Shamir's Secret Sharing

Shamir's Secret Sharing is a cryptographic algorithm that divides a secret into multiple shares distributed among participants, where a minimum threshold number of shares must be combined to reconstruct the original secret—while any fewer shares reveal absolutely nothing about it.

Definition

Shamir’s Secret Sharing (SSS) is a threshold-based secret sharing scheme invented by Adi Shamir in 1979. It splits a secret value (such as a cryptographic key, password, or master seed) into n shares, distributed among n participants, such that any k shares (where k <= n) are sufficient to reconstruct the original secret—but any combination of fewer than k shares reveals absolutely zero information about the secret. This is not “less information.” It is provably zero.

The mathematical elegance lies in polynomial interpolation. A polynomial of degree k-1 is uniquely determined by k points. The secret is encoded as the polynomial’s constant term, and each share is a distinct point on the polynomial. With k points, Lagrange interpolation recovers the polynomial and thus the secret. With k-1 points, every possible secret value is equally likely.

Why It Matters

Single points of failure in key management have caused catastrophic losses. In cryptocurrency alone, an estimated $140 billion worth of Bitcoin is permanently inaccessible in wallets whose owners lost their private keys, according to Chainalysis data from 2024. James Howells famously discarded a hard drive containing 8,000 Bitcoin (valued at over $500 million at 2025 prices) in a Welsh landfill. Stefan Thomas lost access to 7,002 Bitcoin because he forgot the password to an IronKey USB drive that allows only 10 guesses before self-wiping.

Shamir’s Secret Sharing eliminates this single-point failure without introducing a single-point trust requirement. A 3-of-5 scheme, for example, distributes five shares among five independent custodians. Any three can reconstruct the key; no two can learn anything about it. One custodian can be compromised, one can lose their share, and the system still functions.

This is the foundation of modern threshold cryptography, used by enterprise key management systems, cryptocurrency custody solutions, and MPC-based protocols that extend Shamir’s approach to support computation on shares without ever reconstructing the secret.

How It Works

The algorithm operates over a finite field (typically a prime field):

Secret encoding: The dealer (the party splitting the secret) selects a random polynomial f(x) of degree k-1, where the constant term f(0) equals the secret S. All other coefficients are chosen uniformly at random.
Share generation: The dealer evaluates the polynomial at n distinct non-zero points: share_i = f(i) for i = 1, 2, …, n. Each participant receives one point (i, f(i)).
Reconstruction: Any k participants pool their shares and use Lagrange interpolation to recover the unique polynomial of degree k-1 passing through their k points. The secret is f(0).
Information-theoretic security: With fewer than k shares, the polynomial is underdetermined—infinitely many polynomials of degree k-1 pass through k-1 points, and each maps to a different secret value with equal probability. This is not computational security (which could be broken by future algorithms); it is unconditional, information-theoretic security.

A practical example: a 3-of-5 scheme for a 256-bit AES key generates a random degree-2 polynomial over GF(p) where p is a 256-bit prime. Five points on the polynomial become five shares. Any three shares reconstruct the key. Two shares leave the attacker with exactly 2^256 equally likely key candidates—identical to having no information at all.

Stealth Cloud Relevance

In Stealth Cloud’s current Ghost Chat architecture, encryption keys are ephemeral and exist only in browser memory—so there is no key to split and no need for recovery, because the key is deliberately destroyed at session end via cryptographic shredding.

Shamir’s Secret Sharing becomes relevant for Stealth Cloud’s key recovery infrastructure. If a user opts into persistent encrypted storage (planned for later phases), the recovery key for that storage can be split into shares using a threshold scheme: for instance, 2-of-3, where one share is derived from the user’s wallet signature via Sign-In with Ethereum, one is stored in a user-controlled backup location, and one is held by a recovery service. No single party—including Stealth Cloud—holds enough shares to reconstruct the key unilaterally.

This model ensures that key management for persistent data inherits the same zero-trust property as ephemeral sessions: the user retains control, the infrastructure cannot unilaterally access data, and redundancy protects against loss without requiring trust in any single custodian. The Stealth Cloud Manifesto defines this as a non-negotiable requirement for any future storage product.

The Stealth Cloud Perspective

Shamir’s Secret Sharing is the mathematical proof that security and redundancy are not opposites—that a secret can be both distributed and inaccessible, both recoverable and private. Stealth Cloud applies this principle wherever keys must outlive a session: split trust so no single entity can betray it.