Encryption is used to protect sensitive data against unauthorized access. Additional mechanisms are needed to protect the corresponding cryptographic key. In this case protection means protection against misusage as well as protection against loss of the key. One possibility for secure storing of cryptographic keys is the Secret Sharing.
All Secret Sharing methods are based on the same principle. One secret (the key) is divided into several parts. Thereby the number of shares usually is the same as the number of instances (participants) which are involved to the particular method. Only with a in the run-up defined number of shares the secret is recoverable. Single shares are not providing information.
Because the number of shares is also named threshold, Secret Sharing methods are often called threshold methods.
Every Secret Sharing scheme is based on the "dealer" and the "combiner". Strictly speaking these are two algorithms. The task of the dealer is the calculation of the shares and the transmission to the participants. Normally the dealer is a trustful third party who is not directly participating in the scheme. On the other hand the combiner could be one single participant or the entirety of all participants. With the shares of the single participants it calculates the secret in the course of reconstruction.
On the one hand Secret Sharing could be used for distributed storing of sensitive data. On the other hand the recombining of the shares could be used for activating critical actions. Then instead of dividing one secret to serveral persons, the control of an action is divided.
The most known Secret Sharing method is the (t, n) threshold scheme according to Shamir. This method is visualized in the Secret Sharing Demonstration dialog.
Example for a Secret Sharing Scheme:
The secret recipe of a new sort of ice cream is locked in a safe. The key is divided up to ten employees of the company, so that no single one could take the bait to take it out of the safe and sell it to a competitor for a lot of money. At least seven employees have to enter their part of the key to open the safe and get the recipe.