Secret Sharing UX

# Shamir's Secret Sharing ### A usability study Evie Winter March 2025, Community Privacy Residency --- ## Motivation --- ### Trust is a social concept. - Moving away from institutions and big tech, focussing on peers as holders of trust. - Exploring relationships-based security protocols. --- Shamir's Secret Sharing (1979) ![](https://miro.medium.com/v2/resize:fit:770/0*9ILF2PuXNsOF77WT.png) --- ### Related protocols - secure Multiparty Computation - multisig in crypocurrencies - darkcrystal.pw --- ### Use cases 💳 finance 💳 🏛️ voting 🏛️ ✍️ signing ✍️ 📱 account recovery 📱 🎞️ archiving 🎞️ ... --- ### key vs. data distribution --- Existing UX is ... well ... --- ![image](https://hackmd.io/_uploads/rJxb41_jJl.png) --- ### Goal Explore & evaluate the UX pattern of secret sharing --- ### Key questions - What are metaphors or visualizations that help explain the concept? - Where does secret sharing fall short as a security mechanism? - Is there awareness for verification? - How do people select their trusted group? --- ### This week * Reviewed existing implementions: Briar, Sunder, (Wallets) * Defined scope: recovery for a messaging app * Paper prototypes, two iterations (pilot test) * Test design 🖨️ 🍫 📆 * 7 user tests (35 minutes) * Synthesis and write-up * 🏃 quick demo! --- ![Screenshot 2025-03-07 at 11.29.27](https://hackmd.io/_uploads/rJ5VOkOiyl.png) --- ## Preliminary results --- ![image](https://hackmd.io/_uploads/HJzsu1uokl.png =70%x) --- ### Highlights * Actual recovery flow was most difficult because it required out-of-band communication * 3 testers asked for independent verification, 2 asked for social verification, 2 did not verify at all * Ideal thresholds: 2/2, 2-3/4, 8/10, ?/4, 2/4, 9/10, 3/4 --- ## Findings --- Ranges for thresholds usually went down after the test --- *Asking* for recovery help was easy for most; *accepting* to help with recovery was scary for some. --- Transparency is necessary in case secret holder is unavailable. But transparency can also lead to **weaponized friendship**. --- An account without a username??? ([Backchannel](https://www.inkandswitch.com/backchannel/) doesn't come for free!) --- ### Further explorations - Continued opt-in? Notification when the shard has changed? - Temporary identity when retrieving shards? - Should secret owner get a shard by default? --- ### Looking for... 🏕️ Implementations in the wild 🏕️ 🥡 Social protocols 🥡 🖇️ Collaborators 🖇️ 💰 Funders??? 💰 --- ### 🧋 Thank you 🧋 Micah, C.C. et al. **Testers** C.C., Kii Kang, Lis, Mayowa Tomori, Mike, Pia Park, Ying Tong **Community Privacy Residency** community-privacy.github.io 💜 @eviewinter.42 (Discord/Signal)