ssss

Crates.iossss
lib.rsssss
version
sourcesrc
created_at2020-11-19 04:28:43.975325
updated_at2024-11-01 16:14:10.757057
descriptionAn implementation of Shamir's Secret Sharing Scheme
homepagehttp://docs.rs/ssss
repositoryhttps://github.com/rustyhorde/sss.git
max_upload_size
id313894
Cargo.toml error:TOML parse error at line 19, column 1 | 19 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include`
size0
Jason Ozias (CraZySacX)

documentation

http://docs.rs/ssss

README

ssss

A Shamir's Secret Sharing Scheme implementation in Rust

To quote the Wikipedia article linked above:

Shamir's Secret Sharing is used to secure a secret in a distributed way, most often to secure other encryption keys. The secret is split into multiple parts, called shares. These shares are used to reconstruct the original secret.

To unlock the secret via Shamir's secret sharing, you need a minimum number of shares. This is called the threshold, and is used to denote the minimum number of shares needed to unlock the secret. Let us walk through an example:

Problem: Company XYZ needs to secure their vault's passcode. They could use something standard, such as AES, but what if the holder of the key is unavailable or dies? What if the key is compromised via a malicious hacker or the holder of the key turns rogue, and uses their power over the vault to their benefit?

This is where ssss comes in. It can be used to encrypt the vault's passcode and generate a certain number of shares, where a certain number of shares can be allocated to each executive within Company XYZ. Now, only if they pool their shares can they unlock the vault. The threshold can be appropriately set for the number of executives, so the vault is always able to be accessed by the authorized individuals. Should a share or two fall into the wrong hands, they couldn't open the passcode unless the other executives cooperated.

Example

let secret = "correct horse battery staple".as_bytes();
let config = SsssConfig::default();

// Generate 5 shares to be distributed, requiring a minimum of 3 later
// to unlock the secret
let mut shares = gen_shares(&config, &secret)?;

// Check that all 5 shares can unlock the secret
assert_eq!(shares.len(), 5);
assert_eq!(unlock(&shares)?, secret);

// Remove a random share from `shares` and check that 4 shares can unlock
// the secret
let mut rng = thread_rng();
remove_random_entry(&mut rng, &mut shares);
assert_eq!(shares.len(), 4);
assert_eq!(unlock(&shares)?, secret);

// Remove another random share from `shares` and check that 3 shares can unlock
// the secret
remove_random_entry(&mut rng, &mut shares);
assert_eq!(shares.len(), 3);
assert_eq!(unlock(&shares)?, secret);

// Remove another random share from `shares` and check that 2 shares *CANNOT*
// unlock the secret
remove_random_entry(&mut rng, &mut shares);
assert_eq!(shares.len(), 2);
assert_ne!(unlock(&shares)?, secret);
Commit count: 89

cargo fmt