Encrypted Secret Sharing

Requires a Wolfram Notebook System

Interact on desktop, mobile and cloud with the free Wolfram CDF Player or other Wolfram Language products.

Requires a Wolfram Notebook System

Edit on desktop, mobile and cloud with any Wolfram Language product.

This Demonstration illustrates Adi Shamir’s variable threshold method of sharing a secret among people, where each person knows their key, and some subset of those keys is required to recover the secret. The method is based on the fact that a polynomial of degree can be reconstructed, given the coordinates of points. The reconstruction yields the constant term of the polynomial, which is then the recovered secret. Typical secrets could include various encryption keys, such as the 128–256-bit keys used in the Advanced Encryption Standard (AES).


First, click "Parameters" in the "Data Select" section and then specify the number of shares, the number of keys required to unlock or recover the secret, and the size of the secret in bytes. Then use the "Secret Subfields" sliders to create a secret of the specified size. It is preferable to select the parameters with the "Parameters" button clicked, as the calculations required for "Key combinations" will delay the update of slider movements.

Second, click the "Keys" button in the "Data Select" section. The Demonstration then calculates the required set of keys, one for each of the shares. The key for each share is twice as long as the secret value itself. Two polynomials are shown at the bottom of the display area: the first one defines the relevant finite field; see the references for details. The second polynomial is used to calculate the values for the keys. The coefficients of that second polynomial are randomly selected (the constant term being the secret itself), as are the values for each of the keys; the values are the result of substituting the values into that polynomial and performing the indicated calculations.

Third, click the "Key combinations" button to show the results of the calculations designed to recover the secret.


Contributed by: Jim Wiggins (November 2013)
Open content licensed under CC BY-NC-SA



Snapshot 1: five shares are selected, and any combination of four keys is sufficient to recover the secret

Snapshot 2: the "Keys" button in the "Data Select" section is clicked

Snapshot 3: The "Key combinations" button is clicked. The display area shows, in this case, that no combination of two or three keys can recover the secret, but that any combination of four keys does.


[1] Wikipedia. "Shamir's Secret Sharing." (Nov 12, 2013) en.wikipedia.org/wiki/Shamir%27 s_Secret _Sharing.

[2] Wikipedia. "Secret Sharing." (Nov 12, 2013) en.wikipedia.org/wiki/Secret_sharing.

[3] Wikipedia. "Finite Field." (Nov 12, 2013) en.wikipedia.org/wiki/Finite_field.

[4] Wikipedia. "Lagrange Polynomial." (Nov 12, 2013) en.wikipedia.org/wiki/Lagrange_polynomial.

[5] Wikipedia. "Advanced Encryption Standard." (Nov 12, 2013) en.wikipedia.org/wiki/Advanced_Encryption_Standard.

Feedback (field required)
Email (field required) Name
Occupation Organization
Note: Your message & contact information may be shared with the author of any specific Demonstration for which you give feedback.