This repository provides a minimal, deterministic implementation of Shamir’s Secret Sharing scheme over (GF(256)).
It focuses exclusively on the cryptographic core: splitting a secret into shares and reconstructing it from a threshold subset. No operational, procedural, or governance concerns are included.
This repository includes a minimal command-line interface that acts as a thin adapter over the Shamir core and share encoding layers.
The CLI performs direct data transformations and does not introduce any operational logic, persistence, or policy enforcement.
The CLI provides two commands:
split— split a secret into threshold sharescombine— reconstruct a secret from shares
All data is read from standard input and written to standard output.
Split a secret into n shares with threshold k.
bash shamir split -k -n < secret.bin
The purpose of this project is to:
- implement Shamir Secret Sharing correctly and transparently
- provide a small, auditable cryptographic primitive
- support deterministic testing and reproducibility
- serve as a building block for higher-level systems
This repository is implementation-focused, not a complete key management solution.
This project includes:
- arithmetic over (GF(256))
- polynomial-based secret splitting
- Lagrange interpolation for reconstruction
- deterministic unit tests
It intentionally avoids all non-essential concerns.
This project does not:
- define operational procedures or lifecycle management
- handle custody, rotation, or revocation
- provide serialization or storage formats
- include CLI tools or services
- manage access control or authorization
- replace KMS, HSM, or secret management platforms
Operational governance is explicitly out of scope.
This implementation prioritizes:
- correctness over convenience
- explicit behavior over implicit assumptions
- deterministic testing
- minimal surface area
- separation of cryptography from operations
This repository is designed to be used alongside, but independent from, the Operational Layer for Threshold Secrets specification:
https://github.com/krunixbase/operational-layer-for-threshold-secrets
That project defines governance, accountability, and lifecycle procedures. This repository provides only the cryptographic primitive.
This repository is sealed as a reference-grade implementation of Shamir Secret Sharing.
As of v1.0.0, the public API, failure semantics, and cryptographic behavior are contractually defined and stable. Future changes are expected to be infrequent and deliberate, following the documented versioning policy.