Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Shamir Secret Sharing

2 min read
Pronunciation
[shah-meer see-krit shair-ing]
Analogy
Imagine you have a valuable treasure and instead of giving one person the complete map, you create five partial maps. You design these maps so that any three of them, when combined, reveal the treasure's location, but any two or fewer are useless. This way, even if some maps are lost or compromised, the treasure remains secure as long as enough trusted people keep their maps safe.
Definition
A cryptographic algorithm that divides a secret (such as a private key or seed phrase) into multiple shares, requiring a predefined threshold number of these shares to reconstruct the original secret. This allows for distributed security where no single point of failure exists, as the original secret cannot be derived from any subset of shares below the threshold.
Key Points Intro
Shamir Secret Sharing provides robust security through mathematical distribution of sensitive information.
Key Points

Threshold-based: Requires a predetermined number of shares (k out of n) to reconstruct the secret, with fewer shares revealing no information.

Information-theoretically secure: Given fewer than the threshold number of shares, no amount of computational power can recover the secret.

Flexible configuration: Can be implemented with various thresholds (e.g., 2-of-3, 3-of-5, 5-of-9) based on security needs and risk tolerance.

Resilient to loss: The system can be configured to tolerate the loss of several shares while still allowing recovery of the original secret.

Example
Alice wants to secure her Bitcoin private key using Shamir Secret Sharing. She creates a 3-of-5 scheme, generating five distinct shares. She keeps one share herself, gives one to her lawyer, one to her spouse, one to her trusted friend, and one in a safety deposit box. If Alice loses her share, she can still recover her private key by gathering any three of the remaining four shares.
Technical Deep Dive
Shamir Secret Sharing is based on polynomial interpolation in finite fields. For a threshold k, a random polynomial of degree k-1 is created where the secret is encoded as the constant term (the y-intercept). Shares are generated as points on this polynomial. Due to the mathematical property that k points uniquely determine a polynomial of degree k-1, having k shares allows reconstruction of the polynomial and recovery of the secret. The technique typically uses operations in GF(2^256) for cryptocurrency applications to provide compatibility with 256-bit keys.
Security Warning
While distributing shares improves resilience, it also creates multiple potential attack vectors. Ensure each share is protected with appropriate security measures. Also, be aware that the reconstruction process temporarily exposes the complete secret, so perform reconstruction in a secure environment, ideally on an air-gapped device.
Caveat
Implementation complexity can lead to errors or vulnerabilities. Additionally, if the threshold is set too low, it reduces security; if set too high, it increases the risk of permanent loss due to missing shares. The security guarantees only hold if the shares are generated properly with true randomness and if the device used for generation and reconstruction isn't compromised.
Related Terms
Social Recovery
Air-Gapped Device
Cold Storage

Shamir Secret Sharing - Related Articles

No related articles for this term.