Secret Sharing is a cryptographic technique used to secure a secret in a distributed system by dividing it into multiple parts, shares, or shards. Each share is not actionable on its own - but when combined with other shares - it can be used to reconstruct the original secret. This method enhances security by ensuring that even if one share falls into wrong hands, they cannot decipher the original secret without having access to a predefined portion of all other shares. The concept of Secret Sharing originated with Threshold Secret Sharing schemes. In these schemes, the secret is divided into n pieces such that any k out of n pieces (where k<=n) are sufficient to reconstruct the original secret. Similar to [[Social Recovery]] methods, the idea is to protect against loss or compromise - meaning no single point of failure - while still allowing for successful reconstruction given the minimum threshold number of correct shares. ##### Shamir's Secret Sharing Shamir's Secret Sharing scheme, proposed by Adi Shamir in 1979, is one popular example of Threshold Secret Sharing. It uses polynomial interpolation over finite fields for the sharing and reconstruction process - providing an elegant and effective solution which has been widely adopted due its simplicity and effectiveness. For more information, check out the paper [[How to Share a Secret (Shamir 1979).pdf]]. However, Shamir's Secret Sharing is not inherently verifiable. It doesn't provide a built-in mechanism for participants to verify their shares independently. If an incorrect share is provided by the dealer in Shamir’s scheme, it would only be detected during reconstruction when the derived secret does not match expected results. This led to Verifiable Secret Sharing (VSS) schemes like Pedersen’s VSS or Feldman’s VSS; additional verification capabilities were added using techniques like commitment schemes or homomorphic public key cryptography, respectively. These mechanisms can also be added on top of basic Shamir's Scheme to make it verifiable but are not built into the scheme. #### Verifiable Secret Sharing (VSS) Verifiable Secret Sharing (VSS) is an extension of basic secret sharing schemes. In VSS, additional mechanisms exist such that participants can verify their received shares for correctness without needing access to original secret or other parties' shares - implementing zero-knowledge properties. While VSS provides stronger security assurances compared to simple secret sharing, involving zero-knowledge proofs does create more computational complexity. This necessary evolution from simple secret sharing to verifiable variants may be attributed (at least in part) to distributed systems like blockchain networks requiring unknown and untrusted parties to frequently interact. #### Pedersen's Verifiable Secret Sharing Pedersen's Verifiable Secret Sharing Scheme (PVSS) uses a form of non-interactive zero-knowledge proof. It enables the splitting of a secret into multiple shares, then using multiplicative groups of finite fields and commitment schemes for verification. The original secret can be reconstructed by combining a sufficient number (usually defined as M of N shards) of shares. For more information, check out Torben Pedersen's paper [[Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing.pdf]] (Copyright Springer-Verlag Berlin Heidelberg 1992). #### Feldman's Verifiable Secret Sharing (VSS) Feldman's Verifiable Secret Sharing (VSS) is an extension of Shamir's Secret Sharing scheme that adds a verification process to ensure the integrity of the shares distributed by the dealer. In Feldman’s VSS, along with each share, the dealer also provides a commitment in form of public keys computed using homomorphic properties. These public keys allow participants to verify their received shares independently without revealing them or needing any other information - hence implementing zero-knowledge property.