Search

CN-121997389-A - Storage device, host device, and storage system including the same

CN121997389ACN 121997389 ACN121997389 ACN 121997389ACN-121997389-A

Abstract

In a storage system comprising a host device and a storage device, the host device comprises a host memory and a host security manager for managing security of the host device and transmitting a triplet request to the storage device. The storage device includes a non-volatile memory and a storage controller including a device security manager for managing security of the storage device, generating and storing triplets in the non-volatile memory, and transmitting the triplets or a partial triplet generated based on the triplets to the host security manager in response to receiving a triplet request from the host security manager. The triplet includes a pair of digits containing three digits for performing a multiplication operation by a multiparty computation in the host device, and part of the triplet contains a secret sharing value of the triplet that is distributed to participants of the multiparty computation.

Inventors

  • ZHAO YUANXI
  • Pei Wengui
  • Jin Zhishou
  • QIU YUANCHENG

Assignees

  • 三星电子株式会社

Dates

Publication Date
20260508
Application Date
20250815
Priority Date
20241107

Claims (20)

  1. 1. A storage system, comprising: host device, and A storage device configured to transmit and receive data with the host device, Wherein the host device includes: Host memory, and A host security manager configured to manage security of the host device and send a triplet request to the storage device, Wherein the storage device includes: Nonvolatile memory, and A storage controller including a device security manager configured to manage security of the storage device, generate a triplet and store the triplet in the non-volatile memory, and in response to receiving the triplet request from the host security manager, send the triplet or a partial triplet generated based on the triplet to the host security manager, Wherein the triplet includes a pair of digits including three digits for performing a multiplication operation by a multi-party computing MPC in the host device, and Wherein the partial triples contain secret sharing values of the triples, which are distributed to the participants of the multiparty computation.
  2. 2. The storage system of claim 1, wherein the device security manager and the host security manager are further configured to perform mutual authentication using a security protocol.
  3. 3. The storage system of claim 1, wherein the storage controller is configured to write data to the nonvolatile memory or read data stored in the nonvolatile memory according to a request from the host device, and Wherein the device security manager is further configured to generate the triplet when the storage controller does not perform an operation to write the data or an operation to read the data.
  4. 4. The storage system of claim 1, Wherein the non-volatile memory includes a secure area accessible only by the device security manager, and Wherein the device security manager is further configured to store the generated triples in the secure area of the non-volatile memory.
  5. 5. The storage system of claim 1, wherein the host security manager is further configured to: Setting a first host memory area in the host memory, allowing only a first tenant of the participants of the multiparty computing to access the first host memory area, and Setting a second host memory area in the host memory, allowing only a second tenant of the participants of the multiparty computing to access the second host memory area, and Wherein the first host memory region and the second host memory region are different regions within the host memory.
  6. 6. The storage system of claim 1, wherein the device security manager is further configured to: generating random values required for the generation of said partial triples, and The generated random value is stored in the non-volatile memory.
  7. 7. The storage system of claim 6, wherein the device security manager is further configured to generate the partial triplet based on the triplet and the random value and send the generated partial triplet to the host security manager in response to receiving the triplet request from the host security manager.
  8. 8. The storage system of claim 7, Wherein the triplet request includes information about the number of participants, an Wherein the device security manager is further configured to generate a number of partial triples corresponding to the number of participants based on the triples and the random value.
  9. 9. The storage system of claim 6, wherein the device security manager is further configured to send the triplet and the random value to the host security manager in response to receiving the triplet request from the host security manager.
  10. 10. The storage system of claim 9, Wherein the triplet request includes information about the number of participants, an Wherein the device security manager is further configured to send the triplet and a number of random values corresponding to 3x (number of participants-1) to the host security manager in response to receiving the triplet request from the host security manager.
  11. 11. The storage system of claim 9, wherein the host security manager is further configured to generate the partial triplet based on the received triplet and the received random value.
  12. 12. The storage system of claim 1, wherein the host memory comprises a secure area accessible only by the host security manager.
  13. 13. The storage system of claim 12, Wherein the device security manager is further configured to send a first predetermined number of triplets to the host security manager in response to receiving the triplet request from the host security manager, and Wherein the host security manager is further configured to: storing triplets received from a device security manager in a secure region of the host memory, and In response to determining that a triplet stored in a secure area of the host memory is insufficient, a triplet request is sent to the device security manager.
  14. 14. The storage system of claim 12, Wherein the device security manager is further configured to: generating a random value required for the generation of the partial triples; storing the generated random value in the non-volatile memory, and Transmitting a second predetermined number of random values to the host security manager in response to receiving a random value request from the host security manager, and Wherein the host security manager is further configured to: storing the random value received from the device security manager in a secure region of the host memory, and In response to determining that the random value stored in the secure region of the host memory is insufficient, a random value request is transmitted to the device security manager.
  15. 15. The storage system of claim 12, wherein the host security manager is further configured to generate a random value required for the generation of the partial triples and store the generated random value in a secure area of the host memory.
  16. 16. The storage system of claim 15, wherein the host security manager is further configured to generate the partial triplet based on the received triplet and the generated random value.
  17. 17. The storage system of claim 1, Wherein the device security manager is further configured to: generating a random value required for the generation of the partial triples; storing the generated random value in the non-volatile memory, and Transmitting the triplet and a third predetermined number of random values to the host security manager in response to receiving the triplet request from the host security manager, and Wherein the host security manager is further configured to generate a number of partial triples corresponding to the number of participants based on the received triples and the received third predetermined number of random values.
  18. 18. The storage system of claim 1, Wherein the device security manager is further configured to: generating a random value required for the generation of the partial triples; storing the generated random value in the non-volatile memory, and Generating a fourth predetermined number of partial triples based on the triples and the random value in response to receiving the triplet request from the host security manager and transmitting the fourth predetermined number of partial triples to the host security manager, and Wherein the host security manager is further configured to convert the received fourth predetermined number of partial triples into a number of partial triples corresponding to the number of participants.
  19. 19. A storage device, comprising: Nonvolatile memory, and A device security manager configured to manage security of the storage device and perform mutual authentication with a host security manager of a host device configured to transmit and receive data with the storage device, Wherein the device security manager is further configured to: Generating a triplet; storing the generated triples in the non-volatile memory, and In response to receiving a triplet request from the host security manager, transmitting the triplet or a partial triplet generated based on the triplet to the host security manager, Wherein the triplet includes a set of digits including three digits for performing a multiplication by a multiparty calculation in the host device, and Wherein the partial triples include secret sharing values of the triples that are distributed to participants of the multiparty computation.
  20. 20. A host device, comprising: Host memory, and A host security manager configured to manage security of the host device and perform mutual authentication with a device security manager of a storage device configured to transmit and receive data with the host device, Wherein the host security manager is further configured to: sending a triplet request to the device security manager, and Receiving a triplet or a partial triplet generated based on the triplet from the device security manager, and Wherein the triplet includes a set of digits including three digits for performing a multiplication by a multiparty calculation in the host device, and Wherein the partial triples include secret sharing values of the triples that are distributed to participants of the multiparty computation.

