Class: ShamirSecretSharing

Inherits:

Object

• Object
• ShamirSecretSharing

Defined in:

lib/shamir-secret-sharing.rb

Direct Known Subclasses

Number, Packed

Defined Under Namespace

Classes: Base58, Base64, Hex, Number, Packed, ShareChecksumError, ShareDecodeError, ShareSanityCheckError

Constant Summary

VERSION =

'0.1.0'

Class Method Summary

• .combine(shares, do_raise = false, do_data_checksum = true) ⇒ Object
• .decode(string) ⇒ Object
• .decrypt(shares, encrypted, do_raise = false) ⇒ Object
• .encode(string) ⇒ Object
• .encrypt(data, available, needed, key_bit_length = 128) ⇒ Object
• .encrypt_with_sanity_check(data, available, needed, key_bit_length = 128) ⇒ Object
• .l(current_x, shares, prime) ⇒ Object

  Part of the Lagrange interpolation.

• .pack(shares) ⇒ Object
• .prime ⇒ Object
• .smallest_prime_of_bytelength(bytelength) ⇒ Object
• .split(secret, available, needed, do_data_checksum = true) ⇒ Object
• .split_with_sanity_check(secret, available, needed, do_data_checksum = true) ⇒ Object
• .unpack(shares) ⇒ Object

Class Method Details

.combine(shares, do_raise = false, do_data_checksum = true) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 53

def self.combine(shares, do_raise=false, do_data_checksum=true)
  return false if shares.size < 2
  shares = unpack(shares)
  num_bytes = shares[0][1]

  secret = shares.inject(OpenSSL::BN.new("0")){|secret,(x,num_bytes,y)|
    l_x = l(x, shares, prime)
    summand = OpenSSL::BN.new(y.to_s).mod_mul(l_x, prime)
    secret = (secret + summand) % prime
  }
  if do_data_checksum
    checksum, secret = [ secret.to_s(16).rjust(num_bytes*2, '0') ].pack("H*").unpack("a2a*")
    checksum == Digest::SHA512.digest(secret)[0...2] ? secret : false
  else
    secret = [ secret.to_s(16).rjust(num_bytes*2, '0') ].pack("H*")
  end
rescue ShareChecksumError, ShareDecodeError => ex
  raise if do_raise
  false
end

.decode(string) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 14

def self.decode(string); string; end

.decrypt(shares, encrypted, do_raise = false) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 93

def self.decrypt(shares, encrypted, do_raise=false)
  key = combine(shares, do_raise)
  return false unless key

  encrypted_decoded = decode(encrypted) rescue nil
  raise ShareDecodeError, "encrypted_data: #{encrypted}" unless encrypted_decoded

  return false unless encrypted and key
  c = OpenSSL::Cipher.new('aes-256-cbc').decrypt
  c.key, c.iv = Digest::SHA512.digest(key).unpack("a32a16")
  data = c.update(encrypted_decoded) << c.final
  data
rescue OpenSSL::Cipher::CipherError, ShareDecodeError
  raise if do_raise
  false
end

.encode(string) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 13

def self.encode(string); string; end

.encrypt(data, available, needed, key_bit_length = 128) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 85

def self.encrypt(data, available, needed, key_bit_length=128)
  key = key_bit_length.is_a?(String) ? key_bit_length : [ OpenSSL::BN.rand(key_bit_length).to_s(16) ].pack("H*")
  c = OpenSSL::Cipher.new('aes-256-cbc').encrypt
  c.key, c.iv = Digest::SHA512.digest(key).unpack("a32a16")
  encrypted = c.update(data) << c.final
  [ split(key, available, needed), encode(encrypted) ]
end

.encrypt_with_sanity_check(data, available, needed, key_bit_length = 128) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 121

def self.encrypt_with_sanity_check(data, available, needed, key_bit_length=128)
  shares, encrypted = encrypt(data, available, needed, key_bit_length)
  success = true
  needed.upto(available).each{|n| shares.permutation(n).each{|shares| success = false if decrypt(shares, encrypted) != data } }
  (needed-1).downto(2).each{|n| shares.permutation(n).each{|shares| success = false if decrypt(shares, encrypted) != false } }
  raise ShareSanityCheckError if success != true
  [shares, encrypted]
rescue ShareSanityCheckError
  retry
end

.l(current_x, shares, prime) ⇒ Object

Part of the Lagrange interpolation. This is l_j(0), i.e. # prod_neq x_i frac-x_i- x_i for more information compare Wikipedia: # en.wikipedia.org/wiki/Lagrange_form

# File 'lib/shamir-secret-sharing.rb', line 77

def self.l(current_x, shares, prime)
  shares.select{|x,num_bytes,y| x != current_x }.map{|x,num_bytes,y|
    minus_xi = OpenSSL::BN.new((-x).to_s)
    one_over_xj_minus_xi = OpenSSL::BN.new((current_x - x).to_s).mod_inverse(prime)
    minus_xi.mod_mul(one_over_xj_minus_xi, prime)
  }.inject{|p,f| p.mod_mul(f, prime) }
end

.pack(shares) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 11

def self.pack(shares); shares; end

.prime ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 7

def self.prime
  @prime ||= OpenSSL::BN.new('90298080309315418557060368684387169711767062077820047328483946136026783868610231658004529474715593165227045823796809053316421038435080529340276649188231489578413082915429082171276815832832032596987468328852992416302194653059769701301855112417280173119831084529497140275721119033981819754004876481947376857582541086674191309050669339147047177722482742095623467804455161314645495512219242738453400110821615485595951493732348640398317903244696668482247005070591932639428562532268906727083775005769341161737441206890423884947292116895278573352752642105943524899087988610386051326114173719939938357597470028921187928607042904261588275872786996786421015124382796026032641093550978376530319328301152270163150961443743005805156487456518852641096288933759632928527097707771705108593435811210969899009718025806082982491815839959394862199132189412760797205753603085181613915340914509742283721398758884882857717577570891251312844452052745163947127230739899990249592181831046734568185882323553723058313378711522655212295569618792861569553260909021907243424735691066494898818760523978370666490738958317270115402545013981689071761804217481237129399611746232468395365054918893973245564093211165225302041175079585458888691055939901734787886063765286977492815858172765414297704166310822063655804295492269403809136990123946872416301581476512804600437921871062337466733019509934199383005641657881387476608548204828441502666519703299105349809939561047193583345522023506184856674255042110783737263099438319847599648008766818797429771443705028772651586692324064007017187902934084171715785037116043811965267781489643030445117031408644673321057391176558036893857789298122893483373295134914414310225512185182855428723091437135258390607647079002628450028353308872465259623761042459298605601867079931599883341211337021548912929591032567679109586055855175707483614097894547800956575849455311488677165455115982505416964026617179448438285990610826073646616767534962613889972341177404511628350260670301108812261943592601817837534438293861144285248114026494593413438072008145151195558510253887426294107818889183153563906542962676822500733556368475553257951001559608026694402026083311647661603527141723939606662260781541702812518282966559303942883569550595968567624849771779902009005634939910112687785085261271077120292302150188079499520405255241734961072150325600567125813015450184377437377118236641143759546112499433705368329863240052878614034365965400707301060867667467921246288162184422787472727180885468250036866234631784065140572659371113921558324588343588649262665138554305162189719942919492935163152228273161856121456840243572074505539715086267815541055014575779183357826164049356330040472884738976674077057074492894659512026336932025359399208067756553441936121229276677493655969096449480584011430005309053544504304875804843205273883837061928391103734105527700616760751820474231999825032847945883064932406572688251330712502565439000257427471703412233595773324058194221908861303293341560475980198905863935850405064924144381710080649869192412763511460084172591012489581496077540366143109773048609220052015662328678967053922114059228108612468779055218472293622854582726541691332097684877156682496500546767264347154842487600035258894233822255723444907740808744398357482803391100715574412706233117206636112256824018335300077628867404705796199494183312134381338806813000075497747803240234241994282044442903373163715122536646305967943100639503123443493819526136342147706606394282112583884721431928417322993021536731405231184306729967529111955045252260102353296822531279058046816735479320770852433850566679904058973845613063366857995248536709558547947005487959070944758243881165013091044353829893545161327798124166213688912777335160265951849666987641506720154010364630736090984018386925406284136947816502665237274359499520079866122535658013617866311362943581086846194924950315777735026525882487543617430916255273833298323517701745687510934619838104831680724070326313574890013327805200827123185767256005905063632000378392141574495904804421309409555139440835558113898451033592526676935989162452243800981511319774846636555021940628714873179898475129018414822388672074777887836816908866710716135238849926550730803704711315750950458422935489673267976222635275704248820229824996510107205198663605380240651729687971710957296407610255077817146837349063148581060337597269343984345091912700819071375585519821604434603431994464701457318775403702846559037160195794889488908029233286151225725905398606350109962941753161584200144074269884326067022889478112825554120260952696169252329753222034898637234313852548016829410522468275347612080526487056946419000642199642660133237695390182834252238828073436204843551107043444186518737285718064454348783725196174064580015729871611222847895929389800649019254831014513113431655578925679204506338865404876491637286206819918930558503201366328626510435408373432348415238531403287283959561857892591427352842104554959608115380742631785942302014581426310009539709468373835178808015087703244680357716266673938316659211853843914796941131721320498518038272867994107029017543970812956754144964043650615822951424951757570100497007826364422530866395354057037623197190431202946206475807094227419540419168025621836505136395345095391267796526635539815975433875182503787461610057361924233524420270967631328159401123004381979801026089422686648542947429448884700847284807913378433322255357823885663399560901851919616533557061506731352057344807459911094519333689705182500885752770652880878560576235311015954069515891882699932824200620047914931186958185540784216011367774214867867886436031378064197674396368328035634225912051811470896936074219358317351694009621171355985142146081500737')
end

