18 comments

[ 3.1 ms ] story [ 57.6 ms ] thread
(comment deleted)
I've been wanting to use this in combination with Rabin's Information Dispersal algorithm to create an autonomous distributed file storage system. You would have redundancy, but redundancy in a way that you only require k of n "pieces" to recover your original file (or data object). This is pretty cool, because you don't need to have 10 copies of a 1 GB file (10 GB total) spread about the web in order to achieve a high probability of being able to recover your data.
When you encode information with Shamir Secret Sharing, each share is actually bigger than the original secret. The computation requirements also don't scale very well. What you want is called Erasure Coding. (https://en.wikipedia.org/wiki/Erasure_code)
Vault uses this technique https://www.vaultproject.io/
I came across the algorithm while going through the project. One interesting feature of the technique is that it is possible to set the threshold less that total number of parts to recreate the secret and it is used by the software.
The wikipedia link gets mathematical very quickly.

With Shamir's secret sharing you can take a file and split it for example into 3 parts. Only 2 parts would need to be combined to re-create the original. This would be 2 of 3 in Bitcoin parlance.

That's how I protect my bitcoin
You should be a bit careful with implementations and keep in mind that you can't split a number larger than the prime you've picked. I've seen people go "oh I'll just split an N-byte value into M * N-byte values, splitting each byte separately with the largest prime < 256, surely the loss of a few values per byte won't be of consequence...". It might not be in your case, but you need to be aware of that.
I run a small operation providing websites/online storage/email for a couple of friends and small businesses, and I use this as recovery solution to a master key. I distributed the encrypted very big master key, full system documentation and a part of the decryption key to the master key to a couple of people including a public notary. This way, should it ever get necessary, it will be possible for them to access my encrypted files. Say I get hit by a bus or something similar.

Thank you, Shamir!

What's especially cool about this technique is that unlike most crypto proofs it does not assume the existence of one-way functions (none have been found yet) nor does it require a computationally bounded adversary.

Instead this technique is information theoretically secure so even an adversary with the ability to perform exponentially slow algorithms instantly could not find the secret.

All this in a two page paper that only required high school math!

PS - The "Shamir" who found this technique is the S in RSA