Technical Field of the Invention
This invention relates generally to computer networks and more particularly to dispersing error encoded data.
Description of Related Art
Computing devices are known to communicate data, process data, and/or store data. Such computing devices range from wireless smart phones, laptops, tablets, personal computers (PC), work stations, and video game devices, to data centers that support millions of web searches, stock trades, or on-line purchases every day. In general, a computing device includes a central processing unit (CPU), a memory system, user input/output interfaces, peripheral device interfaces, and an interconnecting bus structure.
As is further known, a computer may effectively extend its CPU by using “cloud computing” to perform one or more computing functions (e.g., a service, an application, an algorithm, an arithmetic logic function, etc.) on behalf of the computer. Further, for large services, applications, and/or functions, cloud computing may be performed by multiple cloud computing resources in a distributed manner to improve the response time for completion of the service, application, and/or function. For example, Hadoop is an open source software framework that supports distributed applications enabling application execution by thousands of computers.
In addition to cloud computing, a computer may use “cloud storage” as part of its memory system. As is known, cloud storage enables a user, via its computer, to store files, applications, etc. on an Internet storage system. The Internet storage system may include a RAID (redundant array of independent disks) system and/or a dispersed storage system that uses an error correction scheme to encode data for storage.
Conventional secret sharing schemes offer some benefits for security. Generally, these schemes require at least a threshold number of breaches before data can be exposed. This is in some cases, far more secure than encryption, at least when one is in control of the hardware storing those shares. But in other instances, when one is not in control of the storage hardware, The owner of the data must trust that the entity which does control the hardware does not use their position to access a threshold number of the shares.
To mitigate the need for complete trust in the hardware custodian, Conventional systems may use traditional keyed encryption for encrypting the data before sending it to be stored in the hardware. Thus, a process using two separate encryption steps is conventionally used: 1) an initial encryption of the data to be stored prior to sending the data for storage; and 2) a second, separate encryption step that encrypts the encrypted data again using a secret sharing scheme for storing the data portions in the storage hardware. However, the conventional two-step process is expensive in terms of computational overhead, because two separate encryption operations are performed on the data.