Secret sharing system, apparatus, and storage medium

摘要

According to one embodiment, a secret sharing system of an embodiment includes a secret sharing apparatus, a plurality of first storage server apparatuses, and at least one second storage server apparatus. Upon reception of a delete request transmitted from the secret sharing apparatus, each first storage server apparatus reads out, based on name information in the received delete request, storage position information associated with the name information from storage position information storing unit. Each first storage server apparatus deletes all of share information and copy information indicated by name information in the received delete request based on the readout storage position information.

主权项

1. A secret sharing system comprising:
a secret sharing apparatus configured to execute a (k, n) threshold secret sharing scheme (for 2≦k≦n) which divides secret information into pieces of share information as many as the number n of shares, and is configured to reconstruct the secret information from not less than k pieces of share information (k is an arbitrary threshold) of the plurality of pieces of divided share information; a plurality of first storage server apparatuses, each of which comprises share information storing unit configured to individually store share information distributed from the secret sharing apparatus, and is configured to control copy processing of the stored share information according to a user operation; and at least one second storage server apparatus which comprises share information storing unit configured to individually store share information distributed from the secret sharing apparatus, and is configured to execute copy processing of the stored share information at a predetermined timing, the secret sharing apparatus comprising: a storing unit configured to temporarily store the secret information; a unit configured to accept inputs of the threshold k and the number n of shares according to a user operation; a unit configured to divide the secret information in the storing unit into n pieces of share information based on the accepted threshold k and the accepted number n of shares, and the (k, n) threshold secret sharing scheme; a unit configured to select not less than n−(k−1) pieces of share information of the n pieces of divided share information; a unit configured to individually distribute the pieces of selected share information to the first storage server apparatuses; a unit configured to individually distribute pieces of share information excluding not less than n−(k−1) pieces of selected share information of the n pieces of divided share information to the second storage server apparatus; and a unit configured to transmit a delete request, which includes name information indicating a name of share information distributed to each of the first storage server apparatuses and requests to delete that share information and copy information as a copy of the share information to the respective first storage server apparatuses according to a user operation, and each of the first storage server apparatuses comprising: storage position information storing unit configured to store the name information and storage position information individually indicating storage locations of share information and copy information indicated by the name information in association with each other; a unit configured to read out storage position information associated with the name information from the storage position information storing unit based on name information in the received delete request, when a delete request transmitted from the secret sharing apparatus is received; and a unit configured to delete all of share information and copy information indicated by the name information in the received delete request based on the readout storage position information.