dsprenkels / sss Goto Github PK
View Code? Open in Web Editor NEWLibrary for the Shamir secret sharing scheme
License: MIT License
Library for the Shamir secret sharing scheme
License: MIT License
I've been trying to run your makefile, and as soon as I've cloned your git, I have then tried running the make command, but I keep on getting the error that there's no file or directory named sys/syscall.h (included in the randombytes.c and randombytes.h files).
For performance reasons you may want to generate a lot of sss_Share
s, but write the ciphertext that is being generated only once. This is currently not supported by the API. Perhaps we should write a "detached" version of sss_create_shares
(and sss_combine_shares
) to make this possible.
We should build a command line interface that so that users can split/combine secrets from the command line. This also allows for demos.
It does not use GF(256) or other GF(2^n) unlike sss and others.
Something worth while to note.
Also
has this feature. (have not checked C or C++)
From the comparing table on the README.md
, another two libraries (sssa-{golang,ruby}) are secure on the Tamper-resistant. As the notes say, the current library use AEAD to check the integrity of the raw result, so mark as Tamper-resistant
. The other two libraries, which share the same implementation, do not perform aead, but split the raw input into 256-bit slices and generate polynomial for each slice independently. Why the independent polynomials can pass Tamper-resistant
review?
During security research for SatoshiLabs on the Trezor firmware, I recently discovered an undefined behaviour edge case via (1 << 31)
in the following line for unbitslice()
:
Line 59 in b3ac4e7
UndefinedBehaviorSanitizer:
runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Please see the main bug report for details of the issue and two proposed patches. Note that our unbitslice()
variant has a dynamic length parameter, but is called with len = 32
in this context and should be functionally identical.
@dsprenkels : we're interested if you can confirm the issue. Which patch do you prefer? Thanks!
I feel there is need for getting start section in Readme which provide instruction about how to run this program. It describe this process step by step.
suppose I want to run the example provided in readme then how I am going to run this ?
I started this and got some errors some of them are as bellow.
demo.c:2:10: fatal error: randombytes.h: No such file or directory
#include "randombytes.h"
^~~~~~~~~~~~~~~
compilation terminated.
make -C randombytes librandombytes.a
make[1]: Entering directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
make[1]: *** No rule to make target 'librandombytes.a'. Stop.
make[1]: Leaving directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
Makefile:20: recipe for target 'randombytes/librandombytes.a' failed
make: *** [randombytes/librandombytes.a] Error 2
make
I got bellow errormake -C randombytes librandombytes.a
make[1]: Entering directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
make[1]: *** No rule to make target 'librandombytes.a'. Stop.
make[1]: Leaving directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
Makefile:20: recipe for target 'randombytes/librandombytes.a' failed
make: *** [randombytes/librandombytes.a] Error 2
If there will be guide then it will helpful for people who are new like me.
Thank you
hi,
could not see how else to address this question. hence filing an issue. How can i use the library to use verifiable sss using feldman approach of homomorphic encryption ?
thanks,
regards,
Nilay
First, I am ignorant on development, so maybe I am just saying something that does not makes sense.
I am trying to find a solution to use SSS with my personal password manager so, in case something happens to me, my wife or my family will be able to open it and get the passwords.
Because of this, I was hoping I would be able to find a solution that includes a portable system to "recreate" the main key, and store that on a USB and shared that with the parts.
This way, if they need to create the key, they will know how to do it.
Is there any way to use this library like that?
If not, do you know any other solution that could work for me?
Thanks
This issue was (kind of) reported by @wolfmcnally.
An implementor has assumed that the x
coordinate is secret. They expect that you are not able to read---from a share---how many shares exist in total. Right now, you can deduce from the existence of (for example) share 8
, that shares 7..1
exist.
Because you are using byte-wise (GF256) shamir/reedsolomon the limit on codewords is 255.
This means you can't have more than 255 unique shares.
How difficult would it be to extend this work to GF(2^16) where the limit would be 65535 shares?
I wish to use the Java binding of the library for an Android project, but I cannot find a maven dependency for it. Can you please provide the maven dependency for it?
Also, I'm unable to compile the Android code I cloned from the library. So, can you also provide the steps, to integrate and use the library for an android project.
I seems the library has been stable for quite a while. It may be time to move to a 1.x
-release channel.
I'd like to use your great library on an embedded device (Arduino), but unfortunately the randombytes
library doesn't work because there is no OS running on the microcontroller.
So I'm running a modified sss.c
that doesn't rely on randombytes
. I'm just trying to get a basic working example, and worry about secure implementation later.
#include <stdlib.h>
#include <time.h>
void sss_create_shares(sss_Share *out, const unsigned char *data, uint8_t n, uint8_t k)
{
srand(time(NULL));
unsigned char key[32];
int val;
unsigned char m[crypto_secretbox_ZEROBYTES + sss_MLEN] = { 0 };
unsigned long long mlen = sizeof(m); /* length includes zero-bytes */
unsigned char c[mlen];
int tmp;
sss_Keyshare keyshares[n];
size_t idx;
/* Generate a random encryption key */
//randombytes(key, sizeof(key));
//generate a key with a different method
for(int i = 0; i < 32; i++){
val = rand();
key[i] = val;
}
And I'm calling sss_create_shares
like so:
sss_Share shares[2];
uint8_t data[sss_MLEN]
strncpy(data, "hello", sizeof(data));
sss_create_shares(shares, data, 2, 2);
for(int i = 0; i < sizeof(shares[0]); i++){
Serial.println(shares[0][i]);
Serial.println(shares[1][i]);
Serial.println("");
}
The output shows that the shares are exactly the same, except the beginning few characters. The output of the above code looks like (all values at the same idx are the same, except first bits):
93
93
236
236
153
153
...
I'm stuck at this point and was hoping for some hint about how it's possible the shares come out pretty much exactly the same. I've a feeling it's because of how I'm making the key
in sss_create_shares
EDIT: I ended up using this library and it works great
Note: the idea is not to change the key length, only the XSalsa20 encrypted message. We should estimate whether we want to make this the default functionality, and if so, whether it's acceptable to break backwards-compatibility with the current API.
For the high-level API, users will not need to be able to access values inside the structs. So we should hide the struct from the user and expose only static-sized byte arrays.
I am using Window's subsystem Ubuntu 18.04, when I call make
, it gives an error
randombytes.c:77:10: warning: implicit declaration of function ‘syscall’; did you mean ‘sysconf’? [-Wimplicit-function-declaration]
ret = syscall(SYS_getrandom, (char *)buf + offset, chunk, 0);
should I comment #include <sys/syscall.h>
from random.h
file? Or what is the solution? Please help.
I am trying to use this library in EOS smart contract.
Hi there,
You are missing Tim Tiemens implementation in Java https://github.com/timtiemens/secretshare
Also maybe relevant this end-user application I've made https://secrets.dyne.org which can split any plain-text material into secret shares using FastPFOR128 integer compression. I would love to find a C implementation compatible with the output of my software, which is written in Clojure and runs on Tim's Java library.
Might be useful for people who wants to play around with SSSS
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.