secretsharing

package

v1.3.71 Latest Latest Go to latest Published: Apr 15, 2024 License: BSD-3-Clause Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/linckode/circl

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secretsharing provides methods to split secrets into shares.

Let n be the number of parties, and t the number of corrupted parties such that 0 <= t < n. A (t,n) secret sharing allows to split a secret into n shares, such that the secret can be recovered from any subset of at least t+1 different shares.

A Shamir secret sharing [1] relies on Lagrange polynomial interpolation. A Feldman secret sharing [2] extends Shamir's by committing the secret, which allows to verify that a share is part of the committed secret.

New returns a SecretSharing compatible with Shamir secret sharing. The SecretSharing can be verifiable (compatible with Feldman secret sharing) using the CommitSecret and Verify functions.

In this implementation, secret sharing is defined over the scalar field of a prime order group.

References

[1] Shamir, How to share a secret. https://dl.acm.org/doi/10.1145/359168.359176/
[2] Feldman, A practical scheme for non-interactive verifiable secret sharing. https://ieeexplore.ieee.org/document/4568297/

Index ¶

func Recover(t uint, shares []Share) (secret group.Scalar, err error)
func Verify(t uint, s Share, c SecretCommitment) bool
type SecretCommitment
type SecretSharing
- func New(rnd io.Reader, t uint, secret group.Scalar) SecretSharing
type Share

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Recover ¶

func Recover(t uint, shares []Share) (secret group.Scalar, err error)

Recover returns a secret provided more than t different shares are given. Returns an error if the number of shares is not above the threshold t. Panics if some shares are duplicated, i.e., shares must have different IDs.

func Verify ¶

func Verify(t uint, s Share, c SecretCommitment) bool

Verify returns true if the share s was produced by sharing a secret with threshold t and commitment of the secret c.

Example ¶

package main

import (
	"crypto/rand"
	"fmt"

	"github.com/linckode/circl/group"
	"github.com/linckode/circl/secretsharing"
)

func main() {
	g := group.P256
	t := uint(2)
	n := uint(5)

	secret := g.RandomScalar(rand.Reader)
	ss := secretsharing.New(rand.Reader, t, secret)
	shares := ss.Share(n)
	coms := ss.CommitSecret()

	for i := range shares {
		ok := secretsharing.Verify(t, shares[i], coms)
		fmt.Printf("Share %v is valid: %v\n", i, ok)
	}

	got, err := secretsharing.Recover(t, shares)
	fmt.Printf("Recover secret: %v\nError: %v\n", secret.IsEqual(got), err)
}

Output:

Share 0 is valid: true
Share 1 is valid: true
Share 2 is valid: true
Share 3 is valid: true
Share 4 is valid: true
Recover secret: true
Error: <nil>

Types ¶

type SecretCommitment ¶

type SecretCommitment = []group.Element

SecretCommitment is the set of commitments generated by splitting a secret.

type SecretSharing ¶

type SecretSharing struct {
	// contains filtered or unexported fields
}

SecretSharing provides a (t,n) Shamir's secret sharing. It allows splitting a secret into n shares, such that the secret can be only recovered from any subset of t+1 shares.

Example ¶

package main

import (
	"crypto/rand"
	"fmt"

	"github.com/linckode/circl/group"
	"github.com/linckode/circl/secretsharing"
)

func main() {
	g := group.P256
	t := uint(2)
	n := uint(5)

	secret := g.RandomScalar(rand.Reader)
	ss := secretsharing.New(rand.Reader, t, secret)
	shares := ss.Share(n)

	got, err := secretsharing.Recover(t, shares[:t])
	fmt.Printf("Recover secret: %v\nError: %v\n", secret.IsEqual(got), err)

	got, err = secretsharing.Recover(t, shares[:t+1])
	fmt.Printf("Recover secret: %v\nError: %v\n", secret.IsEqual(got), err)
}

Output:

Recover secret: false
Error: secretsharing: number of shares (n=2) must be above the threshold (t=2)
Recover secret: true
Error: <nil>

func New ¶

func New(rnd io.Reader, t uint, secret group.Scalar) SecretSharing

New returns a SecretSharing providing a (t,n) Shamir's secret sharing. It allows splitting a secret into n shares, such that the secret is only recovered from any subset of at least t+1 shares.

func (SecretSharing) CommitSecret ¶

func (ss SecretSharing) CommitSecret() SecretCommitment

CommitSecret creates a commitment to the secret for further verifying shares.

func (ss SecretSharing) Share(n uint) []Share

Share creates n shares with an ID monotonically increasing from 1 to n.

func (SecretSharing) ShareWithID ¶

func (ss SecretSharing) ShareWithID(id group.Scalar) Share

ShareWithID creates one share of the secret using the ID as identifier. Notice that shares with the same ID are considered equal. Panics, if the ID is zero.

type Share struct {
	// ID uniquely identifies a share in a secret sharing instance. ID is never zero.
	ID group.Scalar
	// Value stores the share generated by a secret sharing instance.
	Value group.Scalar
}

Share represents a share of a secret.

Source Files ¶

View all Source files

ss.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL