本論文為檔案擁有者設計一個可容錯且有效率的檔案雲端儲存方法.
此方法先將一個大的檔案切割成固定大小的 secret,
每個 secret 再用 Ramp (k, l, L, n)-秘密共享方案分成 n-l 個 shares,
並將他們上傳到雲端儲存系統儲存.
若要取用這個檔案, 則先向任意 k 個雲端系統取回 shares,
然後利用秘密共享方法計算出每個 secret.
這個檔案就可由所有的 secret 重組出來.
此方案可讓檔案擁有者達成下列資訊安全的目標:
(1) 私密性: 除非獲得至少 k 個 shares, 攻擊者無法獲得檔案的內容,
即便是雲端儲存系統也不能.
(2) 可容錯性: 只要有 k 個 shares 可以正確存取, 就可回復原來的檔案.
(3) 可轉換成確保檔案刪除之機制: 令 k=n, 並自己存一份 share,
則只要將自己儲存的那一份刪除, 則此檔案就不可再回復.
本文所提出的方案結合了 Satoshi 等人的機密分享機制與 J. Kurihara 等人的 ramp 機密分享機制, 因此可以降低儲存量;
因為結合 J. Kurihara 等人的 ramp 機密分享機制, 因此可以只用 XOR 運算回復區塊值, 提升計算速度.
尤其是在 n 很小區塊很大的時候, 其效果更為顯著.
這表示在實際使用上, 這是很適合的.

An efficient and fault-tolerant cloud storage scheme for file owners is presented in this paper.
A large file is first divided into secrets, and each secret is then divided
into shares by using a (k, l, L, n)-threshold secret sharing scheme.
These shares are finally uploaded into n-l cloud storage servers.
To retrieve the file, any k shares of each secret are first retrieved
from some of the servers.
The value of each secret can then be computed from these k shares, and
the original files can then be assembled from these secrets.
The scheme achieves the following security for the file owners:
(1) Secrecy: at least k shares are obtained, the contents of the file
cannot be reconstructed, including the cloud storage owner.
(2) Fault-tolerant: Only need k shares to reconstruct the file.
(3) Can be used to delete a file permanently: by letting k=n and store one
share by the file owner.
If the share stored by the file owner is deleted, the file can no longer
be reconstructed any more.
The proposed scheme adopted the Satoshi et al.''s secret sharing scheme and J. Kurihara et al''s ramp secret sharing scheme to reduce
the total storage required.
It uses J. Kurihara et al''s ramp secret sharing scheme, in which only XOR operations are
needed to reduce the computational cost.
The improvement is significant when n is small and the secret size is
large, the efficiency of the scheme.
Therefore, the proposed protocol is practical in cloud storage.

Acknowledgments iii
摘要iv
Abstract v
List of Tables viii
Chapter 1 簡介1
Chapter 2 相關研究3
2.1 Shamir 秘密共享方法. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Ramp 秘密共享方法. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Satoshi 等人的秘密共享方法. . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.4 Kurihara 等人的秘密共享方法. . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 3 一個有效率, 可容錯, 基於秘密共享之雲端儲存方法11
3.1 產生share 的演算法. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 還原secret 的演算法. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3 效能評估. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.4 在特殊條件下, 產生還原矩陣的方法. . . . . . . . . . . . . . . . . . . . . . 14
3.4.1 區塊矩陣之性質與產生之方法. . . . . . . . . . . . . . . . . . . . . 18
3.4.2 在(k; L) = (np; 1) 的條件下, 產生還原矩陣之方法. . . . . . . . . . 20
3.4.3 在(k; L) = (np

[1] A. Shamir, “How to share a secret,” Communications of ACM, vol. 22,
pp. 612–613, November 1979.
[2] G. R. Blakley and C. Meadows, “Security of ramp schemes,” in Proceedings
of CRYPTO 84 on Advances in Cryptology, (New York, NY, USA), pp. 242–268,
Springer-Verlag New York, Inc., 1985.
[3] H. Yamamoto, “Secret sharing system using (k; l; n) threshold scheme,”
Electronics and Communications in Japan (Part I: Communications),
vol. 69, no. 9, pp. 46–54, 1986.
[4] S. Takahashi and K. Iwamura, “Secret sharing scheme suitable for cloud
computing,” in 2013 IEEE 27th International Conference on Advanced
Information Networking and Applications (AINA), pp. 530–537, March
2013.
[5] S. Takahashi, S. Kobayashi, H. Kang, and K. Iwamura, “Secret sharing
scheme for cloud computing using ids,” in 2013 IEEE 2nd Global Conference
on Consumer Electronics (GCCE), pp. 528–529, Oct 2013.
[6] Y. Fujii, M. Tada, N. Hosaka, K. Tochikubo, and T. Kato, “A fast (2,
n)-threshold scheme and its application,” Proc. CSS2005, vol. 6, 2005.
[7] N. Hosaka, K. Tochikubo, Y. Fujii, M. Tada, and T. Kato, “(2; n)-
threshold secret sharing systems based on binary matrices,” Proc.
SCIS2007, pp. 2D1–4, 2007.
[8] J. Kurihara, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A fast (3; n)-
threshold secret sharing scheme using exclusive-or operations,” IEICE
Transactions on Fundamentals of Electronics, Communications and Computer
Sciences, vol. E91-A, pp. 127–138, Jan. 2008.
[9] J. Kurihara, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A new (k; n)-
threshold secret sharing scheme and its extension,” in Proceedings of
the 11th International Conference on Information Security, ISC ’08,
(Berlin, Heidelberg), pp. 455–470, Springer-Verlag, 2008.
[10] J. Kurihara, S. Kiyomoto, K. Fukushima, and T. Tanaka, “A fast (k, l,
n)-threshold ramp secret sharing scheme.,” IEICE Transactions, vol. 92-
A, no. 8, pp. 1808–1821, 2009.
[11] K. Omote and T. P. Thao, “Sw-sss: Slepian-wolf coding-based secret
sharing scheme,” in International Joint Conference: CISIS’15 and
ICEUTE’15 (Á. Herrero, B. Baruque, J. Sedano, H. Quintián, and E. Corchado,
eds.), (Cham), pp. 347–365, Springer International Publishing,
2015.
[12] L. Chen, T. M. Laing, and K. M. Martin, “Efficient, xor-based, ideal
(t; n)-threshold schemes,” in Cryptology and Network Security: 15th
International Conference, CANS 2016, Milan, Italy, November 14-16, 2016,
Proceedings (S. Foresti and G. Persiano, eds.), (Cham), pp. 467–483,
Springer International Publishing, 2016.