secretsharing

package
v0.0.0-...-9fbcd94 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2024 License: BSD-3-Clause Imports: 4 Imported by: 0

Documentation

Overview

Package secretsharing provides methods to split secrets into shares.

Let n be the number of parties, and t the number of corrupted parties such that 0 <= t < n. A (t,n) secret sharing allows to split a secret into n shares, such that the secret can be recovered from any subset of at least t+1 different shares.

A Shamir secret sharing [1] relies on Lagrange polynomial interpolation. A Feldman secret sharing [2] extends Shamir's by committing the secret, which allows to verify that a share is part of the committed secret.

New returns a SecretSharing compatible with Shamir secret sharing. The SecretSharing can be verifiable (compatible with Feldman secret sharing) using the CommitSecret and Verify functions.

In this implementation, secret sharing is defined over the scalar field of a prime order group.

References 

[1] Shamir, How to share a secret. https://dl.acm.org/doi/10.1145/359168.359176/
[2] Feldman, A practical scheme for non-interactive verifiable secret sharing. https://ieeexplore.ieee.org/document/4568297/

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Recover 

func Recover(t uint, shares []Share) (secret group.Scalar, err error)

Recover returns a secret provided more than t different shares are given. Returns an error if the number of shares is not above the threshold t. Panics if some shares are duplicated, i.e., shares must have different IDs.

func Verify 

func Verify(t uint, s Share, c SecretCommitment) bool

Verify returns true if the share s was produced by sharing a secret with threshold t and commitment of the secret c.

Example 
package main

import (
	"crypto/rand"
	"fmt"

	"github.com/cloudflare/circl/group"
	"github.com/cloudflare/circl/secretsharing"
)

func main() {
	g := group.P256
	t := uint(2)
	n := uint(5)

	secret := g.RandomScalar(rand.Reader)
	ss := secretsharing.New(rand.Reader, t, secret)
	shares := ss.Share(n)
	coms := ss.CommitSecret()

	for i := range shares {
		ok := secretsharing.Verify(t, shares[i], coms)
		fmt.Printf("Share %v is valid: %v\n", i, ok)
	}

	got, err := secretsharing.Recover(t, shares)
	fmt.Printf("Recover secret: %v\nError: %v\n", secret.IsEqual(got), err)
}

Output:

Share 0 is valid: true
Share 1 is valid: true
Share 2 is valid: true
Share 3 is valid: true
Share 4 is valid: true
Recover secret: true
Error: <nil>

Types

type SecretCommitment 

type SecretCommitment = []group.Element

SecretCommitment is the set of commitments generated by splitting a secret.

type SecretSharing 

type SecretSharing struct {
	// contains filtered or unexported fields
}

SecretSharing provides a (t,n) Shamir's secret sharing. It allows splitting a secret into n shares, such that the secret can be only recovered from any subset of t+1 shares.

Example 
package main

import (
	"crypto/rand"
	"fmt"

	"github.com/cloudflare/circl/group"
	"github.com/cloudflare/circl/secretsharing"
)

func main() {
	g := group.P256
	t := uint(2)
	n := uint(5)

	secret := g.RandomScalar(rand.Reader)
	ss := secretsharing.New(rand.Reader, t, secret)
	shares := ss.Share(n)

	got, err := secretsharing.Recover(t, shares[:t])
	fmt.Printf("Recover secret: %v\nError: %v\n", secret.IsEqual(got), err)

	got, err = secretsharing.Recover(t, shares[:t+1])
	fmt.Printf("Recover secret: %v\nError: %v\n", secret.IsEqual(got), err)
}

Output:

Recover secret: false
Error: secretsharing: number of shares (n=2) must be above the threshold (t=2)
Recover secret: true
Error: <nil>

func New 

func New(rnd io.Reader, t uint, secret group.Scalar) SecretSharing

New returns a SecretSharing providing a (t,n) Shamir's secret sharing. It allows splitting a secret into n shares, such that the secret is only recovered from any subset of at least t+1 shares.

func (SecretSharing) CommitSecret 

func (ss SecretSharing) CommitSecret() SecretCommitment

CommitSecret creates a commitment to the secret for further verifying shares.

func (SecretSharing) Share 

func (ss SecretSharing) Share(n uint) []Share

Share creates n shares with an ID monotonically increasing from 1 to n.

func (SecretSharing) ShareWithID 

func (ss SecretSharing) ShareWithID(id group.Scalar) Share

ShareWithID creates one share of the secret using the ID as identifier. Notice that shares with the same ID are considered equal. Panics, if the ID is zero.

type Share 

type Share struct {
	// ID uniquely identifies a share in a secret sharing instance. ID is never zero.
	ID group.Scalar
	// Value stores the share generated by a secret sharing instance.
	Value group.Scalar
}

Share represents a share of a secret.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.