Components/Security
ShamirSecretSharing
Split sensitive data into multiple shares using Shamir's Secret Sharing algorithm. Reconstruct the secret only when a threshold of shares are combined.
Split sensitive data into multiple shares using Shamir's Secret Sharing algorithm. Reconstruct the secret only when a threshold of shares are combined. Essential for secure key backup and multi-party custody.
View ShamirSecretSharing examples →
Installation
npm install bigblocksUsage
import { ShamirSecretSharing } from 'bigblocks';
export default function KeyBackup() {
return (
<ShamirSecretSharing
privateKey="L1aW4aubDFB7yfras2S1mN3bqg9nwySY8nkoLmJebSLD5BWv3ENZ"
onKeyReconstructed={(wif) => {
console.log('Private key reconstructed:', wif);
}}
/>
);
}Props
| Prop | Type | Default | Description |
|---|---|---|---|
privateKey | string | - | Private key in WIF format to split |
onKeyReconstructed | (wif: string) => void | - | Callback when key is successfully reconstructed |
className | string | - | Additional CSS classes |
Features
- Cryptographically Secure: Uses proven Shamir's Secret Sharing algorithm
- Threshold Schemes: Configure minimum shares needed for reconstruction
- WIF Key Support: Works with Bitcoin private keys in WIF format
- Visual Interface: User-friendly splitting and reconstruction UI
- Security Validation: Ensures threshold requirements are met
- Share Distribution: Guidance for secure share distribution
Examples
Basic Key Splitting
<ShamirSecretSharing
privateKey="L1aW4aubDFB7yfras2S1mN3bqg9nwySY8nkoLmJebSLD5BWv3ENZ"
onKeyReconstructed={(reconstructedKey) => {
console.log('Key reconstructed successfully');
// Store or use the reconstructed private key
setPrivateKey(reconstructedKey);
}}
/>Interactive Key Recovery
function KeyRecoveryFlow() {
const [recoveredKey, setRecoveredKey] = useState('');
const [recoveryComplete, setRecoveryComplete] = useState(false);
return (
<div className="space-y-6">
<h2>Recover Your Private Key</h2>
<ShamirSecretSharing
onKeyReconstructed={(wif) => {
setRecoveredKey(wif);
setRecoveryComplete(true);
toast.success('Private key recovered successfully!');
}}
className="max-w-2xl mx-auto"
/>
{recoveryComplete && (
<div className="success-message">
<h3>✅ Recovery Complete</h3>
<p>Your private key has been successfully reconstructed.</p>
<button
onClick={() => importWallet(recoveredKey)}
className="btn-primary"
>
Import Wallet
</button>
</div>
)}
</div>
);
}Backup Creation Workflow
function CreateBackup() {
const [walletKey, setWalletKey] = useState('');
const [backupCreated, setBackupCreated] = useState(false);
const generateWallet = () => {
// Generate new wallet
const newWallet = createWallet();
setWalletKey(newWallet.privateKey);
};
return (
<div className="backup-workflow">
{!walletKey ? (
<div>
<h2>Generate New Wallet</h2>
<button onClick={generateWallet}>
Generate New Wallet
</button>
</div>
) : (
<div>
<h2>Create Secure Backup</h2>
<p>Split your private key into multiple shares for secure storage.</p>
<ShamirSecretSharing
privateKey={walletKey}
onKeyReconstructed={(reconstructed) => {
if (reconstructed === walletKey) {
setBackupCreated(true);
console.log('Backup verification successful');
}
}}
/>
{backupCreated && (
<div className="backup-success">
✅ Backup created and verified successfully!
