Data Security and Resilience using Secret Shares and Elliptic Curve Methods
Our data structures are often not secure, and these are especially at risk when we use public cloud systems. Along with this, we become highly dependent on specific cloud systems. Over the past few years, all the cloud infrastructures have had significant outages, and thus we need to build-in resilience into your data storage, and where we can cope with an outage.
In our data centres, we often use RAID 10, and where we stripe and mirror data across disks, and where a failure of one or more disks does not lose any of the data. So can we re-create this type of system without our Cloud-based architectures, but still be ultra-secure? The answer is yes, and I’ll show you a method which achieves this.
Threshold schemes
A threshold scheme allows us to create a number of secrets and then define a threshold number of the shares to come back together again. If we have n shares we can define that t shares need to come back together to reconstruct the original data.
What we want is for Bob and Alice to generate a key pair (either for the session or long-term keys). They will then pass their public keys to each other, and at the end will have a shared key. This key is then used to secure each of the shares: