Secret Sharing Scheme

Definition

In cryptography, secret sharing refers to any method for distributing a secret among a group of participants, each of which allocates a share of the secret. The secret can only be reconstructed when the shares are combined together; individual shares are of no use on their own.

The secret is opened only when specific conditions are fulfilled. Each of n participants is given a number of share, and any group of t (threshold) or more shares together can open the secret but no group of less than t shares can.

A secure secret sharing scheme distributes shares so that anyone with fewer than t shares has no more information about the secret than someone with 0 shares. Consider the naive secret sharing scheme in which the secret phrase "password" is divided into the shares "pa------," "--ss----," "----wo--," and "------rd,". A person with 0 shares knows only that the password consists of eight letters. He would have to guess the password from 268 = 208 billion possible combinations. A person with one share, however, would have to guess only the six letters from 266 = 308 million combinations. This system is not a secure secret sharing scheme, because a player with less than t shares gains significant information about the content of the secret. In a secure scheme, even a player missing only one share should still face 268 = 208 billion combinations.

Secret sharing was invented by both Adi Shamir and George Blakley independently in 1979.

Examples

• Imagine that the Board of Directors of Coca-Cola would like to protect Coke's secret formula. The president of the company should be able to access the formula when needed, but in an emergency, any 3 of the 12 board members would be able to unlock the secret formula together. This can be accomplished by a secret sharing scheme with t = 3 and n = 15, where 3 shares are given to the president, and 1 share is given to each board member.
• Sometimes it is necessary to make the secret inaccessible to a single person. For instance, assume the secret is the "nuclear button" of a state. The President, together with the Premier, can open the secret, but no one of them can do it alone. This scheme can be implemented with t = 2 and n = 2, where 1 share is given to each participant.
• Let's imagine that there is an organization where all members are equal. Say, an alliance between 5 states. When the organization holds a conference, quorum must be reached. Let's assume that according to the rules, the quorum is 4. If the quorum is reached, then the secret documents can be opened and the conference will start. Such scheme is accomplished with t = 4 and n = 5, where all members are equal and have 1 share.

Implementation

The first step is making an agreement between all the participants. You should come together and define appropriate ways of getting access to the container. You should design your secret sharing scheme based upon your needs. In terms of the scheme, you will have to define the threshold value - the number of shares required for opening the container (the value is called "Required shares" in the dialog) and number of shares for each member.

Then, each participant of the scheme will enter his/her own password and his/her own Number of shares, according to the agreement. After performing these actions and clicking the Add button, the password will be added to the scheme and Shares ready counter will be increased by the corresponding number of shares.

View shares allows you to see how many passwords have already been entered and how the shares are distributed.

When the counter reaches the threshold value, OK will become available and creation process can be finished. But it is possible to continue the creation process, until all participants enter their passwords.

When all the participants finish entering passwords, click OK to continue the process of creating a new container file.