A call that begins with “Don’t tell anyone, but…” is exactly how secrets leak. Shamir’s Secret Sharing, devised by Adi Shamir in 1979, offers a different approach: split a secret into pieces so no single person holds enough information to reconstruct it, but a
Someone calls you at work and says, “Don’t tell anyone, but…”
If you’re like most people, you don’t keep that promise. You pass it to one or two others—with the same warning. And those people?. They’re probably repeating it from someone else. Before long. the “big secret” has spread through a chain of partial trust. with everyone holding just enough to tempt them.
For truly sensitive information, you need a way to spread the secret out so that no individual person has real information about it—while still letting a certain number of people together decode it.
That’s the core of Shamir’s Secret Sharing. explained through a simple geometry example and traced back to a method devised by Adi Shamir in 1979—the “S” in RSA encryption. The explanation starts with the equation of a line. y = mx + b. where m is the slope and b is the y-intercept: the point where the line touches the y-axis when X is 0. An infinite number of lines cross the Y axis. For example, the line y = 3x + 10 does, and so does y = -1.41x + 10.
The trap is that you can’t guess the b value from the slope alone. Any slope will satisfy the equation.
Now suppose the secret number is 10. You pick a random slope and generate points on the line. In this setup, “any number of equations might satisfy that point.” To keep the math easy, the example chooses a random slope of 2, making the real equation y = 2x + 10.
The first person is told a single point on that line: when X = 100, their part of the secret is (100, 210). That point matches y = 2x + 10—but it also matches many other lines, including y = 4x – 190 and y = x + 110. An infinite number of lines can go through a single point.
To determine the actual equation, you need at least two points. So a second person gets another point. This example uses x = 25 and tells the second person their part is (25, 60).
Once those two people compare notes, the secret number can be recovered by solving the two equations:
210 = 100m + b and 60 = 25m + b.
The second equation can be rewritten as 240 = 100m + 4b. Subtracting the first one from that produces 30 = 3b, so b = 10—revealing the secret number.
From there, the logic becomes flexible. You can hand out any number of points to any number of people. Any two of them can recover the secret number. If you need more people to unlock it, you increase the threshold: a parabola equation requires three points, and a cubic takes four, and so on.
In real implementations, the explanation notes, practical systems use a polynomial rather than drawing a graph—but the idea stays the same: no single holder can reconstruct the secret alone, while the right number of holders together can decode it.
It’s an approach that also feels familiar in a darker direction. The method is a reminder of how, in the real world, something critical—like a nuclear launch—requires multiple keys.
Shamir’s Secret Sharing Adi Shamir RSA secret sharing cybersecurity encryption polynomials threshold cryptography