Shamir secret sharing scheme

E195491

The Shamir secret sharing scheme is a cryptographic method that divides a secret into multiple parts so that only a specified threshold of parts can reconstruct the original secret, while fewer parts reveal nothing.

All labels observed (3)

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf cryptographic protocol
information-theoretic security scheme
secret sharing scheme
threshold scheme
advantage flexible choice of threshold and number of participants
simple to implement
unconditional security against computationally unbounded adversaries
application access control
backup and recovery of cryptographic keys
cryptographic wallets with social recovery
distributed key management
secure multiparty computation
threshold cryptography
assumption participants know distinct public x-coordinates
basedOn Lagrange interpolation polynomial
surface form: Lagrange interpolation

polynomial interpolation
designGoal distribute trust among multiple parties
prevent single point of failure for secrets
extendedBy proactive secret sharing schemes
verifiable secret sharing schemes
inventedBy Adi Shamir
limitation does not inherently provide verifiability of shares
requires secure channel to distribute shares
mainIdea distribute points on a polynomial to participants as shares
encode the secret as the constant term of a random polynomial
mathematicalTool univariate polynomials of degree t-1
numberOfParticipantsParameter n
originalPaperTitle Shamir secret sharing scheme self-linksurface differs
surface form: How to share a secret
property ideal secret sharing scheme
perfect secret sharing scheme
publishedIn Communications of the ACM
reconstructionMethod interpolate the polynomial from t shares
reconstructionRequirement t or more shares are required to reconstruct the secret
relatedTo Blakley secret sharing scheme
threshold access structures
requirement all computations are done modulo a prime or field size
resilience robust against collusion of fewer than t participants
secretEncoding secret is the value f(0)
securityGuarantee any set of fewer than t shares reveals no information about the secret
securityType information-theoretic
shareSize each share has size equal to the secret size
shareStructure each share is a point (x, f(x)) on a polynomial f
thresholdParameter t
typicalField GF(p)
usedIn distributed key generation protocols
threshold decryption schemes
threshold signature schemes
worksOver finite field
yearProposed 1979

How these facts were elicited

Referenced by (3)

Full triples — surface form annotated when it differs from this entity's canonical label.

Adi Shamir knownFor Shamir secret sharing scheme
Republic Protocol uses Shamir secret sharing scheme
this entity surface form: Shamir secret sharing
Shamir secret sharing scheme originalPaperTitle Shamir secret sharing scheme self-linksurface differs
this entity surface form: How to share a secret