Secret Sharing Scheme

Definition

In cryptography secret sharing refers to any method for distributing a secret among a group of participants, each of which allocates a share of the secret. The secret can only be reconstructed when the shares are combined together; individual shares are of no use on their own.

The secret is opened only when specific conditions are fulfilled. Each of n participants is given a number of share, and any group of t (threshold) or more shares can together open the secret but no group of less than t shares can.

A secure secret sharing scheme distributes shares so that anyone with fewer than t shares has no extra information about the secret than someone with 0 shares. Consider the naive secret sharing scheme in which the secret phrase "password" is divided into the shares "pa------," "--ss----," "----wo--," and "------rd,". A person with 0 shares knows only that the password consists of eight letters. He would have to guess the password from 268 = 208 billion possible combinations. A person with one share, however, would have to guess only the six letters, from 266 = 308 million combinations. This system is not a secure secret sharing scheme, because a player with less than t shares gains significant information about the content of the secret. In a secure scheme, even a player missing only one share should still face 268 = 208 billion combinations.

Secret sharing was invented by both Adi Shamir and George Blakley independently in 1979.

Examples

• Imagine that the Board of Directors of Coca-Cola would like to protect Coke's secret formula. The president of the company should be able to access the formula when needed, but in an emergency any 3 of the 12 board members would be able to unlock the secret formula together. This can be accomplished by a secret sharing scheme with t = 3 and n = 15, where 3 shares are given to the president, and 1 is given to each board member.
• Sometimes it is necessary to make the secret inaccessible to a single person. For instance, the secret is "nuclear button" of a state. The President together with the Premier can open the secret, but no one of them can do it alone. This scheme can be implemented with t = 2 and n = 2, where 1 share is given to each participant.
• Let's imagine that there is an organization where all members are equal. Say, an alliance between 5 states. When the organization holds a conference, quorum must be reached. Let's assume that according to the rules, the quorum is 4. If the quorum is reached, then the secret documents can be opened and the conference will start. Such scheme is accomplished with t = 4 and n = 5, where all members are equal and have 1 share.

Implementation

The first step is making an agreement between all the participants. You should come together and get outside your needs and define appropriate ways of getting access to the container. In terms of the scheme, you will have to define the threshold value - the number of shares required for opening the container (the value is called "Required shares" in the dialog) and number of shares for each member.

Then, every participant of the scheme will enter his/her own password and his/her own Number of shares, according to the agreement. After performing these actions and clicking Add button, the password will be added to the scheme and Shares ready counter will be increased by the corresponding number of shares.

The View shares button allows you to see how many passwords have been already entered and how the shares are distributed.

When the counter reaches the threshold value, the creation process can be finished and OK button will become available. But it is possible to continue the process, until all participants enter their passwords.

When all the participants finish entereing passwords, press OK button to continue a regular process of creating the container file.