Distributed storage can store data in multiple devices or servers to improve data security. However, in today's explosive growth of network data, traditional distributed storage scheme is faced with some severe challenges such as insufficient performance, data tampering, and data lose. A distributed storage scheme based on blockchain has been proposed to improve security and efficiency of traditional distributed storage. Under this scheme, the following improvements have been made in this paper. This paper first analyzes the problems faced by distributed storage. Then proposed to build a new distributed storage blockchain scheme with sharding blockchain. The proposed scheme realizes the partitioning of the network and nodes by means of blockchain sharding technology, which can improve the efficiency of data verification between nodes. In addition, this paper uses polynomial commitment to construct a new verifiable secret share scheme called PolyVSS. This new scheme is one of the foundations for building our improved distributed storage blockchain scheme. Compared with the previous scheme, our new scheme does not require a trusted third party and has some new features such as homomorphic and batch opening. The security of VSS can be further improved. Experimental comparisons show that the proposed scheme significantly reduces storage and communication costs.
Traditional centralized storage systems use centralized storage servers to store all data, which places high requirements on server performance, including reliability and security. At the same time, with the explosive growth of network data, centralized storage systems cannot satisfy the needs of largescale applications. As a peertopeer storage method, distributed storage is gradually replacing traditional storage methods [
However, distributed storage still has some problems in data security and system performance:
The combination of blockchain and distributed storage technology in the database provides a way to solve the above problem. The distributed storage system based on the blockchain can be used to securely store all kinds of data, and can be applied to fields such as smart grid, smart home, and Internet of Vehicles. As the underlying technology of Bitcoin, blockchain has received widespread attention due to its strong security characteristics [
Secret share combined with blockchain has some applications such as electronic voting, consensus algorithms, and P2P storage scheme [
The specific contributions of this paper are as follows:
This paper proposes a verifiable secret share scheme based on polynomial commitment (PolyVSS, for short). Compared with the previous scheme, our new scheme does not require a trusted third party and has homomorphic characteristics.
Use PolyVSS to construct a distributed storage scheme based on blockchain. This scheme uses sharding technology to realize the partitioning of nodes and transactions. Experimental comparisons show that the proposed scheme can reduce storage and communication costs.
The structure of this paper is as follows. In Section 2, we introduce the related work of this paper. In Section 3, we first give the structure of a distributed storage blockchain based on PolyVSS. Section 4 introduces the proposed PolyVSS and analyzes its security. In Section 5, we analyzed the performance of the distributed storage blockchain and summarized in Section 6.
Secret share is one of the important research directions of modern cryptography. The earliest secret share scheme was proposed by Shamir. In their scheme, there is a dealer who is responsible for dividing a secret into
Due to the excessive trust given to the dealer, we cannot guarantee that the dealer will not have malicious behavior. To prevent the dealer from malicious behavior, verifiable secret share (VSS) is proposed [
Harin et al. [
The concept of commitment is at the core of almost all modern cryptographic protocol constructions. In this case, making a commitment simply means that a participant in the protocol can choose a value from a certain (limited) set and commit to his choice so that he can no longer change his mind. However, he does not have to reveal his choice (although he may choose to reveal it at some point in the future). Cryptography commitment has been applied to the blockchain. Zerocoin [
The polynomial commitment scheme is constructed based on bilinear pairing. First, we use
Initialization phase:
This step mainly generates a publicprivate key pair
Commit phase:
Calculate the corresponding commitment
Open phase:
This step opens the committed polynomial
Verify phase:
At this phase, the verifier first needs to verify the legitimacy of the commitment:
Finally, verify the evaluation in the index
Suppose there is an adversary
In addition, the polynomial commitment also satisfies strong correctness, the proof of which has been given in the paper [
Before introducing the system model of DSB, we first introduce a few related notions. Let
As we can see from the
First give a node partition:
Initial phase
For
Encryption phase
There is an encryption algorithm denoted as
Storage phase
Distribute and store
We constructed our storage scheme based on the blockchain, and introduce some of the corresponding concepts are related to the blockchain in this section [
First, the DMC sends a request to the nodes. After receiving the request, each node runs PolyVSS threephase algorithm to distribute and store data.
The number of nodes is not as many as possible. With reference to the practical Byzantine faulttolerant algorithm, we generally limit the number of nodes in each shard to no more than 100. When the number of nodes exceeds 100, the efficiency of reaching consensus among nodes will become low. Of course we can increase the number of shard. In our scheme, there are a total of three shards and we assume that the number of nodes in each shard is 50.
Let the total number of nodes be
Our scheme is based on sharding blockchain, and can process multiple data in parallel, which theoretically improves the efficiency of data verification. Our scheme is divided into three phases: request phase, secret share phase and storage phase.
Request phase
When a piece of data needs to be added to the chain, the Data Management Center (DMC) will send a request to all nodes in a shard.
Data verification phase
Each node
For
After receiving
After the verification is passed, all nodes accept the corresponding subsecret, and use the Lagrange interpolation to restore the corresponding subsecret.
Data storage stage
After PolyVSS is executed, the verified data is uploaded to the blockchain. The specific process is shown in
In this section, we will first introduce the formal definition of VSS and some cryptographic assumptions. Then, the specific construction is given. We also conduct security and performance analysis of the scheme.
First of all, we give the formal definition of VSS scheme and several security features that it needs to satisfy.
To facilitate the description of the application later, in the following text we will use node instead of Shareholder. Usually, a VSS scheme needs to satisfy two security features: Secrecy and Correctness. Below we give their definitions.
Some VSS schemes have introduced cryptographic commitment, such as Pedersen commitment with homomorphic characteristics. Cryptographic commitment generally consists of two phases: commit and open, which are respectively to commit and open the message. Polynomial commitment is also a kind of homomorphic commitment, which can be constructed based on discrete logarithm and Pedersen commitment. The polynomial commitment algorithm is based on the two traditional commitment algorithms, combined with the characteristics of the accumulator to add a verification algorithm. The existing research points of verifiable secret share scheme based on polynomial commitments are mainly in the scheme construction of asynchronous and synchronous models [
Here are a few cryptographic assumptions used for the security proof of our scheme.
Assuming
Bilinear:
Nondegenerate: There exists
For any
Our scheme is an improvement on the (n, t, n) verifiable secret sharing scheme [
On the basis of the previous scheme, polynomial commitment is introduced. Our scheme is divided into two phases: share phase and reconstruction phase. At the beginning of the scheme, the node runs the initial algorithm in the polynomial commitment, randomly selects a generator
Share phase
Reconstruction phase:
In the reconstruction phase, when
First, we give the adversary model. We consider a network
Suppose there is an algorithm
It is easy to see that the success probability of solving the DLA instance is the same as the success probability of
This section compares the computational costs and functions of the six schemes in the four stages of parameter setting, reconstruction, verification, and recovery.
The polynomial commitment scheme given in Section 2.2 can only open and verify the evaluation of one index and is not suitable when multiple guidelines need to be opened. A batch polynomial commitment was proposed to open and verify the evaluation of multiple indexes. The batch polynomial commitment mainly modifies the verify phase. Let all the indexes
With the aid of batch polynomial commitment, when
We compared the computational cost and functions of several VSS schemes [
Denial of service (DoS) attack is a method used to disrupt legitimate users’ access to the target network or website resources [
Scheme  Setup  Reconstruction  Verify  Recovery  

