The Math Behind CyberShard: From SSS to PVSS

Cryptographic Foundations

1. Background introduction

Problem Description: There is a secret value d, which needs to be split into n "parts" handed over separately to n members. When t (where t ≤ n) members collaborate, they can recover the secret value. If fewer than t parts are provided, the secret cannot be restored.

Proposed by Adi Shamir (2002 Turing Award winner) in his seminal 1979 paper "How to share a secret".

2. Shamir's Secret Sharing scheme

The distribution process involves the random selection of t-1 coefficients a₁, a₂, …, a_t-1 to construct the following polynomial:

f(x) = d + a_1x + a_2x^2 + \dots + a_{t-1}x^{t-1}

Where d is the secret value. We then calculate f(x) for x = 1, 2, …, n to obtain the partial secrets d_i = f(i), which are assigned to n members by a trusted Dealer.

Secret Value Reconstruction

To reconstruct the secret, t members provide their shares (x_i, d_i). We use Lagrangian interpolation to rebuild the unique polynomial h(x) of degree t-1:

h(x) = \sum_{i=1}^{t} d_i \lambda_i(x)$$ Where the Basis Polynomial is: $$\lambda_i(x) = \prod_{k \in S, k \neq i} \frac{x - k}{i - k}

The recovered secret value is then d = h(0).

2.1. Shamir's Secret Sharing instance

Assume a secret value d = 1234, to be distributed to n = 6 members with a threshold of t = 3.

We choose 2 random values (166 and 94) to construct the polynomial:

f(x) = 1234 + 166x + 94x 2

The 6 resulting shares are:

D 1 =(1, 1494), D 2 =(2, 1942), D 3 =(3, 2578), D 4 =(4, 3402), D 5 =(5, 4414), D 6 =(6, 5614)

If members D₂, D₄, and D₅ collaborate, they calculate the Lagrangian coefficients:

\lambda_{x_1}(x) = \frac{x - 4}{2 - 4} \cdot \frac{x - 5}{2 - 5} = \frac{1}{6}x^2 - \frac{3}{2}x + \frac{10}{3}$$ $$\lambda_{x_2}(x) = \frac{x - 2}{4 - 2} \cdot \frac{x - 5}{4 - 5} = -\frac{1}{2}x^2 + \frac{7}{2}x - 5$$ $$\lambda_{x_3}(x) = \frac{x - 2}{5 - 2} \cdot \frac{x - 4}{5 - 4} = \frac{1}{3}x^2 - 2x + \frac{8}{3}

Reconstructing f(x):

f(x) = 1942\lambda_{x_1}(x) + 3402\lambda_{x_2}(x) + 4414\lambda_{x_3}(x)$$ $$f(x) = 1234 + 166x + 94x^2

The secret is recovered: f(0) = 1234.

2.2. Finite Fields Security

In real-world applications, using standard integers or real numbers is insecure because it leaks information about the potential range of the secret. Classical coordinate geometry allows attackers with t-1 shards to use linear regressive analysis to narrow down the brute-force attack surface.

To achieve information-theoretic security, CyberShard implements these operations within Prime-Order Galois Fields GF(p). By wrapping the math around a large prime modulus, the polynomial "teleports" across field boundaries, ensuring that any number of shares less than the threshold t provides exactly zero mathematical advantage in guessing the secret.

3. Publicly Verifiable Secret Sharing (PVSS)

A critical vulnerability in standard Shamir's Secret Sharing is Data Tampering. If an attacker or compromised peer injects a mathematically valid but fake shard during the reconstruction phase, the resulting polynomial will yield a corrupted secret, locking you out of your assets. To prevent this, CyberShard integrates Pedersen Commitments into a PVSS architecture.

Zero-Knowledge Verification via Pedersen

During the initial shard generation, the system creates a cryptographic commitment for each polynomial coefficient a_i using two large generator points g and h of a prime-order group:

C_i = g^{a_i} \cdot h^{r_i} \pmod p

Where r_i is a randomly generated blinding factor. This allows any participant to perform a mathematical audit of their shards before attempting reconstruction.

The CyberShard Advantage: Because of the homomorphic properties of these commitments, fake shards are instantly detected and rejected. The protocol ensures that "what cannot be mathematically verified, cannot touch the reconstruction engine", effectively neutralising peer collusion and tampering attacks.

Cryptographic Foundations

Explore the mathematical framework of Shamir’s Secret Sharing to understand how Lagrange interpolation, finite fields, and Pedersen Commitments secure private keys against modern adversarial threats.

Get Started