You are on page 1of 15

Shamirs Secret

Sharing
A Simple Applications of Polynomial Ring to
Protect Your Secret

Motivation
It is not a good idea to keep the whole secret alone
Especially if it is highly sensitive and highly important.
The way to solve this problem is to divide the original secret into
parts.
Actually, there is a rules to divide the original secret and to
reconstruct the original secret. Mathematics is important here.
Then, how we divide the secret so that it will increase the security
of the original secret?

Secret Sharing
Informally, Secret sharing is any method for distributing a secret
amongst a group of individuals (shareholders) each of which is
allocated some information (share) related to the secret.
(Adi Shamir & George Blakley, 1979)
The secret can only be reconstructed when the shares are
combined together.
Individual shares are of no use on their own.
Before we talk about Shamirs secret sharing, lets see about this
scheme first.

Threshold Scheme
The

purpose of this scheme is to divide a secret into shares such


that:
1. The reconstruction of secret requires a knowledge of or more
shares.
2. A knowledge of or less shares leaves the secret completely
undetermined.
This scheme is called the -threshold scheme and is the threshold
value

Shamirs Secret Sharing


The main idea is:
two points are sufficient to define a line, 3 points are sufficient to
define a parabola, 4 points to define a cubic curve and so forth
That is, points are sufficient to define a polynomial of degree .
Shamirs secret sharing scheme is a -threshold scheme based from
polynomial interpolation.

Instead
of sharing the random numbers, Shamirs secret sharing scheme

generate a polynomial
from random numbers which is an elements of finite field of size and again
where is prime numbers.

Usually the finite field is used.

How to Share
Recall the polynomial over
Suppose that the secret to be divided into shares.
Then, compute
for
So we have an ordered pairs of points , which is the shares, to be
distributed to participants or shareholders.

How to Reconstruct the Secret


Let contain exactly elements
Formalizing the Lagrange interpolation over a finite field. Let for
Thus
is the original secret.

Example
Let and the threshold value be
Choose at random and in . For example and
Now we have over
Then generate as many share as we wish. For example if we have

Suppose we have shares then we can reconstruct the secret from


over . Hence,

Observation
Properties:
1. Information theoretically secure
2. Make us of Lagrange interpolation
3. Space efficient

Advantages:
1.

Keeping fixed, shares can be easily added or removed without affecting other share

2.

It is easy to change the shares

3.

It is possible to provide more than one share per individual: hierarchy

Problems
1. If the participants cheat in reconstruction of secret, the secret
cannot be recovered. That is, every persons/parties should tell
the truth or the secret can not be reconstructed.
2. The scheme is one-time.
3. The scheme only allows revealing a secret, not computing with it.

Another Scheme
Verifiable Secret Sharing (VSS) could fix the first problem above.
Proactive Secret Sharing: periodically renew the shares (from
Shamirs scheme) without changing the secret S.

Reference
Munir,Rinaldi, Baratha,Addie, Studi Dan Implementasi Clustering Penerima Kunci Dengan
Metode Shamir Secret Sharing Advanced
http://informatika.stei.itb.ac.id/~rinaldi.munir/TA/Makalah_TA%20Addie%20Barata.pdf .
Tanggal akses: 26 Mei 2015
Zanin,Giorgio, Secret Sharing Schemes and their Applications
http://wwwusers.di.uniroma1.it/smart/ppt/zanin.pdf . Tanggal akses: 21 Mei 2015
http://www.cs.berkeley.edu/~ daw/teaching/cs276-s04/22.pdf . Tanggal akses: 29 Mei 2015
http://scholarworks.uno.edu/cgi/viewcontent.cgi?article=2314&context=td . Tanggal akses:
30 Mei 2015