Security Encyclopedia

Shamir’s Secret Sharing (SSS)

Shamir’s Secret Sharing (SSS) is a key distribution algorithm. It is named for the well-known Israeli cryptographer Adi Shamir who co-invented the Rivest–Shamir–Adleman (RSA) algorithm.

SSS divides a secret, such as a cryptokey, into parts called shares. The shares are distributed to a group of people who are parties to the conversation. The parts of the secret are brought together to reconstruct the secret, but an important feature of Shamir’s Secret Sharing is that the total number of shares is not needed to reconstruct the secret. A number less than the total number, called the threshold, is required. This helps avoid failures in decrypting the closely-held information should just one or a few parties be unavailable.

SSS is practical in its solution to the key-sharing problems many arrangements face, and is therefore usually used to secure the keys to something that is encrypted or secure using other tools or algorithms. A simple illustration of SSS is that of a vault that only a corporate board may access. The passcode is encrypted by SSS, so a quorum (threshold) of board members is needed to authorize the display or release of the vault passcode. If a board member is traveling, but the threshold is met, SSS still allows for a reasonable assurance that the vault is secure.

Example:

“SSS is provides a solution to the challenge of managing encryption keys. It solves the issue of all parties being necessary to access sensitive information but is still secure because a quorum of responsible parties must agree to a user’s access.”