question re practical use of secret sharing

D. K. Smetters smetters at
Thu Jun 21 12:57:26 EDT 2007

Peter Gutmann wrote:
> "Charles Jackson" <cljt1 at> writes:
>> Is anyone aware of a commercial product that implements secret sharing? If
>> so, can I get a pointer to some product literature?
I believe at least some versions of PGP might have supported secret
sharing for key backup.
Secret sharing is also  fundamentally less interesting than full-bore
threshold cryptography (using the fragments of a key without reassembling
them first). We built a threshold crypto-based certification authority at
CertCo a number of years ago, which was used for some very high
security root CAs. However, given the difficulty people have in managing
keys in general, building effective systems that allow them to manage
key fragments is beyond the range of most current commercial products.
It is something we use regularly in research systems, but only with a very
careful eye to both our motivation (there has to be, as Peter points out,
some good user reason for it), and ultimate system usability.

> It's available as part of other products (e.g. nCipher do it for keying their
> HSMs), but I don't know of any product that just does... secret sharing.  What
> would be the user interface for such an application?  What would be the target
> audience?  (I mean a real target audience, not some hypothesised scenario).
> (This is actually a serious question.  I talked with some crypto guys a few
> years ago about doing a standard for secret sharing, but to do that we had to
> come up with some general usage model for it rather than just one particular
> application-specific solution, and couldn't).
> Besides that, user demand for it was practically nonexistent... no, it was
> completely nonexistent, apart from a few highly specialised custom uses we
> couldn't even find someone to use as a guinea pig for testing, and the
> existing specialised users already had specialised solutions of their own
> for handling it.
> Peter.
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list