From: koontzd@lrcs.loral.com (David Koontz )
Date: Fri, 22 Oct 93 07:22:55 PDT
To: cypherpunks@toad.com
Subject: Re:  Sharing a secret
Message-ID: <9310221418.AA13432@nebula.lrcs.loral.com>
MIME-Version: 1.0
Content-Type: text/plain


>I know that there is a way to have a key, K, divided into
>n parts such that any i of them are needed to recunstruct
>K. The property holds that no i-1 parts are sufficient,
>and ANY i parts will do. How does this work exactly? Is
>it really the case that no i-1 parts give information?
>Is there a way to cheat?

With a key K of size j (goddamn fortran anyway), i parties can share
the secret with a threshold of i (requiring all i parties key part)
by generating i parts P such that K = Pi XOR Pi-1 XOR ... P1.  All
the parts P are the same size as K, which keeps the effort of guessing
a missing part equal to j, or the size of the key k itself. 

Such a scheme is not ideal for keys K that have a deterministic
characteristic.