Abstract: In at least one implementation, technology disclosed herein provides a method including generating a plurality of shares of an encryption key such that a combination of shares having a cardinality above a threshold cardinality is sufficient to retrieve data encrypted with the encryption key, distributing the plurality of shares among a plurality of devices, the plurality of devices including one or more disc drive cartridges and one or more printed circuit board assemblies (PCBAs) configured to host one or more of the disc drive cartridges, receiving one or more of the plurality of shares from the plurality of devices, and in response to determining that cardinality of the received one or more of the plurality of shares is above the threshold cardinality, retrieving the data encrypted with the key.

Abstract: A computation is divided into computation tasks that are sent to worker nodes and distributed results are received in response. A redundant subtask is sent to each of the worker nodes, the redundant subtask being a random linear combination of the computation tasks sent to others of the worker nodes. The worker nodes perform the redundant subtasks to produce redundant results. The redundant result of each worker node is combined with distributed results of others of the worker nodes to determine whether one or more of the worker nodes are acting maliciously. Optionally, the worker nodes can be initially evaluated for trustworthiness using a homomorphic hash function applied to an initial computation task and applied to results of the initial tasks. If the results of both hash functions match, then the worker nodes are considered trustworthy and can be used for subsequent computations with redundant subtasks as described above.

Abstract: In at least one implementation, technology disclosed herein provides a method including generating a plurality of shares of an encryption key such that a combination of shares having a cardinality above a threshold cardinality is sufficient to retrieve data encrypted with the encryption key, distributing the plurality of shares among a plurality of devices, the plurality of devices including one or more disc drive cartridges and one or more printed circuit board assemblies (PCBAs) configured to host one or more of the disc drive cartridges, receiving one or more of the plurality of shares from the plurality of devices, and in response to determining that cardinality of the received one or more of the plurality of shares is above the threshold cardinality, retrieving the data encrypted with the key.

Abstract: Distributed storage of a file in edge storage devices that is resilient to eavesdropping adversaries and Byzantine adversaries. Approaches include a cost-efficient approach in which an authorized user has access to the content of all edge storage nodes. In this approach, key blocks and file blocks that are masked with key blocks are saved in the edge storage nodes. Additionally, redundant data for purposes of error correction are also stored. In turn, upon retrieval of all blocks, errors introduced by a Byzantine adversary may be corrected. In a loss resilient approach, redundant data is stored along with masked file partitions. Upon retrieval of blocks from the edge storage nodes, a unique approach to solving for the unknown file partition values is applied with identification of corrupt nodes based on an average residual error value for each storage node.

Abstract: Distributed storage of a file in edge storage devices that is resilient to eavesdropping adversaries and Byzantine adversaries. Approaches include a cost-efficient approach in which an authorized user has access to the content of all edge storage nodes. In this approach, key blocks and file blocks that are masked with key blocks are saved in the edge storage nodes. Additionally, redundant data for purposes of error correction are also stored. In turn, upon retrieval of all blocks, errors introduced by a Byzantine adversary may be corrected. In a loss resilient approach, redundant data is stored along with masked file partitions. Upon retrieval of blocks from the edge storage nodes, a unique approach to solving for the unknown file partition values is applied with identification of corrupt nodes based on an average residual error value for each storage node.

Abstract: A secure cartridge-based storage system includes a set of read/write control electronics on a shared controller adapted to removably couple with each of a plurality of storage cartridges. Data blocks within primary non-volatile memory of the cartridge-based storage system collectively comprise a main store with information-theoretic security. The shared controller incorporates various controls for providing selective data access to individual data magazines and/or cartridges as well as for partitioning user data and writing the partitioned data according to an information-theoretic security scheme and reading the partitioned data and reconstructing the user data from the partitioned data.

Abstract: A set of N network-coupled edge storage nodes are selected to store a file of size |F|. The N edge storage nodes have heterogeneous storage availability and are ordered from a largest storage availability at the first edge storage node to a smallest availability at the Nth edge storage node. A value Z<N is selected, such that an attacker having access to Z edge storage nodes is unable to decode any partial information of the file. The first through Z+1th edge storage nodes are assigned a same packet size. Keys are stored in the first Z edge storage nodes and independent linear combinations of the keys combined with partitions of the file are stored in the Z+1th to the Nth edge storage nodes.

