
Charlie's Combination 21 46 03 88 Random share  27 03 77 61  04 43 36 27 Alice's share = 27 03 77 61 Bob's share = 04 43 36 27 
Alice's share contains truly random digits. Bob's share is Alice's share, subtracted without borrowing from the secret password, which produces a truly random result. Therefore, each of the shares on its own holds no information whatsoever that could help to retrieve Charlie's secret combination. This method is therefore information theoretically secure, read unbreakable, as long as the shares are kept seperated.
Retrieving the original combination is done by simply adding the two shares, digits by digit, without carry (e.g.. 7 + 4 = 1 and not 11).
Alice's share 27 03 77 61 Bob's share + 04 43 36 27  21 46 03 88 Charlie's Combination: 21 46 03 88 
For each additional share we must create an additional random key. If the secret information is to be split into 5 shares, we need 4 random shares and one result share. In such case, all random shares must be subtracted from the original information.
Let's give an example to split the secret value 2 in four shares. We create three random shares with the values 5, 9 and 3. The result share will be 2  5  9  3 = 5 because (1)2  5 = 7 and (1)7  9 = 8 and 8  3 = 5. The four shares are therefore 5, 9, 3 and 5. To retrieve the secret we take 5 + 9 + 3 + 5 = (2)2
We can also split text. First, we need to convert the text into numbers. This is done by assigning a number to each letter. We can use the numbers 01 to 26 for the letters A to Z, 30 to 39 for the digits 0 to 9 and 00 for a space, or any other simple conversion system that suits your requirements. The method of splitting does not require the lettertonumber conversion table to be secret. The text can be a password, instructions or even a complete text.
The secret password I N V I N C I B L E The converted text 09 14 22 09 14 03 09 02 12 05 Random key (share 1)  52 71 30 94 52 86 62 13 81 29  Result (share 2) 57 43 92 15 62 27 47 99 31 86 Alice's share = 5271 3094 5286 6213 8129 Bob's share = 5743 9215 6227 4799 3186 
To retrieve the secret information we simply add the shares together, again without carry, and convert the numbers back into letters.
We can also apply secret splitting on computer data. To split any type of computer file we first have to generate a random share with the same size as the file. This random file will be the first share. The second share is created by XORing the original file and the random file. To retrieve the original file, the shares are XORed.
In the next example one byte is splitted into two shares.
Secret Data 01011010 XOR Table Random (share 1) XOR 11101011   0 XOR 0 = 0 Result (Share 2) 10110001 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0 
We can also split data in more than two shares. For each new share we add another series of random bits and XOR them with the other shares.
Secret Data 10011100 Random (share 1) XOR 01001011 Random (share 2) XOR 11010001 Random (share 3) XOR 00101011  Result (Share 4) 00101101 
The software that applies secret splitting should run on a secure computer and may not leave any traces after processing the shares. This includes secure deleting of the original file (not the normal delete function of your system, which doesn't actually delete the file). The secret splitting software should meet the same standards as quality encryption software regarding memory storage, secure file processing and generating quality random numbers (see requirements randomness in next section). Also, the shares should be stored securely on external media or, less advisable, other computers.
The secret splitting we used on this page is based on the principle of onetime pad encryption and all calculations are performed modulo 10 (addition without carry and subtraction without borrowing). The secret code is encrypted with one or more truly random keys and, in contrast to sending the encrypted secret to the receiver, we use the random keys and the encrypted code as shares. However, there are two important rules to obtain absolute security.
The first rule is that the random keys (read shares) must be truly random, just as with onetime pad encryption. To generate true randomness, there are some practical solutions for small amounts of random digits. You could use five tensided dice (see right). With each throw, you have a new fivedigit group.
Never simply use normal sixsided dice by adding the value of the dice and discarding two values. This method is statistically unsuitable to produce values from 0 to 9 and thus absolutely insecure (the total of 7 will occur about 6 times more that the values 2 or 12).
Instead, use one black and one white die and assign a value to each of the 36 combinations, taking in account the order and colour of the dice (see table below). This way, each combination has a .0277 probability (1 on 36). We can produce three series of values between 0 and 9. The remaining 6 combinations (with a black 6) are simply disregarded, which doesn't affect the probability of the other combinations.
B W B W B W B W B W 1 + 1 = 0 2 + 1 = 6 3 + 1 = 2 4 + 1 = 8 5 + 1 = 4 1 + 2 = 1 2 + 2 = 7 3 + 2 = 3 4 + 2 = 9 5 + 2 = 5 1 + 3 = 2 2 + 3 = 8 3 + 3 = 4 4 + 3 = 0 5 + 3 = 6 1 + 4 = 3 2 + 4 = 9 3 + 4 = 5 4 + 4 = 1 5 + 4 = 7 1 + 5 = 4 2 + 5 = 0 3 + 5 = 6 4 + 5 = 2 5 + 5 = 8 1 + 6 = 5 2 + 6 = 1 3 + 6 = 7 4 + 6 = 3 5 + 6 = 9 THROWS WITH BLACK 6 ARE DISCARDED 
Another method is a lotto system with balls, numbered from 0 to 9. After extracting a number, that ball must be mixed again with the other balls before extracting the next number. Such methods are suitable for small amounts of random numbers, for instance splitting keys or passwords. If a large quantity of numbers is required, for instance to split computer files, the best solution is to purchase a hardware based PC card with random noise source. Note that the default computer RND function does not produce true randomness!
The second rule for absolute secure splitting is of course the physical separation of the individual shares. At least one of the shares should never be accessible to the other shareholders. The shares must always be protected in such way that a compromised share would be noticed.
One possible way to store an individual share is a small sealed  glued  plastic container that needs to be broken in order to get access to the share (wrap the folded text in aluminium foil). Seals can be glued into the transparant container. A damaged container and thus compromised share would be noticed immediately. Of course, the plastic container must always be stored on a physically secure place. The owner could always perform a security verification and demand the shareholders to show their undamaged share. This is comparable with the famous socalled biscuits that are broken to obtain nuclear codes.
The system will be information theoretically secure if the rules of randomness and physical separation are applied correctly. It is mathematically proven that there's no way to retrieve the secret information, other than getting your hands on all required shares. Of course, if you have split the code of a cheap five dollar lock, you will have fivedollarsecurity. It's useless to protect the key code of a safe if a simple crowbar can open it. On the other hand, if you split the combination of a safe deposit box in your bank, you can be sure that no individual shareholders can access that safe.
Finally, the method as presented on this page had another very important property. Since this system is unbreakable, the loss of one share will always result in the definite loss of the secret information, unless the shareholders have a copy of the original. Also, be sure to doublecheck the shares you created if you intend to destroy the original! There's no way back if a share is lost or destroyed by accident! It might be useful that the shareholders have one extra copy of their share on another secure location. Any shareholders could also decide to split his own share into two subshares and place them at different locations as a secure backup.
© Copyright 2004  2020 Dirk
Rijmenants
Home 