gosss

README

gosss - Go Shamir's Secret Sharing

gosss is a Go library implementing the Shamir's Secret Sharing algorithm, a cryptographic method for splitting a secret into multiple parts. This implementation allows for secure sharing and reconstruction of secrets in a distributed system.

⚠️ This is a for fun implementation, it is not ready for use in a production system. ⚠️

Getting Started

Installation

To use gosss in your Go project, install it using go get:

go get github.com/lucasmenendez/gosss

Usage

Here's a simple example of how to use gosss to split and recover a secret:

package main

import (
	"log"

	"github.com/lucasmenendez/gosss"
)

func main() {
	// create a configuration with 8 shares and 7 minimum shares to recover the
	// message
	config := &gosss.Config{
		Shares: 9,
		Min:    6,
	}
	// hide a message with the defined configuration
	msg := "688641b753f1c97526d6a767058a80fd6c6519f5bdb0a08098986b0478c8502b"
	log.Printf("message to hide: %s", msg)
	totalShares, err := gosss.HideMessage([]byte(msg), config)
	if err != nil {
		log.Fatalf("error hiding message: %v", err)
	}
	// print every share and exclude one share to test the recovery
	requiredShares := []string{}
	completedSecrets := map[int][]string{}
	for _, share := range totalShares {
		// choose some shares for each secret until reach the minimum
		secret, err := gosss.ShareSecret(share)
		if err != nil {
			log.Fatalf("error sharing secret: %v", err)
		}
		current, ok := completedSecrets[secret]
		if !ok || len(current) < 2 {
			completedSecrets[secret] = append(completedSecrets[secret], share)
			requiredShares = append(requiredShares, share)
			log.Printf("selected share: %s", share)
			continue
		}
		log.Printf("discared share: %s", share)
	}
	// recover the message with the required shares, the configuration is not
	// needed because the shares have the information to recover the message and
	// default prime number is used during the hiding process
	message, err := gosss.RecoverMessage(requiredShares, nil)
	if err != nil {
		log.Fatalf("error recovering message: %v", err)
	}
	log.Printf("recovered message: %s", string(message))
}

Documentation

Index

• Constants
• Variables
• func HideMessage(message []byte, conf *Config) ([]string, error)
• func RecoverMessage(inputs []string, conf *Config) ([]byte, error)
• type Config
  • func (c *Config) MaxMessageLen() int
  • func (c *Config) ValidConfig(secret []byte) error
  • func (c *Config) ValidPrime() error

Constants

const (
	MinShares    = 3
	MinMinShares = MinShares - 1
)

Variables

var (
	// config
	ErrRequiredConfig     = fmt.Errorf("configuration is required")
	ErrConfigShares       = fmt.Errorf("wrong number of shares")
	ErrConfigMin          = fmt.Errorf("wrong minimum number of shares")
	ErrConfigNoPrime      = fmt.Errorf("no prime provided")
	ErrConfigInvalidPrime = fmt.Errorf("invalid prime provided")
	ErrMessageTooLong     = fmt.Errorf("the message cannot be hidden with the prime provided")
	// encode
	ErrShareTooLong = fmt.Errorf("error encoding share, it is too long")
	ErrInvalidShare = fmt.Errorf("error decoding share, it is invalid")
	// math
	ErrReadingRandom = fmt.Errorf("error reading random number")
)

var DefaultPrime, _ = new(big.Int).SetString("21888242871839275222246405745257275088548364400416034343698204186575808495617", 10)

bn254 𝔽r

Functions

func HideMessage

func HideMessage(message []byte, conf *Config) ([]string, error)

HideMessage generates the shares of the message using the Shamir Secret Sharing algorithm. It returns the shares as strings. The message is encoded as a big.Int and the shares are calculated solving a polynomial with random coefficients. The first coefficient is the encoded message. It uses the configuration provided in the Config struct, if the prime number is not defined it uses the 12th Mersenne Prime (2^127 - 1) as default. It returns an error if the message cannot be encoded.

func RecoverMessage

func RecoverMessage(inputs []string, conf *Config) ([]byte, error)

RecoverMessage recovers the message from the shares using the Shamir Secret Sharing algorithm. It returns the message as a string. The shares are given as strings. It uses the configuration provided in the Config struct, if the prime number is not defined it uses the 12th Mersenne Prime (2^127 - 1) as default. It returns an error if the message cannot be recovered. The shares include the index of the share and the share itself, so the order of the provided shares does not matter. It decodes the points of the polynomial from the shares and calculates the Lagrange interpolation to recover the secret.

Types

type Config

type Config struct {
	Shares int
	Min    int
	Prime  *big.Int
}

Config struct defines the configuration for the Shamir Secret Sharing algorithm. It includes the number of shares to generate, the minimum number of shares to recover the secret, and the prime number to use as finite field.

func (*Config) MaxMessageLen

func (c *Config) MaxMessageLen() int

MaxMessageLen returns the maximum size of the secret that can be hidden in a share, it is the size of the prime number in bytes minus 1, to ensure the secret is smaller than the prime number.

func (*Config) ValidConfig

func (c *Config) ValidConfig(secret []byte) error

ValidConfig checks if the configuration is valid for the secret provided. It checks if the number of shares is greater than the minimum number of shares, if the minimum number of shares is greater than the number of shares less one or if it is smaller than the minimum number of shares less one, if the config has a valid prime number, and if the message can be hidden with the prime number.

func (*Config) ValidPrime

func (c *Config) ValidPrime() error

ValidPrime checks if the configuration has a valid prime number. It returns an error if the prime number is not defined or if it is not a prime number.