Shamir's Secret Sharing: The Math Behind 'Any Two, Never One'

Shamir’s Secret Sharing, published by RSA co-inventor Adi Shamir in 1979, splits a secret into shares such that a threshold number can reconstruct it while any smaller subset reveals literally nothing — not ‘computationally hard,’ but zero information. The construction is elegant: hide the secret as the y-intercept of a randomly chosen polynomial, then hand each participant a single point on that curve. A degree k-1 polynomial requires k points to determine, so a line gives 2-of-n sharing, a parabola gives 3-of-n, and so on. Production implementations swap the geometry for finite-field arithmetic, but the structure is identical.

The crucial property is informational, not computational. With one share missing from a 2-of-n scheme, every possible secret remains equally consistent with the share you hold, because infinitely many lines pass through a single point. That is what distinguishes Shamir’s scheme from merely splitting a key into chunks.

Ente’s Legacy Kit uses the scheme as one layer inside a broader recovery flow. Rather than letting the issued cards directly reconstruct the account’s recovery key, they reconstruct a separate local secret that feeds into a server-mediated recovery step. That indirection lets Ente revoke individual cards and prevents a lost card from becoming a permanent compromise.