Secret Sharing + Threshold = Greater Security

Secret sharing is a fundamental technique used in cryptography. It enables a secret, such as an encryption key used to sign-off or otherwise approves a transaction, to be split into multiple (n) shares that are distributed across multiple parties. This reduces the potential for a key to be stolen when one of the parties becomes compromised.

Verifiable secret sharing also enables the detection of misuse or corruption by a shareholder. The corruption of a single share could potentially affect the integrity of a recombined key. Sepior’s secret sharing model allows for the generation of a new share to replace any share, without having to create a new key and distribute new shares to all parties. This enables maximum system integrity and availability with operational simplicity.

With conventional cryptography models, all of the shares must be recombined to recreate a whole key which can then be used by for cryptographic functions. If one or more shares is unavailable, the key cannot be recreated from the partial shares and transaction approvals may become delayed or prevented. When all shares are recombined to form a whole key that is stored on a device, the key then becomes at risk to be copied or stolen.

Sepior’s threshold model provides the ability to reconstruct lost or corrupted key shares from a threshold (t) number of shares, but not from fewer than t shares. This approach protects the secrecy and the availability of the key, even if one or multiple parties with key shares become compromised, as long as fewer than n-t systems are affected. This results in increased integrity and availability of key management for increased security.

However, secrets and thresholds alone do not mitigate the risks of key theft when a whole key is recreated.