HbarSuite Docs
  • Welcome to HbarSuite
  • HbarSuite Developer Documentation
    • HbarSuite Smart Engine Applications
      • @hsuite/cross-chain-exchange
      • @hsuite/dao
        • DAO Application Testing
      • @hsuite/exchange
      • @hsuite/launchpad
      • @hsuite/multisig
      • @hsuite/nft-exchange
      • HSuite Smart App - Enterprise Hedera Application Framework
    • HSuite Libraries
      • @hsuite/api-key - Enterprise API Key Authentication System
      • @hsuite/auth-types
      • @hsuite/auth - Authentication Module
      • @hsuite/client-types
      • @hsuite/client - Client Service Module
      • @hsuite/dkg-types - Distributed Key Generation Type Definitions
      • @hsuite/hashgraph-types - Hedera Hashgraph Type Definitions
      • @hsuite/health - Comprehensive System Health Monitoring
      • @hsuite/helpers - Utility Library
      • @hsuite/ipfs - InterPlanetary File System Integration
      • @hsuite/shared-types - Shared Type Definitions
      • @hsuite/smart-config - Configuration Management
      • @hsuite/smart-ledgers - Multi-Ledger Management
      • @hsuite/smart-network-types - Smart Network Type Definitions
      • @hsuite/smart-transaction-types - Smart Transaction Type Definitions
      • @hsuite/smartnode-sdk - SmartNode Software Development Kit
      • @hsuite/snapshots - Multi-Ledger Token Snapshot Management
      • @hsuite/subscriptions-types - Subscription Management Type Definitions
      • @hsuite/subscriptions - Enterprise Subscription Management System
      • @hsuite/throttler-types - Rate Limiting Type Definitions
      • @hsuite/throttler - Advanced Rate Limiting for NestJS
      • @hsuite/users-types - User Type Definitions
      • @hsuite/users - User Management Module
      • @hsuite/validators-types
  • General Documentation
    • Smart Apps and Interaction
      • Subscription-Based Model
      • Token-Gate Model
    • The Smart Node Network
      • security-layer
      • Type of Validators Explained
      • Understanding Validators in Our System
      • Automating Responses to Network Changes & Key Rotation
      • Ensuring Continuous Operation and Recovery
      • Generating and Sharing Keys Collaboratively
      • Handling Node Expulsion and Replacement
      • Managing Cluster Membership
      • Protecting Secrets with Shamir's Method
      • Security Layer Integration
      • Setting Up Secure Clusters
    • Tokenomics
      • Tokenomics v1
      • Tokenomics V2
    • What is a Smart Node?
  • Restful APIs Documentation
Powered by GitBook
On this page
  • Dividing the Secret
  • Reconstruction with Threshold Access
  • Technical Implementation
  1. General Documentation
  2. The Smart Node Network

Protecting Secrets with Shamir's Method

PreviousManaging Cluster MembershipNextSecurity Layer Integration

Last updated 4 months ago

Dividing the Secret

  • We use a technique called Shamir's Secret Sharing to split the secret key into multiple parts.

  • These parts, known as "shares," are distributed among the nodes in the cluster.

Reconstruction with Threshold Access

  • To reconstruct the original key, a predetermined number of shares must be combined.

  • This means that even if some shares are lost or some nodes become unavailable, the key can still be securely rebuilt as long as enough shares are present.

Technical Implementation

The system implements Shamir's method using:

  1. Polynomial Generation

    • Creates a random polynomial of degree t-1

    • The secret is embedded as the constant term

    • Coefficients are randomly generated

  2. Share Distribution

    • Each node receives a point on the polynomial

    • Requires t shares to reconstruct (threshold)

    • Shares are encrypted during transmission

  3. Key Reconstruction

    • Uses Lagrange interpolation to recover the secret

    • Only possible with threshold number of shares

    • Mathematically secure against fewer shares

Shamir's Secret Sharing