Technology Features & Specifications
Thissystem combines a special (hashed) Cipher Block Chaining (CBC) with IDA. The CBC step is not “encryption” since it makes no use of any secret key information. It is merely an invertible pre-processing step with some good properties we are looking for. The steps are totally invertible if the required slices of data is available. The CBC preprocessing step includes: 1) randomly generates an Initialization Vector (IV); 2) every block of data is randomized by XOR with the hash of the last block. 3) the first block is generated by the hash of the last data block XOR with the IV. In any good hash function, like SHA2, the hash value generated has the property of uniformity. It means, every hash value in the output range should be generated with roughly the same probability. At the same time, the hash value has almost zero correlation with the original value. Hence, it is a good way to generate a “random” value which is also recoverable in decoding process. By XOR this “random” number with the actual data block, it helps to randomize the data itself, hence it breaks any correlation of adjacent data and breaks any existing data format if there is any. We call this preprocessing step as AONT-lite (All-or-Nothing Transform lite). Assume each block of data is of 256-bit length, and one slice is missing for both blocks, the amount of computation required to guess the missing slice is equivalent to brute forcing a 512 bit AES-encrypted data.
This technology can be used together with our IDA-based storage solution as an additional optional feature which provides stronger security. It can also be incorporated into other IDA-based storage solutions. Application developer can use our library to securely store application data in the cloud without having to deal with the complexity of IDA and AONT-lite.