Explaining Shamir’s Secret Sharing: The Building Block of Arcana’s DKG
Discover the building block of Arcana Network's DKG with our guide to Shamir's Secret Sharing. Learn how it works and why it's so important today!
Before we dive into what secret sharing and Shamir’s Secret Sharing mechanism is, let us walk through a simple example.
Consider a bank with a vault that needs to be accessed every day. To reduce the possibilities of fraud or theft, the bank adopts an approach where four senior personnel in the bank are provided with parts of a secret key that opens the vault. The vault can only be opened when at least three personnel are present with their parts to the secret key. This is a real-world example of how secret sharing mechanisms work. No individual member can open the vault on their own, and at least three personnel have to be present for the vault to be opened. Three becomes the threshold number of people required to open the vault.
Through secret sharing schemes, we are essentially distributing a secret key over a group of individuals in such a way that no single individual can access the shared secret by themselves. Secret sharing schemes were independently invented by George Blakley and Adi Shamir in 1979.
Among the various secret sharing schemes, Shamir’s Secret Sharing (SSS) is one of the most popular and basic schemes. It also forms the basis of Distributed Key Generation (DKGs) which is used extensively due to its simplicity and easy application. In this post, we attempt to break down SSS, give you a quick overview of how it works, and then highlight some of the most prominent drawbacks of the secret-sharing mechanism.
This blog post is a part of “Engineering at Arcana” series where we share all things blockchain, technology, and engineering. Read on.
Shamir’s Secret Sharing
Below, we deconstruct Shamir’s Secret Sharing (SSS) from a mathematical perspective. The fundamental idea behind SSS is that in order to reconstruct a polynomial of degree n, you would require n+1 points that lie on that curve. So, for example, in order to reconstruct a line, we require at least 2 points that lie on that line.
Consider the X & Y axis, along with a line that intercepts the Y-axis at a point ‘D’. Let’s take three points on the line, say A, B, and C. Here, the three points translate to the three people who have shares to access the secret ‘D.’
Now imagine that the line that intercepts the Y-axis is erased. To find out the secret, which is point D, you would have to know at least two points out of the three points, A, B, and C. This particular case is called 2-out-of-3 Shamir Secret Sharing.
While the above-mentioned example is discussing a linear curve, the same mechanism also holds true for higher powers of x. A quadratic curve, for instance, will require at least three points, whereas a cubic curve will require four points.
Lagrange’s Interpolation
Once you have the points that lie on the curve, how do you reconstruct the polynomial? Without going into too much detail, this is done using Lagrange Interpolation. The formula to reconstruct a polynomial P(x) given n points (x1, y1), (x2, y2) .. (xn, yn) that lie on it is:
Where each Pj is:
Or, if you were to expand it out:
With the reconstructed polynomial, you can then find the y-intercept and subsequently the secret being shared.
Note: The above mathematical expressions form the basis of Shamir’s Secret Sharing. Lagrange’s Interpolation is extensively used in secret sharing schemes, including Distributed Key Generation (DKG) systems as well.
Drawbacks of Shamir’s Secret Sharing
While SSS is widely used across the blockchain ecosystem, the mechanism does come with a number of drawbacks. As a result, other models such as Asynchronous Verifiable Secret Sharing (AVSS) have been adopted. We will dive into AVSS and other such mechanisms in future posts in our “Engineering at Arcana” blog series.
Coming back to the drawbacks with Shamir’s Secret Sharing schemes below, let’s go over two of the most prominent ones:
- Inability to verify share integrityWith SSS, it is not possible to verify if the data of a split secret is corrupted. The same is the case when it comes to verifying if the retrieved shares of a secret are correct or not. This downside primarily led to the development of verifiable secret sharing, through which it is possible to check if the shareholders of the secret are submitting authentic shares or fakes.
- Single Point of FailureSSS, in essence, works by splitting a secret key into multiple keys on a single device; and when someone wants to access the shared secret, they will then have to reconstruct the entire secret using the shared keys on some other device. In such a case, a security compromise on either of the devices (the device which held the key during splitting or the device which held the key during recombination) can effectively compromise the secret — leading to a single point of failure.
There are also other, not-so-major drawbacks worth mentioning: complexity in implementation, share revocation, lack of strong implementation standards, social recovery issues, side-channel attacks, and poor auditability.
What we have above is a simple guide to help you understand the general concept and the mathematics behind SSS, along with a few downsides which led to the evolution and adoption of other secret sharing mechanisms.
In later blog posts, we will expand on other schemes, and what we at Arcana are doing to overcome the drawbacks mentioned, among other insightful topics. Follow us on our socials or medium to stay up to date with all the informational content we post in the time to come.
About Arcana Network
Arcana Network is building a modular L1 to power Chain Abstraction and intents, helping developers significantly improve user experience in Web3. Since 2021, we've introduced three groundbreaking products.
First up is Auth SDK, a decentralized social login to generate non-custodial Wallets. It is the fastest social login in Web3, with a sub-3-second login time, and is free of cost. Games and consumer apps use the auth SDK to simplify Web3 user onboarding. Instantly, you can get a secure, in-app wallet with no passwords or installations needed.
Next, Arcana Gasless is based on ERC-4337 Account Abstraction and enables developers to sponsor gas fees for users.
Our third product, SendIt, is a consumer app that redefines crypto payments by allowing users to send crypto to an email address, making transactions effortless and inclusive. SendIt has partnered with BNB and OKX.
Arcana has raised $4.5M from 40+ leading investors, including Balaji S, Founders of Polygon, John Lilic, Santiago Roel, and funds like Woodstock, Republic, Fenbushi, Polygon ventures, DCG, and others.