SecretSharing

Invented independently by Adi Shamir and George Blakley in 1979, a (n,m)-threshold scheme breaks a secret and shares it with m individuals. While any group of n or more individuals can together reconstruct the secret, no group of fewer than n individuals can obtain any information at all.

  • Blakley's scheme
    As any n (n1)-dimensional hyperplanes in Rn intersect at a specific point, the secret may be encoded as any single coordinate of the point of intersection. Each individual secret holder is given enough information (say coefficients of the defining linear equation) to define a hyperplane; the secret is recovered by calculating the point of intersection.
  • Shamir's scheme
    One can fit a unique polynomial of degree n1 to any set of n points that lie on the polynomial. The scheme first creates a polynomial p(x) of degree n1 with the secret as the first coefficient and the remaining coefficients picked at random. Then for any mn, gets m points (xi,p(xi)) on the graph of the polynomial, and gives one to each of the individual secret holder. Any n individuals come together will be able to determine p(x) using their shares.

Note that Shamir's scheme can be viewed as a special version of Blakley's scheme. Namely, let V be the vector space of all polynomials of degree at most n1 over R. Thus, V is a vector space of dimension n. Let p(x) be the polynomial of degree n1 chosen with (xi,yi=p(xi)), i=1,2,,n, picked. For any pair (xi,yi), set Vi={f(x)Vf(xi)=yi}, which is an affine subspace of V of dimension n1: if f(x),g(x)Si and λ1,λ2F with λ1+λ2=1, then λ1f(x)+λ2g(x)Si as well. Now, it is easy to see that iSi={p(x)}. If we write p(x)=c0+c1x+c2x2++cn1xn1, then p(xi)=c0+c1xi+c2xi2++cn1xin1. Thus, we can view (1,xi,xi2,,xin1) as the (specially chosen) coefficients of the defining equation of the hyperplane t0+a1t1+a2t2++an1tn1=yi (here tj are variables and aj=xij, j=1,,n1) in Rn.

For a large secret, one can encrypt the secret using a private key system, and then distribute the key using secret sharing.