import (
"github.com/bytemare/secret-sharing"
"github.com/bytemare/secret-sharing/keys"
)This package implements Shamir's Secret Sharing extended with Feldman's Verifiable Secret Sharing over elliptic curve groups. It is made to be very easy to use.
Secret sharing enables to shard (or split) a secret key into an arbitrary number of n shares and to recover that same key with any subset of at minimum t of these key shares in a (t,n)-threshold scheme.
Note that the key distribution (sharding) algorithm used in this package is a trusted dealer (i.e. centralised). If you need a truly decentralized key generation, you can use the dkg package which builds on this package.
You can find the documentation and usage examples in the package doc.
The recommended reconstruction path is registry-backed verification: create committed shares with ShardAndCommit,
build a validated keys.PublicKeyShareRegistry from the public share material, then reconstruct with
CombineVerifiedShares.
shares, err := secretsharing.ShardAndCommit(group, secret, threshold, total)
if err != nil {
return err
}
publicShares := make([]*keys.PublicKeyShare, 0, len(shares))
for _, share := range shares {
publicShares = append(publicShares, share.PublicKeyShare())
}
registry, err := keys.NewPublicKeyShareRegistry(
group,
threshold,
total,
shares[0].VerificationKey(),
publicShares,
)
if err != nil {
return err
}
recovered, err := secretsharing.CombineVerifiedShares(registry, submittedShares)
if err != nil {
return err
}CombineShares remains available for trusted/local shares only:
recovered, err := secretsharing.CombineShares(trustedShares, threshold)Raw reconstruction does not authenticate share membership or detect well-formed tampering. Use
CombineVerifiedShares when public registry material is available.
Encoded values are self-describing: the top-level group field is used to initialize zero-value receivers before nested
scalars and elements are decoded.
Prefer serializing public-only keys.PublicKeyShare or keys.PublicKeyShareRegistry values when distributing registry
metadata. A keys.KeyShare contains a participant's secret share; its JSON, compact byte encoding, and hex encoding must
be handled like private keys: no logs, public transport, telemetry, unauthenticated storage, or accidental publication.
var decoded keys.PublicKeyShareRegistry
if err := json.Unmarshal(data, &decoded); err != nil {
return err
}If the group is already fixed by protocol or configuration, use a pinned receiver to reject payloads for any other group:
decoded := keys.NewPublicKeyShareRegistryReceiver(g) // or NewPublicKeyShareReceiver for one public share
if err := json.Unmarshal(data, decoded); err != nil {
return err
}Use keys.NewKeyShareReceiver(g) only for protected storage or transport paths that are specifically intended to carry
secret shares.
SemVer is used for versioning. For the versions available, see the tags on the repository.
Releases are built with the reusable bytemare/slsa workflow and ship the evidence required for SLSA Level 3 compliance:
- 📦 Artifacts are uploaded to the release page, and include the deterministic source archive plus subjects.sha256, signed SBOM (sbom.cdx.json), GitHub provenance (*.intoto.jsonl), a reproducibility report (verification.json), and a signed Verification Summary Attestation (verification-summary.attestation.json[.bundle]).
- ✍️ All artifacts are signed using Sigstore with transparency via Rekor.
- ✅ Verification (or see the latest docs at bytemare/slsa):
curl -sSL https://raw.githubusercontent.com/bytemare/slsa/main/verify-release.sh -o verify-release.sh
chmod +x verify-release.sh
./verify-release.sh --repo <owner>/<repo> --tag <tag> --mode full --signer-repo bytemare/slsaRun again with --mode reproduce to build in a container, or --mode vsa to validate just the verification summary.
This project is licensed under the MIT License - see the LICENSE file for details.