Shamir's Secret Sharing
What is Shamir's Secret Sharing?
Shamir's Secret SharingA threshold cryptographic scheme by Adi Shamir (1979) that splits a secret into n shares such that any k can reconstruct it while fewer than k reveal nothing.
Shamir's Secret Sharing (SSS), introduced by Adi Shamir in 1979, is a (k,n) threshold scheme based on polynomial interpolation over a finite field. The dealer picks a random polynomial of degree k-1 whose constant term is the secret and distributes n evaluation points as shares; any k shares allow Lagrange interpolation to recover the secret, while k-1 or fewer give no information at all (information-theoretic security). SSS supports refreshing shares without changing the secret and underpins distributed KMS root keys, HashiCorp Vault unseal keys, hardware wallet backups (SLIP-39, Trezor Shamir Backup), multi-party HSM custody, and threshold ECDSA/BLS signing schemes.
● Examples
- 01
HashiCorp Vault splits the master key into five Shamir shares with a threshold of three.
- 02
Trezor Shamir Backup (SLIP-39) splits a seed into family-managed recovery shares.
● Frequently asked questions
What is Shamir's Secret Sharing?
A threshold cryptographic scheme by Adi Shamir (1979) that splits a secret into n shares such that any k can reconstruct it while fewer than k reveal nothing. It belongs to the Cryptography category of cybersecurity.
What does Shamir's Secret Sharing mean?
A threshold cryptographic scheme by Adi Shamir (1979) that splits a secret into n shares such that any k can reconstruct it while fewer than k reveal nothing.
How does Shamir's Secret Sharing work?
Shamir's Secret Sharing (SSS), introduced by Adi Shamir in 1979, is a (k,n) threshold scheme based on polynomial interpolation over a finite field. The dealer picks a random polynomial of degree k-1 whose constant term is the secret and distributes n evaluation points as shares; any k shares allow Lagrange interpolation to recover the secret, while k-1 or fewer give no information at all (information-theoretic security). SSS supports refreshing shares without changing the secret and underpins distributed KMS root keys, HashiCorp Vault unseal keys, hardware wallet backups (SLIP-39, Trezor Shamir Backup), multi-party HSM custody, and threshold ECDSA/BLS signing schemes.
How do you defend against Shamir's Secret Sharing?
Defences for Shamir's Secret Sharing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Shamir's Secret Sharing?
Common alternative names include: SSS, Shamir threshold scheme, (k,n)-threshold.
● Related terms
- cryptography№ 588
Key Management System
A centralised service that generates, stores, rotates, and audits cryptographic keys on behalf of applications, typically backed by hardware security modules.
- cryptography№ 1152
Threshold Cryptography
A class of cryptographic schemes in which a secret key is split across n parties so that any t of them — but no smaller subset — can sign, decrypt, or perform any other key operation.
- cryptography№ 109
BLS Signature
A short pairing-based digital signature by Boneh, Lynn, and Shacham (2001) supporting deterministic single signatures and efficient aggregation across many signers.