Securing data in a dispersed storage network
First Claim
1. A method for execution by a dispersed storage and task (DST) processing unit that includes a processor, the method comprises:
- transforming a counter seed into a set of counter values;
obtaining an encryption key;
encrypting, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein the encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext;
performing, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein the performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext;
performing, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask;
masking the encryption key using the mask to produce a masked key; and
combining the at least two ciphertexts and the masked key to produce secure data.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for execution by a dispersed storage and task (DST) processing unit includes transforming a counter seed into a set of counter values; obtaining an encryption key; encrypting at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts; performing a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts; performing a second deterministic function on the at least two transformed ciphertexts to produce a mask; masking the encryption key using the mask to produce a masked key; and combining the at least two ciphertexts and the masked key to produce secure data.
103 Citations
20 Claims
-
1. A method for execution by a dispersed storage and task (DST) processing unit that includes a processor, the method comprises:
-
transforming a counter seed into a set of counter values; obtaining an encryption key; encrypting, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein the encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext; performing, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein the performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext; performing, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask; masking the encryption key using the mask to produce a masked key; and combining the at least two ciphertexts and the masked key to produce secure data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A processing system of a dispersed storage and task (DST) processing unit comprises:
-
a plurality of processors; a memory that stores operational instructions, that when executed by the plurality of processors cause the processing system to; transform a counter seed into a set of counter values; obtain an encryption key; encrypt, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext; perform, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext; perform, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask; mask the encryption key using the mask to produce a masked key; and combine the at least two ciphertexts and the masked key to produce secure data. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium comprises:
-
at least one memory section that stores operational instructions that, when executed by a processing system of a dispersed storage network (DSN) that includes a plurality of processors and a memory, causes the processing system to; transform a counter seed into a set of counter values; obtain an encryption key; encrypt, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext; perform, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext; perform, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask; mask the encryption key using the mask to produce a masked key; and combine the at least two ciphertexts and the masked key to produce secure data. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification