Scripts for using Shamir’s Secret Sharing Scheme securely

By | December 5, 2022

The open-source package Shamir’s Secret Sharing Scheme, or “ssss” for short, allows a relatively short secret, for example, a password or passphrase, to be split into a specified number of shares in a way that allows the entire secret to be reconstructed from only a subset of the shares. For example, you can split a passphrase into five shares and allow any two of them to be used to reconstruct it. This is useful in situations where you want to require more than one person in a group to approve a particular action.

While ssss solves the basic algorithmic problem of splitting a secret into shares, it doesn’t solve the higher-level problem of how to create a secret, split it into shares, and distribute those shares to the share-holders without anyone ever seeing the secret or a share other than their own.

Similarly, while ssss solves the algorithmic problem of recombining shares into a secret, it doesn’t solve the higher-level problem of how to temporarily recreate and use a secret without anybody seeing the secret or a share other than their own.

To facilitate solutions to those higher-level problems, I’ve just added two new scripts ssss-split-silent.py and ssss-combine-silent.py, to the open-source 1password-backup repository hosted by Numerated Growth Technologies, Inc. See their documentation here, or just clone the repository, read the comment at the top of each of the scripts, and run them with --help for additional information.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *