shamir

package module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2021 License: MIT Imports: 6 Imported by: 5

README

Shamir's Secret Sharing

Go Reference Coverage Status

Based on github.com/codahale/sss

A pure Go implementation of Shamir's Secret Sharing algorithm

Supports from Go 1.14

Usage

go get -u github.com/lafriks/go-shamir

Example

package main

import (
    "fmt"

    "github.com/lafriks/go-shamir"
)

func main() {
    secret := []byte("example")

    // Split secret to 5 shares and require 3 shares to reconstruct secret
    shares, err := shamir.Split(secret, 5, 3)
    if err != nil {
        panic(err)
    }

    // Reconstruct secret from shares
    reconstructed, err := shamir.Combine(shares[0], shares[2], shares[4])
    if err != nil {
        panic(err)
    }

    // secret == reconstructed
}

Documentation

Overview

Package shamir implements Shamir's Secret Sharing algorithm over GF(2^8).

Shamir's Secret Sharing algorithm allows you to securely share a secret with N people, allowing the recovery of that secret if K of those people combine their shares.

It begins by encoding a secret as a number (e.g., 42), and generating N random polynomial equations of degree K-1 which have an X-intercept equal to the secret. Given K=3, the following equations might be generated: 

f1(x) =  78x^2 +  19x + 42
f2(x) = 128x^2 + 171x + 42
f3(x) = 121x^2 +   3x + 42
f4(x) =  91x^2 +  95x + 42
etc.

These polynomials are then evaluated for values of X > 0: 

f1(1) =  139
f2(2) =  896
f3(3) = 1140
f4(4) = 1783
etc.

These (x, y) pairs are the shares given to the parties. In order to combine shares to recover the secret, these (x, y) pairs are used as the input points for Lagrange interpolation, which produces a polynomial which matches the given points. This polynomial can be evaluated for f(0), producing the secret value--the common x-intercept for all the generated polynomials.

If fewer than K shares are combined, the interpolated polynomial will be wrong, and the result of f(0) will not be the secret.

This package constructs polynomials over the field GF(2^8) for each byte of the secret, allowing for fast splitting and combining of anything which can be encoded as bytes.

This package has not been audited by cryptography or security professionals.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidCount is returned when the count parameter is invalid.
	ErrInvalidCount = errors.New("shares must be more or equal to treshold but not more than 255")
	// ErrInvalidThreshold is returned when the threshold parameter is invalid.
	ErrInvalidThreshold = errors.New("treshold must be at least 2 but not more than 255")
	// ErrEmptySecret is returned when provided secret is empty.
	ErrEmptySecret = errors.New("secret can not be empty")
	// ErrInvalidShares is returned when not required minimum shares are provided or shares does not have same length.
	ErrInvalidShares = errors.New("at least 2 shares are required and must have same length")
)

Functions

func Combine 

func Combine(shares ...[]byte) ([]byte, error)

Combine the given shares into the original secret.

func Split 

func Split(secret []byte, n, k int) ([][]byte, error)

Split the given secret into N shares of which K are required to recover the secret. Returns an array of shares.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.