1. Field
The present description relates to a method, system, and article of manufacture for iterative data secret-sharing transformation.
2. Description of Related Art
Encryption may be used to protect confidentiality of data during transmission of that data over the Internet or other public transmission carriers. Encryption is also often used in data storage to protect confidentiality of the stored information. For example, stored data may need to be protected in order to meet various government standards. Also, storage media may be removed from a storage system for servicing. Thus, if removed media is lost or otherwise is obtained by unauthorized personnel, the confidentiality of the data on the media may be compromised.
In one aspect, encryption is a process of transforming information using an algorithm to make it unreadable, that is, not understandable, to anyone except those possessing special knowledge. One example of such special knowledge is often referred to as a “key” which can be used to decrypt the information so that the information is understandable again. Thus, if the key is lost, the encrypted data may be irretrievably lost. If the key is obtained by unauthorized personnel, the confidentiality of the encrypted data may be compromised.
Other approaches include encrypting data at the host level or at the host adapter level before storing the encrypted data on the storage drives. In certain computing environments, multiple host systems may communicate through one or more host adapters with a storage control unit or controller which provides access to storage devices, such as interconnected hard disk drives through one or more logical paths. The interconnected drives may be configured as a Direct Access Storage Device (DASD), Redundant Array of Independent Disks (RAID), Just a Bunch of Disks (JBOD), etc.
Other techniques for protecting confidentiality of information include secret sharing algorithms in which data is split into multiple parts. In order to reconstruct the data, typically more than one of the parts must be accessed. One such secret sharing algorithm is known as Shamir's Secret in which a complete set of input data is processed at one time to create the separate parts.
Another technique for protecting confidentiality of data includes “obfuscation” in which an algorithm is applied to a set of data to “obfuscate” or hide the data. If the algorithm is known, the original data may be reconstructed from the obfuscated data.
One known type of storage controller is a Redundant Array of Independent Disks (RAID) controller which receives data to be written to storage. The RAID controller typically stripes the data for an addressable block, such as a logical block address (LBA), tracks, etc., to multiple disk drives, calculates checksum blocks for the data, and writes the checksum blocks to a separate disk. Data or checksum blocks written to each disk in a RAID rank are referred to as a stripe or stride, where a stripe comprises the consecutive sectors written to a single disk in the rank of storage devices across which data and checksum information are written. RAID schemes, such as RAID levels 1, 2, 3, 4, 5, 10 [0+1, 1+0], provide a single level of redundant protection and are tolerant of a single device failure prior to being exposed to data loss from an additional failure. Single error correction codes such as used in RAID3, RAID4 and RAID5 provide the capability to correct for an erasure when the location of the data error can be pinpointed by some independent means. For hard disk drives, the error often may be pinpointed and corrected because the disk does not respond or other checkers (checksum, CRCs, LRCs, etc) on the disk may facilitate location of the source of the data error independent of the RAID checksum. RAID 6 provides an additional checksum block, or RAID checksum code, that can be used to pinpoint the location of and correct for a single symbol error or multiple failures, such as double disk failures. RAID 6 may utilize Reed-Solomon (R-S) codes comprised of symbols calculated from polynomials.