摘要 |
The present invention relates to a method for at least partially updating data encrypted with an all-or-nothing encryption scheme stored on one or more servers, comprising the steps of: a) Dividing the data comprising a first number of m plaintext blocks into a second number N of equal sized chunks, wherein the second number is based on the number of servers on which said data is to be stored, such that each chunk comprises m/N blocks of the plaintext blocks, b) Encrypting each of the chunks using an All-Or-Nothing Encryption scheme with an encryption key, wherein an additional randomness per chunk is embedded into the All-Or-Nothing Encryption scheme, and outputting a plurality of ciphertext blocks for each chunk, c) Storing the encrypted chunks on the N servers such that the i-th ciphertext block of each encrypted chunk is stored on the i-th server, and wherein a result of a predetermined function performed on said randomness for all encrypted chunks is stored with each encrypted chunk, d) Determining one or more parts of one or more chunks which need to be updated if any e) Reverting said function by accessing all the chunks to acquire the randomness of said determined one or more chunks, f) Decrypting said determined chunks based on the result of step e), g) Updating the decrypted chunks, h) Re-encrypting the updated chunks using said All-Or-Nothing Encryption scheme, and i) Storing the re-encrypted chunks according to step c). |