Secure Storage Codes Over Graphs

• The paper introduces secure storage codes that encode independent source symbols across graph-structured nodes while ensuring edge-wise decodability and data security.
• It leverages graph-theoretic models to define characteristic and non-degenerate subgraphs, which are key to assessing optimal rate and capacity under various edge conditions.
• The study employs algebraic and probabilistic constructions, including random linear mappings, to achieve extremal capacities and robust node-erasure correction in distributed storage.

Secure storage codes over graphs constitute a class of coding schemes designed to reliably and confidentially encode multiple independent source symbols into storage nodes structured as a graph, subject to stringent edge-wise correctness and data security constraints. The extremal rate and key efficiency of such codes depend critically on the graphical structure and the specific access pattern enforced on the edges. This article provides a comprehensive treatment of the core problem, optimal rate characterizations, graph-theoretic foundations, code constructions, examples, and their relevance to distributed storage and secure computation.

1. Problem Formulation and Security Constraints

Let $G=(\mathcal{V}, \mathcal{E})$ be an undirected graph with $N=|\mathcal{V}|$ storage nodes. The encoder maps $K$ independent source symbols $W_1,\ldots,W_K$ (each of $L_w$ bits) to $N$ coded symbols $V_1,\ldots,V_N$ (each of $L_v$ bits) stored at the nodes. Each edge $e=\{i,j\}\in\mathcal{E}$ is labeled by a subset $t(e)\subseteq [K]$, either of cardinality $D$ (qualified) or zero (unqualified).

A secure storage code must satisfy:

• Decodability: For every qualified edge $e=\{i, j\}$ with $t(e)=\mathcal{D}$, $|\,\mathcal{D}|=D$, the $D$ indexed source symbols must be recoverable from $(V_i, V_j)$:

$H(W_k : k\in \mathcal{D}\mid V_i,V_j)=0.$

• Security: The remaining $K-D$ source symbols must remain statistically independent, conditioned on the recovered subset:

$$I(V_i,V_j; W_k : k\notin \mathcal{D}\mid W_k: k\in \mathcal{D}) = 0.$$

• Edge-unqualified privacy: For edges with $t(e)=\emptyset$, $(V_i, V_j)$ reveals no information about any source symbol.

The performance metric is the symbol rate $R = L_w/L_v$; the supremum over achievable rates is the secure storage capacity $C(G, D)$ (Li et al., 2022, Li, 12 Jan 2026).

2. Graph-Theoretic Modeling and Characteristic Subgraphs

For each source symbol index $k$, define the characteristic graph $G^{[k]}=(\mathcal{V}, \mathcal{E}^{[k]})$ with an edge qualified iff $k\in t(e)$. Nodes possess a common-source set $$\mathcal{C}(i) = \bigcap_{j:\{i,j\}\in\mathcal{E}} t(\{i,j\})$$.

Degenerate nodes: Any node where all incident edges are labeled by the same set $\mathcal{C}(i)$.

Non-degenerate subgraph $\hat{G}$: The induced subgraph after removing degenerate nodes. Edge-labeled graphs are characterized by the interplay between qualified edges, unqualified components, and the node-wise intersection of source sets.

3. Extremal Capacity Theorems for Secure Storage over Graphs

Single-Symbol Edge Case $(D=1)$

Theorem (Capacity $C(G,1)=1$):

$C(G,1)=1$ if and only if, in every qualified component $Q$ of $\hat{G}$, for every $k\in[K]$, the characteristic subgraph $Q^{[k]}$ contains no internal qualified edge, i.e., every qualified edge bridges two distinct unqualified components (Li et al., 2022, Li, 12 Jan 2026).

General Multi-Symbol Case $(D>1)$

Under the "mild condition" (no non-degenerate node has a common source):

$$\forall\,i\notin \text{degenerate}: \bigcap_{j:\{i, j\} \in \mathcal{E}} t(\{i, j\}) = \emptyset,$$

the capacity $C(G,D)=1/D$ iff each $G^{[k]}$ has no internal qualified edge.

$2/D$ Capacity

Without the mild condition, $C(G,D)=2/D$ precisely for graphs where (i) every non-degenerate node has $|\mathcal{C}(i)| \ge D/2$ and (ii) for all qualified edges $\{i,j\}$, $\mathcal{C}(i)\cup\mathcal{C}(j) = t(\{i,j\})$.

Source Key Rate

A variant introduces a shared source key $Z$ of entropy $L_Z$, with source key rate $R_Z=L/L_Z$. The source key capacity $$C(G)=\sup \{ R_Z : R_Z \text{ sup-achievable on } G \}$$ has been fully characterized for several fundamental cases (Li, 12 Jan 2026).

4. Algebraic and Probabilistic Constructions

Achievability at extremal rates uses explicit random linear mappings:

• Single-symbol edges $(D=1)$:
  • For each $G^{[k]}$, assign to each unqualified component a distinct coefficient $\alpha_{u,k}\in\mathbb{F}_q$, and global noise $Z$:

  $V^{[k]}_n = \alpha_{n,k} W_k + Z.$ - Aggregate over $k$:

  $V_n = \sum_{k=1}^K V^{[k]}_n.$ - Ensures decodability via unique coefficients and security by noise alignment.

• General $D$:

  • Replace scalar coefficients by $D$-vectors and random $D$-dimensional noise vector $Z$.
  • Qualified edge recovery exploits matrix invertibility over large field $\mathbb{F}_q$.
• $2/D$ case:
  • Each $V_i = H_i \cdot (W_k: k\in \mathcal{C}(i))$, for random $D\times 2|\mathcal{C}(i)|$ matrices.
  • Determinant non-vanishing guarantees full recovery.
• Zero-key storage:
  • Codes dispense with shared randomness if $\mathcal{C}(i)\cup\mathcal{C}(j)=t(\{i, j\})$ for every qualified edge; then each coded symbol is a deterministic function of the local common sources.

5. Decoding Mechanisms and Node-Erasures

For edge-coded storage, node failures erase all associated incident edges. Coding-theoretic approaches employ linear constraints (neighborhood parities, diagonal sums, etc.) for node-erasure correction:

Code Type	Redundancy	Field Size Condition
MDS (general $\rho$)	$\rho n - \binom{\rho}{2}$	$q \geq \Theta(n^2)$
Binary, double-node ($\rho=2$)	$2n-1$	$n$ prime; $q=2$
Binary, triple-node ($\rho=3$)	$3n-2$	$n$ prime, $2$ primitive mod $n$; $q=2$

Decoding leverages syndrome polynomials constructed from unaffected neighborhoods, enabling efficient recovery in $O(n^2)$ time for $\rho=2,3$ (Yohananov et al., 2018, Yohananov et al., 2017).

6. Applications and Examples

Secure storage codes over graphs underpin reliability and confidentiality in various distributed systems, including distributed storage, neural networks, and associative memories. Key scenarios:

• Tree graphs: Achieve $C(G)=1$ for single-symbol edges.
• Cycles and complete graphs: Internal qualified edges reduce capacity below $1$.
• Bipartite and layered graphs: Admit zero-key storage under union condition.
• Regenerating codes on graphs: Repair bandwidth and integrity depend on graphical distance, helper selection, and adversarial node count; stacked MSR codes and Gabidulin concatenation achieve optimal functional and adversarial repair bounds (Patra et al., 2024, Koyluoglu et al., 2012).

7. Connections to Secure Computation and Secret Sharing

Secure storage codes over graphs are tightly linked to conditional disclosure of secrets and secret-sharing schemes with access structures defined by graph topology. Proofs and constructions exploit entropy bounds, combinatorial alignment, and matrix invertibility. The balance between global randomness (key size) and optimal rate has foundational implications for randomized complexity and the design of secure multiparty protocols.

References and Further Reading

• Z. Li, H. Sun: "On Extremal Rates of Secure Storage over Graphs" (Li et al., 2022).
• Z. Li, H. Sun: "On the Extremal Source Key Rates for Secure Storage over Graphs" (Li, 12 Jan 2026).
• D. S. Papailiopoulos et al.: "Secure Cooperative Regenerating Codes for Distributed Storage Systems" (Koyluoglu et al., 2012).
• V. Skachek: "Double and Triple Node-Erasure-Correcting Codes over Graphs" (Yohananov et al., 2018).
• V. Skachek: "Codes for Graph Erasures" (Yohananov et al., 2017).
• I. Duursma, X. Li: "Johnson Graph Codes" (Duursma et al., 2019).
• Y. Hu, A. Barg: "Generalized regenerating codes and node repair on graphs" (Patra et al., 2024).