Imagine we have a secret — a password, a safe combination, a crypto wallet key. We want to hide it so that only several people together can open it. This article explains Shamir secret sharing with nothing but points and lines — no polynomials required.
Key Takeaways
- Any secret — password, file, wallet key — is a number to a computer; we use a small example (7) so the pictures stay readable.
- Draw a curve through the secret on the Y axis; give each person one point. K points pin down exactly one curve; K − 1 leave infinitely many.
- A straight line needs quorum 2; each extra bend adds one person to the quorum (parabola → 3, two bends → 4).
- Real cryptography uses arithmetic on a large finite field, not the real number line — so one share truly leaks no neighborhood hint.
First, a small caveat: a secret is always a number
You might be thinking: "a secret is a password like qwerty123, or a seed phrase, or a PDF file. What do points and lines have to do with that?"
From a computer's point of view, everything is already a number. Just a very large one.
Every letter in memory is a number (Latin "A" is 65, "B" is 66, and so on; Cyrillic and emoji use larger codes). A word is a sequence of those numbers glued into one long value. An image, PDF, or video is a byte sequence — one giant number.
For a computer, qwerty123 is a number with roughly twenty digits. A crypto wallet key has seventy or eighty digits. A file can have millions. Any secret in the world is a number. A big one.
In this article we will use a modest 7 as the secret so the pictures stay readable. Everything we do with it works the same for a hundred-digit number.
One person: just a slip of paper
The simplest case: I write the secret on paper and put it in my pocket. Lose the paper — the secret is gone forever. Someone else finds it — the secret is stolen.
We want something better: split the secret among several people so that:
- each person alone knows nothing;
- but together they can recover it.
Two people: draw a straight line
Take our secret — the number 7 — and place it on a coordinate plane at (0, 7). The "secret" is where our curve crosses the vertical axis.
Now draw any straight line through that point. Tilt it at a random angle. Mark a few more points on it — say at x = 1, 2, 3. Give one point to each of three people.
Alice gets (1, 11), Bob (2, 15), Carol (3, 19). The star on the Y axis is the secret — and nobody sees it directly.
Why do this? Because of one geometric fact.
Exactly one line goes through two points
That is all the geometry we need. If two people put their points together and draw a line through them, they recover exactly the line we used. Extend it left to the Y axis and read the value — that is the secret.
Why does one person know nothing?
Here is the magic. Alice only has her point (1, 11). She tries to guess the secret alone. But infinitely many lines pass through one point.
Each line crosses the Y axis somewhere else. One might imply secret 19, another 7, another −3. Alice has no clue which line is "the real one." Every answer is equally plausible.
That is not "little information" — it is no specific clue at all. Guessing the secret from one point is no better than picking at random on the number line. (A small caveat at the end does not break this picture.)
Split into as many parts as you like
We can mark five, ten, or a hundred points on the same line and hand them out. Any two can recover the line and the secret. Any one still knows nothing.
That is a "2-of-N" scheme: no matter how many people hold shares, the quorum stays 2.
When you want a larger quorum
What if we need three people to open the secret, not two? Two is no longer enough.
Back to geometry. Two people can always agree — any two points define one line. So we need something that is not a line.
The trick: bend the curve.
One bend — quorum becomes 3
Same idea, but draw a curve with one bend — a parabola from school. The secret still lives where the curve hits the Y axis. Hand out points as before.
The geometric fact everything rests on:
If two people collude, they only have two points — infinitely many parabolas fit, each pointing at a different secret:
Three people find the only parabola, extend it to the Y axis, and read the secret.
Notice the symmetry: what a line did with one person, a parabola does with two. Each extra bend adds one person to the quorum.
Need four? Five?
Same logic. Quorum 4 means a curve with two bends. Four points pin down exactly one curve; three points still leave infinitely many — and no information.
What we end up with
A clear, visual way to split any secret:
- Decide how many people must meet to recover it — call that K.
- Draw a curve with K−1 bends through the secret on the Y axis.
- Mark as many points as you have participants — three or thirty.
- Give each person one point. Erase the curve and the secret.
Any K people can combine shares, rebuild the curve, and read the secret. K minus one cannot — they still face infinitely many curves, each with a different answer.
That is Shamir's scheme — from 1979, still used wherever keys are split among people: crypto wallets, bank vaults, and more. All of it rests on one school observation about points and lines.
A small honest caveat
Earlier I said one person with one point knows nothing. Geometrically that is true: infinitely many lines fit, each with its own secret. On paper, all options look equal.
But there is a nuance. Suppose Alice holds (1, 11). Mathematically the secret could be 7, a million, or minus a billion. Yet intuitively she might suspect: her own number is 11, so the slope is probably modest, and the secret is likely in the same ballpark — not billions away.
That is not "knowing the secret," but it is not total darkness either. It is a hint about the neighborhood — which part of the number line to search. For serious cryptography that leak is unacceptable: imagine a wallet key worth ten million dollars and an attacker told "search between zero and a billion" instead of "search everywhere."
Real cryptography fixes this by working on a circle, not an infinite line — like a clock that wraps after twelve, but with billions of ticks. On such a circle, "large" and "small" lose meaning; every value looks equally likely. Then — and only then — one point carries no information about the secret, exact or approximate.
The geometric idea stays the same: same curves, same points, same rule — K points define one curve, K−1 define infinitely many. Only the plane is wrapped into a big circle.
Try it yourself
Move the sliders. K is how many people must meet to open the secret. N is how many participants exist. Click points to build a quorum: with fewer than K selected you see a bundle of possible curves, each guessing its own secret. With exactly K, one curve finds the real secret on the Y axis.
The curve and secret regenerate whenever you move a slider. Real Shamir geometry looks exactly like this.