Shamir’s Secret Sharing (SSS) and its role in the secure sharing of secrets

In this week’s article, we will explore in depth the operation and applications of Shamir’s Secret Sharing (SSS), as well as its advantages and disadvantages, to provide a comprehensive analysis of its impact on secure secret sharing.

What is Shamir’s Secret Sharing (SSS)?

Shamir’s Secret Sharing (SSS) is a cryptographic algorithm developed by Adi Shamir in 1979 to divide a secret into multiple parts and establish a recovery threshold. This threshold, represented by a minimum number of parts (m) out of a total of n generated, is crucial for the reconstruction of the original secret; possession of less than m parts does not reveal any information about it. Unlike multi-signature schemes, which are implemented on-chain, SSS operates off-chain, distributing a single private key across multiple fragments.

This approach is particularly valuable for users seeking a balance between security and accessibility in custody, and is most often used by individuals who wish to avoid single points of failure and the complexities associated with multi-signature configurations.

How it works and applications

As we have just seen, Shamir’s Secret Sharing is a cryptographic method that divides a secret into several parts, or shares, so that none of them has value on its own. To recover the original secret, it is necessary to combine a minimum number of these parts, known as the threshold. This threshold can be greater than or equal to 2, depending on the security requirements. For example, if a secret is divided into 10 parts with a threshold of 3, the secret can be reconstructed using any combination of 3 of the 10 parts. However, with only 2 parts, it is not possible to recover the secret.

The technique is based on Lagrange’s polynomial interpolation theorem, which states that a polynomial of degree k-1 (where k is the threshold) can be determined from t points in the plane.

SSS applications:

• Data protection: Enables secure distribution of secrets, reducing the risk of total loss by requiring multiple parties for recovery.
• Key management: Increases security by distributing keys among multiple parties, reducing the risk of compromising a single key.
• Electronic voting: Facilitates voting systems that allow voters to cast their votes securely and anonymously, without compromising their identity.
• Software distribution: Ensures that software updates are reviewed and installed only by a quorum of authorized users, preventing unauthorized installations.
• Physical asset protection: Requires group authorization to access sensitive information or facilities, increasing security in critical environments.

By using SSS, organizations can strengthen their security practices and ensure that the protection of secrets and critical assets is both flexible and robust.

Advantages and disadvantages of Shamir’s Secret Sharing Scheme

Shamir’s Secret Sharing Scheme (SSSS) provides an advanced way to protect and manage secrets, but has certain limitations that should be considered before implementation, especially in high-risk custodial environments.

Advantages

• Does not require signatures from multiple devices: Unlike a multi-signature scheme, SSS does not require the active participation of multiple devices to complete a transaction. This allows your assets to remain on your primary device while secret backups are distributed to trusted devices or individuals. If you lose or damage your device, you can restore your recovery phrase and funds using the backup shares without the need for multiple signatures.
• Advanced sharing schemes: Shamir’s Secret Sharing is based on polynomial mathematics and does not impose strict limits on the number of shares (n) or recovery threshold (m). This allows configurations to be set up with up to 51 shares, which can be stored in secure locations such as bunkers or safes. While this capacity may seem excessive, it provides remarkable flexibility in managing secrets.
• Multi-cryptocurrency compatibility: This scheme can be applied to any type of data, allowing backing from Bitcoin to altcoins such as Ethereum or Monero. In addition, it requires only one mnemonic (BIP39) that can generate the private keys of all the assets you use.
• Increased security against loss and theft: Compared to a single key, SSS provides superior protection against loss, theft, and unauthorized access. Because shares must be recombined by multiple parties, an additional layer of security is added against external or internal attacks.
• Balance privacy: No participant with a share of the secret can access balances or details of funds and transactions, so asset privacy is maintained while taking advantage of distributed security.
• No increased transaction fee: Because it is not connected to the blockchain, the SSS does not incur increased transaction fees because it is off-chain.

