Difference to Shamir's Secret Sharing scheme?

[good-lly]

@kewbish Interesting project! Could you please elaborate/"eli5" the scheme and differences of kintsugi vs Shamir's Secret Sharing?
Is this method somehow complementary?

Thank you!

[kewbish]

Thank you!

Kintsugi is a decentralized E2EE key recovery protocol. SSS also decentralizes trust and can also be used to recover keys. SSS works to reconstruct a secret directly (your key), but this is problematic in E2EE contexts, because colluding recovery contacts can go behind your back to reconstruct your key and get full access to your account/etc.

Kintsugi does a bit of cryptography magic so that you can mask your password and give it to recovery contacts, who then have shares of a secret that they apply to your password. With their shares applied to your password, you then construct a new key to encrypt a backup of your recovery key. Your recovery contacts can't get access to your password, because you've masked it before they can ever see it, so even if they all collude, they won't get any valuable information.

This work is part of an upcoming research paper, which contains much more context. I'll link the paper here when it's available — I didn't expect folks to find this repository yet!