Dealer  Party  
[ 
0  1  n + 1  0  t 
[ 
2n  1  0  /  t − 1 
[ 
0  1  n + t  t + 1  (t − 1) (l − 1) 
[ 
n  1  n + 1  t + 1  t − 1 
[ 
0  0  n + 1  t − 1  t 
This paper  0  1  n  t  t 
Feature  [ 
[ 
[ 
[ 
[ 
This paper 

Without trusted third party  √    √  √  √  √ 
Honest participant  √    √  √  √  √ 
Without secret channel  √        √  √ 
Homomorphism            √ 
Batch            √ 
Blockchain will also suffer from DoS attacks. In the traditional blockchain, when a node is attacked, it needs to visit other nodes (because each node stores the entire ledger) to recover local data. In our scheme, when a node in the network is attacked, the node can use the reconstruction algorithm of the PolyVSS scheme to recover the corresponding data by accessing other
Below we analyze the cost of restoring communication. For convenience, we use DSB and LSSDSB respectively to replace the name of the scheme in the paper [
The core of our scheme is the secret sharing scheme, which is also an important tool to achieve recovery. The Shamir secret share used in DSB is one of the most classic schemes. Local secret share is based on Shamir secret share, introducing two new concepts: global secret and local secret. Among them, information as global secret is more important than a local secret. Global secrets are maintained by all users, while local secrets are maintained by individuals. Unlike their two schemes, our scheme does not have a central party, such as the dealer in the Shamir's scheme. In addition, participants in our scheme will mutually verify the legality of share, thereby improving security.
Blockchain  DSB [ 
LSSDSB [ 
Our scheme  




Assuming
In this section, we will compare the storage cost of several schemes when storing a transaction. The data of the corresponding schemes are given in
Assuming
Distributed storage is one of the important directions of future storage system development and blockchain provides solutions to the security and performance problems of distributed storage. This paper first uses polynomial commitment to improve verifiable secret share and constructs a new VSS scheme. Then use the new VSS scheme to construct a distributed storage mechanism based on blockchain. Compared with the previous scheme, the scheme proposed in this paper also achieves low storage cost, and is also superior to the DSB scheme in terms of recovery communication cost. Future research directions mainly include the following points: (1) Replace transaction and network with state sharding to further optimize storage cost; (2) Realize efficient communication across partitions.