Masahide Sasaki

Mikio Fujiwara, Atsushi Waseda, Ryo Nojima et al.

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area.

Te Sun Han, Hiroyuki Endo, Masahide Sasaki

The wiretap channel has been devised and studied first by Wyner, and subsequently extended to the case with non-degraded general wiretap channels by Csiszar and Korner. Focusing mainly on the Poisson wiretap channel with cost constraint, we newly introduce the notion of reliability and security functions as a fundamental tool to analyze and/or design the performance of an efficient wiretap channel system. Compact formulae for those functions are explicitly given for stationary memoryless wiretap channels. It is also demonstrated that, based on such a pair of reliability and security functions, we can control the tradeoff between reliability and security (usually conflicting), both with exponentially decreasing rates as block length n becomes large. Two ways to do so are given on the basis of concatenation and rate exchange. In this framework, the notion of the δ secrecy capacity is defined and shown to attain the strongest security standard among others. The maximized vs. averaged security measures is also discussed.