Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.rst pypi polish Dec 29, 2017



Fast, secure, pure python implementation of Shamir's secret sharing algorithm.

why to use it

Shamir's secret sharing is useful for providing an "N of M" layer. For example, password recovery security questions could be cryptographically imeplemented with this algorithm. Security question answers are put through a key-derivation-function (KDF) or hash and each one is used to encrypt a different secret. Then, the answer to any say 5 of 11 security questions would be enouch to recover the secret.

how to use it

secret, shares = make_random_secret(3, 5)
# generate shares such that 3 of 5 can recover the secret
secret = recover_secret(shares)

Shamir's secret sharing algorithm operates on integer X, Y points, and the secret it stores is a random integer. To be useful, it must be combined with other algorithms. Here's a high level example:

# encrypt, decrypt, hash, and kdf are external functions

def two_of_three_encrypt(plaintext, pw0, pw1, pw2):
    'given a plaintext, secure it so that any 2 may access in the future'
    secret, shares = shamir.make_random_shares(2, 3)
    def encrypt_share(share, pw):
        return encrypt(key=kdf(pw), plaintext=repr(share))
    return (
        encrypt(key=hash(hex(secret)), plaintext=plaintext)) + tuple(
        [encrypt(key=kef(pw), plaintext=repr(share))
         for pw, share in zip((pw0, pw1, pw2), shares)])

def two_of_three_decrypt(encrypted, pwA, pwB):
    'recover the plaintext given 2 of the 3 passwords used to secure'
    ciphertext, shares = encrypted[0], encrypted[1:]
    keyA, keyB = kdf(pwA), kdf(pwB)
    decrypted_shares = []
    for share in shares:
        for key in (keyA, keyB):
                    decrypt(key=keyA, ciphertext=share))
            except Exception:
    if len(decrypted_shares) < 2:
        raise ValueError('bad password')
    return decrypt(
You can’t perform that action at this time.