Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Distributed Storage: Optimal Trade-Off Between Storage Rate and Privacy Leakage

Remi A. Chou, Joerg Kliewer

TL;DR

The paper addresses storing a file $F$ over $T$ servers with recoverability from any $\tau$ servers and privacy against any $z$ colluding servers, allowing leakage up to a fraction $\alpha$ of $H(F)$. It introduces and exploits a leakage-symmetric (uniform) secret sharing framework to optimize the distribution of shares and local randomness, deriving explicit, tight bounds on per-server share sizes and encoder randomness as functions of $\alpha$, $\tau$, and $z$. The main contribution is Theorem theconverse, which provides $\lambda_t^{\star}(\alpha,z,\tau)/H(F) = \max\left( \frac{1-\alpha}{\tau-z}, \frac{1}{\tau} \right)$ and $\rho^{\star}(\alpha,z,\tau)/H(F) = [z-\tau\alpha]^+/ (\tau-z)$, with matching achievability and converse proofs; the work also derives corollaries that recover classical ramp secret sharing limits and extends results to non-symmetric settings for the sum of shares and randomness. By optimizing over a set of admissible access functions, the authors show how controlled leakage enables substantial storage reductions, and they identify a threshold behavior: when $\alpha \ge z/\tau$, a simple ramp secret sharing with equal shares suffices. The findings advance the design of efficient, privacy-aware distributed storage systems and unify ramp secret sharing with broader access-function optimization under information-theoretic privacy.

Abstract

Consider the problem of storing data in a distributed manner over $T$ servers. Specifically, the data needs to (i) be recoverable from any $τ$ servers, and (ii) remain private from any $z$ colluding servers, where privacy is quantified in terms of mutual information between the data and all the information available at any $z$ colluding servers. For this model, our main results are (i) the fundamental trade-off between storage size and the level of desired privacy, and (ii) the optimal amount of local randomness necessary at the encoder. As a byproduct, our results provide an optimal lower bound on the individual share size of ramp secret sharing schemes under a more general leakage symmetry condition than the ones previously considered in the literature.

Secure Distributed Storage: Optimal Trade-Off Between Storage Rate and Privacy Leakage

TL;DR

The paper addresses storing a file over servers with recoverability from any servers and privacy against any colluding servers, allowing leakage up to a fraction of . It introduces and exploits a leakage-symmetric (uniform) secret sharing framework to optimize the distribution of shares and local randomness, deriving explicit, tight bounds on per-server share sizes and encoder randomness as functions of , , and . The main contribution is Theorem theconverse, which provides and , with matching achievability and converse proofs; the work also derives corollaries that recover classical ramp secret sharing limits and extends results to non-symmetric settings for the sum of shares and randomness. By optimizing over a set of admissible access functions, the authors show how controlled leakage enables substantial storage reductions, and they identify a threshold behavior: when , a simple ramp secret sharing with equal shares suffices. The findings advance the design of efficient, privacy-aware distributed storage systems and unify ramp secret sharing with broader access-function optimization under information-theoretic privacy.

Abstract

Consider the problem of storing data in a distributed manner over servers. Specifically, the data needs to (i) be recoverable from any servers, and (ii) remain private from any colluding servers, where privacy is quantified in terms of mutual information between the data and all the information available at any colluding servers. For this model, our main results are (i) the fundamental trade-off between storage size and the level of desired privacy, and (ii) the optimal amount of local randomness necessary at the encoder. As a byproduct, our results provide an optimal lower bound on the individual share size of ramp secret sharing schemes under a more general leakage symmetry condition than the ones previously considered in the literature.
Paper Structure (26 sections, 5 theorems, 41 equations, 3 figures)

This paper contains 26 sections, 5 theorems, 41 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Previous work
  3. Comparison to previous work
  4. Paper organization
  5. Problem statement and review of known results
  6. Problem statement
  7. Previous results
  8. Discussion of leakage symmetry conditions used in previous work
  9. Main results
  10. Achievability proof of Theorem \ref{['thconverse']}
  11. Preliminary definitions
  12. Access function
  13. Ramp secret sharing
  14. Achievability proof
  15. Case 1
  16. ...and 11 more sections

Key Result

Theorem 1

Let $\tau \in \mathcal{T}$, $\alpha \in \mathbb{Q}\cap[0,1]$, and $z \in \llbracket 1 , \tau -1 \rrbracket$. Suppose that the leakage symmetry condition eqlt holds. Then, for any $t\in\mathcal{T}$, we have Moreover, there exists an $(\alpha,z)$-private $(\tau,(\lambda_t^{\star} (\alpha,z,\tau))_{t\in\mathcal{T}},\rho^{\star} (\alpha,z,\tau))$ coding scheme, i.e., $\lambda_t^{\star} (\alpha,z,\tau

Figures (3)

  • Figure 1: Secure distributed storage (a) and retrieval (b) with privacy leakage for $T=3$ servers, reconstruction threshold $\tau =3$, privacy threshold $z=2$, and privacy leakage parameter $\alpha$. $M_i$ is stored at Server $i\in \{1,2,3\}$ and created from the File $F$ and the local randomness $R$ available at the encoder.
  • Figure 2: $\frac{\lambda_t^{\star} (\alpha,z,\tau)}{H(F)}$, $t\in\mathcal{T}$, when $T=12$, $\tau = 7$, and the privacy threshold belongs to $\llbracket 1, 6 \rrbracket$. The bold blue circle corresponds to the optimal share size for Shamir's secret sharing, as reviewed in Corollary \ref{['cor1']}.
  • Figure 3: $\frac{\rho^{\star} (\alpha,z,\tau)}{H(F)}$ when $T=12$, $\tau = 7$, and $z$ belongs to $\llbracket 1, 6 \rrbracket$. The bold blue circle corresponds to the optimal amount of necessary randomness at the encoder for Shamir's secret sharing, as reviewed in Corollary \ref{['cor1']}.

Theorems & Definitions (12)

  • Definition 1
  • Definition 2
  • Remark
  • Definition 3
  • Theorem 1
  • proof
  • Corollary 1
  • Corollary 2
  • Corollary 3
  • Example
  • ...and 2 more