Encrypted Secret Sharing

This Demonstration illustrates Adi Shamir’s variable threshold method of sharing a secret among people, where each person knows their key, and some subset of those keys is required to recover the secret. The method is based on the fact that a polynomial of degree can be reconstructed, given the coordinates of points. The reconstruction yields the constant term of the polynomial, which is then the recovered secret. Typical secrets could include various encryption keys, such as the 128–256-bit keys used in the Advanced Encryption Standard (AES).
First, click "Parameters" in the "Data Select" section and then specify the number of shares, the number of keys required to unlock or recover the secret, and the size of the secret in bytes. Then use the "Secret Subfields" sliders to create a secret of the specified size. It is preferable to select the parameters with the "Parameters" button clicked, as the calculations required for "Key combinations" will delay the update of slider movements.
Second, click the "Keys" button in the "Data Select" section. The Demonstration then calculates the required set of keys, one for each of the shares. The key for each share is twice as long as the secret value itself. Two polynomials are shown at the bottom of the display area: the first one defines the relevant finite field; see the references for details. The second polynomial is used to calculate the values for the keys. The coefficients of that second polynomial are randomly selected (the constant term being the secret itself), as are the values for each of the keys; the values are the result of substituting the values into that polynomial and performing the indicated calculations.
Third, click the "Key combinations" button to show the results of the calculations designed to recover the secret.


  • [Snapshot]
  • [Snapshot]
  • [Snapshot]


Snapshot 1: five shares are selected, and any combination of four keys is sufficient to recover the secret
Snapshot 2: the "Keys" button in the "Data Select" section is clicked
Snapshot 3: The "Key combinations" button is clicked. The display area shows, in this case, that no combination of two or three keys can recover the secret, but that any combination of four keys does.
[1] Wikipedia. "Shamir's Secret Sharing." (Nov 12, 2013) en.wikipedia.org/wiki/Shamir%27 s_Secret _Sharing.
[2] Wikipedia. "Secret Sharing." (Nov 12, 2013) en.wikipedia.org/wiki/Secret_sharing.
[3] Wikipedia. "Finite Field." (Nov 12, 2013) en.wikipedia.org/wiki/Finite_field.
[4] Wikipedia. "Lagrange Polynomial." (Nov 12, 2013) en.wikipedia.org/wiki/Lagrange_polynomial.
[5] Wikipedia. "Advanced Encryption Standard." (Nov 12, 2013) en.wikipedia.org/wiki/Advanced_Encryption_Standard.
    • Share:

Embed Interactive Demonstration New!

Just copy and paste this snippet of JavaScript code into your website or blog to put the live Demonstration on your site. More details »

Files require Wolfram CDF Player or Mathematica.