Vault(<a href="https://www.vaultproject.io/" rel="nofollow">https://www.vaultproject.io/</a>) and Phaistos KMS (<a href="https://github.com/phaistos-networks/KMS" rel="nofollow">https://github.com/phaistos-networks/KMS</a>) both use SSD for sealing/unsealing, where a master key is created, 'divided' into multiple keys and a minimum number of such keys are required to unseal the service.
I'm not a mathematician but here is my ELI5 understanding of it based on linked wikipedia article.<p>If you know the coordinates of any 2 points on a line you can recover the equation for that line.
The same is true for 3 points on a quadratic curve and 4 points on cubic curve, etc.<p>So if our secret is the number c we can put it in the equation for, say, a quadratic:
ax^2 + bx + c = 0
We can then give any number of people the coordinates for different single points on this curve.<p>None of these people know the equation but if any 3 of them share their coordinates they can work out the
equation and thus the value of c.
Shamir’s Secret Sharing is one of my favorite algorithm names. It sounds straight out of a D&D wizard spell list. Especially when you interpret it as ”sharing in secret” instead of ”sharing a secret”.
Greg Maxwell has suggested that quite a few implementations of SSS are broken: "FWIW, virtually every SSS thing I've seen out there is just wrong in at least some less serious way. In general I've found secret sharing to be part of a pretextual security practice that seldom helps users against realistic threats, and the thoughtlessness of using it is usually reflected in the implementation." - <a href="https://np.reddit.com/r/Bitcoin/comments/72dfy1/armory_wallet_fragmented_backups_may_be/dnho2w6/" rel="nofollow">https://np.reddit.com/r/Bitcoin/comments/72dfy1/armory_walle...</a><p>Here is one seriously broken implementation he discovered: <a href="https://bitcointalk.org/index.php?topic=2199659.0" rel="nofollow">https://bitcointalk.org/index.php?topic=2199659.0</a>
Suppose I asked if there's a practical example of merkle trees in the wild. Someone answers, "of course: git." Then 7 troglodyte friends and I jump on github/gitlab/whatever (which is super easy because everyone already uses one of these user-friendly services that wrap around git) and immediately see how git helps us develop by leveraging merkle trees. We realize that the merkle trees are leveraged so that we can ensure (most of the time) data integrity in the history of our source code. Thanks, git!<p>Now suppose I asked if there's a practical example of SSS in the wild. Someone answers, "of course: ___." Then 7 troglodyte friends and I jump on ___ (which is super easy because everyone already uses one of these user-friendly services that wrap around ___)and immediately see how ___ helps us develop by leveraging SSS. We realize that SSS is leveraged so that we can ensure ___. Thanks, ___!<p>Fill in the blanks.
It's amazing how this is a practical piece of math that can be understood with little more than a basic familiarity with polynomials. This is the kind of stuff I'd loved to have learned in middle school!
One of my favorite Shamir implementations:<p><a href="https://github.com/codahale/shamir" rel="nofollow">https://github.com/codahale/shamir</a>
Reminds me a lot of my usenet newsgroup file sharing days and the PAR parity format. A file is split into say 200 pieces to fit within the limitations of a newsgroup post. Those 200 posts may or may not all make it to your usenet server, but an additional 10-20 parity files are also created such that you need to only find 200 total unique pieces to recreate the data.<p>It's different in that the data is totally readable other than the missing pieces (although practically unusable). The thing that blew my mind was just how a single parity file can fill a single gap regardless of where in the sequence of original files.
I came across Shamir's Secret Sharing recently when thinking about how a partial password scheme might best be implemented. I even went as far as writing up an implementation of the cryptographic aspects.<p><a href="https://jonathanstreet.com/blog/partial-passwords/" rel="nofollow">https://jonathanstreet.com/blog/partial-passwords/</a>
Somewhat interesting article on secret sharing being used to store Hardware private keys <a href="https://medium.com/@markstar/backup-your-trezor-ledger-using-shamirs-secret-sharing-972e98101839" rel="nofollow">https://medium.com/@markstar/backup-your-trezor-ledger-using...</a>
NuCypher uses this on our proxy re-encryption scheme. You don't want a re-encryption key to be all together in one place, so we split it up using SSS and distribute the fragments. For cryptography beginners, this scheme is relatively easy to understand, describe, and prove.
In my undergraduate final year project, we used a "variation" of SSS called Thien-Lin Secret Sharing to enable bank locker security! Glad to see SSS being shared here!