</div>
)}
</div>
)}
</div>
);
}Multi-Signature Setup
function MultiSigSetup() {
const [memberKeys, setMemberKeys] = useState([]);
const [threshold, setThreshold] = useState(2);
return (
<div className="multisig-setup">
<h2>Multi-Signature Wallet Setup</h2>
<p>Create a {threshold}-of-{memberKeys.length} wallet</p>
{memberKeys.map((key, index) => (
<div key={index} className="member-key">
<h3>Member {index + 1} Key Backup</h3>
<ShamirSecretSharing
privateKey={key}
onKeyReconstructed={(reconstructed) => {
console.log(`Member ${index + 1} key verified`);
}}
/>
</div>
))}
</div>
);
}Enterprise Key Management
function EnterpriseKeyBackup() {
const [masterKey, setMasterKey] = useState('');
const [distributionPlan, setDistributionPlan] = useState(null);
return (
<div className="enterprise-backup">
<h2>Enterprise Key Backup</h2>
<div className="backup-config">
<h3>Distribution Plan</h3>
<ul>
<li>CEO: Share 1</li>
<li>CTO: Share 2</li>
<li>Safe Deposit Box: Share 3</li>
<li>Legal Counsel: Share 4</li>
<li>Board Chair: Share 5</li>
</ul>
<p>Threshold: 3 of 5 shares required</p>
</div>
<ShamirSecretSharing
privateKey={masterKey}
onKeyReconstructed={(reconstructed) => {
console.log('Enterprise key backup verified');
setDistributionPlan({
shares: 5,
threshold: 3,
verified: true
});
}}
className="enterprise-widget"
/>
</div>
);
}Required Context
The component requires the following providers:
import {
BitcoinAuthProvider,
BitcoinQueryProvider
} from 'bigblocks';
function App() {
return (
<BitcoinAuthProvider>
<BitcoinQueryProvider>
<ShamirSecretSharing
privateKey={privateKey}
onKeyReconstructed={handleReconstruction}
/>
</BitcoinQueryProvider>
</BitcoinAuthProvider>
);
}Security Considerations
⚠️ Critical Security Guidelines
-
Share Distribution
- Never store all shares in the same location
- Use different storage methods (physical, digital, cloud)
- Consider geographic distribution
-
Threshold Selection
- 2-of-3: Good for personal use
- 3-of-5: Recommended for business
- 5-of-9: Enterprise-grade security
-
Share Security
- Each share reveals nothing about the secret
- Shares can be encrypted with additional passwords
- Consider using secure channels for distribution
-
Recovery Testing
- Always test reconstruction before relying on backup
- Verify shares are readable and correct
- Document recovery procedures
Best Practices
// Good: 3-of-5 scheme for business
<ShamirSecretSharing
privateKey={businessWalletKey}
// Configure for 3 of 5 shares
onKeyReconstructed={(key) => {
// Verify reconstruction works
if (verifyPrivateKey(key)) {
console.log('Backup verified successfully');
}
}}
/>Common Schemes
| Use Case | Shares | Threshold | Description |
|---|---|---|---|
| Personal | 3 | 2 | Simple backup (2-of-3) |
| Small Business | 5 | 3 | Moderate security (3-of-5) |
| Enterprise | 7 | 4 | High security (4-of-7) |
| High Security | 9 | 5 | Maximum security (5-of-9) |
Algorithm Details
Shamir's Secret Sharing
The component implements Shamir's Secret Sharing over finite fields:
- Polynomial Construction: Secret is encoded as polynomial coefficients
- Share Generation: Evaluate polynomial at different points
- Threshold Security: Any
kshares can reconstruct the polynomial - Information Theoretic: Fewer than
kshares reveal nothing
Mathematical Foundation
f(x) = a₀ + a₁x + a₂x² + ... + aₖ₋₁xᵏ⁻¹ (mod p)
Where:
- a₀ = secret
- a₁, a₂, ..., aₖ₋₁ = random coefficients
- p = large prime number
- Shares are points (x, f(x))Error Handling
Common Error Scenarios
<ShamirSecretSharing
privateKey={privateKey}
onKeyReconstructed={(key) => {
try {
// Validate reconstructed key
if (!isValidWIF(key)) {
throw new Error('Invalid WIF format');
}
// Test key functionality
if (!testPrivateKey(key)) {
throw new Error('Key reconstruction failed');
}
console.log('Key reconstruction successful');
} catch (error) {
console.error('Reconstruction error:', error.message);
toast.error('Key reconstruction failed');
}
}}
/>Validation Checks
- WIF Format: Ensures proper private key encoding
- Checksum: Validates key integrity
- Threshold: Ensures minimum shares are provided
- Share Format: Validates share structure
Performance Considerations
- CPU Intensive: Polynomial operations can be computationally expensive
- Memory Usage: Large polynomials require more memory
- Share Size: Shares are proportional to secret size
- Reconstruction Time: Increases with threshold and share count
Related Components
- Type42KeyDerivation - Hierarchical key derivation
- MnemonicDisplay - BIP39 mnemonic phrases
- BackupDownload - Encrypted backup creation
- KeyManager - Advanced key management