additive

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

README

Additive Secret Sharing

Implements n-of-n additive secret sharing over arbitrary groups.

Security

  • Information-theoretic: any proper subset of shares reveals nothing
  • Requires all shares: missing even one share prevents reconstruction

Usage

scheme, _ := additive.NewScheme(group, shareholders)

// Deal shares
output, _ := scheme.Deal(secret, prng)
shares := output.Shares()

// Reconstruct (all shares required)
recovered, _ := scheme.Reconstruct(share1, share2, ..., shareN)

How It Works

The secret s is split into n shares such that s = s_1 + s_2 + ... + s_n (using the group operation). All but one share are sampled randomly; the final share is computed to satisfy the constraint.

Common Use Cases

  • Building block for MPC protocols
  • Target representation when converting Shamir shares via Lagrange coefficients
  • Simple secret splitting when all parties must cooperate

Documentation

Overview

Package additive implements additive secret sharing over arbitrary groups.

In additive secret sharing, a secret s is split into n shares s_1, ..., s_n such that s = s_1 + s_2 + ... + s_n (using the group operation). This is an n-of-n scheme: all shares are required to reconstruct the secret.

Additive sharing is information-theoretically secure: any proper subset of shares reveals no information about the secret. It is commonly used as a building block in MPC protocols and as the target representation when converting Shamir shares via Lagrange coefficients.

Index

Constants

View Source 
const Name sharing.Name = "Additive Secret Sharing Scheme"

Name is the canonical name of this secret sharing scheme.

Variables

View Source 
var (
	ErrIsNil      = errs.New("is nil")
	ErrMembership = errs.New("membership error")
	ErrFailed     = errs.New("failed")
)

Functions

This section is empty.

Types

type DealerOutput 

type DealerOutput[E GroupElement[E]] struct {
	// contains filtered or unexported fields
}

DealerOutput contains the result of an additive dealing operation: a map from shareholder IDs to their corresponding shares.

func (*DealerOutput[E]) Shares 

func (d *DealerOutput[E]) Shares() ds.Map[sharing.ID, *Share[E]]

Shares returns the map of shareholder IDs to their corresponding shares.

type Group 

type Group[E GroupElement[E]] algebra.FiniteGroup[E]

Group is a finite group over which additive sharing can be performed.

type GroupElement 

type GroupElement[E algebra.GroupElement[E]] algebra.GroupElement[E]

GroupElement is an element of a group that supports the group operation.

type Scheme 

type Scheme[E GroupElement[E]] struct {
	// contains filtered or unexported fields
}

Scheme implements additive secret sharing over a finite group.

func NewScheme 

func NewScheme[E GroupElement[E]](g Group[E], shareholders ds.Set[sharing.ID]) (*Scheme[E], error)

NewScheme creates a new additive secret sharing scheme.

Parameters:

  • g: The group over which sharing is performed
  • shareholders: Set of shareholder IDs who will receive shares (all required for reconstruction)

func (*Scheme[E]) AccessStructure 

func (d *Scheme[E]) AccessStructure() *sharing.MinimalQualifiedAccessStructure

AccessStructure returns the access structure (all shareholders required).

func (*Scheme[E]) Deal 

func (d *Scheme[E]) Deal(secret *Secret[E], prng io.Reader) (*DealerOutput[E], error)

Deal creates shares for the given secret. All but one share are sampled randomly, and the final share is computed to ensure s_1 + s_2 + ... + s_n = s.

func (*Scheme[E]) DealRandom 

func (d *Scheme[E]) DealRandom(prng io.Reader) (*DealerOutput[E], *Secret[E], error)

DealRandom generates shares for a randomly sampled secret.

func (*Scheme[E]) Name 

func (*Scheme[E]) Name() sharing.Name

Name returns the canonical name of this scheme.

func (*Scheme[E]) Reconstruct 

func (d *Scheme[E]) Reconstruct(shares ...*Share[E]) (*Secret[E], error)

Reconstruct recovers the secret by summing all shares: s = s_1 + s_2 + ... + s_n. All shareholders must provide their shares for reconstruction to succeed.

type Secret 

type Secret[E GroupElement[E]] struct {
	// contains filtered or unexported fields
}

Secret wraps a group element that is being shared.

func NewSecret 

func NewSecret[E GroupElement[E]](v E) *Secret[E]

NewSecret creates a new secret from a group element.

func (*Secret[E]) Clone 

func (s *Secret[E]) Clone() *Secret[E]

Clone returns a deep copy of this secret.

func (*Secret[E]) Equal 

func (s *Secret[E]) Equal(other *Secret[E]) bool

Equal returns true if two secrets have the same value.

func (*Secret[E]) Value 

func (s *Secret[E]) Value() E

Value returns the underlying group element.

type Share 

type Share[E GroupElement[E]] struct {
	// contains filtered or unexported fields
}

Share represents an additive secret share consisting of a shareholder ID and a group element value.

func NewShare 

func NewShare[E GroupElement[E]](id sharing.ID, v E, ac *sharing.MinimalQualifiedAccessStructure) (*Share[E], error)

NewShare creates a new additive share with the given ID and value. If an access structure is provided, validates that the ID is a valid shareholder.

func (*Share[E]) Add 

func (s *Share[E]) Add(other *Share[E]) *Share[E]

Add returns a new share that is the component-wise sum of two shares. Both shares must have the same ID.

func (*Share[E]) Clone 

func (s *Share[E]) Clone() *Share[E]

Clone returns a deep copy of this share.

func (*Share[E]) Equal 

func (s *Share[E]) Equal(other *Share[E]) bool

Equal returns true if two shares have the same ID and value.

func (*Share[E]) HashCode 

func (s *Share[E]) HashCode() base.HashCode

HashCode returns a hash code for this share, for use in hash-based collections.

func (*Share[E]) ID 

func (s *Share[E]) ID() sharing.ID

ID returns the shareholder identifier for this share.

func (*Share[E]) Op 

func (s *Share[E]) Op(other *Share[E]) *Share[E]

Op is an alias for Add, implementing the group element interface.

func (*Share[E]) SchemeName 

func (*Share[E]) SchemeName() sharing.Name

SchemeName returns the name of the secret sharing scheme.

func (*Share[E]) Value 

func (s *Share[E]) Value() E

Value returns the group element value of this share.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.