🔑 Secret Sharing: Shamir's Scheme
Understand how to split secrets into shares for distributed security
Compute on encrypted data without revealing it
Your Progress
0 / 5 completedSecret Sharing
**Secret sharing** is the foundation of MPC. It's a method to split a secret into multiple pieces (shares) such that: (1) any subset of shares smaller than the threshold reveals nothing about the secret, and (2) any subset equal to or larger than the threshold can perfectly reconstruct the secret.
The most famous scheme is **Shamir's Secret Sharing**, invented by Adi Shamir in 1979. It uses polynomial interpolation: a degree-(t-1) polynomial requires exactly t points to reconstruct, but t-1 points reveal zero information.
📐 Shamir's Secret Sharing
Interactive: Shamir Secret Sharing Simulator
Adjust parameters and see how secret sharing works. Try selecting different combinations of shares to reconstruct the secret.
Generated Shares
Properties of Secret Sharing
🔒 Perfect Secrecy
Any subset of less than t shares reveals absolutely zero information about the secret. Not even a single bit.
🎯 Perfect Reconstruction
Any subset of exactly t shares can perfectly reconstruct the original secret with 100% accuracy.
⚖️ Homomorphic Properties
Can perform addition and multiplication on shares without reconstructing the secret—this enables MPC!
💡 Why This Matters for MPC
- ✓Each party holds shares of all secrets, but learns nothing about individual secrets
- ✓Can perform computations on shares (addition, multiplication) without revealing secrets
- ✓Only the final result is reconstructed—intermediate values stay secret
- ✓Threshold property enables fault tolerance (some parties can fail or be malicious)
Real-World Example: Threshold Signatures
Cryptocurrency wallets use Shamir's Secret Sharing for **threshold signatures**: the private key is split into n shares, and t shares are needed to sign transactions. This prevents single-point-of-failure: even if some key shares are lost or compromised, the wallet remains secure.