o Ji$ @shdZddlZddlZddlmZmZdededefddZdededefd d Zdedefd d Z dededefd dZ deededefddZ d'deeeefdedefddZ  d(de dededeeee ffddZdeeee fde fddZ  d(dedededeeeeffd d!Zdeeeefdefd"d#Zd$d%Zed&kredSdS))u Shamir's Secret Sharing for BIP39 Mnemonics Splits a mnemonic into N shares where any K shares can reconstruct it. Default: 2-of-3 scheme. Share distribution: Share 1: User writes down (paper, sealed envelope) Share 2: Encrypted to user's personal email Share 3: Stored on device (hardware-bound via OP-TEE HUK if available) Any 2 of 3 shares reconstruct the mnemonic. Uses GF(256) arithmetic for the secret sharing — each byte of the mnemonic entropy is split independently. Usage: from shamir import split_secret, combine_shares shares = split_secret(b"secret data", threshold=2, num_shares=3) # shares = [(1, b"..."), (2, b"..."), (3, b"...")] recovered = combine_shares([(1, shares[0][1]), (3, shares[2][1])]) assert recovered == b"secret data" N)ListTupleabreturncCs||AS)zAddition in GF(256) is XOR.rrrr3/home/geodesix/Jetson/tests/../src/crypto/shamir.py _gf256_add#sr cCsNd}tdD]}|d@r||N}|d@}|d>d@}|r |dN}|dL}q|S)z?Multiplication in GF(256) using Russian peasant multiplication.r)range)rrp_hirrr _gf256_mul's   rcCsD|dkrtd|}tdD] }t||}t||}qt||}|S)zDMultiplicative inverse in GF(256) via exponentiation (a^254 = a^-1).rzNo inverse for 0 in GF(256))ZeroDivisionErrorrr)rresultrrrr _gf256_inv4s    rcCst|t|S)zDivision in GF(256).)rrrrrr _gf256_div@srcoeffsxcCs&d}t|D] }tt|||}q|S)z=Evaluate polynomial at x in GF(256). coeffs[0] is the secret.r)reversedr r)rrrcoeffrrr _eval_polynomialEs rsharesc Cst|}d}t|D];}||\}}d}d}t|D]} || kr!q|| d} t|t|| }t|t|| }qt|t||} t|| }q |S)zDLagrange interpolation at x in GF(256) to recover the secret (f(0)).rr )lenrrr r) rrkrixiyinumdenjxjtermrrr _lagrange_interpolateMs     r*secret threshold num_sharescs||krtd|dkrtd|dkrtdddt|D|D]%}|gddt|d D}t|D]}|d }|t||q7q#fd dt|DS) aX Split a secret into shares using Shamir's Secret Sharing. Args: secret: The secret to split (arbitrary bytes) threshold: Minimum shares needed to reconstruct (K) num_shares: Total shares to generate (N) Returns: List of (share_index, share_data) tuples. share_index is 1-based (1..N). z(Threshold cannot exceed number of sharesr+zThreshold must be at least 2rz"Maximum 255 shares (GF(256) limit)cSsg|]}tqSr) bytearray.0rrrr zsz split_secret..cSsg|]}tdqS))secrets randbelowr1rrr r3~sr cs g|] }|dt|fqS)r )bytes)r2r"rrr r3 ) ValueErrorrappendr)r-r.r/byterr"rrr8r split_secretbs r=csx|stdt|ddtfdd|Dstdt}tD]fdd|D}|t|dq$t|S) z Reconstruct a secret from shares. Args: shares: List of (share_index, share_data) tuples. Need at least threshold shares. Returns: The reconstructed secret bytes. zNo shares providedrr c3s |] }t|dkVqdS)r N)r r2s)lengthrr sz!combine_shares..z"All shares must be the same lengthcs g|] }|d|dfqS)rr rr>)byte_idxrr r3r9z"combine_shares..)r:r allr0rr;r*r7)rrpointsr)rBr@r combine_sharess  rEmnemoniccCs$|d}t|||}dd|DS)z Split a BIP39 mnemonic into Shamir shares. Returns shares as (index, hex_string) tuples for easy storage/display. utf-8cSsg|] \}}||fqSr)hex)r2idxdatarrr r3sz"split_mnemonic..)encoder=)rFr.r/r- raw_sharesrrr split_mnemonics rMcCs dd|D}t|}|dS)zy Reconstruct a BIP39 mnemonic from Shamir shares. Args: shares: List of (index, hex_string) tuples. cSsg|] \}}|t|fqSr)r7fromhex)r2rIhex_datarrr r3sz+combine_mnemonic_shares..rG)rEdecode)rrLr-rrr combine_mnemonic_sharess rQcCsddl}ddl}|jdd}|jdd}|jddd}|jd d d d |jd dtddd|jddtddd|jddd}|jddd dd|jddd}|}|jdkrt |j |j |j }t dt|d|j d|D]\} } t d | d!| qpt d"|j d#dS|jdkrg} |j D]} | d$d%\} } | t| | fqt| }t d&|d'dS|jdkrit d(d)}t|dd}t|d|d%g|ksJd*t|d|dg|ksJd+t|d%|dg|ksJd,t d-t|dd.}t|d|d|d/g|ksJd0t d1d2}t |dd}t|d|dg}||ks5Jd3t d4d5D]#}tt|gdd} t| d| dgt|gks]Jd6|q;t d7t d8dS|dS)9Nrz"Shamir's Secret Sharing for Hermes) descriptioncommand)destsplitzSplit a mnemonic into shares)helpz --mnemonicTzBIP39 mnemonic to split)requiredrVz --thresholdz-kr+zShares needed (default: 2))typedefaultrVz--sharesz-nr,zTotal shares (default: 3)combinez Reconstruct mnemonic from shares+z7Shares as 'index:hex' pairs (e.g., '1:ab12ef 3:cd34gh'))nargsrWrVtestz Run self-testz Mnemonic split into z shares (need z to recover): z Share z: z Store these separately. Any z% shares can reconstruct the mnemonic.:r z Recovered mnemonic:  z,Running Shamir's Secret Sharing self-test...shello world testzFailed: shares 1,2zFailed: shares 1,3zFailed: shares 2,3z [PASS] 2-of-3 basiczFailed: 3-of-5z [PASS] 3-of-5z]abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon aboutzFailed: mnemonic recoveryz [PASS] Mnemonic round-trip)rr r rz Failed: byte z. [PASS] Edge cases (0, 1, 127, 128, 254, 255)z All tests passed!)argparsejsonArgumentParseradd_subparsers add_parser add_argumentint parse_argsrSrMrFr.rprintr rUr;rQr=rEr7 print_help)rdreparsersub split_cmd combine_cmdtest_cmdargsrrIrOparsedr?idx_strrFr-shares5m_shares recoveredvalrrr mainsb             ( 2  rz__main__)r)r+r,)__doc__osr5typingrrrjr rrrrr*r7r=rEstrrMrQrz__name__rrrr sL  $ &# F