46 lines
1.6 KiB
ReStructuredText
46 lines
1.6 KiB
ReStructuredText
Threshold Secret Sharing
|
|
========================================
|
|
|
|
.. versionadded:: 1.9.1
|
|
|
|
Threshold secret sharing allows splitting a secret into ``N`` shares such that
|
|
``M`` (for specified ``M`` <= ``N``) is sufficient to recover the secret, but an
|
|
attacker with ``M - 1`` shares cannot derive any information about the secret.
|
|
|
|
The implementation in Botan follows an expired Internet draft
|
|
"draft-mcgrew-tss-03". Several other implementations of this TSS format exist.
|
|
|
|
.. cpp:class:: RTSS_Share
|
|
|
|
.. cpp:function:: static std::vector<RTSS_Share> split(uint8_t M, uint8_t N, \
|
|
const uint8_t secret[], uint16_t secret_len, \
|
|
const std::vector<uint8_t>& identifier, \
|
|
const std::string& hash_fn, \
|
|
RandomNumberGenerator& rng)
|
|
|
|
Split a secret. The identifier is an optional key identifier which may be
|
|
up to 16 bytes long. Shorter identifiers are padded with zeros.
|
|
|
|
The hash function must be either "SHA-1", "SHA-256", or "None" to disable
|
|
the checksum.
|
|
|
|
This will return a vector of length ``N``, any ``M`` of these shares is
|
|
sufficient to reconstruct the data.
|
|
|
|
.. cpp:function:: static secure_vector<uint8_t> reconstruct(const std::vector<RTSS_Share>& shares)
|
|
|
|
Given a sufficient number of shares, reconstruct a secret.
|
|
|
|
.. cpp:function:: RTSS_Share(const uint8_t data[], size_t len)
|
|
|
|
Read a TSS share as a sequence of bytes.
|
|
|
|
.. cpp:function:: const secure_vector<uint8>& data() const
|
|
|
|
Return the data of this share.
|
|
|
|
.. cpp:function:: uint8_t share_id() const
|
|
|
|
Return the share ID which will be in the range 1...255
|
|
|