Emin Muhammadi
Emin Muhammadi

5 min read

Shamir's secret sharing algorithm (Example in Golang)

Shamir's secret sharing algorithm (Example in Golang)

Shamir's Secret Sharing Algorithm stands out as a powerful tool for distributing and safeguarding secrets. In this article, I explore the complexities of Shamir's Secret Sharing Algorithm, delving into its fundamental principles, practical applications, and offering illustrative examples to demonstrate its efficacy.

Understanding Shamir's Secret Sharing Algorithm

Shamir's Secret Sharing Algorithm, named after its creator Adi Shamir, is a cryptographic algorithm used to distribute a secret among a group of participants, ensuring that the secret can only be reconstructed when a minimum threshold of participants combines their shares. The algorithm relies on polynomial interpolation over finite fields to achieve this.

At the core of Shamir's algorithm lies the concept of polynomial interpolation. In essence, a polynomial of degree t - 1 is constructed, where t represents the minimum number of shares required to reconstruct the secret. Each participant is then assigned a share, corresponding to a point on the polynomial curve. With t or more shares, the polynomial can be reconstructed, revealing the original secret.

How Shamir's Secret Sharing Works: An Example

Consider a scenario where a company wishes to safeguard access to critical data by distributing a secret among three executives. Using Shamir's Secret Sharing Algorithm, the company can ensure that at least two executives must collaborate to access the sensitive information.

  1. Generating Shares: The company generates a random polynomial of degree 2 (since they require 3 shares for reconstruction). Let's assume the polynomial is f(x) = a0 + a1x + a2x^2, where a0​ is the secret they want to protect, and a1 and a2 are randomly chosen coefficients.

  2. Assigning Shares: The company computes three shares by evaluating the polynomial at three distinct points. Each executive receives one share:

    • Executive 1: Receives the share (x1, f(x1))

    • Executive 2: Receives the share (x2, f(x2))

    • Executive 3: Receives the share (x3, f(x3))

  3. Reconstruction: To reconstruct the secret, any two executives combine their shares and interpolate the polynomial. For instance, Executives 1 and 2 collaborate, revealing the secret.

Applications of Shamir's Secret Sharing Algorithm

Shamir's Secret Sharing Algorithm finds applications in various domains, including:

  • Cryptography: Securely distributing encryption keys among multiple parties.

  • Data Recovery: Splitting sensitive data into shares to prevent loss and enable recovery.

  • Access Control: Requiring multiple parties to authenticate for access to highly sensitive information.


package main

import (

var prime *big.Int

func init() {
	prime, _ = big.NewInt(0).SetString("115792089237316195423570985008687907853269984665640564039457584007913129639747", 10)

// GenerateCoefficients generates random coefficients for the polynomial
func GenerateCoefficients(secret *big.Int, threshold, numShares int) []*big.Int {
	coefficients := make([]*big.Int, threshold)
	coefficients[0] = secret

	for i := 1; i < threshold; i++ {
		coefficients[i] = big.NewInt(int64(rand.Intn(256)))

	return coefficients

// EvaluatePolynomial evaluates the polynomial at the given x value
func EvaluatePolynomial(coefficients []*big.Int, x *big.Int) *big.Int {
	result := big.NewInt(0)
	temp := big.NewInt(1)

	for _, coefficient := range coefficients {
		term := big.NewInt(0).Set(coefficient)
		term.Mul(term, temp)
		result.Add(result, term)
		result.Mod(result, prime)
		temp.Mul(temp, x)
		temp.Mod(temp, prime)

	return result

// SplitSecret splits the secret into shares
func SplitSecret(secret string, threshold, numShares int) []*big.Int {
	secretBigInt := new(big.Int).SetBytes([]byte(secret))
	coefficients := GenerateCoefficients(secretBigInt, threshold, numShares)

	shares := make([]*big.Int, numShares)
	for i := 1; i <= numShares; i++ {
		x := big.NewInt(int64(i))
		shares[i-1] = EvaluatePolynomial(coefficients, x)

	return shares

// LagrangeInterpolation interpolates the secret using the given shares
func LagrangeInterpolation(shares []*big.Int, x *big.Int) *big.Int {
	result := big.NewInt(0)

	for i, share := range shares {
		numerator := big.NewInt(1)
		denominator := big.NewInt(1)

		for j, _ := range shares {
			if i != j {
				numerator.Mul(numerator, big.NewInt(0).Sub(x, big.NewInt(int64(j+1))))
				denominator.Mul(denominator, big.NewInt(0).Sub(big.NewInt(int64(i+1)), big.NewInt(int64(j+1))))

		lambda := big.NewInt(0).Div(numerator, denominator)
		lambda.Mod(lambda, prime)

		term := big.NewInt(0).Set(share)
		term.Mul(term, lambda)
		result.Add(result, term)
		result.Mod(result, prime)

	return result

// ReconstructSecret reconstructs the secret from the shares
func ReconstructSecret(shares []*big.Int) string {
	secret := LagrangeInterpolation(shares, big.NewInt(0))
	return string(secret.Bytes())

func main() {
	// Define parameters
	threshold := 3           // Number of shares required to reconstruct the secret
	numShares := 9           // Total number of shares
	secret := "Hello World!" // Secret to be shared

	// Split the secret into shares
	shares := SplitSecret(secret, threshold, numShares)
	fmt.Println("Shares:", shares)

	// Reconstruct the secret from a subset of shares
	reconstructedSecret := ReconstructSecret(shares[:threshold])
	fmt.Println("Reconstructed Secret:", reconstructedSecret)

This code is an implementation of Shamir's Secret Sharing scheme, a method for distributing a secret among a group of participants, each holding a share of the secret. The secret can only be reconstructed when a sufficient number of shares are combined. Here's a breakdown of the code:

  1. Initialization: The code initializes a large prime number prime which is used in calculations. This prime number is typically chosen to be sufficiently large to provide security against brute-force attacks.

  2. GenerateCoefficients: This function generates random coefficients for a polynomial of degree threshold - 1. The first coefficient is set as the secret, and the rest are random numbers between 0 and 255 (inclusive).

  3. EvaluatePolynomial: Given a set of coefficients and an x value, this function evaluates the polynomial at that x value using Horner's method.

  4. SplitSecret: This function splits the input secret into shares. It converts the secret to a big integer, generates random coefficients using GenerateCoefficients, evaluates the polynomial at different x values to get the shares.

  5. LagrangeInterpolation: This function performs Lagrange interpolation to reconstruct the secret from a subset of shares. It uses the Lagrange interpolation formula to interpolate the secret from the given shares.

  6. ReconstructSecret: This function reconstructs the secret from the shares using Lagrange interpolation.

  7. Main Function: In the main function, parameters like threshold, total number of shares, and the secret are defined. The secret is split into shares using SplitSecret, and then a subset of shares is used to reconstruct the secret using ReconstructSecret.

This scheme ensures that the secret can be reconstructed only when a sufficient number of shares are combined (determined by the threshold). In this example, the threshold is set to 3, meaning at least 3 shares out of 9 are required to reconstruct the secret.


In today's world, where keeping data safe is really important, Shamir's Secret Sharing Algorithm is a strong way to share and protect secrets. It uses a math technique called polynomial interpolation to make sure that even if some parts of the secret are revealed, the whole secret stays safe. Whether it's used in businesses, to keep passwords secure, or to recover lost data, Shamir's Secret Sharing Algorithm is a key part of keeping information safe and secure.


  • Cryptography
  • crypto
  • golang
  • Go Language
  • cybersecurity
  • Computer Science