# Secret sharing

Under secret sharing ( shared secret ) or Secret sharing refers to a technique a secret (usually a number) under a certain number of so-called divide players. None of the people can reconstruct the secret without the other. Depending on the system, only a subset of the players is necessary to determine the secret. The dealer is the one who makes the division.

A typical secret is the secret key of the RSA cryptosystem . If it is shared among several people, no person can create a signature on their own . Even if a participant (and its partial key) is compromised, the entire key is not compromised. Such a division is useful in high security areas (for example military , certification companies , banks , ...).

However, it can also be used when the dealer wants confirmation that an event has occurred and all players confirm it. In this way he could distribute a sufficiently large number, and only if everyone cooperates, i.e. is of the opinion that the event has occurred, can the number be generated and transmitted. In this way, cryptological wills are also possible, in which the will text is publicly encrypted, but only everyone can decide to read it together, which reduces the risk of unauthorized access.

## Procedure

### Simple secret sharing

A simple (additive) sharing procedure looks like this:

• Be the secret${\ displaystyle s}$
• Choose the partial secrets and a module p such that: ${\ displaystyle s_ {i}, i \ in \ {1, \ ldots, n \}}$
• ${\ displaystyle s = (s_ {1} + s_ {2} + \ dots + s_ {n}) \% p}$
• Reconstruction of only possible when all are combined${\ displaystyle s}$${\ displaystyle s_ {i}}$
• A prime number is usually used for p

This method is an (n, n) threshold value scheme (read: n-from-n-threshold value scheme), since all n partial secrets are required for the reconstruction. They have to be chosen randomly. is chosen such that the condition is met. ${\ displaystyle s_ {i}, i = 2 \ dots n}$${\ displaystyle s_ {1}}$

A second possibility can be implemented by replacing the addition with the exclusive-or link ( ): ${\ displaystyle \ oplus}$

• Be (number binary shown) the secret${\ displaystyle s}$
• Choose the partial secrets as follows: ${\ displaystyle s_ {i}}$
• ${\ displaystyle s = s_ {1} \ oplus s_ {2} \ oplus \ dots \ oplus s_ {n}}$
• Reconstruction of only possible when all are combined${\ displaystyle s}$${\ displaystyle s_ {i}}$

Again, this method is an (n, n) threshold scheme. The conditions for the are as in the previously described procedure. ${\ displaystyle s_ {i}}$

Two well-known secret sharing methods come from Adi Shamir : Shamir's secret sharing and visual cryptography .

Another method is Verifiable Secret Sharing , in which it is not possible for the dealer to distribute false shares to the players. To ensure this security, commitment procedures are used, with which the dealer irrevocably commits himself to the shares .

## Areas of application

Secret sharing (especially VSS) is required for many variants of distributed key generation in order to distribute the key among the participants.