Shamir Secret Sharing Scheme
A Golang-WebAssembly implementation.
Shamir's Secret Sharing Scheme (SSSS)
is a cryptographic algorithm used to share a secret into multiple parts. To reconstruct the original
secret, a minimum number of parts is required.
This project exposes a web interface for encrypting and decrypting files using
AES and deriving a set of keys using
SSSS.
How it works:
- Users must enter a human readable password
p
and select a file to encrypt.
- A key
k
of 256 bits is generated from p
using the SHA-256
hash function, i.e: k = SHA256(p)
.
- The file is then encrypted using
k
and AES.
- A number
n
of key shares is selected as well as a number t
of minimum number or required keys.
n
keys are generated using SSSS, during this process k
is considered the secret
(as is the value required to successfully decrypt the file).
- Given at least
t
keys, the secret k
is recovered an then used for decryption.
Details
Encryption
- Based on an user-provided master password, a key K is generated using SHA-256.
- Content is encrypted using AES-256 with K as key.
- A t - 1 degree polynomial is randomly generated that will later be used to generate n key shares by randomly taking xi and its evaluation against the polynomial P(xi). Key shares are pairs (xi, P(xi)) that can be used to recover K by evaluating P(0) using Horner's Method.
Decryption
With t of the n key shares generated, the K key used to encrypt the content, can be recovered.
- Using Horner's Method of polynomial evaluation, we evaluate P(0), thus recovering K.
- Using K we can decrypt the content.
The code
Go
A package (crypto
) and executable (wasm) are included in this repository.
- The package exposes an API for encrypting, decrypting, generating keys, and reconstructing the
secret using a set of shared keys.
- The executable is the bridge between the browser's runtime and the compiled WebAssembly binary.
To run the package tests use go test .
under the crypto/
folder (93.5% coverage).
To build the WebAssembly binary use: GOOS=js GOARCH=wasm go build -o ../ui/public/wasm/main.wasm
under the wasm/
folder. If the ui/public/wasm/main.wasm
file is not present, you can copy it from
GOROOT/misc/wasm/wasm_exec.js
. For more info about WebAssembly and Golang, visit
this wiki.
API Index:
func Decrypt(key, content []byte) ([]byte, error)
func Encrypt(key string, content []byte) ([]byte, []byte, error)
func GenKeyShares(secret [32]byte, t, n int) ([][32]byte, error)
func GetKeyFromKeyShares(points []Point) ([32]byte, error)
type Point struct {
X int
Fx [32]byte
}
API Documentation.
UI (ReactJS)
A basic UI was created for interacting with the input fields and communicating with the WebAssembly
binary.
Use npm start
to run the development server and npm build
to create the production bundle.
Notice that this process does not compile the Go source into the WebAssembly binary, nor does it
include the other required WASM runtime files.