# Secret Sharing

In [1]:
from sympy.matrices import Matrix

Suppose we want to share the secret $m=5$ to five players so that three of them must cooperate.
We create the random polynomial

$ s(x) = 5 + 7x +3x^2 \mod 13  $


In [2]:
p = 13
#s = lambda x: (5 + 7*x + 3*x*x) % p
def s(x):
    return (5 + 7*x + 3*x*x) % p

We distribute the shares to players 1, 2, 3, 4, and 5

In [3]:
# the share with index 0 is the secret
# Do not share it!
s(0)

5

In [4]:
#share = [(i,s(i)) for i in range(1,6)]
share = []
for i in range(1,6):
    share.append((i, s(i)))
share

[(1, 2), (2, 5), (3, 1), (4, 3), (5, 11)]

We pick three shares and rebuild the secret.
We use (2,5), (3,1), and (5,11)

In [5]:
M = Matrix( 
    [ 
        [ 1, 2, pow(2,2,p) ], 
        [ 1, 3, pow(3,2,p) ], 
        [ 1, 5, pow(5,2,p) ] 
    ] 
)
M

Matrix([
[1, 2,  4],
[1, 3,  9],
[1, 5, 12]])

In [6]:
V = Matrix([5, 1, 11])
V

Matrix([
[ 5],
[ 1],
[11]])

In [7]:
# We need the inverse of M modulo p
Mi = M.inv_mod(p)
Mi

Matrix([
[5,  8,  1],
[6, 10, 10],
[9,  6, 11]])

In [8]:
# The result is the vector of coefficients of s
# The first value is the secret
Mi * V %p

Matrix([
[5],
[7],
[3]])

## Lab Work
Let's test the homomorphic properties of Shamir's scheme.

* Let the secrets be $m = 3$ and $m' = 5$.
* For each secret, generate three shares with $p=11$. Use a $(2,3)$-threshold scheme.
* Remember that the you need fresh random coefficients for each secrets polynomial
* Take the two shares with $x=1$, let them be $(1, y)$ for the secret $m$ and $(1, y')$ for the secret $m'$.
* Compute the new share $(1,y'')$ with $y'' = y + y' \mod p$
* Repeat for the shares with $x=2$ and $x=3$.
* Combine the new shares and recover the new secret $m''$. Is it $m''=m+m'$? 

In [41]:
p = 11
t = 2 # polin degree 1
w = 3

s1 = lambda x: (3 + 11*x) % p
share1 = [(i,s1(i)) for i in range(1,4)]
print(share1)

[(1, 3), (2, 3), (3, 3)]


In [42]:
s2 = lambda x: (5 + 4*x) % p
share2 = [(i,s2(i)) for i in range(1,4)]
print(share2)

[(1, 9), (2, 2), (3, 6)]


In [43]:
s3 = lambda x: (s1(x)+s2(x)) % p
share3 = [(i,s3(i)) for i in range(1,4)]
print(share3)

[(1, 1), (2, 5), (3, 9)]


In [62]:
#only 2 out of 3 are needed
X = Matrix( 
    [ 
        #[ 1, 1], 
        [ 1, 2], 
        [ 1, 3] 
    ] 
)
X

Matrix([
[1, 2],
[1, 3]])

In [63]:
Y = Matrix([5, 9]) 
Y

Matrix([
[5],
[9]])

In [64]:
X.inv_mod(p) * Y %p # 8 = 5 + 3

Matrix([
[8],
[4]])