|let shuffle list =|
|let cmp _ _ = (Random.int 3) - 1 in|
|List.sort cmp list;;|
|let share ~secret ~length =|
|let rec loop secret length buffer =|
|if length <= 0 then secret :: buffer else|
|let noise = Random.bits () in|
|let piece = secret lxor noise in|
|loop piece (length - 1) (noise :: buffer)|
|let pieces = loop secret (length - 1)  in|
|let recover pieces =|
|let op x y = x lxor y in|
|let head = List.hd pieces in|
|let tail = List.tl pieces in|
|List.fold_left op head tail;;|
|let pieces =|
|share ~secret:23 ~length:10;;|
|assert (23 = recover pieces);;|
This is applied on words (integers), but we will rather desire to apply on character-level to split a whole message string as secret, either plain-text or binary bytes sequence. A good approach would be Base-64 encoding, enabling us to operate on a 64 values range during the random generation (think in
Another future improvement would be to have commitments from such pieces before their sharing. During the recover phase, it provides the tools to avoid luring/cheating attacks. A stored fingerprint of the secret could work as a checksum here.
Finally, the output of plain shares/pieces is not secure. A good approach would be to receive public keys before the sharing phase, and output encrypted versions of such shares.
The checksum also enables the brute-force of the message, only if fewer parts are missing due "shareholders" dropping the game in the middle. It possibly will only be feasible in some sense if the threshold is 90%, I guess - I should make a Proof-of-Concept for that...
Full code available here: https://github.com/marcoonroad/shareholders
The shares are encrypted using the checksum (of the secret) as the AES CBC key & IV, then HMAC-alike signed with the digest of this secret checksum.
By encrypting the shares, I can add metadata on them, such as their position