<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
9. Apr 2017 15:06 by <a href="mailto:phill@hallambaker.com" target="_blank" rel="noopener noreferrer">phill@hallambaker.com</a>:<br /><br /><blockquote class="tutanota_quote" style="border-left: 1px solid #93A3B8; padding-left: 10px; margin-left: 5px;"><div><div class="gmail_default" style="font-size: small"><br /></div><div class="gmail_extra"><br /><div class="gmail_quote">On Sat, Apr 8, 2017 at 2:01 PM, Harlan Lieberman-Berg <<a rel="noopener noreferrer" target="_blank" href="mailto:hlieberman@setec.io">hlieberman@setec.io</a>> wrote:<br /><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex ; border-left: 1px #ccc solid ; padding-left: 1ex">Phillip Hallam-Baker <<a rel="noopener noreferrer" target="_blank" href="mailto:phill@hallambaker.com">phill@hallambaker.com</a>> writes:<br />
> Making such a scheme usable is somewhat tricky because we would want to<br />
> make the shares used to secure the key to be as small as possible for<br />
> convenience which indicates 128 bit work factor for the master key.<br />
<br />
Why not simply use Shamir's Secret Sharing? The security properties are<br />
much stronger (SSS is information-theoretic secure such that a (k,n)<br />
construction reveals no information with k-1 shares known. The size is<br />
fairly minimal too; IIRC, each share is no larger than the key itself<br />
(thus, the total construction is n*bit size).<br /></blockquote><div><br /></div><div class="gmail_default" style="font-size: small">I am using Shamir Secret Sharing. But that only gets you from a set of key shares to a master secret. You still have to get from the master secret to the encryption key.</div><div class="gmail_default" style="font-size: small"><br /></div><div class="gmail_default" style="font-size: small">If you use 256 bits for the master key you end up with 256 bit shares.</div></div></div></div></blockquote><p><br /></p><p>Couldn't the SSShares reconstruct the master secret which is the encryption key?</p><p>the master secret needn't be another step removed from the shares.</p><p><br /></p><p>If you use a 256bit for the master key you dont end have to have 256bit shares, or did you mean 256shares?</p><p><br /></p><p>But i believe the normal approach to solving the problem, i think you are trying to solve is to use asymmetric encryption where the secret shares reconstruct the asymmetric private key info. Tho i fear you may have the same problem again if you have a fundamental misunderstanding on shamir sharing and prime secret size. <br /></p><p><br /></p><p>could the bottom post of this thread help perhaps?</p><p><a href="https://crypto.stackexchange.com/questions/39970/shamirs-secret-sharing-scheme-prime-security" target="_blank" rel="noopener noreferrer">https://crypto.stackexchange.com/questions/39970/shamirs-secret-sharing-scheme-prime-security</a><br /></p><p><br /></p> </body>
</html>