Description

Storage device, host device, and storage system including the same Technical Field The present disclosure relates to a storage device, a host device, and a storage system including the same. Background Multiparty computing (MPC) is a technology that allows multiple parties to perform joint computing without exposing personal data. Multiparty computing (MPC) can be widely used in a variety of application fields where collaborative computing is required while protecting sensitive data. These techniques may be used in fields such as finance, healthcare data processing, privacy preserving computing, and machine learning model training using private data, and are particularly useful when data security and privacy are important. In order to perform multiplication operations in multiparty computing, pre-generated triples are required. A triplet is a tool that helps participants in multiparty computing perform multiplication operations without exposing their data. If the triples are exposed externally, there is a risk of exposing private data of multiple parties. Thus, the creation and management of triples should be performed by reliable configuration. Typically, each multiplication operation consumes one triplet, and therefore multiparty computation requires a very large number of triples. This requires that a large number of triples be pre-generated to handle large-scale computing tasks. However, if computing devices participating in the multiparty computation directly create and manage triples, the resources of the computing devices may be excessively consumed. This presents problems that can lead to performance degradation and resource limitation issues on the computing device. The above information is intended to enhance understanding of the background of the present disclosure and may include information that does not form part of the prior art. Disclosure of Invention The present disclosure relates to a storage device, a host device, and a storage system including the same for solving the above-described problems. The problems to be solved by the present disclosure are not limited to those described above, and other problems not mentioned can be clearly understood by those skilled in the art from the following description of the present disclosure. According to some aspects, a storage system includes a host device and a storage device configured to send and receive data with the host device. Here, the host device includes a host memory and a host security manager configured to manage security of the host device and send a triplet request to the storage device. Here, the storage device includes a non-volatile memory and a storage controller including a device security manager configured to manage security of the storage device, generate and store triples in the non-volatile memory, and in response to receiving a triplet request from the host security manager, send the triples or a partial triplet generated based on the triples to the host security manager. Herein, a triplet includes a pair of numbers containing three numbers for performing multiplication operations by a multiparty computation (MPC) in a host device, and a portion of the triplet contains a secret shared value for the triplet that is distributed to participants of the multiparty computation. According to some aspects, a storage device includes a non-volatile memory and a device security manager configured to manage security of the storage device and perform mutual authentication with a host security manager of a host device configured to send and receive data with the storage device. Here, the device security manager is configured to generate a triplet and store the generated triplet in the non-volatile memory, and in response to receiving a triplet request from the host security manager, send the triplet or a partial triplet generated based on the triplet to the host security manager. Here, the triplet includes a set of digits containing three digits for performing a multiplication operation by a multiparty computation in the host device, and part of the triplet includes a secret shared value of the triplet that is distributed to participants of the multiparty computation. According to some aspects, a host device includes a host memory and a host security manager configured to manage security of the host device and perform mutual authentication with a device security manager of a storage device configured to send and receive data with the host device. Here, the host security manager is further configured to send a triplet request to the device security manager and receive a triplet or a partial triplet generated based on the triplet from the device security manager, and the triplet includes a set of digits containing three digits for performing a multiplication operation by a multiparty calculation in the host device. Here, the partial triples include the secret sharing value of the triples, which is distributed to the participants of the mul