Shamir secret sharing is a mechanism that securely splits private keys or passwords into independent parts. These parts do not give away the secret on their own. Instead, the user defines the minimal amount of shares needed to restore the original secret. In this way, there is no need to trust a single entity. Additionally, compromise or loss of one share does not mean a compromise or loss of the entire secret. This makes it very suitable for backing up private keys, such as Bitcoin keys. Shamir secret sharing can also be used for passing on your secrets to your trusted successors, in case you get hit by a bus.
In this talk, I will explain in detail how the scheme works. Although it is provably secure for confidentiality, we will see how it fails for integrity and how to fix that. While Shamir published his article almost 30 years ago, most existing libraries for Shamir secret sharing are still implemented poorly in terms of security and side-channel resistance.
I will talk about writing the definitive library for Shamir secret sharing. We will choose suitable parameters and implement the scheme in C. We will see a couple of tricks that cryptographers use for building fast algorithms while still maintaining side-channel resistance. In the end, we (hope to) have produced a robust algorithm ready for easy integration into your favorite project.
Basic understanding of some mathematical topics (such as group theory) may be helpful for this talk, but is not required.