Search

US-20260126920-A1 - STORAGE DEVICE, HOST DEVICE, AND STORAGE SYSTEM INCLUDING THE SAME

US20260126920A1US 20260126920 A1US20260126920 A1US 20260126920A1US-20260126920-A1

Abstract

In a storage device including a host device and a storage device, the host device includes a host memory and a host security manager to manage security of the host device and transmit a triplet request to the storage device. The storage device includes a non-volatile memory, and a storage controller including a device security manager to manage security of the storage device, generate a triplet and store the triplet in the non-volatile memory, and transmit the triplet or partial triplets generated based on the triplet to the host security manager, in response to receiving the triplet request from the host security manager. The triplet includes a pair of numbers containing three numbers for performing a multiplication operation through a multi-party computation in the host device, and the partial triplets contain secret shared values of the triplet, which are distributed to participants of the multi-party computation.

Inventors

  • Won Hee CHO
  • Mungyu BAE
  • Jisoo Kim
  • Younsung CHU

Assignees

  • SAMSUNG ELECTRONICS CO., LTD.

Dates

Publication Date
20260507
Application Date
20250815
Priority Date
20241107

Claims (20)

  1. 1 . A storage system comprising: a host device; and a storage device configured to transmit and receive data with the host device, wherein the host device comprises: a host memory; and a host security manager configured to manage security of the host device and to transmit a triplet request to the storage device, wherein the storage device comprises: a non-volatile memory; and a storage controller comprising a device security manager configured to manage security of the storage device, generate a triplet and store the triplet in the non-volatile memory, and transmit the triplet or partial triplets generated based on the triplet to the host security manager in response to receiving the triplet request from the host security manager, wherein the triplet comprises a pair of numbers containing three numbers for performing a multiplication operation through a multi-party computation (MPC) in the host device, and wherein the partial triplets contain secret shared values of the triplet, which are distributed to participants of the multi-party computation.
  2. 2 . The storage system as claimed in claim 1 , wherein the device security manager and the host security manager are further configured to perform mutual authentication using a security protocol.
  3. 3 . The storage system as claimed in claim 1 , wherein the storage controller is configured to write data to the non-volatile memory or read data stored in the non-volatile memory according to a request from the host device, and wherein the device security manager is further configured to generate the triplet while the storage controller is not performing an operation of writing the data or an operation of reading the data.
  4. 4 . The storage system as claimed in claim 1 , wherein the non-volatile memory comprises a security region accessible by only the device security manager, and wherein the device security manager is further configured to store the generated triplet in the security region of the non-volatile memory.
  5. 5 . The storage system as claimed in claim 1 , wherein the host security manager is further configured to: set a first host memory area, to which only a first tenant among the participants of the multi-party computation is allowed for access, in the host memory; and set a second host memory area, to which only a second tenant among the participants of the multi-party computation is allowed for access, in the host memory, and wherein the first host memory area and the second host memory area are different areas within the host memory.
  6. 6 . The storage system as claimed in claim 1 , wherein the device security manager is further configured to: generate random values required to generate the partial triplets; and store the generated random values in the non-volatile memory.
  7. 7 . The storage system as claimed in claim 6 , wherein the device security manager is further configured to, in response to the receiving the triplet request from the host security manager, generate the partial triplets based on the triplet and the random values, and transmit the generated partial triplets to the host security manager.
  8. 8 . The storage system as claimed in claim 7 , wherein the triplet request comprises information about a number of the participants, and wherein the device security manager is further configured to generate partial triplets in a number corresponding to the number of the participants, based on the triplet and the random values.
  9. 9 . The storage system as claimed in claim 6 , wherein the device security manager is further configured to, in response to the receiving of the triplet request from the host security manager, transmit the triplet and the random values to the host security manager.
  10. 10 . The storage system as claimed in claim 9 , wherein the triplet request comprises information about a number of the participants, and wherein the device security manager is further configured to, in response to the receiving of the triplet request from the host security manager, transmit the triplet and random values in a number corresponding to 3×(the number of the participants−1), to the host security manager.
  11. 11 . The storage system as claimed in claim 9 , wherein the host security manager is further configured to generate the partial triplets based on the received triplet and the received random values.
  12. 12 . The storage system as claimed in claim 1 , wherein the host memory comprises a security region accessible only by the host security manager.
  13. 13 . The storage system as claimed in claim 12 , wherein the device security manager is further configured to, in response to the receiving of the triplet request from the host security manager, transmit a first predetermined number of the triplets to the host security manager, and wherein the host security manager is further configured to: store the triplet, which is received from the device security manager, in the security region of the host memory; and transmit a triplet request to the device security manager, in response to determining that triplets stored in the security region of the host memory are insufficient.
  14. 14 . The storage system as claimed in claim 12 , wherein the device security manager is further configured to: generate random values required to generate the partial triplets; store the generated random values in the non-volatile memory; and transmit a second predetermined number of the random values to the host security manager, in response to receiving a random value request from the host security manager, and wherein the host security manager is further configured to: store the random values, which are received from the device security manager, in the security region of the host memory; and transmit a random value request to the device security manager in response to determining that the random values stored in the security region of the host memory are insufficient.
  15. 15 . The storage system as claimed in claim 12 , wherein the host security manager is further configured to generate random values required to generate the partial triplets and to store the generated random values in the security region of the host memory.
  16. 16 . The storage system as claimed in claim 15 , wherein the host security manager is further configured to generate the partial triplets based on the received triplet and the generated random values.
