Secret sharing: an application to multi-factor encryption



In this project, we will be looking an application of a cryptographic scheme for splitting and sharing secrets to the problem of providing an additional layer of security to encrypted contents (files, disk image, databases, etc). The basic cryptographic construction is based on the so-called Shamir's secret sharing scheme. The aim of a secret sharing scheme is to split a certain secret (e.g., a file) into n pieces, for some n > 2, such that at least k pieces, for k <= n, are needed to reconstruct the original secret. This provides both secrecy and redundancy. For example, if n=5 and k=3, then the original secret is split into 5 pieces, and at least 3 pieces (it does not matter which pieces) are needed to reconstruct the original secret.

We will apply the idea of secret sharing to split an encrypted content and stores the splits in several devices. For example, using a 4-2 split, the splits will be stored in 4 different devices and only 2 devices are needed to reconstruct the secret. A typical scenario would be where one piece of secret is stored on a computer, where the decryption software resides, and another piece of secret stored in an USB drive or a mobile phone. To decrypt the content, the user first needs to assemble the secrets from the computer and the USB or phone. In case the computer is stolen (but not the USB or the phone), then even if the attacker knows the decryption key, they will not be able to decrypt the encrypted content, since they will need at least two splits of the secret.

Some problems to solve:
- The update problem: Traditionally the secret-sharing scheme is used only to store secrets, but not to update them. The fact that not all splits are required to reconstruct the original secret poses a problem with secret updates. For example, consider a scenario where a user uses different combinations of splits to reconstruct the original secret and update it. Overtime this will likely lead to inconsistency of the splits across devices.

- Security protocol for communicating splits: If one of the device is a phone, we could imagine communicating the splits using wireless network or bluetooth, or NFC connections. How do we design the protocol to protect the splits?

- Protection of temporary storage: Once the splits are assembled, the original content will be reconstructed and accessed. In a normal scenario, the reconstructed content will be stored somewhere in a computer temporarily. How do we protect this temporary storage? Storing it in a file system will leave traces that can be reconstructed. A proper analysis of the attack scenarios is needed to design the security measures.


Good programming skills, basic familiarity with crypto techniques (e.g., completion of ANU COMP2700 course would meet this requirement). 

Background Literature

A. Menezes, P. Van Oorschot, S. Vanstone: Handbook of Applied Cryptography.
CRC Press, 1996.


cryptography, Shamir's secret sharing, authentication, programming

Updated:  10 August 2021/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing