This Demonstration illustrates Adi Shamir’s variable threshold method of sharing a secret among

people, where each person knows their key, and some subset

of those keys is required to recover the secret. The method is based on the fact that a polynomial of degree

can be reconstructed, given the coordinates of

points. The reconstruction yields the constant term of the polynomial, which is then the recovered secret. Typical secrets could include various encryption keys, such as the 128–256-bit keys used in the Advanced Encryption Standard (AES).

First, click "Parameters" in the "Data Select" section and then specify the number of shares, the number of keys required to unlock or recover the secret, and the size of the secret in bytes. Then use the "Secret Subfields" sliders to create a secret of the specified size. It is preferable to select the parameters with the "Parameters" button clicked, as the calculations required for "Key combinations" will delay the update of slider movements.

Second, click the "Keys" button in the "Data Select" section. The Demonstration then calculates the required set of keys, one for each of the shares. The key for each share is twice as long as the secret value itself. Two polynomials are shown at the bottom of the display area: the first one defines the relevant finite field; see the references for details. The second polynomial is used to calculate the

values for the keys. The coefficients of that second polynomial are randomly selected (the constant term being the secret itself), as are the

values for each of the keys; the

values are the result of substituting the

values into that polynomial and performing the indicated calculations.

Third, click the "Key combinations" button to show the results of the calculations designed to recover the secret.