dsprenkels / sss Goto Github PK

I've been trying to run your makefile, and as soon as I've cloned your git, I have then tried running the make command, but I keep on getting the error that there's no file or directory named sys/syscall.h (included in the randombytes.c and randombytes.h files).

For performance reasons you may want to generate a lot of sss_Shares, but write the ciphertext that is being generated only once. This is currently not supported by the API. Perhaps we should write a "detached" version of sss_create_shares (and sss_combine_shares) to make this possible.

We should build a command line interface that so that users can split/combine secrets from the command line. This also allows for demos.

It does not use GF(256) or other GF(2^n) unlike sss and others.
Something worth while to note.
Also

• https://github.com/SSSaaS
• https://github.com/ronreiter/multicrypt (Python)
• https://github.com/klingebj/shamir_bip39_2039 (Python)
• https://github.com/seancomeau/ShamirSecretSharing (Python)
• https://github.com/szymekk/shamirs_secret_sharing (Python)
• https://github.com/pcrain/pyshamir (Python)
• https://github.com/myd1/Shamir-s-Secret-Sharing (Python)
• https://github.com/nijynot/shamir (JS)
• https://github.com/mdciotti/polypass (JS)
• https://github.com/agl/shamirsplit (Go)
• https://github.com/itslab-kyushu/sss (Go)
• https://github.com/iowaguy/shamir-secret-sharing (Go)
• https://github.com/republicprotocol/shamir-go (Go)
• https://github.com/amousa11/sss (Go)

has this feature. (have not checked C or C++)

From the comparing table on the README.md, another two libraries (sssa-{golang,ruby}) are secure on the Tamper-resistant. As the notes say, the current library use AEAD to check the integrity of the raw result, so mark as Tamper-resistant. The other two libraries, which share the same implementation, do not perform aead, but split the raw input into 256-bit slices and generate polynomial for each slice independently. Why the independent polynomials can pass Tamper-resistant review?

During security research for SatoshiLabs on the Trezor firmware, I recently discovered an undefined behaviour edge case via (1 << 31) in the following line for unbitslice():

UndefinedBehaviorSanitizer:
runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Please see the main bug report for details of the issue and two proposed patches. Note that our unbitslice() variant has a dynamic length parameter, but is called with len = 32 in this context and should be functionally identical.

@dsprenkels : we're interested if you can confirm the issue. Which patch do you prefer? Thanks!

Ordered by priority:

• C++ (natively supported)
• Go
• Rust
• Python
• Node.js
• Swift
• Java (not yet mature)
• Haskell (not yet mature)

I feel there is need for getting start section in Readme which provide instruction about how to run this program. It describe this process step by step.
suppose I want to run the example provided in readme then how I am going to run this ?
I started this and got some errors some of them are as bellow.

1. rondombytes.h and randombytes.c are not actual file they are symbolic link and my Ubuntu 18.04 os not able to find it.

 demo.c:2:10: fatal error: randombytes.h: No such file or directory
 #include "randombytes.h"
          ^~~~~~~~~~~~~~~
compilation terminated.

2. when I try to make using file getting from github from bellow link and then run the example then i get bellow error.

make -C randombytes librandombytes.a
make[1]: Entering directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
make[1]: *** No rule to make target 'librandombytes.a'.  Stop.
make[1]: Leaving directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
Makefile:20: recipe for target 'randombytes/librandombytes.a' failed
make: *** [randombytes/librandombytes.a] Error 2

3. when i try to make I got bellow error

make -C randombytes librandombytes.a
make[1]: Entering directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
make[1]: *** No rule to make target 'librandombytes.a'.  Stop.
make[1]: Leaving directory '/home/vishvajeet/Desktop/Election/helping_script/shamir/sss-master/randombytes'
Makefile:20: recipe for target 'randombytes/librandombytes.a' failed
make: *** [randombytes/librandombytes.a] Error 2

If there will be guide then it will helpful for people who are new like me.
Thank you

hi,
could not see how else to address this question. hence filing an issue. How can i use the library to use verifiable sss using feldman approach of homomorphic encryption ?
thanks,
regards,
Nilay

First, I am ignorant on development, so maybe I am just saying something that does not makes sense.

