sss-rs

An implementation of a secret sharing scheme in Rust. This is not meant to be a serious/optimized implementation, it's more of a fun project to further my Rust knowledge.

Some things to note:

• Not intended to be used in production code.
• Finite field modular arithmetic has been temporarily disabled, the API still accepts primes but they do not currently affect anything
• While the example only showcases File's as input, but a more general method is available that accepts any Readable sources, as well as Writeable dest for sharing.
  • Note: Generic Writeble secret destination for reconstruction is planned for 0.5.0

New Example with the current API

``` let dir = "./"; let stem = "test"; let numshares = 3; let secret: Vec = vec![5, 4, 9, 1, 2, 128, 43]; let sharer = Sharer::builder(secret) .sharesrequired(numshares) .sharestocreate(numshares) .coefficientbits(32) .build() .unwrap(); sharer.sharetofiles(dir, stem).unwrap(); let recon = Sharer::reconstructor(dir, stem, numshares, PrimeLocation::Default).unwrap(); asserteq!(secret, *reconsecret);

```

Old Example (makes use of raw_share functions)

``` let mut rand = SmallRng::seedfromu64(123u64); let secret: u8 = 23; // The secret to be split into shares let sharesrequired = 3; // The number of shares required to reconstruct the secret let sharestocreate = 3; // The number of shares to create, can be greater than the required let bitsizeco: usize = rand.genrange(32, 65); // The number of bits for the generated coefficients let primebits: usize = rand.genrange(bitsizeco + 128, 257); // The number of bits for the prime let mut prime: BigInt = rand.genprime(primebits).into(); // The prime number used for finite field while prime < BigUint::from(secret) { // In case the prime is less than the secret, generate new ones until one is greater prime = rand.genprime(primebits).into(); }

let shares: Vec = createsharesfromsecret( secret, &prime sharesrequired, sharestocreate, bitsizeco).unwrap(); let secretrecon = reconstructsecret(shares, &prime, shares_required).unwrap();

asserteq!(secret, secretrecon); ```

TODO:

- Currently limited to 4GB files, and memory usage issues especially when working with many shares.
    - Break up the reading in from files in chunks of N bytes to avoid high memory usage and overcome
      the file size limitation.
- The shuffle operation was left out of the new API, mainly because it would not function after the 
  above change is implemented. May re-implement a way to shuffle the data in-file. For now this 
  will be benched.
- Add optional verification that allows for checking if a secret has been properly reconstructed.
    - One way to do this would be to take the hash of the first N bytes of the secret and place it at          the end of the secret. The chances of incorrect reconstruction leading to the first N bytes 
      hashing to the incorrectly reconstructed hash placed at the end would be astronomically low.
- While working with individual bytes makes things much easier, it would be far more efficient to 
  work with larger chunks of data.