name: data-dispersal
-- The package version. See the Haskell package versioning policy (PVP)
-- for standards guiding when and how versions should be incremented.
-- http://www.haskell.org/haskellwiki/Package_versioning_policy
-- PVP summary: +-+------- breaking API changes
-- | | +----- non-breaking API additions
-- | | | +--- code changes with no API change
version: 1.0.0.1
synopsis: Space-efficient and privacy-preserving data dispersal algorithms.
description:
Given a ByteString of length @D@, we encode the ByteString as a list of @n@
'Fragment's, each containing a ByteString
of length @O(D/m)@. Then, each fragment could be stored on a separate
machine to obtain fault-tolerance:
Even if all but @m@ of these machines crash, we can still reconstruct the original
ByteString out of the remaining @m@ fragments.
Note that the total space requirement of the @m@ fragments is @m * O(D/m)=O(D),@
which is clearly space-optimal.
The total space required for the n fragments is @O((n/m)*D)@.
Note that @m@ and @n@ can be chosen to be of the same order, so the
asymptotic storage overhead for getting good fault-tolerance increases only by
a constant factor.
.
/GHCi Example:/
.
> > :m + Data.IDA
> > let msg = Data.ByteString.Char8.pack "my really important data"
> > let fragments = encode 5 15 msg
> -- Now we could distributed the fragments on different sites to add some
> -- fault-tolerance.
> > let frags' = drop 5 $ take 10 fragments -- let's pretend that 10 machines crashed
> -- Let's look at the 5 fragments that we have left:
> > mapM_ (Prelude.putStrLn . show) frags'
> (6,[273,771,899,737,285])
> (7,[289,939,612,285,936])
> (8,[424,781,1001,322,788])
> (9,[143,657,790,157,423])
> (10,[314,674,418,888,423])
> -- Space-efficiency: Note that the length of each of the 5 fragments is 5
> -- and our original message has length 24.
> > decode frags'
> "my really important data"
.
/Encrypted Fragments:/
.
The module @Data.IDA@ contains an information dispersal algorithm that produces
space-optimal fragments. However, the knowledge of 1 or more fragments might
allow an adversary to deduce some information about the original data.
The module @Crypto.IDA@ combines information dispersal with
secret sharing: the knowledge of up to @m-1@ fragments does not leak any
information about the original data.
.
This could be useful in scenarios where we need to store data at untrusted
storage sites: To this end, we store one encrypted fragment at each site.
If at most @m-1@ of these untrusted sites collude, they will still
be unable to obtain any information about the original data.
The added security comes at the price of a slightly
increased fragment size (by an additional constant 32 bytes) and an
additional overhead in the running time of the encoding/decoding process.
The algorithm is fully described in module "Crypto.IDA".
.
/Fault-Tolerance:/
.
Suppose that we have @N@ machines and encode our data as @2log(N)@ fragments
with reconstruction threshold m = @log(N)@.
Let's assume that we store each fragment on a separate machine and each
machine fails (independently) with probability at most 0.5.
.
* What is the probability of our data being safe?
@Pr[ at most n-m machines crash ] >= 1-0.5^(log(N)) = 1-N^(-1).@
.
* What is the overhead in terms of space that we pay for this level of fault-tolerance?
We have n fragments, each of size @O(D\/m)@, so the total space is @O(n D\/ m) =
2D.@
In other words, we can guarantee that the data survives with high probability
by increasing the required space by a constant factor.
.
This library is based on the following works:
.
* \"Efficient Dispersal of
Information for Security, Load Balancing, and Fault Tolerance\", by Michael O.
Rabin, JACM 1989.
.
* \"How to share a secret.\" by Adi Shamir.
In Communications of the ACM 22 (11): 612–613, 1979.
.
* \"Secret Sharing Made Short\" Hugo Krawczyk.
CRYPTO 1993: 136-146
license: LGPL-2.1
license-file: LICENSE
author: Peter Robinson
maintainer: peter.robinson@monoid.at
copyright: Peter Robinson 2014
category: Data, Cryptography
build-type: Simple
cabal-version: >=1.8
homepage: http://monoid.at/code
library
hs-source-dirs: src
exposed-modules: Data.IDA
Data.IDA.Internal
Data.IDA.FiniteField
Crypto.IDA
build-depends: base ==4.6.*
,array >= 0.4.0.1
,vector >= 0.10.11.0
,binary >= 0.7.2.1
,bytestring >= 0.10.0.2
,syb >= 0.4.0
,binary >= 0.5.1.1
,finite-field >= 0.8.0
,matrix >= 0.3.4.0
,AES >= 0.2.9
,entropy >= 0.3.2
,secret-sharing >= 1.0.0.0
ghc-options: -W
test-suite Main
type: exitcode-stdio-1.0
x-uses-tf: true
build-depends: base >= 4 && < 5
,QuickCheck >= 2.4
,test-framework >= 0.4.1
,test-framework-quickcheck2
,array >= 0.4.0.1
,vector >= 0.10.11.0
,spool >= 0.1
,binary >= 0.7.2.1
,bytestring >= 0.10.0.2
,syb >= 0.4.0
hs-source-dirs: src, tests
main-is: Tests.hs