.smallest_prime_of_bytelength(bytelength) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 16

def self.smallest_prime_of_bytelength(bytelength)
  n = OpenSSL::BN.new((2**(bytelength*8)+1).to_s)
  loop{ break if n.prime_fasttest?(20); n += 2 }
  n
end

.split(secret, available, needed, do_data_checksum = true) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/shamir-secret-sharing.rb', line 22

def self.split(secret, available, needed, do_data_checksum=true)
  raise ArgumentError, "needed must be <= available" unless needed <= available
  raise ArgumentError, "needed must be >= 2"         unless needed >= 2
  raise ArgumentError, "available must be <= 250"    unless available <= 250

  if do_data_checksum
    checksum = Digest::SHA512.digest(secret)[0...2]
    num_bytes = secret.bytesize+2
    secret = OpenSSL::BN.new((checksum + secret).unpack("H*")[0], 16) rescue OpenSSL::BN.new("0")
    #num_bytes = secret.to_s(0).unpack("N")[0]
    raise ArgumentError, "bytelength of secret must be >= 1"   if num_bytes < 3
    raise ArgumentError, "bytelength of secret must be <= 4096" if num_bytes > 4097
  else
    num_bytes = secret.bytesize
    secret = OpenSSL::BN.new(secret.unpack("H*")[0], 16) rescue OpenSSL::BN.new("0") # without checksum
    raise ArgumentError, "bytelength of secret must be >= 1"   if num_bytes < 1
    raise ArgumentError, "bytelength of secret must be <= 4096" if num_bytes > 4096
  end

  coef = [ secret ] + Array.new(needed-1){ OpenSSL::BN.rand(num_bytes * 8) }

  shares = (1..available).map{|x|
    x = OpenSSL::BN.new(x.to_s)
    y = coef.each_with_index.inject(OpenSSL::BN.new("0")){|acc, (c, idx)|
      acc + c * x.mod_exp(idx, prime)
    } % prime
    [x, num_bytes, y]
  }
  pack(shares)
end

.split_with_sanity_check(secret, available, needed, do_data_checksum = true) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 110

def self.split_with_sanity_check(secret, available, needed, do_data_checksum=true)
  shares = split(secret, available, needed, do_data_checksum)
  success = true
  needed.upto(available).each{|n| shares.permutation(n).each{|shares| success = false if combine(shares) != secret } }
  (needed-1).downto(2).each{|n| shares.permutation(n).each{|shares| success = false if combine(shares) != false } }
  raise ShareSanityCheckError if success != true
  shares
rescue ShareSanityCheckError
  retry
end

.unpack(shares) ⇒ Object

# File 'lib/shamir-secret-sharing.rb', line 12

def self.unpack(shares); shares; end