crypto-lab-shamir-visual is a standalone demo of Shamir's Secret Sharing and Lagrange interpolation built for the crypto-lab portfolio. It is a visual companion to shamir-gate: shamir-gate focuses on reconstruction mechanics, while this demo focuses on the polynomial mathematics that make threshold recovery work. The interface shows how share points sit on a hidden polynomial and how evaluating the reconstructed polynomial at x = 0 recovers the secret. The security model is information-theoretic, not computational, so fewer than k shares do not merely make recovery expensive; they leave the secret mathematically undetermined.
- Use it to explain k-of-n key splitting and why the threshold property comes from polynomial uniqueness.
- Use it to teach wallet seed backup ideas such as SLIP39 without hiding the underlying interpolation step.
- Use it to demonstrate operator ceremonies like HashiCorp Vault unseal where multiple custodians must cooperate.
- Do not use this alone when shares must be verifiable or malicious-share resistant; use VSS or FROST instead.
- Do not use it when you only need a simple 2-of-2 split and XOR secret sharing already fits the job.
Live site: https://systemslibrarian.github.io/crypto-lab-shamir-visual/
The demo includes an interactive polynomial graph, share checkboxes that update reconstruction live, a Lagrange stepper that substitutes the selected values into the interpolation formula, and a wrong-polynomial visualization that makes the under-threshold case obvious when fewer than k shares are selected.
- Share integrity is not verified in plain Shamir SSS, so a corrupted or malicious share can break recovery unless you add VSS-style checks.
- Share storage is operationally fragile: if one required holder loses their share, reconstruction can fail permanently.
- Using a field that is too small can leak structure or make collisions more likely, which is why real systems choose a sufficiently large finite field.
- Giving all shares to one person defeats the purpose because threshold control only helps when custody is genuinely distributed.
- Implementing Lagrange interpolation with floating point instead of finite field arithmetic can produce incorrect secrets.
- Trezor's SLIP39 backup format uses threshold mnemonic shares for wallet recovery.
- HashiCorp Vault uses Shamir-based unseal key splitting to distribute recovery authority.
- The age encryption ecosystem is adjacent to recovery and custody workflows where secret splitting is often part of the operational design.
- PGP smartcard backup flows sometimes split private key material so no single escrow copy becomes the only recovery path.
- FROST threshold signatures, standardized in RFC 9591, solve a related but different problem: distributed signing rather than static secret splitting.
"So whether you eat or drink or whatever you do, do it all for the glory of God." — 1 Corinthians 10:31