Social Secret Sharing
Sharing secrets without revealing them
In this first blog of our tech series, I’d like to tell you about the exploratory project we’ve been building over the last couple of months. It addresses a simple yet common problem: How to back up your most important secrets securely. Say you have some information you want to keep private — in the case of cryptocurrencies, this might be your master key. But it could be just about anything: your phone PIN code, instructions on how to find a buried treasure. You name it. Any security expert will insist that it is vital that you never share it with anyone. So how, you are asking, can this blog be about secret sharing? Read-on, it’s quite a neat solution.
We hope that you’ll stick in here, even if you’re not a developer. Although we use scary tech words like Edwards curves or Android Beam, we’ll strive to keep it readable for all.
‘Distributed trust’ is an important blockchain feature allowing people participating in a blockchain not to need to trust each other — they might even be adversarial — yet the blockchain still will enable them to agree on specific facts unambiguously. A corollary of this is that everything happening on a blockchain must be public. Indeed, since everybody needs to agree on the facts in question, everybody must have access to all information to verify it. The issue here is that, in our everyday lives, there is information we don’t want to be public. However, there are people we can trust, such as siblings, parents, lawyers or partners.
Other developers have started using techniques and strategies popularized by blockchains such as linked blocks or multi-signatures in the context of secure and private communications. First and foremost, among them is Scuttlebutt, a “decent(ralised) secure gossip platform.”
So, going back to keeping and storing secrets, the idea here is to share your secrets (e.g., the mnemonic phrase for your private key) only with those people you trust, without having to trust them completely. Ok… but how do I do that?
The simplest way would be to write down your secret on a piece of paper, tear the paper into pieces and hand each piece to a different person you trust. That way, no single person has access to the whole secret. But when all your trustees come together, they can reconstruct your secret. An excellent example of such a system in action is the way Banksy authenticates his artwork.
But as we’re using computers and know a thing or two about math, we can do better: It’s called ‘Shamir’s Secret Sharing,’ and it allows us not only to break a secret up into multiple pieces, but it also gives us more control over how to reconstruct it. We can, for example, break the secret into four shares, but only require three shares to reconstruct it. The details of how this works has to do with polynomials and how many points are required to reconstruct a polynomial of a given degree. But that’s not important here… What’s important is that Shamir’s Secret Sharing provides an elegant means to divvy up a secret into multiple parts and to define how many of those parts are needed to reconstruct it.
After some quick and dirty prototyping, Tom Fuerstner, our CTO gave the go-ahead for an initial MVP to be implemented along the lines of SSB and Dark Crystal on Android.
The application avoids the use of networking completely to provide the required isolation and privacy. Instead, all communication between devices is done via NFC. This removes a broad swath of attack vectors and has the additional benefit of making the act of sharing parts of a secret explicit and conscious since communication between devices can only happen if they are brought into close physical proximity.
Redundancy of the shard storage will be implemented once we go beyond MVP, but of course, it’s critical to have this feature in case the secret is lost as well as too many of the shards. In the case of our solutions for the financial industry, recovery would still be possible if a shard were lost as we can use Shamir’s secret.
For the MVP, only the initial user can restore a secret. Of course, a real product would need to cope with the case of the death of the initial secret holder, and the ability to unlock a wallet say for inheritance purposes.
We’re currently using NFC only, but could easily use any wireless protocol like Bluetooth. It is however critical that the solution should be able to work both for sharing and restoring secrets without any Internet involved.