so seems like an implementation of Shamir’s Secret Sharing algorithm. I’ve always wanted to use it, but I can’t imagine needing anything more than simple pgp encryption for my needs.
A rather morbid use case that I am aware of is an “in case of death” file containing passwords and instructions that is split and shared with a select number of trusted friends.
This is subject to physical seizure by a government, which is legally allowed to happen even prior to your being put on trial for a crime (a search warrant based on probable cause).
Such probable cause is frequently supported solely by a sworn statement from a federal agent. Feds generally suffer no personal consequences for misstatements in these sworn documents, as the result is just invasion of privacy (not something the courts worry about that much).
Combined with the universal surveillance of cloud services, this means that the state can access your secrets effectively at will, without ever having to prove that you did anything wrong.
That’s fair, and perfectly reasonable. Though others might not have the same level of trust in any one person.
Instead, it becomes about trusting a group of people to keep each other in check, which to me feels less likely to fail. It requires convincing several people (potentially including some that don’t know each other) that it’s okay to peek.
Of course, in any case, it always depends on the people in question.
afaik the main usecase is in organizations, sensitive info would need the keys from e.g. a majority of board members, or access to important infrastructure requires multiple senior sysadmins, etc. It’s not hard to steal a single key (through social engineering, stealing the laptop it’s on, etc.), stealing multiple keys in a short enough timespan without getting caught is much harder
Is there a (practical) limit on how many pieces a file can be broken into?
If a large number of pieces is possible, then this feels like something that could be used for secure voting. Construct a secret document, like “Bearer is the winner of the election”, signed by the election commission’s secret key; break it into enough pieces that every voter gets one, and require >50% of the pieces (or ⅔ or whatever) to reconstruct. To vote you just send your piece to your preferred candidate. Whichever candidate presents the reconstructed document wins.
I do recognize that the crypto isn’t the hard part of electronic voting. But this seems like a cool thing to consider, esp. since much of it could be done on paper by printing the fragments as barcodes. Just snail-mail yours directly to your candidate, or slide it into their locked box or whatever.
so seems like an implementation of Shamir’s Secret Sharing algorithm. I’ve always wanted to use it, but I can’t imagine needing anything more than simple pgp encryption for my needs.
Those who use SSS, what for?
A rather morbid use case that I am aware of is an “in case of death” file containing passwords and instructions that is split and shared with a select number of trusted friends.
Yeah I would rather just put the key or password or whatever in a safe and let my partner/family member access it.
This is subject to physical seizure by a government, which is legally allowed to happen even prior to your being put on trial for a crime (a search warrant based on probable cause).
Such probable cause is frequently supported solely by a sworn statement from a federal agent. Feds generally suffer no personal consequences for misstatements in these sworn documents, as the result is just invasion of privacy (not something the courts worry about that much).
Combined with the universal surveillance of cloud services, this means that the state can access your secrets effectively at will, without ever having to prove that you did anything wrong.
That’s fair, and perfectly reasonable. Though others might not have the same level of trust in any one person.
Instead, it becomes about trusting a group of people to keep each other in check, which to me feels less likely to fail. It requires convincing several people (potentially including some that don’t know each other) that it’s okay to peek.
Of course, in any case, it always depends on the people in question.
afaik the main usecase is in organizations, sensitive info would need the keys from e.g. a majority of board members, or access to important infrastructure requires multiple senior sysadmins, etc. It’s not hard to steal a single key (through social engineering, stealing the laptop it’s on, etc.), stealing multiple keys in a short enough timespan without getting caught is much harder
Is there a (practical) limit on how many pieces a file can be broken into?
If a large number of pieces is possible, then this feels like something that could be used for secure voting. Construct a secret document, like “Bearer is the winner of the election”, signed by the election commission’s secret key; break it into enough pieces that every voter gets one, and require >50% of the pieces (or ⅔ or whatever) to reconstruct. To vote you just send your piece to your preferred candidate. Whichever candidate presents the reconstructed document wins.
I do recognize that the crypto isn’t the hard part of electronic voting. But this seems like a cool thing to consider, esp. since much of it could be done on paper by printing the fragments as barcodes. Just snail-mail yours directly to your candidate, or slide it into their locked box or whatever.
(I’m sure I’m not the first to think of this…)