Copyright | Peter Robinson 2014 |
---|---|

License | LGPL |

Maintainer | Peter Robinson <peter.robinson@monoid.at> |

Stability | experimental |

Portability | portable |

Safe Haskell | None |

Language | Haskell98 |

This module provides an (m,n)-information dispersal scheme that provides data redundancy while preserving secrecy. In other words, this module combines the best of 2 worlds: secret sharing algorithms with low-overhead information dispersal.

Function `encode`

splits a given bytestring into `n`

fragments with the
following properties:

- Any
`m`

of the`n`

fragments are sufficient for reconstructing the original bytestring via`decode`

, and - the knowledge of up to
`m-1`

fragments does*not*leak any information about the original bytestring.

In more detail, suppose that we have some bytestring `b`

that we want to
(securely) disperse and parameter `m`

, `n`

.
Running `encode`

`m n b`

does the following:

- Generate a randomly chosen key of 32 bytes, called
`key`

. - Encrypt the bytestring
`b`

using`key`

via AES. - Generate
`n`

shares using the perfect secret sharing algorithm implemented in module Crypto.SecretSharing; see package http://hackage.haskell.org/package/secret-sharingsecret-sharing - Generate
`n`

fragments of the encrypted data using the information dispersal algorithm in Data.IDA. - Finally, we pair up these shares and fragments as
a list of
`EncryptedFragment`

s.

The size of each encrypted fragment is `O(|b|/m + |key|)`

.
For sufficiently large bytestrings, the `O(|b|/m)`

factor dominates and thus
the scheme is space-optimal.

The secret sharing algorithm guarantess that the knowledge of up to `m-1`

of
the fragments does not leak any information about the encryption key (and
hence the encrypted data).

- data EncryptedFragment
- encode :: Int -> Int -> ByteString -> IO [EncryptedFragment]
- encodeWithIV :: Int -> Int -> ByteString -> ByteString -> IO [EncryptedFragment]
- decode :: [EncryptedFragment] -> ByteString

# Documentation

data EncryptedFragment Source

:: Int | m: number of fragments required for reconstruction |

-> Int | n: total number of fragments ( |

-> ByteString | the information that we want to disperse |

-> IO [EncryptedFragment] | a list of n encrypted fragments. |

Space efficient and secrecy-preserving (m,n)-information dispersal:
Generates `n`

fragments out
of a given bytestring `b`

. Each fragment has size `length b / m + O(1)`

.
At least m fragments are required for reconstruction.
Preserves secrecy: The knowledge of less than m
fragments provides *no* information about the original data whatsoever.

:: Int | m: number of fragments required for reconstruction |

-> Int | n: total number of fragments ( |

-> ByteString | the initialization vector for the AES encryption |

-> ByteString | the information that we want to disperse |

-> IO [EncryptedFragment] | a list of n encrypted fragments. |

Same as `encode`

but uses an initialization vector for the AES encryption.

decode :: [EncryptedFragment] -> ByteString Source

Reconstruct the original data from (at least) `m`

fragments.
Throws an `AssertionFailed`

exception if an insufficient number fragments are
given or if a decoding error occurs.