  17. 17 . The storage system as claimed in claim 1 , wherein the device security manager is further configured to: generate random values required to generate the partial triplets; store the generated random values in the non-volatile memory; and transmit the triplet and a third predetermined number of random values to the host security manager, in response to the receiving of the triplet request from the host security manager, and wherein the host security manager is further configured to generate partial triplets in a number corresponding to a number of the participants, based on the received triplet and the received third predetermined number of random values.
  18. 18 . The storage system as claimed in claim 1 , wherein the device security manager is further configured to: generate random values required to generate the partial triplets; store the generated random values in the non-volatile memory; and in response to the receiving of the triplet request from the host security manager, generate a fourth predetermined number of partial triplets based on the triplet and the random values, and transmit the fourth predetermined number of partial triplets to the host security manager, and wherein the host security manager is further configured to convert the received fourth predetermined number of partial triplets into partial triplets in a number corresponding to a number of participants.
  19. 19 . A storage device comprising: a non-volatile memory; and a device security manager configured to manage security of the storage device and to perform mutual authentication with a host security manager of a host device, wherein the host device is configured to transmit and receive data with the storage device, wherein the device security manager is further configured to: generate a triplet; store the generated triplet in the non-volatile memory; and transmit the triplet or partial triplets generated based on the triplet to the host security manager, in response to receiving a triplet request from the host security manager, wherein the triplet comprises a set of numbers containing three numbers for performing a multiplication operation through a multi-party computation in the host device, and wherein the partial triplets comprise secret shared values of the triplet, which are distributed to participants of the multi-party computation.
  20. 20 . A host device comprising: a host memory; and a host security manager configured to manage security of the host device and to perform mutual authentication with a device security manager of a storage device, wherein the storage device is configured to transmit and receive data with the host device, wherein the host security manager is further configured to: transmit a triplet request to the device security manager; and receive a triplet or partial triplets generated based on the triplet, from the device security manager, and wherein the triplet comprises a set of numbers containing three numbers for performing a multiplication operation through a multi-party computation in the host device, and wherein the partial triplets comprise secret shared values of the triplet, which are distributed to participants of the multi-party computation.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application claims priority to Korean Patent Application No. 10-2024-0157038, filed in the Korean Intellectual Property Office on Nov. 7, 2024, the entire contents of which are hereby incorporated by reference. BACKGROUND Field The present disclosure relates to a storage device, a host device, and a storage system including the same. Description of Related Art Multi-party computation (MPC) is a technology that allows multiple parties to perform joint computations without exposing personal data. The multi-party computation (MPC) may be widely used in a variety of application fields that require cooperative computation while protecting sensitive data. These technologies may be used in areas such as finance, healthcare data processing, privacy-preserving computing, and machine learning model training using private data, and are especially useful when data security and privacy are important. In order to perform a multiplication operation in a multi-party computation, a pre-generated triplet is required. A triplet is a tool that helps participants in a multi-party computation perform multiplication operations without exposing their data. If the triplet is exposed externally, there is a risk that private data of multiple parties will be exposed. Therefore, the creation and management of triplets should be performed by a reliable configuration. In general, one triplet is consumed for each multiplication operation, so a very large number of triplets are required for multi-party computations. This requires that a large number of triplets be generated in advance to handle large-scale computational tasks. However, if a computation device participating in the multi-party computation directly creates and manages triplets, the resources of the computation device may be excessively consumed. This has the problem that it may lead to performance degradation and resource limitation issues on the computation device. The above-described information is intended to enhance understanding of the background of the present disclosure and may include information that does not constitute prior art. SUMMARY The present disclosure relates to a storage device, a host device, and a storage system including the same for solving the above problems. The problems to be solved by the present disclosure are not limited to those described above, and other problems not mentioned may be clearly understood by those skilled in the art from the description of the disclosure below. According to some aspects, a storage system includes a host device, and a storage device configured to transmit and receive data with the host device. Here, the host device includes a host memory, and a host security manager configured to manage security of the host device and to transmit a triplet request to the storage device. Here, the storage device includes a non-volatile memory, and a storage controller including a device security manager configured to manage security of the storage device, generate a triplet and store the triplet in the non-volatile memory, and transmit the triplet or partial triplets generated based on the triplet to the host security manager, in response to receiving the triplet request from the host security manager. Herein, the triplet includes a pair of numbers containing three numbers for performing a multiplication operation through a multi-party computation (MPC) in the host device, and the partial triplets contain secret shared values of the triplet, which are distributed to participants of the multi-party computation. According to some aspects, a storage device include a non-volatile memory, and a device security manager configured to manage security of the storage device and to perform mutual authentication with a host security manager of a host device configured to transmit and receive data with the storage device. Here, the device security manager is configured to generate a triplet and store the generated triplet in the non-volatile memory, and transmit the triplet or partial triplets generated based on the triplet to the host security manager, in response to receiving the triplet request from the host security manager. Here, the triplet includes a set of numbers containing three numbers for performing a multiplication operation through a multi-party computation in the host device, and the partial triplets include secret shared values of the triplet, which are distributed to participants of the multi-party computation. According to some aspects, a host device includes a host memory, and a host security manager configured to manage security of the host device and to perform mutual authentication with a device security manager of a storage device configured to transmit and receive data with the host device. Here, the host security manager is further configured to transmit a triplet request to the device security manager, and receive a triplet or partial triplets generated based on the triplet, f