<center><i class="fa fa-edit"></i> 4.3 Splitting and Sharing Keys</center>

# <center><i class="fa fa-edit"></i> 4.3 Splitting and Sharing Keys</center> ###### tags: `Blockchain` The following notes are taken from [Coursera](https://www.coursera.org/learn/cryptocurrency/home/week/2) --- ### Secret Sharing Idea: split secret into `N` pieces, such that - given any `K` pieces, can reconstruct the secret - given fewer than `K` pieces, don't learn anything **Example**: ``` N=2, K=2 P = a large prime S = secret in [0, P) R = random in [0, P) split: X₁ = (S+R) mod P X₂ = (S+2R) mod P reconstruct: (2X₁-X₂) mod P = S ``` Given any 2 shares, you can find `S` Given 1 share, you can't determine anything ![](https://i.imgur.com/2Thw8fx.png) Support `K-out-of-N` splitting, for any `K, N` ![](https://i.imgur.com/g5NAX7L.png) **Pros:** - Store shares separately - Adversary must compromise several shares to get they key **Cons:** - To sign, need to bring shares together, then reconstruct the key - Vulnerable ### Multi-sig - Keeps shares apart, approve transaction without reconstructing key at any point - Helps manage large bodies of cold-stored coins in a way that is relatively secure - Requires action by multiple people before anything drastic happens **Example** * A, B, C, D are co-workers. Their company has lots of Bitcoins. * Each of the four generates a key-pair, puts secret key in a safe, private, offline place. * The company's cold-stored coins use multi-sig, so that three of the four keys must sign to release a coin. * Would need a conspiracy of three out of four to steal coins. * If something goes wrong, others can still get coins back and transfer them to a new place.