Encryption of slice partials
First Claim
1. A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units, the method comprising:
- receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network;
determining key pairing requirements associated with the rebuilding request;
selecting an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities;
generating shared secret keys corresponding to each of the even number of key pairing entities;
generating an encrypted partial slice by encrypting a partial slice associated with the DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and
transmitting the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units includes receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network. Key pairing requirements associated with the rebuilding request are determined, and an even number of key pairing entities are selected based on the key pairing requirements. The even number of key pairing entities being fewer than a decode threshold number of key pairing entities. The DS unit generates shared secret keys corresponding to each of the even number of key pairing entities, uses those keys to generate an encrypted partial slice, and transmits the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.
86 Citations
17 Claims
-
1. A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units, the method comprising:
-
receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network; determining key pairing requirements associated with the rebuilding request; selecting an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities; generating shared secret keys corresponding to each of the even number of key pairing entities; generating an encrypted partial slice by encrypting a partial slice associated with the DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and transmitting the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A distributed storage (DS) unit included in a distributed storage network (DSN) including a plurality of DS units, the DS unit comprising:
-
a computing core including a processor and associated memory; a communications interface, coupled to the computing core, and configured to receive a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network; the computing core configured to; determine key pairing requirements associated with the rebuilding request; select an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities; generate shared secret keys corresponding to each of the even number of key pairing entities; generate an encrypted partial slice by encrypting a partial slice associated with the DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and transmit the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A distributed storage network (DSN) comprising:
-
a plurality of distributed storage (DS) units each of the plurality of DS units including a processor and associated memory; a requesting DS unit configured to transmit a rebuilding request to at least one other DS unit, the rebuilding request indicating that the at least one other DS unit is to provide an encrypted partial slice to the requesting DS unit; the at least one other DS unit configured to respond to the rebuilding request by; determining key pairing requirements associated with the rebuilding request; selecting an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities; generating shared secret keys corresponding to each of the even number of key pairing entities; generating an encrypted partial slice by encrypting a partial slice associated with the at least one other DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and transmitting the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology. - View Dependent Claims (14, 15, 16, 17)
-
Specification