Fast, small, generic and secure Shamir's Secret Sharing library crate
Note
This repository is a fork of c0dearm/sharks, but will be actively developed and maintained by Multifactor.
Documentation:
Add this to your Cargo.toml:
[dependencies]
ssskit = "0.1"If your environment doesn't support std:
[dependencies]
ssskit = { version = "0.1", default-features = false }To get started using ssskit, see the Rust docs
The API is simple and to the point, with minimal configuration.
The code is as idiomatic and clean as possible, with minimum external dependencies.
GF256 field support largely used primitive irreducible polynomials like 0x11B (AES), 0x11D (RS codes), 0x12B (Reed-Solomon codes), and more.
Any operation on the field with a non-whitelisted polynomial will fail to build due to const assertions done at compile time.
The implementation forbids the user to choose parameters that would result in an insecure application, like generating more shares than what's allowed by the finite field length.
Because the Galois finite field it uses is GF256, only up to 255 shares can be generated for a given secret. A larger number would be insecure as shares would start duplicating. Nevertheless, the secret can be arbitrarily long as computations are performed on single byte chunks.
This crate contains both unit and benchmark tests (as well as the examples included in the docs).
You can run them with cargo test and cargo bench.
| CPU | obtain_shares_dealer | step_shares_dealer | recover_secret | share_from_bytes | share_to_bytes |
|---|---|---|---|---|---|
| Apple M1 Pro | [2.6976 µs 2.7007 µs 2.7039 µs] | [938.79 ps 939.83 ps 941.04 ps] | [190.00 µs 190.46 µs 191.06 µs] | [31.176 ns 31.311 ns 31.529 ns] | [23.196 ns 23.211 ns 23.230 ns] |
- Barycentric interpolation
- shares serialization/deserialization
- ssskit-cli
- Verifiable secret sharing
- Next step: Publicly verifiable secret sharing with commitments over EC prime-field group (Ristretto255)
- Robust secret sharing
- Threshold changeable secret resharing
- Arbitrary GF(2^k) support
- Side-channel and constant time primitives. Integrate
subtle - Optional SIMD feature for field operations
- Better error handling:
thiserrorintegration
If you find a vulnerability, bug or would like a new feature, open a new issue.
To introduce your changes into the codebase, submit a Pull Request.
Many thanks!
ssskit is distributed under the terms of both the MIT license and the Apache License (Version 2.0).
See LICENSE-APACHE and LICENSE-MIT for details.
This project is derived from the excellent work in the original sharks repository by Aitor Ruano (c0dearm). We appreciate Aitor's foundational contributions, on which this crate is based.