Shamir's Secret Sharing
Shamir's Secret Sharing Scheme (SSSS)¶
If the share is a k-degree polynomial then it needs k+1 points to generate the original polynomial with the secret.
If you needs 5 partial keys then you just have to generate 5 points that are on the polynomial.
Math¶
\[ Ax^4 + Bx^3 + Cx^2 + Dx + E \\ A, B, C, D, E\in\mathbb{Z} \]
\[ \mathcal{M} := \begin{pmatrix} 1 & 0 & 0 & 0 & 0 & 0 & Kx_1^4 & Kx_2^4 & Kx_3^4\cr 0 & 1 & 0 & 0 & 0 & 0 & Kx_1^3 & Kx_2^3 & Kx_3^3\cr 0 & 0 & 1 & 0 & 0 & 0 & Kx_1^2 & Kx_2^2 & Kx_3^2\cr 0 & 0 & 0 & 1 & 0 & 0 & Kx_1 & Kx_2 & Kx_3\cr 0 & 0 & 0 & 0 & 1 & 0 & K & K & K\cr 0 & 0 & 0 & 0 & 0 & 1 & -Kf(x_1) & -Kf(x_2) & -Kf(x_3)\cr \end{pmatrix} \]
Usage¶
from cryptopals_lib import *
from binascii import hexlify
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Protocol.SecretSharing import Shamir
#Generate Key
key = get_random_bytes(16)
print(key)
#Generate Shares
shares = Shamir.split(2, 5, key, ssss=True)
#Print Shares
for idx, share in shares:
print("Index #{}: {}".format(idx, hexlify(share)))
#Use Two shares to get secret
key = Shamir.combine(shares[:2])
print(key)
Implementation¶
Security¶
When choosing random values for the shares make sure that the number cant be 0 this removes a term and than makes it easier for the secret to be generated
Each share must not repeat