Secret splitting w/ threshold

Ryan Malayter rmalayter@bai.org
Sat Mar 23 01:15:02 2002


I was about to implement a custom secret-splitting threshold scheme for our
corporate officers, using Shamir's polynomial method and a simple
spreadsheet to do the math.

Then I considered doing a simple geometirc scheme, giving each officer the
equation of a line and letting the secret be the intersection of two or more
of these in cartesian space. This scheme would be simpler for the execs to
reconstruct in an emergency without technical help. In fact, the whole
reconstruction process could be described on the back of the laminated
"secret card" I'm going to give them.

As I understand it, both of these schemes are equally secure, presuming
large enough numbers are used as coefficients. Can anybody offer a reason
why I shouldn't choose the easier geometic scheme?

Also, it occurs to me that there is probably a good open-source program that
implement this sort of thing, although my Googleing bore no such fruit. Does
anyone have a good link to a simple, secure secret-sharing program?

Finally, the secret-sharing built into the commercial PGP, while pretty
neat, was only useful for PGP key material. I wish to share 10-20 bytes of
passphrase material. What secret sharing capabilites are coming in GnuPG?
Will it be able to share any secret?

Regards,

:::Ryan Malayter
:::Bank Administration Institute
:::Chicago, Illinois, USA
:::PGP Key: http://www.malayter.com/pgp-public.txt