back

We should share our secrets

Shamir secret sharing: How it works and how to implement it

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:59:40
Language
English
Abstract
Backing up private keys in a secure manner is not straightforward. Once a backup has been compromised you need to refresh all your key material.
For example, the disclosure of a private key of a Bitcoin wallet gives access to the coins inside. This makes it unattractive to store a complete backup of
your private key(s) with your bank or your spouse. The better option would be to split the key into multiple parts. The recommended way to do this securely is to use the Shamir secret sharing scheme. This talk provides a detailed breakdown of how the scheme works and explains how it is implemented in C in a new library called SSS.

<p>
Shamir secret sharing is a mechanism that securely splits private keys or
passwords into independent parts. These parts do not give away the secret on
their own. Instead, the user defines the minimal amount of shares needed to
restore the original secret. In this way, there is no need to trust a <em>single</em>
entity. Additionally, compromise or loss of one share does not mean a
compromise or loss of the entire secret. This makes it very suitable for
backing up private keys, such as Bitcoin keys. Shamir secret sharing can
also be used for passing on your secrets to your trusted successors, in case
you get hit by a bus.
</p>
<p>
In this talk, I will explain in detail how the scheme works. Although it is
provably secure for confidentiality, we will see how it fails for integrity
and how to fix that. While Shamir published his article almost 30 years ago,
most existing libraries for Shamir secret sharing are still implemented
poorly in terms of security and side-channel resistance.
</p>
<p>
I will talk about writing the definitive library for Shamir secret sharing.
We will choose suitable parameters and implement the scheme in C. We will
see a couple of tricks that cryptographers use for building fast algorithms
while still maintaining side-channel resistance. In the end, we (hope to)
have produced a robust algorithm ready for easy integration into your favorite
project.
</p>
<p>
Basic understanding of some mathematical topics (such as group theory) may
be helpful for this talk, but is not required.
</p>

Talk ID
8885
Event:
34c3
Day
2
Room
Saal Clarke
Start
12:45 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Daan Sprenkels
Talk Slug & media link
34c3-8885-we_should_share_our_secrets
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 8 months ago