Skip to content

Huge/shamir

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

README.rst

README.rst

 
 

setup.py

setup.py

 
 

shamir.py

shamir.py

 
 

Repository files navigation

Key sharing code for web-browser clients as possible

We'll try to push the limits on Skulpt engine which compiles Python to browser JS and modify the forked code( linked bellow) to work in there.

Final aspiration is to make a clear web-app for sharing of cryptographic seed phrases of [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki).

shamir

Using the "Fast, secure, pure python implementation of Shamir's secret sharing algo" from https://github.com/kurtbrose/shamir.

why to use it

Shamir's secret sharing is useful for providing an "N of M" layer. For example, password recovery security questions could be cryptographically imeplemented with this algorithm. Security question answers are put through a key-derivation-function (KDF) or hash and each one is used to encrypt a different secret. Then, the answer to any say 5 of 11 security questions would be enouch to recover the secret.

how to use it

secret, shares = make_random_secret(3, 5)
# generate shares such that 3 of 5 can recover the secret
secret = recover_secret(shares)

Shamir's secret sharing algorithm operates on integer X, Y points, and the secret it stores is a random integer. To be useful, it must be combined with other algorithms. Here's a high level example:

# encrypt, decrypt, hash, and kdf are external functions

def two_of_three_encrypt(plaintext, pw0, pw1, pw2):
    'given a plaintext, secure it so that any 2 may access in the future'
    secret, shares = shamir.make_random_shares(2, 3)
    def encrypt_share(share, pw):
        return encrypt(key=kdf(pw), plaintext=repr(share))
    return (
        encrypt(key=hash(hex(secret)), plaintext=plaintext)) + tuple(
        [encrypt(key=kef(pw), plaintext=repr(share))
         for pw, share in zip((pw0, pw1, pw2), shares)])

def two_of_three_decrypt(encrypted, pwA, pwB):
    'recover the plaintext given 2 of the 3 passwords used to secure'
    ciphertext, shares = encrypted[0], encrypted[1:]
    keyA, keyB = kdf(pwA), kdf(pwB)
    decrypted_shares = []
    for share in shares:
        for key in (keyA, keyB):
            try:
                decrypted_shares.append(
                    decrypt(key=keyA, ciphertext=share))
            except Exception:
                pass
    if len(decrypted_shares) < 2:
        raise ValueError('bad password')
    return decrypt(
        key=hash(hex(shamir.recover_secret(decrypted_shares))),
        ciphertext=ciphertext)

About

Shamir n/m secret splitting in Python on the web

huge.github.io/shamir/

Topics

javascript python3 cryptocurrencies skulpt key-management shamir-secret-sharing cryptocurrency-wallets

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%