【 摘 要 】

We have entered an era where copious amounts of sensitive data are being stored in the cloud. To meet the rising privacy, reliability, and verifiability needs, we propose Gecko, a multi-cloud dispersal scheme where: (a) the key used to encrypt the data file is the secret in a Latin-square-autotopism secret-sharing scheme, (b) data files and encryption keys are dispersed separately to multiple clouds, and (c) a blockchain-based integrity-check protocol is devised to pinpoint faulty data. Gecko enables fast and thorough key renewal: when a portion of the key (the secret) is leaked, we replace all shares of the partially-leaked secret without replacing the secret itself; this immediately resists targeted attack to certain file without re-encrypting the data file itself. Key renewal is further accelerated by the blockchain-based integrity check. We evaluate Gecko theoretically and experimentally against the traditional AONT-RS dispersal scheme, drawing two conclusions: 1) Gecko admits powerful key renewal and identification of damaged data, with a minor transfer overhead; and 2) Gecko performs key renewal three to five times faster than AONT-RS hybrid-slice renewal (the closest thing AONT-RS has to key renewal).

【 授权许可】

Unknown