If you know the coordinates of any 2 points on a line you can recover the equation for that line.
The same is true for 3 points on a quadratic curve and 4 points on cubic curve, etc.
So if our secret is the number c we can put it in the equation for, say, a quadratic:
ax^2 + bx + c = 0
We can then give any number of people the coordinates for different single points on this curve.
None of these people know the equation but if any 3 of them share their coordinates they can work out the
equation and thus the value of c.
Not to mention that it abbreviates to "SSS". I quickly looked up the D&D player's handbook and sure enough: Mordenkainen's Magnificent Mansion
Here is one seriously broken implementation he discovered: https://bitcointalk.org/index.php?topic=2199659.0
Now suppose I asked if there's a practical example of SSS in the wild. Someone answers, "of course: ___." Then 7 troglodyte friends and I jump on ___ (which is super easy because everyone already uses one of these user-friendly services that wrap around ___)and immediately see how ___ helps us develop by leveraging SSS. We realize that SSS is leveraged so that we can ensure ___. Thanks, ___!
Fill in the blanks.
I've seen SSS used in Ethereum smart-contracts before. Grid+ https://blog.gridplus.io/simple-security-with-shamir-secret-... and Blockstack: https://github.com/blockstack/secret-sharing and uPort: https://github.com/uport-project/sss-wasm come to mind.
Decide on a policy. For example, 4 of your 7 friends need to agree that you've been dead/incapacitated for 90 days, and that once that happens they should give your digital assets to Recipient R (probably your next of kin). Pick a master passphrase that decrypts something interesting like a passphrase manager database file. Split the master passphrase using a 4-of-7 scheme. Distribute the seven shares to your seven friends (one to each friend). Now you know the passphrase manager won't be compromised before your death unless you are careless with the master passphrase, or four of your seven friends either collude, get hacked, or honor a legal demand to produce the shares.
This gets interesting when the digital-asset ownership is determined exclusively by cryptography. The money in your bank account is not such a thing (a suitably official-looking piece of paper will release your money to anyone), but Bitcoin or Ethereum definitely are (no court order or lead pipe can solve the discrete logarithm problem).
Such classes of assets are very new. So there are not yet any "practical examples in the wild" that an ordinary person would be likely to recognize.
"Paul Kane -- who lives in the Bradford-on-Avon area -- has been chosen to look after one of seven keys, which will 'restart the world wide web' in the event of a catastrophic event."
I was looking for an example a bit more concrete and inspectable than that.
It uses SSS for its startup process.
It's different in that the data is totally readable other than the missing pieces (although practically unusable). The thing that blew my mind was just how a single parity file can fill a single gap regardless of where in the sequence of original files.
The more general theoretical category is the erasure code .
You take a list of those passwords, and encrypt it using SSSS with 4 of 7 keys needed to decrypt.
You then share these 7 keys with your 7 relatives.
After your death, they get together and unlock your passwords.
For example-- suppose that person dies and these 7 relatives access the account and wire themselves some money. With no other arrangements made, doesn't that constitute bank fraud?
On the flip side-- if the relatives also have to go through the time-consuming processes of meetings with an estate lawyer and bank managers in order to fulfill the wishes of the deceased, what function does the cryptography perform in this case?
However, during the data retention debate in Norway I repeatedly pointed out that the only responsible way to implement the act would be to use secret sharing to ensure that a sufficient number of parties were involved when unlocking someone's private data.
Wonder if this has been used in any commercial transaction escrow systems.