In this paper, we present a construction of (n,k,d,m) secure regenerating codes for distributed storage systems against eavesdroppers that can observe either data stored in at most m storage nodes or downloaded data for repairing at most m failed nodes in a network where m < k ≤ d ≤ n-1. The (n,k,d,m) secure regenerating code is based on an (n,k,d) minimum bandwidth regenerating (MBR) code, which was proposed by Rashmi, Shah and Kumar as optimal exact-regenerating codes, for all values of the parameters (n,k,d). The (n,k,d,m) secure regenerating codes have the security as a secret sharing scheme such that even if an eavesdropper knows either data stored in at most m storage nodes or downloaded data for repairing at most m failed nodes, no information about data leaks to the eavesdropper.

In this paper we propose a class of byte-error-correcting codes derived from algebraic curves which is a generalization on the Reed-Solomon codes, and present their fast parallel decoding algorithm. Our algorithm can correct up to (m + b -θ)/2b byte-errors for the byte length b, where m + b -θ + 1dG for the Goppa designed distance dG. This decoding algorithm can be parallelized. In this algorithm, for our code over the finite field GF (q), the total complexity for finding byte-error locations is O (bt(t + q - 1)) with time complexity O (t(t + q - 1)) and space complexity O(b), and the total complexity for finding error values is O (bt(b + q - 1)) with time complexity O (b(b + q - 1)) and space complexity O (t), where t(m + b -θ)/2b. Our byte-error-correcting algorithm is superior to the conventional fast decoding algorithm for randomerrors in regard to the number of correcting byte-errors in several cases.

This paper proposes secure regenerating codes that are composed of non-secure regenerating codes and a new all-or-nothing transform. Unlike the previous analysis of secure regenerating codes, the security of the proposed codes is analyzed in the sense of the indistinguishability. The advantage of the proposed codes is that the overhead caused by the security against eavesdropping is much less than that of previous secure regenerating codes. The security of the proposed codes against eavesdropping mainly depends on the new all-or-nothing transform.