gg_shamir

package
v0.2.44 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2024 License: BSD-3-Clause, MPL-2.0 Imports: 8 Imported by: 0

README

Shamir Secret Sharing

Shamir's Secret Sharing (SSS) is used to secure a secret in a distributed way, most often to secure other encryption keys. The secret is split into multiple parts, called shares. These shares are used to reconstruct the original secret.

To unlock the secret via Shamir's secret sharing, a minimum number of shares are needed. This is called the threshold, and is used to denote the minimum number of shares needed to unlock the secret. An adversary who discovers any number of shares less than the threshold will not have any additional information about the secured secret-- this is called perfect secrecy. In this sense, SSS is a generalisation of the one-time pad (which is effectively SSS with a two-share threshold and two shares in total).

Let us walk through an example:

Problem: Company XYZ needs to secure their vault's passcode. They could use something standard, such as AES, but what if the holder of the key is unavailable or dies? What if the key is compromised via a malicious hacker or the holder of the key turns rogue, and uses their power over the vault to their benefit?

This is where SSS comes in. It can be used to encrypt the vault's passcode and generate a certain number of shares, where a certain number of shares can be allocated to each executive within Company XYZ. Now, only if they pool their shares can they unlock the vault. The threshold can be appropriately set for the number of executives, so the vault is always able to be accessed by the authorized individuals. Should a share or two fall into the wrong hands, they couldn't open the passcode unless the other executives cooperated.

Implementation

This implementation is a fork started from original job: https://github.com/corvus-ch/shamir

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewReader

func NewReader(readers map[byte]io.Reader) (io.Reader, error)

func NewWriter

func NewWriter(parts, threshold int, factory func(x byte) (io.Writer, error)) (io.Writer, error)

Types

type ShamirHelper

type ShamirHelper struct {
}
var Shamir *ShamirHelper

func (*ShamirHelper) Combine

func (instance *ShamirHelper) Combine(parts map[byte][]byte) ([]byte, error)

Combine is used to reverse a Split and reconstruct a secret once a `threshold` number of parts are available.

func (*ShamirHelper) CombineFromDir

func (instance *ShamirHelper) CombineFromDir(dir string) ([]byte, error)

func (*ShamirHelper) CombineFromFiles

func (instance *ShamirHelper) CombineFromFiles(files []string) ([]byte, error)

func (*ShamirHelper) Split

func (instance *ShamirHelper) Split(secret []byte, parts, threshold int) (map[byte][]byte, error)

Split takes an arbitrarily long secret and generates a `parts` number of shares, `threshold` of which are required to reconstruct the secret. The parts and threshold must be at least 2, and less than 256. The returned shares are each one byte longer than the secret as they attach a tag used to reconstruct the secret.

func (*ShamirHelper) SplitToFiles

func (instance *ShamirHelper) SplitToFiles(secret []byte, parts, threshold int, dir string) ([]string, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL