Module esss

Description
Data Types
Function Index
Function Details

Shamir secret sharing using GF^256.

Description

Shamir secret sharing using GF^256.

This module is an Erlang NIF binding to the "sss" secret-sharing library written by Daan Sprenkels (https://github.com/dsprenkels/sss). The following is taken from the library's README:

sss is a library that exposes an API to split secret data buffers into a number of different shares. With the possession of some or all of these shares, the original secret can be restored. It is the schoolbook example of a cryptographic threshold scheme.

As often with crypto libraries, there is a lot of Shamir secret sharing code around that does not meet cryptographic standards (a.k.a. is insecure). Some details—like integrity checks and side-channel resistance—are often forgotten. But these slip-ups can often fully compromise the security of the scheme. With this in mind, I have made this library to:

Be side channel resistant (timing, branch, cache)
Secure the shared secret with a MAC
Use the platform (OS) randomness source

It should be safe to use this library in "the real world". I currently regard the API as being stable.

Data Types

message()

message() = iolist()

A secret message which can be split into shares. Messages must be of a fixed length (which you can retrieve by calling get_message_len/0).

share()

share() = binary()

A share of a secret message, used to recover it later.

Function Index

combine_shares/1	Combine a list of shares returned by `create_shares/3` to restore the original secret.
create_shares/3	Create `N` shares of a secret message.
get_message_len/0	Returns the required length of a message().

Function Details

combine_shares/1

combine_shares(Shares::[share()]) -> {ok, message()} | error

Combine a list of shares returned by create_shares/3 to restore the original secret.

This function can fail if the shares are incorrectly formatted or sized, an incorrect number of shares are given, or in the case of any form of corruption of the shares (checked using a MAC over the original secret message).

create_shares/3

create_shares(Message::message(), N::integer(), K::integer()) -> [share()]

Create N shares of a secret message.

Shares are created such that K or more shares will be able to restore the secret.

get_message_len/0

get_message_len() -> integer()

Returns the required length of a message().

This is configurable, but only at compile-time by editing sss.h.

Messages not of this length will produce a "badarg" exception when given to create_shares/3.

Generated by EDoc