Skip to content

jakecraige/adss

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
cmd/adss
cmd/adss
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
adss.go
adss.go
 
 
adss_test.go
adss_test.go
 
 
binaryfield.go
binaryfield.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
s1.go
s1.go
 
 
s1_test.go
s1_test.go
 
 

Repository files navigation

Adept Secret Sharing (ADSS)

A CLI tool and library implementation of adept secret sharing (ADSS) as described by Bellare, Dai and Rogaway in Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements.

Usage

CLI

Install by downloading pre-built binaries on the releases page or it install from source with go install github.com/jakecraige/adss.

# Split the secret into a 2-of-3 sharing. First we create a file with the
# secret, it can be of any type, not just txt.
$ echo "some secret" > /tmp/secret.txt
$ adss split -threshold 2 -count 3 -out-dir /tmp -secret-path secret.txt
Share written to: tmp/share-0.json
Share written to: tmp/share-1.json
Share written to: tmp/share-2.json
Complete.

# We can recover by providing all shares. It prints to stdout in base64 by
# default, so we decode it with base64 for this example.
$ adss recover --share-paths /tmp/share-0.json,/tmp/share-1.json,/tmp/share-2.json | base64 -d
some secret

# We can also store the result in a file
$ adss recover --share-paths /tmp/share-0.json,/tmp/share-1.json,/tmp/share-2.json -out-path /tmp/recovered-secret.txt
$ cat /tmp/recovered-secret.txt
some secret

# We can also recover by providing only two
$ adss recover --share-paths /tmp/share-0.json,/tmp/share-1.json | base64 -d
some secret

# If we manually modify the secret value of one of the shares and attempt
# recovery, we are warned about the invalid share but we still recover it.
$ adss recover --share-paths /tmp/share-0.json,/tmp/share-1.json,/tmp/share-2-modified.json | base64 -d
WARN: Invalid share at ./tmp/share-2-modified.json
some secret

Library

// Split the secret into shares. The shares can be json serialized with the
// golang marshaller to be persisted on disk.
as := adss.NewAccessStructure(2, 3)
secret := []byte("the secret")
ad := []byte("the associated data")
shares, err := adss.Share(as, secret, ad)
if err != nil {
  return err
}

// Given a set of shares, attempt to recover the secret. If it can be recovered
// it returns the secret and the set of shares that were valid inputs. If it
// cannot be recovered, an error is returned.
secret, validShares, err := adss.Recover(shares)
if err != nil {
  return err
}

fmt.Printf("%s", secret)
if len(validShares) < len(shares) {
  fmt.Println("Some shares were invalid")
}

Security

This is a work-in-progress implementation and should not be used in any production systems. It does not currently match the paper so it does not provide many of the guarantees required by ADSS. It has also received no security reviews so it should not be trusted until it has.

About

Adept Secret Sharing

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 1

v0.1.0-dev Latest
Jun 21, 2020

Packages

 
 
 

Languages