multi-secret-sharing is a tool for splitting multiple secrets among multiple stakeholders.
It uses cryptography to divide secret data into multiple parts in such a way that compromising even a few secret parts does not endanger security of a secret.
The parts, or secret shares are saved as JSON files and can be later distributed to several people or backed up on separate disks and online storage facilities.
Implemented and ready-to-use multi secrets sharing schemes are:
Note: this repo contains implementations of multi-secret sharing algorithms together with sample application. This is NOT a fully secure cryptosystem and thus not ready for real usage. The code in current form is not meant to be resistant to side-channel attacks.
If you want to encrypt your disk or a huge file, a more suitable program would be VeraCrypt.
The other way to secure a huge file is to encrypt it using block cipher, e.g. AES. Then only split the AES key with secret sharing. That's similar to what Herranz-Ruiz-Saez algorithm actually does.
You can find binary executables in releases section.
To run a Python 3.5 prototype, please install cryptography module.
pip3 install cryptographyRun an example
cd multi-secret-sharing/python
python3 example-split-secret.pyTo run GUI application, install PyQt5 and jsonpickle:
pip3 install PyQt5
pip3 install jsonpickleRun GUI application:
python3 ui_controller.py
To run tests, you need nosetests unit testing library for Python3:
sudo apt install python3-noseRun tests:
nosetests3To package application under Windows & Linux, use latest development version of PyInstaller.
pip3 install https://github.com/pyinstaller/pyinstaller/archive/develop.zipUnder Linux:
pyinstaller --windowed --onefile ui_controller.pyIf under Windows Qt5 DLL's are not found by the PyInstaller script, explicitly point PyQt5 directory, e.g.:
pyinstaller --windowed --onefile --path C:\Python35\Lib\site-packages\PyQt5\Qt\bin ui_controller.pyTBD. https://www.blazemeter.com/blog/how-start-working-github-plugin-jenkins
Imagine a situation where you want to secure vulnerable data and give access to it only to a specified group of people (e.g. board of directors in a company) or back up on several servers in such a way that compromising one server (or up to chosen number) does not compromise the secret. The secret can be a private key to a cryptocurrency wallet or codes to open a safe.
Now imagine that the level of authority in group is varied. The president can open the safe, while at least 2 vice-presidents must gather together to open it.
Now imagine you have 17 safes or 56 missiles. You can have 56 secret codes and split them 56 times to give each member a share. Now the directors have to generate and store 56 different passwords.
**Here multi-secret sharing comes in handy. Using multi-secret sharing all participants only have to remember one password. It allows the creator of the scheme to assign 'access structures' specifying who can gain access to whole all secrets or just a chosen subset of secrets. **
Secret-sharing Multi-secret sharing
See also SMPC (Secure Multi-Party Comuputation) and it's recent use in Worldcoin project: Worldcoin Foundation unveils new SMPC system, deletes old iris code