed data.
There are several methods of sharing, such as XOR (eXclusive-OR), threshold sharing, and AONT.
AONT protocol
AONT protocol(All-Or-Nothing Transform)
All-Or-Nothing Transform
The AONT (All-Or-Nothing Transform) protocol is a data conversion protocol that was conceived by MIT’s Dr. Rivest, another co-inventor of the RSA cryptosystem. Certain mathematical operations are applied to the original data to produce output data of approximately the same size as the original data. If all of the bits comprising the output data are available, the original data can be easily recovered. If any part of the output data is missing, however, it becomes impossible to resurrect the original data.
For example, original information might conceivably be divided into three fragments of distributed data through the use of the AONT protocol. The original information cannot be recovered unless all three fragments are collected. In other words, recovery is impossible if even one fragment is missing.
How encryption differs from rendering data meaningless
How encryption differs from rendering data meaningless
Let us say that a certain set of information (document) is encrypted. First, an encryption key is generated. While the key should ideally change for each piece of information, it is often the case that a single key is used in light of what is needed to manage keys. Although this encryption key is used to encrypt the information, the information is re-encrypted if it is updated. Again, the encryption key should ideally be regenerated, but it is likewise often the case that an encryption key is reused in these scenarios as well.
Consequently, if a key were stolen, the perpetrator could decrypt multiple documents together or fully decrypt the contents of past documents. Since information is protected with a key, key management is critical. In other words, risk converges on the key.
On the other hand, when it comes to AONT-based secret sharing, secret sharing is carried out for each piece of information, and the data is distributed on a fragmented basis, which means that there is no sharing of keys. If the information is updated, secret sharing and data distribution are carried out again, which in turn means that keys are not reused. When secret sharing and data distribution are carried out again, you are free to vary the ratio of fragmentation and number of fragments to be distributed. Since the importance of specific fragments is of no relevance, it is sufficient to ensure that fragments are properly separated to enable the risk to be spread out.
ZENMU-AONT
ZENMU-AONT
The solution of rendering data meaningless
ZenmuTech developed ZENMU-AONT, a proprietary secret-sharing technology based on the use of the AONT protocol.
ZENMU-AONT is characterized as follows:
- Uses a method optimized for high-speed processing.
- Utilizes AES with a key length of 256 bits for block encryption.
- Ideal cryptographic model for security.
- Encoding on a block-by-block basis.
- Encryption strength on par with AES256.
- Key management is not required.
- Keys are also distributed.
- The ratio for fragmented distribution can be specified as desired (minimum size is 32 bytes).
- Post-distribution data capacity (aggregate) is almost the same as that of the original data.
ZENMU-AONT solutions leverage these characteristics.
We have identified three key areas of application: individual data, aggregated data, and data in transit. We have developed and sell the following products, which have been designed to render data in each area meaningless for the protection of such data: ZENMU Virtual Drive, ZENMU for PC, ZENMU for Meister, and ZENMU for Delivery.
This technology is also available in the form of an API as ZENMU Engine. BY using ZENMU Engine, customers can incorporate secret-sharing technology into various applications on their end and develop highly secure products.