Best Practices for Secret Sharing

November 15, 20256 min read

Introduction

Secret sharing is a powerful tool for protecting sensitive information, but its effectiveness depends on how it's implemented and used. Whether you're protecting legal documents, business secrets, or personal information, following best practices ensures your secrets remain secure until they're meant to be revealed.

Choosing the Right Threshold

The threshold (k) is the number of shares required to reconstruct the secret. Choosing the right threshold is crucial:

  • Too Low: If k is too low relative to the total number of shares (n), you risk unauthorized access if shares are compromised
  • Too High: If k is too high, you risk losing access if some recipients are unavailable
  • Best Practice: Choose k such that you have redundancy (n - k extra shares) but maintain security. A common approach is k = 2/3 of n, rounded up

Example: For 5 total shares, a threshold of 3 provides good balance—you need 3 to reconstruct, but can lose 2 shares without losing access.

Selecting Trustworthy Recipients

The security of secret sharing depends on the trustworthiness of share holders:

  • Choose Carefully: Only share with people you trust completely
  • Diverse Locations: Distribute shares to people in different locations to reduce risk of simultaneous compromise
  • Different Relationships: Consider sharing with people who have different relationships to you (family, friends, professionals) to reduce collusion risk
  • Verify Recipients: Confirm recipient identities before sharing, especially for sensitive information

Secure Share Distribution

How you distribute shares is as important as who receives them:

  • Use Secure Channels: Share through encrypted messaging, secure email, or in-person delivery
  • Avoid Public Channels: Never share shares through unencrypted email, public messaging, or social media
  • Verify Receipt: Confirm that each recipient has received and securely stored their share
  • Separate Channels: Use different communication channels for different shares when possible
  • In-Person When Possible: For highly sensitive secrets, consider sharing shares in person

Secure Share Storage

Recipients must store their shares securely:

  • Encrypted Storage: Store shares in encrypted form on secure devices
  • Multiple Backups: Consider keeping encrypted backups of shares in secure locations
  • Physical Security: If storing shares physically (printed), keep them in secure locations like safes or safety deposit boxes
  • Access Control: Limit access to stored shares—use device encryption, strong passwords, or biometric locks
  • Regular Verification: Periodically verify that shares are still accessible and haven't been compromised

Documentation and Organization

Proper documentation ensures secrets can be recovered when needed:

  • Record Recipients: Keep a secure record of who holds which shares (but not the shares themselves)
  • Document Threshold: Clearly document the threshold (k) and total shares (n) for future reference
  • Share Metadata: Document what the secret is for, when it was created, and when it should be revealed
  • Update Records: Update your records if recipients change or shares are redistributed
  • Secure Documentation: Store documentation securely, separate from the shares themselves

Recovery Planning

Plan for scenarios where shares might be lost or recipients unavailable:

  • Redundancy: Create more shares than the threshold requires to provide redundancy
  • Backup Recipients: Consider having backup recipients who can hold shares
  • Regular Verification: Periodically verify that all recipients still have access to their shares
  • Recovery Procedures: Document procedures for recovering secrets if shares are lost
  • Time-Sensitive Secrets: For time-sensitive secrets, ensure recipients understand when and how to reconstruct

Common Mistakes to Avoid

Learn from common mistakes:

  • Sharing Shares Publicly: Never share shares through insecure channels or public platforms
  • Storing All Shares Together: Don't store multiple shares in the same location
  • Weak Recipient Selection: Don't share with untrustworthy or unreliable recipients
  • Poor Threshold Selection: Avoid thresholds that are too low (insecure) or too high (impractical)
  • Lack of Documentation: Don't forget to document who has shares and how to reconstruct
  • Ignoring Updates: Don't forget to update your secret sharing setup if circumstances change

Special Considerations

Different use cases require different approaches:

  • Legal Documents: Consider involving legal professionals and ensure compliance with relevant laws
  • Business Secrets: May require additional security measures and non-disclosure agreements
  • Personal Secrets: Balance security with accessibility for family members
  • Emergency Information: Ensure shares are accessible to trusted individuals who can act quickly

Using ShareMySecret

ShareMySecret implements many of these best practices automatically:

  • Flexible Thresholds: Choose any threshold from 2 to the total number of shares
  • Secure Encryption: All secrets are encrypted with AES-256 before sharing
  • Easy Distribution: Share shares securely through the app's built-in sharing features
  • Secure Storage: Shares are stored encrypted on each recipient's device
  • User-Friendly: The app handles the complex mathematics, letting you focus on security

Conclusion

Secret sharing is a powerful security tool, but its effectiveness depends on proper implementation. By following these best practices—choosing appropriate thresholds, selecting trustworthy recipients, using secure distribution channels, and maintaining proper documentation—you can ensure your secrets remain protected until they're meant to be revealed.

Remember, the goal of secret sharing is to balance security with accessibility. Too much security can make secrets unrecoverable, while too little can leave them vulnerable. With careful planning and the right tools like ShareMySecret, you can achieve the perfect balance.

Ready to implement these best practices? Download ShareMySecret and start protecting your sensitive information with confidence.