What is Shamir's secret-sharing mechanism, which prevents leaks by distributing secrets?



Shamir's Secret Sharing (SSS) is an algorithm developed in 1979 by cryptographer Adi Shamir. It is an encryption method in which members of a group divide and possess confidential information, and the necessary information cannot be completed unless multiple people contribute their information. Therefore, even if some of the confidential information is stolen, the information will not be leaked. Ente , a cloud storage service provider with end-to-end encryption, explains the mechanism of Shamir's Secret Sharing used to protect encryption keys.

How Shamir's Secret Sharing Works
https://ente.com/blog/how-shamirs-secret-sharing-works/

Ente begins by illustrating a fundamental mathematical theory: 'While countless lines can pass through a single point, a single line is determined by two points.' Knowing the coordinates of one point does not allow us to identify a specific line, but knowing the coordinates of two points does determine a single line.



For example, let's say the secret number is '7'. Since the coordinates on the graph are (0,7), we draw a suitable line passing through this point, 'y = 2x + 7'. The slope is not important in this case.



Two people are each given the coordinates (1,9) and (2,11) of a line that passes through the equation 'y = 2x + 7'. The person who receives the coordinates (2,11) cannot identify the original line by looking at the coordinates alone, nor can they arrive at the secret number '7'. However, by obtaining the coordinates (1,9) as well, they can recover the secret value. This is called a '2-of-n secret sharing scheme'.



A straight line (linear function) can be reconstructed from two coordinates, but a curve (quadratic function) requires three. A cubic function requires four, a quartic function five, and so on; by changing the equation, the number of people needed to reconstruct the secret can be increased. In the actual system, a special numerical calculation called a 'finite field' is used instead of simple graph paper, but the basic idea of Shamir's secret sharing can be understood from the theory of graph equations and coordinates.

In May 2026, Ente released an account recovery system called ' Legacy Kit .' If you lose access to your account, you can recover it by using two of the three QR codes you have saved beforehand. This system incorporates Shamir's secret sharing idea, and even if one QR code is leaked, it significantly reduces the risk of unauthorized access to your account.

The Legacy Kit is implemented in 'Ente Locker,' an end-to-end encrypted vault provided by Ente. It is available for both Android and iOS .

Related Posts:

in Security, Posted by log1e_dh