DEV Community

VaultKeepR
VaultKeepR

Posted on

Shamir Secret Sharing in Password Managers: Beyond Backup

Cover

Most developers store their master password in their head, trusting their memory with access to hundreds of accounts. But what happens when that single point of failure... fails?

In 2023, a Reddit user lost access to $2M in crypto because they forgot their master password and had no recovery method. Traditional password managers create this exact vulnerability: one master key controls everything.

Why Secret Sharing Matters Now

The rise of Web3, passkeys, and distributed systems demands better security models. Single master passwords are architectural debt from the centralized web era. Modern applications need recovery mechanisms that don't compromise security.

Shamir Secret Sharing (SSS) solves this by mathematically distributing trust across multiple parties. Instead of one master password, you create shares that only work together—no single share reveals anything about the original secret.

How Shamir Secret Sharing Works

Named after cryptographer Adi Shamir, this scheme uses polynomial interpolation to split secrets into shares. Here's the mathematical foundation:

The Polynomial Approach

A secret S becomes the constant term of a polynomial. To create a (k,n) threshold scheme:

  1. Generate a random polynomial of degree k-1
  2. Evaluate the polynomial at n different points
  3. Distribute these points as shares
  4. Any k shares can reconstruct the original polynomial (and secret)
// Simplified SSS implementation concept
class ShamirSecretSharing {
  private static readonly PRIME = 2n ** 521n - 1n; // Mersenne prime

  static splitSecret(
    secret: bigint, 
    threshold: number, 
    numShares: number
  ): Array<[number, bigint]> {
    // Generate random coefficients for polynomial
    const coefficients = [secret];
    for (let i = 1; i < threshold; i++) {
      coefficients.push(this.randomBigInt());
    }

    // Evaluate polynomial at different x values
    const shares: Array<[number, bigint]> = [];
    for (let x = 1; x <= numShares; x++) {
      const y = this.evaluatePolynomial(coefficients, BigInt(x));
      shares.push([x, y]);
    }

    return shares;
  }

  static reconstructSecret(shares: Array<[number, bigint]>): bigint {
    // Lagrange interpolation to find constant term
    let secret = 0n;

    for (let i = 0; i < shares.length; i++) {
      const [xi, yi] = shares[i];
      let numerator = 1n;
      let denominator = 1n;

      for (let j = 0; j < shares.length; j++) {
        if (i !== j) {
          const [xj] = shares[j];
          numerator = this.mod(numerator * BigInt(-xj));
          denominator = this.mod(denominator * BigInt(xi - xj));
        }
      }

      const lagrange = this.mod(numerator * this.modInverse(denominator));
      secret = this.mod(secret + this.mod(yi * lagrange));
    }

    return secret;
  }
}
Enter fullscreen mode Exit fullscreen mode

Real-World Security Properties

What makes SSS cryptographically secure:

Information-Theoretic Security: Even with unlimited computing power, k-1 shares reveal nothing about the secret. This is stronger than computational security used in RSA or AES.

Perfect Threshold: Exactly k shares are needed. Having k-1 shares is equivalent to having zero shares from an information perspective.

Verifiable Shares: You can verify share integrity without reconstructing the secret using Feldman's scheme.

VaultKeepR's Implementation Strategy

VaultKeepR uses Shamir Secret Sharing not just for backup, but as a core architectural component that enables truly decentralized password management.

Distributed Seed Phrase Protection

Traditional hardware wallets store BIP-39 seed phrases as single points of failure. VaultKeepR splits seed phrases across multiple encrypted shares:

// VaultKeepR's seed phrase protection
interface SeedShare {
  shareId: string;
  encryptedShare: string; // AES-256-GCM encrypted
  threshold: number;
  totalShares: number;
  metadata: {
    created: number;
    deviceId: string;
    shareIndex: number;
  };
}

class VaultKeepRSeedManager {
  async distributeSeedPhrase(
    seedPhrase: string,
    threshold: number = 3,
    totalShares: number = 5
  ): Promise<SeedShare[]> {
    // Convert seed to entropy
    const entropy = mnemonicToEntropy(seedPhrase);
    const secret = BigInt('0x' + entropy);

    // Generate Shamir shares
    const shares = ShamirSecretSharing.splitSecret(
      secret, 
      threshold, 
      totalShares
    );

    // Encrypt each share with device-specific keys
    return Promise.all(shares.map(async ([index, share]) => {
      const deviceKey = await this.deriveDeviceKey();
      const encryptedShare = await this.encrypt(share.toString(16), deviceKey);

      return {
        shareId: generateUUID(),
        encryptedShare,
        threshold,
        totalShares,
        metadata: {
          created: Date.now(),
          deviceId: await this.getDeviceId(),
          shareIndex: index
        }
      };
    }));
  }
}
Enter fullscreen mode Exit fullscreen mode