Disadvantages

• Centralized funds on a single device: Despite the security provided by sharing secrets, the funds are on a single device. The other devices that hold the secrets serve only as backups and are not required for transactions. This creates a single point of failure: if the primary device is compromised, the funds could be stolen before they are moved.
• Configuration risk: The security of the SSS depends on the private key being securely generated and shared. If an attacker interferes during configuration, there is a possibility that they could steal the key before it is split. This vulnerability is inherent in the initial process of generating the shares.
• Limited use: Once the private key is reconstructed from m shares, it is no longer secure for further use. Each time the key is recovered, it must be regenerated, which can be complex and impractical for everyday use.
• Unauditable: There is no mechanism to verify that the secret shares are actually needed to access the funds. This means that someone could make a complete copy of the private key and store it elsewhere, unbeknownst to the other participants.
• Requires technical knowledge: Configuring and managing an SSS scheme can be more complex than using a multi-signature scheme. Although tools such as Trezor make configuration easier, you still need basic knowledge of cryptography and key management to implement it correctly.
• Exposure to malicious firmware: If you use SSS and rely on a single software vendor, you run the risk of exposing yourself to malicious or failed firmware updates that could compromise your private key.

Shamir’s Secret Sharing vs. multi-signature

Shamir’s Secret Sharing (SSS) and multisig are two approaches to improving the security of digital asset custody, although they differ significantly in their implementation and the risks they address. SSS focuses on the secure retrieval and distribution of secrets, while multisig wallets emphasize distributed control of transactions. The choice between one or the other depends on the specific context and security requirements of the user.

Multi-signature not only reduces the risk of a single point of failure, but also eliminates the need to collect all keys in one place. This increases security and reduces exposure to malicious attacks. However, it is important to consider that operating on the blockchain can increase costs due to fees associated with multiple transactions.

For its part, SSS splits a private key into multiple pieces, requiring a minimum threshold for reconstruction. By operating off-chain, SSS avoids additional transaction costs, but its main vulnerability lies in the need to bring the parties together on a single device to sign. This process can expose the key to malware or malicious users, making SSS a riskier option compared to multi-signature.

Conclusion

Shamir’s Secret Sharing represents a significant advance in the secure management of keys and digital secrets. By splitting a key into multiple parts and requiring a minimum threshold for recovery, SSS provides a balance between security and flexibility, making it an attractive option for those who prioritize the protection of their digital assets. Moreover, as an off-chain system, its applications extend beyond wallets using on-chain solutions, allowing its implementation in more diverse contexts.

However, its correct implementation requires solid technical knowledge and careful analysis of its limitations. The risks associated with the recombination of parts in a single device could turn into vulnerabilities, so it is essential that users understand both the benefits and potential weaknesses of SSS before adopting it.

If you want to know more and you missed our previous articles, we leave at the bottom of the page our posts talking about digital custody where we offer advice and analyze single signature, multi-signature and multiparty computation (MPC) schemes. In these, we provide a more complete perspective on digital asset protection.

In our next article, we will discuss Blakley’s Secret Sharing Scheme (BSS), another innovative solution for secure secret management.

Resources:
[1] Thebitcoinmanual – Shamir’s secret sharing
[2] Unchained – mpc vs multisig vs sss
[3] Wikipedia – Shamir’s secret_sharing
[4] Trezor.io – what is shamir backup
[5] Blockandcapital – Multi-signature wallets

FAQs

Want to learn more about digital asset protection? Don’t miss these resources!

• Best practices for the self-custody of digital assets
• Single-signature wallets: Simplify self-custody of individual assets
• Multi-Signature wallets: History, benefits, and advances in digital asset custody
• Multiparty Computation (MPC) Wallets: A new industry standard

At Block&Capital, we strive to create an environment where growth and success are accessible to all. If you’re ready to take your career to the next level, we encourage you to join us.