spark_rust/signer/traits/
shamir.rs

1//! # Shamir's Secret Sharing for Spark Wallet
2//!
3//! This module implements Shamir's Secret Sharing (SSS) functionality for the Spark wallet.
4//! Shamir's Secret Sharing is a cryptographic technique that allows a secret (such as a private key)
5//! to be divided into multiple parts (shares), where a specified threshold of shares is required
6//! to reconstruct the original secret.
7//!
8//! In the Spark wallet, this capability supports:
9//! - Social recovery of wallet keys
10//! - Distributed custody arrangements
11//! - Enhanced security through secret distribution
12//!
13//! The implementation uses a verifiable variant of Shamir's Secret Sharing,
14//! which allows participants to verify the validity of their shares without
15//! reconstructing the secret.
16
17use crate::error::SparkSdkError;
18
19use bitcoin::secp256k1::PublicKey;
20use spark_cryptography::secret_sharing::secret_sharing::VerifiableSecretShare;
21
22/// Trait for Shamir's Secret Sharing operations in the Spark wallet.
23///
24/// This trait provides methods for splitting secrets (such as private keys or other
25/// sensitive data) into multiple shares using Shamir's Secret Sharing scheme. The
26/// implementation uses a verifiable variant that allows share holders to validate
27/// their shares without revealing the underlying secret.
28///
29/// Key features of this implementation:
30/// - Threshold-based reconstruction (requires t-of-n shares)
31/// - Verifiability of shares (participants can verify their shares are valid)
32/// - Compatible with secp256k1 keys used in the Bitcoin network
33///
34/// Use cases in Spark include:
35/// - Creating backup shares for wallet recovery
36/// - Establishing multi-custodial arrangements
37/// - Distributing sensitive material across multiple secure storage locations
38pub trait SparkSignerShamir {
39    /// Splits a secret message into verifiable shares using Shamir's Secret Sharing.
40    ///
41    /// This method takes an arbitrary message (typically a secret key or other sensitive
42    /// information) and splits it into `num_shares` shares, such that any `threshold`
43    /// number of shares can reconstruct the original secret.
44    ///
45    /// # Arguments
46    /// * `message` - The secret message to split into shares
47    /// * `threshold` - The minimum number of shares required to reconstruct the secret
48    /// * `num_shares` - The total number of shares to generate
49    ///
50    /// # Returns
51    /// * `Ok(Vec<VerifiableSecretShare>)` - A vector of verifiable secret shares
52    /// * `Err(SparkSdkError)` - If share generation fails
53    ///
54    /// # Security Considerations
55    /// - Ensure `threshold` is sufficiently high to maintain security
56    /// - The shares should be distributed to separate, trusted entities
57    /// - Each share should be protected with appropriate access controls
58    ///
59    /// # Example
60    /// ```
61    /// # fn example(signer: &impl SparkSignerShamir) -> Result<(), SparkSdkError> {
62    /// // Split a secret into 5 shares, requiring 3 to reconstruct
63    /// let secret = vec![1, 2, 3, 4, 5]; // Example secret
64    /// let shares = signer.split_with_verifiable_secret_sharing(secret, 3, 5)?;
65    ///
66    /// // Distribute shares to trusted parties
67    /// # Ok(())
68    /// # }
69    /// ```
70    fn split_with_verifiable_secret_sharing(
71        &self,
72        message: Vec<u8>,
73        threshold: usize,
74        num_shares: usize,
75    ) -> Result<Vec<VerifiableSecretShare>, SparkSdkError>;
76
77    /// Splits a secret key identified by its public key into verifiable shares.
78    ///
79    /// This method finds the private key corresponding to the provided public key
80    /// in the signer's storage, then splits it into shares using Shamir's Secret
81    /// Sharing scheme. This is particularly useful for creating backups of specific
82    /// keys within the wallet.
83    ///
84    /// # Arguments
85    /// * `public_key` - The public key corresponding to the secret key that should be split
86    /// * `threshold` - The minimum number of shares required to reconstruct the secret key
87    /// * `num_shares` - The total number of shares to generate
88    ///
89    /// # Returns
90    /// * `Ok(Vec<VerifiableSecretShare>)` - A vector of verifiable secret shares
91    /// * `Err(SparkSdkError)` - If the key cannot be found or share generation fails
92    ///
93    /// # Security Considerations
94    /// - Ensure the private key exists in the signer's storage
95    /// - Use appropriate `threshold` values (typically at least 2/3 of `num_shares`)
96    /// - The resulting shares contain sensitive key material and must be protected
97    ///
98    /// # Example
99    /// ```
100    /// # use bitcoin::secp256k1::PublicKey;
101    /// # fn example(signer: &impl SparkSignerShamir, pubkey: &PublicKey) -> Result<(), SparkSdkError> {
102    /// // Split the private key for a specific public key into 3 shares, requiring 2 to reconstruct
103    /// let shares = signer.split_from_public_key_with_verifiable_secret_sharing(pubkey, 2, 3)?;
104    ///
105    /// // Distribute shares to trusted parties or secure storage locations
106    /// # Ok(())
107    /// # }
108    /// ```
109    fn split_from_public_key_with_verifiable_secret_sharing(
110        &self,
111        public_key: &PublicKey,
112        threshold: usize,
113        num_shares: usize,
114    ) -> Result<Vec<VerifiableSecretShare>, SparkSdkError>;
115}