Multisig vs Shamir's Secret Sharing Scheme

In the previous article we've discussed about multisig deployment and how it can greatly improve the project's security throughout the development cycle. Today we'll discussed even further improvements into key sharing schemes and start with Shamir’s Secret Sharing Scheme (SSSS)

Shamir's Secret Sharing Scheme is related to the broader concept of multi-party computation (MPC), which refers to methods for allowing multiple parties to compute a function on their private inputs in such a way that the output is the same as if the parties had computed the function on their inputs together. MPC can be used for a wide range of applications, including secure communication, privacy-preserving machine learning, and secure multiparty computation.

Shamir's Secret Sharing Scheme is simply another name for Shamir's Secret Sharing (SSS). It is called a "scheme" because it is a structured method for splitting a secret into multiple parts, such that a threshold number of those parts are required to reconstruct the original secret. The term "Shamir's Secret Sharing" is often used to refer specifically to the original method proposed by Adi Shamir, while the term "Shamir's Secret Sharing Scheme" is used more generally to refer to any method that uses similar principles to split a secret into multiple parts. Both terms refer to the same concept.

SSSS is different from multisig, which is a method for requiring multiple signatures on a transaction in order to make it valid. The way SSS works is using a type of polynomial interpolation, where the secret is used as the coefficient of the highest-degree term in the polynomial. For example, suppose we have a secret that we want to split into three parts, such that any two of those parts are sufficient to reconstruct the original secret. We could create a polynomial with the following form:

f(x) = secret * x^2 + a * x + b

In this polynomial, the secret is the coefficient of the x^2 term, and the coefficients a and b are randomly generated numbers. We can then evaluate the polynomial at three different points, x=1, x=2, and x=3, to obtain three different parts of the secret: 

f(1) = secret + a + b
f(2) = secret * 2^2 + a * 2 + b
f(3) = secret * 3^2 + a * 3 + b

These three parts can then be distributed to different parties, and any two of them can be combined to reconstruct the original polynomial and therefore the original secret. But none of the parties can reconstruct the original polynomial using solely one's information. In order to reconstruct the original secret from any k-out-of-n parts, we need to recreate the polynomial that we defined in the beginning. This can be achieved with the Lagrange Polynomial Interpolation. This is simply a formula named after the Italian mathematician Joseph Louis Lagrange for interpolating a polynomial of a degree less than n that passes through n points.

Comparison

One benefit of Shamir's Secret Sharing is that it allows for the distribution of a secret among multiple parties, so that no single party has access to the entire secret. This can be useful for increasing the security of sensitive information. On the other hand, multisig has the benefit of allowing multiple parties to share control over a single account or transaction, which can be useful for increasing security and accountability.

From a usability perspective, Shamir's Secret Sharing may be more complex to implement, since it involves splitting a secret into multiple parts and distributing those parts among different parties. In contrast, multisig is relatively straightforward to implement, and many cryptocurrency wallets already support it.

In terms of security, both Shamir's Secret Sharing and multisig have their own benefits. Shamir's Secret Sharing can provide increased security by distributing the secret among multiple parties, while multisig can provide increased security by requiring multiple signatures on a transaction. Ultimately, the right approach will depend on the specific needs of the situation.

Tools

There are many different tools available for implementing Shamir's Secret Sharing. Some of the best tools for this purpose include the following:

  • SSAM (Shamir's Secret Sharing for Arbitrary Messages): This is a command-line tool that allows users to split a secret into multiple parts and then recombine those parts to reconstruct the original secret. It is written in Python and can be installed using the pip package manager.
  • SSSS (Simple Shamir Secret Sharing): This is another command-line tool that allows users to split and recombine secrets using Shamir's Secret Sharing. It is written in C and can be installed using the apt package manager on Linux systems.
  • libsecretsharing: This is a library that provides support for Shamir's Secret Sharing in different programming languages, including C, C++, Python, and Java. It can be used to easily add Shamir's Secret Sharing to existing applications.
  • SecretSplitter: This is a web-based tool that allows users to split and recombine secrets using Shamir's Secret Sharing. It has a simple user interface and can be used directly in a web browser.

In addition to these specific tools, many programming languages also have libraries or modules available that implement Shamir's Secret Sharing. For example, the PyCrypto library for Python includes support for Shamir's Secret Sharing.

Conclusion

Shamir's Secret Sharing is a useful tool for supporting innovation in the distributed computing and blockchain ecosystem in a few different ways. It can be used to increase the security of sensitive information, such as cryptographic keys and secrets, by splitting them into multiple parts and distributing those parts among different parties. This can help protect against unauthorized access to sensitive information, which is important for maintaining the security of distributed systems and blockchain networks.

Shamir's Secret Sharing can also be used to enable new types of multiparty computation, such as secure multiparty computation and privacy-preserving machine learning. This can allow different parties to compute functions on their private inputs in such a way that the output is the same as if the parties had computed the function on their inputs together. This can enable new applications and use cases for distributed systems and blockchain networks.

Finally, Shamir's Secret Sharing can be used to enable new forms of decentralized governance and decision-making in distributed systems and blockchain networks. For example, it can be used to create voting schemes that allow multiple parties to securely vote on a proposal, where a threshold number of votes are required for the proposal to be accepted. This can help support the development of more decentralized and democratic systems.

Comments

Post a Comment

Popular posts from this blog

Rust Static Analysis and Blockchain Licensing

Image
What is static analysis? Static analysis is an analysis of software artifacts. For example requirements or code, carried out without execution of these software development artifacts. Static analysis is usually carried out using supporting tools. In other words, we can say that static analysis is an examination of requirements, design, and code that differ from more traditional dynamic testing in several important ways. The main goal behind this analysis is to find the bugs, whether or not they may cause failures. As with reviews, static analysis finds bugs rather than failures. The general name for static analysis is linting. lint, or a linter, is a tool that analyzes source code to flag programming errors, bugs, stylistic errors, and suspicious constructs. Simply put, a linter is a tool that programmatically scans your code with the goal of finding issues that can lead to bugs or inconsistencies with code health and style. Some can even help fix them for you! How to analyse
Read more

Length extension attack

Image
What is length extension? When a Merkle–Damgård based hash is misused as a message authentication code with construction H(secret ‖ message), and message and the length of secret is known, a length extension attack allows anyone to include extra information at the end of the message and produce a valid hash without knowing the secret. Quick sidebar, before you freak out: Since HMAC does not use this construction, HMAC hashes are not prone to length extension attacks. So, a length extension attack is a type of attack where an attacker can use Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2, without needing to know the content of message1. Algorithms like MD5, SHA-1 and most of SHA-2 that are based on the Merkle–Damgård construction are susceptible to this kind of attack. Truncated versions of SHA-2, including SHA-384 and SHA-512/256 are not susceptible, nor is the SHA-3 algorithm. A bit more details
Read more

CAP Theorem and blockchain

Image
In theoretical computer science, the CAP theorem states that it is impossible for a distributed data store (such as a blockchain network) to simultaneously provide more than two out of the three guarantees: Consistency, Availability & Partition tolerance. CAP Theorem – the parts C: Consistency – At any given time, all nodes in the network have exactly the same (most recent) value. A: Availability – Every request to the network receives a response, though without any guarantee that returned data is the most recent. P: Partition tolerance – The network continues to operate, even if an arbitrary number of nodes are failing. Due to the nature of distributed data stores (such as blockchain), Partition tolerance is a given fact; there will always be failing/unreachable nodes in the network (not least because of the unstable nature of the internet). CAP Theorem states that one has to choose between C (Consistency) or A (Availability) when in the presence of P (Partition): Av
Read more