Social Recovery Without Trusted Parties

VaultKeepR implements social recovery where friends/family hold encrypted shares without access to your data:

  1. Share Distribution: Trusted contacts receive encrypted shares via secure channels
  2. Recovery Initiation: User proves identity through multiple factors
  3. Collaborative Reconstruction: Threshold number of contacts provide their shares
  4. Automatic Re-sharing: New shares generated post-recovery

Hardware Security Module Integration

For enterprise users, VaultKeepR integrates with HSMs to store shares in tamper-resistant hardware:

class HSMShareManager {
  async storeShareInHSM(
    share: SeedShare,
    hsmEndpoint: string,
    accessPolicy: string
  ): Promise<string> {
    const hsm = new HSMClient(hsmEndpoint);

    // Store encrypted share with access controls
    return await hsm.secureStore({
      data: share.encryptedShare,
      keyId: share.shareId,
      policy: {
        requiresMultiAuth: true,
        timelock: accessPolicy,
        auditLog: true
      }
    });
  }
}
Enter fullscreen mode Exit fullscreen mode

Implementing SSS in Your Application

Here's how to add Shamir Secret Sharing to your password manager:

Step 1: Choose Your Parameters

// Security considerations for parameter selection
const securityConfig = {
  // For personal use: require 3 of 5 shares
  personal: { threshold: 3, totalShares: 5 },

  // For teams: require 5 of 9 shares  
  team: { threshold: 5, totalShares: 9 },

  // For high-value accounts: require 7 of 12 shares
  enterprise: { threshold: 7, totalShares: 12 }
};
Enter fullscreen mode Exit fullscreen mode

Step 2: Integrate with Existing Storage

class SecureVault {
  async createDistributedVault(masterKey: string): Promise<VaultShares> {
    // Split master key using SSS
    const shares = await this.splitMasterKey(masterKey);

    // Distribute shares across storage backends
    const distribution = await Promise.all([
      this.storeInCloudProvider(shares[0], 'aws-kms'),
      this.storeInCloudProvider(shares[1], 'azure-keyvault'), 
      this.storeLocally(shares[2]),
      this.storeWithContact(shares[3], 'trusted-friend'),
      this.storeInHardware(shares[4], 'yubikey')
    ]);

    return { shares: distribution, threshold: 3 };
  }
}
Enter fullscreen mode Exit fullscreen mode

Step 3: Handle Recovery Flows

class RecoveryManager {
  async initiateRecovery(userId: string): Promise<RecoverySession> {
    // Multi-factor authentication
    await this.verifyIdentity(userId);

    // Request shares from available sources
    const availableShares = await this.collectAvailableShares(userId);

    if (availableShares.length >= this.threshold) {
      return this.reconstructMasterKey(availableShares);
    }

    throw new Error('Insufficient shares for recovery');
  }
}
Enter fullscreen mode Exit fullscreen mode

Production Considerations

Performance Optimization

Shamir Secret Sharing involves modular arithmetic with large numbers. Optimize for your use case:

  • Precompute Lagrange coefficients for known share combinations
  • Use efficient prime fields (Mersenne primes enable faster modular reduction)
  • Implement share verification to detect corruption early

Share Storage Security

Each share storage method has tradeoffs:

Method Security Availability Cost
Cloud KMS High High Medium
Hardware tokens Very High Medium High
Social recovery Medium Medium Low
Paper backups High Low Very Low

Operational Security

  • Regular share rotation: Generate new shares periodically
  • Audit trails: Log all share access and reconstruction attempts
  • Disaster recovery: Test reconstruction procedures regularly

The Future of Distributed Security

Shamir Secret Sharing represents a paradigm shift toward trustless security. As Web3 infrastructure matures, we'll see:

Account Abstraction Integration: Smart contract wallets using SSS for social recovery without centralized services.

Threshold Cryptography: Direct integration of secret sharing into signing processes, eliminating single points of failure entirely.

Quantum-Resistant Schemes: Post-quantum secret sharing schemes that maintain security against quantum computers.

Cross-Chain Recovery: Universal recovery mechanisms that work across different blockchain networks and traditional systems.

The password manager industry is evolving from "remember one password" to "distribute trust mathematically." VaultKeepR's implementation of Shamir Secret Sharing isn't just about backup—it's about building security infrastructure for a decentralized future where no single entity controls your digital identity.

Top comments (0)