Shamir's Secret Sharing
This tool is a practical realization of Shamir's secret sharing scheme.
Shamir's secret sharing scheme allows you to split a "secret" into several "shares". You can only reconstruct the secret if you have a certain number of those shares. Any fewer, and it is impossible to deduce anything about the secret other than its length.
Step 1: Distribution
In this step, you will choose a secret. The secret is a string of text. It will be "split" into several shares. (These shares are also strings of text.) You can specify both the number of shares to produce and the number of shares you will need to reconstruct the secret.
For example, in a 3-of-5 scheme, you split your secret into five shares. Any three of them will allow you to reconstruct the original secret. If you only have one or two of those shares, though, you will have no way to recover or deduce any of the contents of that secret.
Step 2: Reconstruction
Copy some of the text strings you obtained from above into the textbox below. Make sure that each share is separated with whitespace (e.g. a space or newline). If you enter enough shares for a given secret, you will see your message below. Otherwise, you will likely see garbage.
Help
Why do the shares look like they do?
Let's analyze the share
shamir-P6CFOD2J-11d-11-Nf8uJbgz8xKsBZA.
| Part | Description |
|---|---|
shamir
|
This is a prefix to help identify the data as belonging to a Shamir secret |
P6CFOD2J
|
This is the secret's randomly generated ID. This is to help correlate many shares to the same secret. |
11d
|
This is the hex-encoded primitive polynomial used to generate the underlying Galois field. If you don't understand what that means, that's okay. This is to give a nerd all the information they need to write their own decoding algorithm. Most online tools do not report this, which means that without their specific tool, you won't be able to reconstruct your secret. This tool gives you all the information you need. |
11
|
This is the x-coordinate used when reconstructing the polynomials. |
Nf8uJbgz8xKsBZA
|
This is base64-encoded bytes that correspond to the y-values of a polynomials used in the algorithm. Each byte uses a different polynomial, so we must keep track of a different y-value for each byte of data. |
Note that this is all implementation-specific. I made some design decisions to make finding shares, using those shares, and reconstructing secrets easier. Many other online tools don't provide you with quite enough information to reconstruct the shares from scratch, and they rely on assumptions that aren't obvious by looking at, say, arbitrary byte strings.
Can I trust this online tool?
Technically, no. Don't use it for anything serious.
That being said, I don't record any inputs. All of the computations are done locally in your browser. I compiled this code into WebAssembly and added a basic UI. You can verify that I don't send any information back to my server by monitoring any network requests in your developer tools.
Also, you should never trust your sensitive information with random websites like this one. 😀
Where can I see the underlying code?
Check it out at https://github.com/49pctber/shamir.