Secret Sharing Algorithms

Secret Sharing

It’s also know as Secret Splitting.

• It’s refers to the methods for distributing a secret amongst a group of
participant, each of whom is allocated a share of the secret.
• The secret can be reconstructed only when a sufficient number of possibly
different types, of share are combined together.
continuation

• It is invented independently by Adi Shamir and George Blakley in 1979

• Their respective solutions work for any threshold.
• Meanwhile, secret sharing has become a fundamental cryptographic
primitive with a host of applications, most notably in threshold
cryptography and secure multi-party computation.
• In one type of sharing there is always one dealer and n players. The
dealer accomplishes this by giving each player a share in any group of
the T (threshold) or more player can come together reconstruct the
secret
 A Problem

• 11 Scientist are working on a secret project. They wish to lock up the

documents in a cabinet so that the cabinet can be opened IF AND
ONLY IF SIX OR MORE OF THE SCIENTIST ARE PRESENT.
• What is the smallest number of locks needed?
• What is the smallest number of keys to the locks each scientist must
carry?
 The Secret Sharing Problem

• Goal: Divide a secret D, into N pieces, D1,…..,Dn in a way that:

• Knowledge of the any of the T or more D pieces make D easily computable
• Knowledge of T-1 or fewer Di pieces leave D completely undetermined (i.e all
the possible values of D are equally likely)
• In an information Theoretic sense reveal no information on D
Mathematical Definition

• Goal is to divide some data D (e.g., the safe

combination) into n pieces D1,D2….Dn in such a
way that:

• Knowledge of any k or more D pieces makes

D easily computable.
• Knowledge of any k -1 or fewer pieces leaves
D completely undetermined (in the sense that
all its possible values are equally likely).

• This scheme is called (k,n) threshold scheme. If

k=n then all participants are required together to
reconstruct the secret.
 An important of Lemma

• Let n, t ꞓ N, 1≤t. Also, let 𝑋1, Y1 ꞓ Z/pZ, 1≤ i ≤ L where the X1 are

pairwise distinct. Then there are exactly 𝑃𝑡−1 𝑝𝑜𝑙𝑦𝑛𝑜𝑚𝑖𝑎𝑙𝑠 𝑏
ꞓ(Z/pZ)[X] of degree ≤t-1 with 𝑏 𝑥 = 𝑦1, 1 ≤ i≤L.
Example: Creating the Shares

• Let n=5; t=3 the dealer choses P=17; Xi=L, 1 ≤t ≤5. let the secret S= 3.
the dealer choose the secret coefficient, A2=15; A1=14
The coefficient A0=3 is the secret. Hence the polynomial is the
a(x)=15X^2+ 14X+3
Thus the share are:
𝑦1 = 𝑎 1 = 15
𝑦2 = 𝑎 2 = 6
𝑦3 = 𝑎 3 = 10
𝑦4 = 𝑎 4 = 10
𝑦5 = ⅆ 5 = 6
What is secret sharing?

• In cryptography, secret sharing refers to a method for

distributing a secret amongst a group of participants, each of
which is allocated a share of the secret.
• The secret can only be reconstructed when the shares are
combined together; individual shares are of no use on their
own.
Importance
• Secret sharing scheme are ideal for storing information that is highly sensitive and
highly important
• Example include: Encryption Keys, missile launch code, and numbered bank
accounts.
• Keeping Encryption Keys– traditional methods for encryption are ill-suited for
simultaneously achieving high level of confidentially and reliability.
• Therefore, secret sharing schemes address this problem, and allow arbitrarily high
level of confidentially and reliability to be achieved
• Secret sharing schemes are very important in cloud computing environments. Thus a
key can be distributed over many servers by a threshold secret sharing mechanism
• It’s also suggested for sensor networks where the links are liable to be tapped by
sending the data in shares which make the task of the eavesdropper harder
Why do we need secret sharing?

• Gives tight control and removes single point

vulnerability.

• Individual key share holder cannot change/access

the data.
“Secure" versus “Insecure" secret sharing

• A secure secret sharing scheme distributes shares so that anyone with

fewer than t shares has no extra information about the secret than
someone with 0 shares.
• Consider for example the secret sharing scheme in which the secret
phrase "password" is divided into the shares "pa––––––", "––ss––––", "–
–––wo––", and "––––––rd".
• A person with 0 shares knows only that the password consists of eight
letters. He would have to guess the password from 268 = 208 billion
possible combinations. A person with one share, however, would have to
guess only the six letters, from 266 = 308 million combinations, and so on
as more persons collude.
“Secure" versus “Insecure" secret sharing

• Consequently this system is not a "secure" secret sharing scheme,

because a player with fewer than t secret shares is able to reduce the
problem of obtaining the inner secret without first needing to obtain all
of the necessary shares.
• In contrast, consider the secret sharing scheme where X is the secret to
be shared, Pi are public asymmetric encryption keys and Qi their
corresponding private keys. Each player J is provided
with {P1(P2(...(PN(X)))), Q j}.
• In this scheme, any player with private key 1 can remove the outer layer
of encryption, a player with keys 1 and 2 can remove the first and second
layer, and so on.
 Trivial secret sharing

• t=1
• t = 1 secret sharing is trivial. The secret can simply be distributed to
all n participants.
• t=n
There are several (t, n) secret-sharing schemes for t = n, when all
shares are necessary to recover the secret:
• 1 < t < n, and, more general, any desired subset of n
• The difficulty lies in creating schemes that are still secure, but do not
require all n shares. For example, imagine that the Board of Directors
of a company would like to protect their secret formula
• The president of the company should be able to access the formula
when needed, but in an emergency any 3 of the 12 board members
would be able to unlock the secret formula together.
 Trivial secret sharing

• This can be accomplished by a secret sharing scheme with t = 3

and n = 15, where 3 shares are given to the president, and 1 is given
to each board member
• When space efficiency is not a concern, trivial t = n schemes can be
used to reveal a secret to any desired subsets of the players simply by
applying the scheme for each subset
• For example, to reveal a secret S to any two of the three players
Alice, Bob and Carol, create three different (2, 2) secret shares for s,
giving the three sets of two shares to Alice and Bob, Alice and Carol,
and Bob and Carol
Shamir's Secret Sharing

• Suppose we want to use (k,n) threshold scheme to share our secret S

where k < n.
• Choose at random (k-1) coefficients a1,a2,a3…ak-1 , and let S be the
a0

k 1
f ( x)  a0  a1 x  a2 x  .....  a
2
k 1
Shamir's Secret Sharing

• Construct n points (i,f(i)) where i=1,2…..n

• Given any subset of k of these pairs, we can find the coefficients of

the polynomial by interpolation, and then evaluate a0=S , which is
the secret.
Example

• Let S=1234
• n=6 and k=3 and obtain random integers
a1=166 and a2=94

f ( x)  1234  166x  94 x 2
• Secret share points
(1,1494),(2,1942)(3,2598)(4,3402)(5,4414)(6,5614)

• We give each participant a different single point (both x and

f(x) ).