Cover image for Shamir's Secret Sharing Scheme in JavaScript

Shamir's Secret Sharing Scheme in JavaScript

simbo1905 profile image Simon Massey Updated on ・2 min read

Passwords are kryptonite to security so they need to be strong and never reused. Developers agree with that last sentence then don't give their users a way to safely back up a strong password. We should offer users the ability to recover a strong password using Shamir's Secret Sharing Scheme. Users can then confidently use a unique strong password knowing they will not become locked out.

What exactly is Shamir's Secret Sharing Scheme? It is a form of secret splitting where we distribute a password as a group of shares. The original password can be reconstructed only when a sufficient threshold of shares are recombined together. Here is example code showing how this works using the shamir library:

const { split, join } = require('shamir');
const { randomBytes } = require('crypto');

// the total number of shares
const PARTS = 5;
// the minimum required to recover
const QUORUM = 3;
// you can use any polyfill to covert between string and Uint8Array
const utf8Encoder = new TextEncoder();
const utf8Decoder = new TextDecoder();

function doIt() {
    const secret = 'hello there';
    const secretBytes = utf8Encoder.encode(secret);
    // parts is a object whos keys are the part number and 
    // values are shares of type Uint8Array
    const parts = split(randomBytes, PARTS, QUORUM, secretBytes);
    // we only need QUORUM parts to recover the secret
    // to prove this we will delete two parts
    delete parts[2];
    delete parts[3];
    // we can join three parts to recover the original Unit8Array
    const recovered = join(parts);
    // prints 'hello there'

Cryptocurrency wallets use Shamir's Secret Sharing to enable users to back up their passphrases. This solves the problem that if someone dies the bitcoins can be passed to friends and family. How might you use this approach to protect a bitcoin passphrase that is worth a cool ten million dollars? You could generate five shares and set a threshold of three. You can then send two shares to two trusted friends, write down two shares on paper then store them in separate secure locations, and give the final share to your lawyer. It would then be very hard for someone else to obtain three shares to steal your bitcoins. Your last will and testament document can state how to recover the bitcoins if you die.

Isn't it time your app enforced a strong password and also gave people the choice of using Shamir's Secret Sharing Scheme to back it up?

Posted on by:

simbo1905 profile

Simon Massey


Software Engineering Coach, Digital Architect, Devops Lead, Container Wrangler, Maker, Motivator, Dev, Dad.


Editor guide

This is really cool, like digital horcruxes!


Yes, it's really super cool. The shares are randomised which is why the crypto randomBytes function is needed. If someone tries to recombine less than the threshold number of shares no errors occurs it is just a random result. The maths behind it are really interesting and not as hard as most cryptography. There are some good free videos showing how things work and explaining the two key methods used.