Cross-group Secret Sharing for Secure Cloud Storage Service

With the spread of the Internet, many mobile devices are used in our daily lives, such as tablets and mobile phones. Then, personal data are often saved on data servers of the storage providers such as Amazon, Google, Yahoo, Baidu and others. In this context, the secret sharing can be used to store personal data onto several providers, simultaneously reducing the risk of data loss, the data leakage to unauthorized parties, and data falsification. Secret sharing is one of the solutions to combine security and availability in the distributed storage. However, few works considered servers' affiliations, and specifically, the problem that a malicious provider may recover secret data illegally through manipulation on servers that hold enough shares to recover the secret. In this paper, to resolve the problem, we propose a two-threshold secret sharing scheme in order to enforce a new type of cross-group policy. By combining t-out-of-m providers' secret sharing scheme and a k-out-of-n servers' secret sharing scheme via an one-way function or an one-time pad, we construct a scheme that forces k shares to be collected from m groups. Compared with previous work, our scheme can attain the functionalities of proactively updating shares and adding new shares with simple computation.