On Wed, Mar 29, 2000 at 02:25:51PM +1000, Greg Rose wrote:
> I use Hal Finney's "secsplit". Google found it in a couple of places; it
> doesn't seem to have been updated since 1993. It doesn't do the more
> complicated schemes, just straight (m, k) splitting.
Crypto++ contains secret sharing code that was originally derived from
Hal's secsplit. (It's pretty much changed beyond recognition over the
years, but you can still see some resemblance in
RingOfPolynomialsOver<T>::InterpolateAt().) Hal's code does have a
potential security problem. Quoting from an earlier post of mine:
> If anyone is going to use this, keep in mind that it leaks some information
> about the secret you're sharing through the length extension. This happens
> because the the secret sharing polynomial is over GF(65521). So when a word
> (two bytes) to be shared is greater than or equal to 65521, it has to be
> encoded as two words each less than 65521.
This is solved in Crypto++ by using GF(2^32) instead. You can download
it from http://www.eskimo.com/~weidai/cryptlib.html.
