Secret Sharing refers to cryptographic methods for taking a secret, breaking it up into multiple shares, and distributing the shares among multiple parties, so that only when the parties bring together their respective shares can the secret be reconstructed. More specifically, the holder of a secret, sometimes referred to as the dealer, creates n shares of a secret and defines a threshold t for the number of shares that are required to reconstruct the secret. The dealer then proceeds to distribute the shares so they are controlled by different parties.
In secure secret sharing schemes, an attacker that gains access to fewer shares of the secret than defined by the threshold gains no information about the secret.
Secret sharing schemes are useful because they allow for more secure storage of highly sensitive data, including encryption keys, missile launch codes, and numbered bank accounts. By distributing the data, there is no single point of failure that can lead to its loss.
Secret sharing schemes are important in cloud computing environments because they provide a means to creates a high level of security for secrets using algorithms implemented in software (as opposed to requiring specialized hardware).
In SSSS, an implementation of Shamir’s Secret Sharing Scheme for Linux, SSSS-combine is the operation of combining shares to reconstruct a secret. The SSSS program can both generate shares for a known secret, and reconstruct a secret using user-provided shares.
A computationally secure secret sharing scheme distributes shares so that anyone with fewer than the threshold number of shares learns nothing about the secret – he learns as much as someone with zero shares.
There are multiple ways to implement a secret sharing scheme, including using the asymmetric encryption keys used in PKI. But secret sharing does not require PKI – it can be implanted using other cryptographic techniques.
According to Gartner, information dispersal algorithms provide a methodology for storing information in pieces (dispersed) across multiple locations, so that redundancy protects the information in the event of a location outage, but unauthorized access at any single location does not provide usable information. Only the originator or a user with a list of the latest pointers can properly assemble the complete information.
Secret sharing can therefore be thought of as a specialized information dispersal algorithm for highly sensitive secrets, where instead of one user holding the information required to reconstruct the data – the current list of pointers – the information is shared among multiple users.