A Secure Storage System Combining Secret Sharing Schemes and Byzantine Quorum Mechanisms

By combining Byzantine quorum systems (BQS) and secret sharing schemes, this paper presents a secure storage system, S²-BQS, tolerating servers´ Byzantine failures. S²-BQS provides information-theoretic security for the stored sensitive data inherited from perfect secret sharing schemes (PSS). Compared to traditional realizations of BQS in storage systems, S²-BQS doesn´t replicate data in servers directly. Instead, secret shares obtained from PSS are stored in different servers. To retrieve the correct data from S²-BQS, we design a new verification method for PSS without using any extra information or extra algorithms except reconstructing the secret for several times using PSS. Due to the simplicity of S²-BQS´s structure and protocols, the computation and communication overhead on servers are low, making it almost impossible to launch resource-clogging denial-of-service attacks to servers in S²-BQS. We also propose a specialized S²-BQS called S³-BQS in which Shamir´s secret sharing scheme is employed. It shows that our approach is flexible and easy to be realized. The system evaluation shows that an S³-BQS with optimized protocols has better computation performance.