Abstract: N storage nodes that are coupled via a network are selected to store a file of size |F| and redundancy of size |Fred|. A value Z<N is selected such that an attacker having access to Z storage nodes is unable to decode any partial information of the file. The file is divided into d partitions of size |PsN|, wherein |PsN| is a maximum factor of |F| subject to |PsN|?|sN|. Independent linear combinations hi's of the d partitions are created and random keys are generated and stored in the first Z of the N storage nodes. Independent linear combinations gi's of the random keys are created and combinations of the hi's and gi's are stored in the Z+1 to Nth storage nodes.

Abstract: Distributed storage of a file in edge storage devices that is resilient to eavesdropping adversaries and Byzantine adversaries. Approaches include a cost-efficient approach in which an authorized user has access to the content of all edge storage nodes. In this approach, key blocks and file blocks that are masked with key blocks are saved in the edge storage nodes. Additionally, redundant data for purposes of error correction are also stored. In turn, upon retrieval of all blocks, errors introduced by a Byzantine adversary may be corrected. In a loss resilient approach, redundant data is stored along with masked file partitions. Upon retrieval of blocks from the edge storage nodes, a unique approach to solving for the unknown file partition values is applied with identification of corrupt nodes based on an average residual error value for each storage node.

Abstract: Distributed storage of a file in edge storage devices that is resilient to eavesdropping adversaries and Byzantine adversaries. Approaches include a cost-efficient approach in which an authorized user has access to the content of all edge storage nodes. In this approach, key blocks and file blocks that are masked with key blocks are saved in the edge storage nodes. Additionally, redundant data for purposes of error correction are also stored. In turn, upon retrieval of all blocks, errors introduced by a Byzantine adversary may be corrected. In a loss resilient approach, redundant data is stored along with masked file partitions. Upon retrieval of blocks from the edge storage nodes, a unique approach to solving for the unknown file partition values is applied with identification of corrupt nodes based on an average residual error value for each storage node.

Abstract: N storage nodes that are coupled via a network are selected to store a file of size |F| and redundancy of size |Fred|. A value Z<N is selected such that an attacker having access to Z storage nodes is unable to decode any partial information of the file. The file is divided into d partitions of size |PsN|, wherein |PsN| is a maximum factor of |F| subject to |PsN|?|sN|. Independent linear combinations hi's of the d partitions are created and random keys are generated and stored in the first Z of the N storage nodes. Independent linear combinations gi's of the random keys are created and combinations of the hi's and gi's are stored in the Z+1 to Nth storage nodes.

Abstract: A set of N network-coupled edge storage nodes are selected to store a file of size |F|. The N edge storage nodes have heterogeneous storage availability and are ordered from a largest storage availability at the first edge storage node to a smallest availability at the Nth edge storage node. A value Z<N is selected, such that an attacker having access to Z edge storage nodes is unable to decode any partial information of the file. The first through Z+1th edge storage nodes are assigned a same packet size. Keys are stored in the first Z edge storage nodes and independent linear combinations of the keys combined with partitions of the file are stored in the Z+1th to the Nth edge storage nodes.

Abstract: A computation is divided into computation tasks that are sent to worker nodes and distributed results are received in response. A redundant subtask is sent to each of the worker nodes, the redundant subtask being a random linear combination of the computation tasks sent to others of the worker nodes. The worker nodes perform the redundant subtasks to produce redundant results. The redundant result of each worker node is combined with distributed results of others of the worker nodes to determine whether one or more of the worker nodes are acting maliciously. Optionally, the worker nodes can be initially evaluated for trustworthiness using a homomorphic hash function applied to an initial computation task and applied to results of the initial tasks. If the results of both hash functions match, then the worker nodes are considered trustworthy and can be used for subsequent computations with redundant subtasks as described above.