I am trying to find a solution to use SSS with my personal password manager so, in case something happens to me, my wife or my family will be able to open it and get the passwords.

Because of this, I was hoping I would be able to find a solution that includes a portable system to "recreate" the main key, and store that on a USB and shared that with the parts.

This way, if they need to create the key, they will know how to do it.

Is there any way to use this library like that?
If not, do you know any other solution that could work for me?

Thanks

This issue was (kind of) reported by @wolfmcnally.

An implementor has assumed that the x coordinate is secret. They expect that you are not able to read---from a share---how many shares exist in total. Right now, you can deduce from the existence of (for example) share 8, that shares 7..1 exist.

Because you are using byte-wise (GF256) shamir/reedsolomon the limit on codewords is 255.

This means you can't have more than 255 unique shares.

How difficult would it be to extend this work to GF(2^16) where the limit would be 65535 shares?

I wish to use the Java binding of the library for an Android project, but I cannot find a maven dependency for it. Can you please provide the maven dependency for it?

Also, I'm unable to compile the Android code I cloned from the library. So, can you also provide the steps, to integrate and use the library for an android project.

I seems the library has been stable for quite a while. It may be time to move to a 1.x-release channel.

I'd like to use your great library on an embedded device (Arduino), but unfortunately the randombytes library doesn't work because there is no OS running on the microcontroller.

So I'm running a modified sss.c that doesn't rely on randombytes. I'm just trying to get a basic working example, and worry about secure implementation later.

#include <stdlib.h>
#include <time.h>

void sss_create_shares(sss_Share *out, const unsigned char *data, uint8_t n, uint8_t k)
{
        srand(time(NULL));
	unsigned char key[32];
        int val;
	unsigned char m[crypto_secretbox_ZEROBYTES + sss_MLEN] = { 0 };
	unsigned long long mlen = sizeof(m); /* length includes zero-bytes */
	unsigned char c[mlen];
	int tmp;
	sss_Keyshare keyshares[n];
	size_t idx;

	/* Generate a random encryption key */
	//randombytes(key, sizeof(key));
       
       //generate a key with a different method
       for(int i = 0; i < 32; i++){
             val = rand();  
              key[i] = val;
        }

And I'm calling sss_create_shares like so:

sss_Share shares[2];
uint8_t data[sss_MLEN]
strncpy(data, "hello", sizeof(data));
sss_create_shares(shares, data, 2, 2);

for(int i = 0; i < sizeof(shares[0]); i++){
    Serial.println(shares[0][i]);
    Serial.println(shares[1][i]);
    Serial.println("");
}

The output shows that the shares are exactly the same, except the beginning few characters. The output of the above code looks like (all values at the same idx are the same, except first bits):

93
93

236
236

153
153
... 

I'm stuck at this point and was hoping for some hint about how it's possible the shares come out pretty much exactly the same. I've a feeling it's because of how I'm making the key in sss_create_shares

EDIT: I ended up using this library and it works great

Note: the idea is not to change the key length, only the XSalsa20 encrypted message. We should estimate whether we want to make this the default functionality, and if so, whether it's acceptable to break backwards-compatibility with the current API.

For the high-level API, users will not need to be able to access values inside the structs. So we should hide the struct from the user and expose only static-sized byte arrays.

I am using Window's subsystem Ubuntu 18.04, when I call make, it gives an error

randombytes.c:77:10: warning: implicit declaration of function ‘syscall’; did you mean ‘sysconf’? [-Wimplicit-function-declaration]
    ret = syscall(SYS_getrandom, (char *)buf + offset, chunk, 0);

should I comment #include <sys/syscall.h> from random.h file? Or what is the solution? Please help.
I am trying to use this library in EOS smart contract.

Hi there,

You are missing Tim Tiemens implementation in Java https://github.com/timtiemens/secretshare

Also maybe relevant this end-user application I've made https://secrets.dyne.org which can split any plain-text material into secret shares using FastPFOR128 integer compression. I would love to find a C implementation compatible with the output of my software, which is written in Clojure and runs on Tim's Java library.

Might be useful for people who wants to play around with SSSS