Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

According to the FAQ it uses a Shamir Secret Sharing Scheme to split an encryption key. But you can actually use a Reed-Solomon scheme[1] and have no encryption key to achieve this objective.

First, you process the input data with an all-or-nothing transform (AONT)[2]. Then you split it into Reed-Solomon shares. AONT is required due to Reed-Solomon being vulnerable to a distinguisher[3] and it will most likely leak information about its input.

[1] <https://en.wikipedia.org/wiki/Reed%E2%80%93Solomon_error_cor...>

[2] <https://en.wikipedia.org/wiki/All-or-nothing_transform>

[3] <https://en.wikipedia.org/wiki/Distinguishing_attack>



Is that approach information-theoretically secure? Shamir Secret Sharing is, and the mathematics is very simple.

Note that the encryption step is, strictly speaking, not necessary for Shamir either. But there are benefits to encrypting the secret and only using SSS for the key (I'm not sure if that's how Horcrux works, but that's how my fairly-similar tool Paperback[1] works).

[1]: https://github.com/cyphar/paperback


> Is that approach information-theoretically secure?

No. But neither is SSS if an encryption key is involved - because the symmetric encryption step is not information-theoretically secure.

Using SSS directly on the input will be information-theoretically secure but also multiply the size of the input.

> and the mathematics is very simple.

The mathematics of SSS and Reed-Solomon are virtually identical.


I was able to find a project which appears to do exactly this: <https://github.com/atbarker/AONT-RS>

Paper: <https://www.usenix.org/legacy/event/fast11/tech/full_papers/...>




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: