Gecko: A Resilient Dispersal Scheme for Multi-Cloud Storage

We have entered an era where copious amounts of sensitive data are being stored in the cloud. To meet the rising privacy, reliability, and verifiability needs, we propose Gecko, a multi-cloud dispersal scheme where: (a) the key used to encrypt the data file is the secret in a Latin-square-autotopism secret-sharing scheme, (b) data files and encryption keys are dispersed separately to multiple clouds, and (c) a blockchain-based integrity-check protocol is devised to pinpoint faulty data. Gecko enables fast and thorough key renewal: when a portion of the key (the secret) is leaked, we replace all shares of the partially-leaked secret without replacing the secret itself; this immediately resists targeted attack to certain file without re-encrypting the data file itself. Key renewal is further accelerated by the blockchain-based integrity check. We evaluate Gecko theoretically and experimentally against the traditional AONT-RS dispersal scheme, drawing two conclusions: 1) Gecko admits powerful key renewal and identification of damaged data, with a minor transfer overhead; and 2) Gecko performs key renewal three to five times faster than AONT-RS hybrid-slice renewal (the closest thing AONT-RS has to key renewal).