How to Share a Secret

3,079
-1

Published on

We rely on secrets such as safe combinations, PIN codes, computer passwords, etc. But so many things happen to lose secretes.
1. Secrets can be lost.
2. Documents get destroyed.
3. Hard disks fail
4. People forget
5. People leave companies,
6. people die...

One way to avoid such problems :-
Divide secret data (D) in to pieces (n)
* Knowledge of some pieces (k) enables to derive secret data (D)
* Knowledge of any pieces (k-1) makes secret data (D) completely undetermined.
Such a scheme is called a (k, n) threshold scheme.

This presentation provides a in depth view of Shamir's Secret Sharing Scheme.

Published in: Education, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,079
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
108
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

How to Share a Secret

  1. 1. How to share a secret by Adi Shamir Damitha Premadasa. Kelum Senanayake.
  2. 2. Introduction About author Adi Shamir  An Israeli cryptographer born July 6, 1952.  He is a co-inventor of the RSA algorithm, Feige-Fiat-Shamir Identification Scheme.  One of the inventors of Differential Cryptanalys.  Has made numerous contributions to the fields of cryptography and computer science. We rely on secrets such as safe combinations, PIN codes, computer passwords, etc.  Secrets can be lost.  Documents get destroyed, Hard disks fail,  People forget, People leave companies, People die...
  3. 3. Example key management scenario Eleven scientists are working on a secret project. They wish to lock up the documents in a cabinet. The cabinet can be opened if and only if six or more of the scientists are present.  What is the smallest number of locks needed?  What is the smallest number of keys to the locks each scientist must carry? Minimal solution uses 462 locks and 252 keys per scientist. Drawbacks:  These numbers are clearly impractical  Becomes exponentially worse when the number of scientists increases
  4. 4. Key management/cryptographicschemes What is a Key management system.  Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. Properties of key management schemes  Safety  Convenience
  5. 5. Shamirs secret-sharing scheme Why Threshold schemes? Secret sharing scheme,  Divide secret data (D) in to pieces (n)  Knowledge of some pieces (k) enables to derive secret data (D)  Knowledge of any pieces (k-1) makes secret data (D) completely undetermined. Such a scheme is called a (k, n) threshold scheme. Easily computable when have necessary data available Avoid single point of failure, increase reliability and security Safety and convenience
  6. 6. Shamirs secret-sharing scheme (A simple(k, n) threshold scheme) Suppose using ( k, n ) threshold scheme to share our secret S. Choose at random k-1 coefficients a1, a2,.., a(k-1) and let a0=S. Build the polynomial. q(x) = a0 + a1 * x + a2 *x2 + ... a(k-1) * x(k-1) Construct D1=q(1), ..., Di=q(i), ..., Dn=q(n). Given any subset of k pairs, can find S using interpolation The secret is the constant term a0.
  7. 7. Shamirs Secret Sharing scheme The essential idea of Adi Shamirs threshold scheme,  2 points are sufficient to define a line.  3 points are sufficient to define a parabola.  4 points to define a cubic curve and so forth.  k points to define a polynomial of degree (k - 1)
  8. 8. Example S = 1234, n = 6, k = 3 At random we obtain 2 numbers: a1 = 166, a2 = 94. Our polynomial to produce secret shares (points) is therefore: q(x) = 1234 + 166 x + 94x2 We construct 6 points from the polynomial: (1,1494); (2,1942); (3,2578); (4,3402); (5,4414); (6,5614) We give each participant a different single point (both x and q(x) ).
  9. 9. Example contd… Reconstruction the secret, In order to reconstruct the secret any 3 points will be enough. Let us consider (2,1942); (4,3402); (5,4414); Using Lagrange basis polynomials, it is possible to construct q(x) hence S value can be derived.
  10. 10. Example contd…Let us considerWe will compute Lagrange basis polynomials:
  11. 11. Example contd…Therefore,
  12. 12. Useful properties of (k, n) thresholdscheme Secure. Minimal: The size of each piece does not exceed the size of the original data. Extensible: When k is kept fixed, Di pieces can be dynamically added or deleted without affecting the other pieces. Dynamic: Security can be easily enhanced without changing the secret, but by changing the polynomial occasionally (keeping the same free term) and constructing new shares to the participants.
  13. 13. Useful properties contd.. Flexible: In organizations where hierarchy is important, we can supply each participant different number of pieces according to his importance inside the organization. For instance, the president can unlock the safe alone, whereas 3 secretaries are required together to unlock it. Efficient algorithms [O(n log2 n)] available for polynomial evaluation and interpolation
  14. 14. Available Implementations http://sourceforge.net/projects/secretsharejava/ http://www.christophedavid.org/w/c/w.php/Calculators/Sh amirSecretSharing http://point-at-infinity.org/ssss/demo.html http://www.buttsoft.com/software/tontine/ http://www.buttsoft.com/software/tontine/java.html
  15. 15. Q&A Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×