Shamir’s Secret Sharing

Shamir’s Secret Sharing is a scheme to securely share highly sensitive information such as encryption keys by splitting the information into multiple parts called shares.


What Is Shamir’s Secret Sharing?

Shamir’s Secret Sharing scheme uses an algorithm in cryptography to safely distribute parts of highly sensitive data among a network or group to prevent unauthorized access to the data. The data is divided into smaller parts called shares which are then distributed into a group or network. This scheme is named after a prominent Israeli cryptographer, Adi Shamir.
Shamir’s Secret Sharing helps significantly reduce the chances of failing to decrypt the sensitive information distributed on the network. It is due to a feature that allows decryption of the information without needing all the shares. Instead, a number lower than the total number of shares called the threshold is set which greatly reduces the chance of a failure if certain parties of the network are unavailable. 

Example

Let’s assume a company called ABC with 12 members wanting to safeguard a vault using Shamir’s Secret Sharing. The key to the vault is encrypted and is divided into 12 parts, called shares. These shares are then distributed to the members on the network, meaning that the vault would require a certain number of these members to allow access. Now, due to the threshold feature, even if one or two members are not available at a specific time, the vault could still be accessed with the presence of the other members. This helps to mitigate the risk of failing to decrypt the passcode while keeping the vault safe and secure.

The Process of Forming Shares

Shamir’s Secret Sharing is developed through a complex algebraic algorithm that estimates unknown values in a gap between two points. It is called polynomial interpolation. What this means is that the algorithm encodes the information needed to be encrypted into a polynomial expression. This is basically the dividing phase before distributing it through the network to the members. Instead of requiring all the members, only the threshold number is needed which provides enough data points to correctly estimate the values between the gaps in the encrypted shares.