Shamir’s Secret Sharing

As you were reading the description above about how the private key is divided into many pieces, you may have wondered: “What if one of the Storeman nodes loses a keyshare or goes offline, how will it still be able to broadcast a transaction?” This is possible through the magic of Shamir’s Secret Sharing (SSS). The basic principle behind secret sharing can be illustrated easily by considering how many points are needed to define a line. Let’s say you use a secret mathematical formula as the password to your online bank account, and the formula you used defines the line below:

y = x + 3

You were worried you might forget your password, so you decide to give one point from your line, (-2, 1), to your friend Albert, and another point, (1, 4), to your friend Ada. Neither of your friends with their one point could ever reconstruct the password to your bank account, since with only one point on a line, there are an infinite number of other points which could be chosen to define the line. But what if you don’t totally trust your friends Ada and Albert, and are worried about them putting their points together to generate your password? Well, let’s see how we might deal with that using a different formula as your online banking password.

y = x²–3x + 3

This time, you give (2, 1) to Ada, (1.5, 0.75) to Albert, and (0, 3) to your friend Steve. Since this formula is more complex, knowing two points is not enough for Ada and Albert to reconstruct it. They would need to collude with your friend Steve as well in order to reconstruct the formula and access your online bank account. While this formula only requires three points, we can in fact increase the complexity of the formula to any level we would like for added security — so that it would require five, ten, fifteen or more points to be able to reconstruct the formula.

Going through this thought experiment, you may have wondered, “What if one of my friends forgets their point, or is kidnapped, or falls off a cliff, etc., how would I be able to access my bank account?” Well, this is solved simply by handing out more points on the graph of the formula you chose. All you need to do is pick one more point, (3, 3), and give it to your friend Satoshi. Now any combination of three of your four friends is enough to reconstruct your password.

y = x²–3x + 3

If you wished, you could hand out even more points, in case you were worried some of your friends might lose theirs. As long as any three of them can give you their points, your password can be reconstructed. This is what is known as (t, n) threshold secret sharing, for which you give out n different pieces of a secret, and a minimum threshold of t pieces are required to reconstruct your secret.

Now you understand the basic theory behind Shamir’s Secret Sharing. While we may not be dealing with formulae that describe a line on a graph, the basic theory is the same. With Shamir’s Secret Sharing, each Storeman node receives only one part of the private key, and uses that part to construct one part of the transaction to be broadcast to the network. Even if one or two Storeman nodes are offline or somehow lose access to the private key, using technology based on the principles explained above, it is still possible to reconstruct the complete transaction from the pieces of the transaction held by the remaining Storeman nodes.

Through the use of cutting edge technologies such as MPC, threshold secret sharing, ring signatures, and so on, Wanchain has become the first blockchain to actually implement secure, private, cross chain functionality.