secretsharing 0.3 → 1.0.0

data/Rakefile

@@ -0,0 +1,12 @@
+# -*- encoding: utf-8 -*-
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.pattern = "spec/*_spec.rb"
+  t.verbose = true
+  t.warning = false
+end
+
+task :default => 'test'

data/SIGNED.md

@@ -0,0 +1,99 @@
+##### Signed by https://keybase.io/grempe
+```
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJUtXiuAAoJEOcWanfPl9CRG6cP/3LrrQItO+olbfYvvp+bFa54
+hiK3g6IGYCKAAlocHVCzxNnEczAqCa3/HASkh96RIs0LXznKcFAIjgs/uwZs/Ahh
+WYxjI9iPEyJyWffFzDIvA//A2xJCxuzupLc3yqGCTGCsvEf7yVN5fcVe8svzq6ZG
+k4BuNzPLONCuzXrtmd7W15F+6M5PD67Rcs+gcHNuZEZOsXnJ3bRsu8GS8LucsxOK
+SKsSwLpgJ6vAt3Ef3LSI7SQVMeRRtvgKi2iii/zGwHqRPPoqilpoeLNLlhtTX5Ee
+KjfuW9qCU3zEfUs36J0JNtsf1fe0UmdiVvuRtWyM8ONHLJFP4394EwwA/A2QEYil
+EYOEd8XkIcIh6lAMAKCNP22gHoJ5ezzlQ/Fk8tMGPlG+C0JVpYzf7+kzlL7iEvG/
+y1YC16Cob2whgoLSvt4W7DFADwPm0WRsrdr0QPi0saM60w0fc9+6s8n6YrQEF/rv
+vrNbwR7nTT0Hgxqy7F0C6N9l6mS3UOuJvbM2h3QKKI/N7aDZbD4v/SYZjQTD5aXQ
+ZVV8KJxykxdHTNlsaUJptO4QFNfnWv0gWc25nDLQ+Io6v3rtV4wYf7JgIRcZgJg9
+L6A0B2H1+SXkin7kcxb3ixaIzk0nRTHzF5SKWxGum3Q6wc6WiNE4CcwxuH3Pq2zD
+IIhFWwazaio135TTNoj4
+=BtEN
+-----END PGP SIGNATURE-----
+
+```
+
+<!-- END SIGNATURES -->
+
+### Begin signed statement 
+
+#### Expect
+
+```
+size   exec  file                          contents                                                        
+             ./                                                                                            
+96             .coco.yml                   7c6c72d0ace59753d384d977006da83a0b7bf5333468047529f3e92b4b32b069
+168            .gitignore                  cbf96ae3fecba78c775adf62469ecb1161fabf7cd336d166f2b695c02ec105de
+296            .rubocop.yml                9e05e042f3c9b14bc52fc7b961cebe26cffdd72f36fea16266ef7622f315e669
+182            .travis.yml                 79982d49c16dfef74ac82d239073627e81ab1b4cff7d97721aa1fc047ccc9007
+625            CHANGES                     578a7ed1fbc9a0ccdbc148aeae0ce8b3b58cb3f78e23013d8db0aaf98ade49fa
+98             Gemfile                     5184edc7cae42cd49ced95779a2035fa6b04edc686450034b7ed731ef2941037
+11357          LICENSE.txt                 c81e80664649784c5927f846ba071b04acbb6afaeeea9ee737c8a4a9c8a3bc89
+12398          README.md                   7191bb1605c1628dc88ad14d4b846984ed6f4d24148b8c14e49fa74c59085158
+205            Rakefile                    52e019b00c55641f894f914df53a40d993ccb90b20731338004269292f4c5d7f
+               bin/                                                                                        
+3151   x         secretsharing             79efbec8ef0fc6f24417ea490defc6008ac6533ae96dabc0ab7f59c2b385d791
+               gemfiles/                                                                                   
+101              Gemfile.ci                7e196ea31483bcfd25f626d3ce5eff19ee8c330c44a3ca6b80a4bd8c8aece065
+               lib/                                                                                        
+                 secretsharing/                                                                            
+                   shamir/                                                                                 
+3749                 container.rb          37fd7db90e4f2f337db979c93b7022710d443815a0be8f71f3c642902c7cea80
+4954                 secret.rb             34ed54e31a4f862ea5f7df2074b7b204dc5400548a47b7f0055fa7050b7ff1e3
+6017                 share.rb              a380d5adf64815e62ad4256596b8a05ede61a8c0e7ec1436348946edd3aaed7a
+3031               shamir.rb               5702d49cc0e97202e6e0867a0f6955366d407ec4b3fe2d5989bc2259d2776f9f
+706                version.rb              428fb8abe60cd3e195e87f1d5f438e03ce797de8ceb699ab18260b7a9a4d9848
+863              secretsharing.rb          73deaa58299b597e0540b905f1f713dff526060a9a24c6909cdca83ff23164c4
+1733           secretsharing.gemspec       00430997e55126061ec3729438a58ec01e07b07fa846467947f55cfde8285a86
+               spec/                                                                                       
+12643            shamir_container_spec.rb  39f3e0393cdf50c88fae9ba4302d32dc881fc2ce3b4b8adcd97cf1fb5df026f2
+7023             shamir_secret_spec.rb     67533deb4a929155197067106e4149f70bc49b626b08690e8e3611106885ef77
+2719             shamir_share_spec.rb      4d2132531310348308c72af976cdc489bb59ef4b77373d5a71dd95b15f3205db
+1032             shamir_spec.rb            c5a7e030dad410917a7e52f46f0531a4df8d2f05019e9136a34750f97699b7e2
+997              spec_helper.rb            9b634a61716596562288b4c4325e43696af87b48abcd36b34250991aa010caf9
+```
+
+#### Ignore
+
+```
+/SIGNED.md
+```
+
+#### Presets
+
+```
+git      # ignore .git and anything as described by .gitignore files
+dropbox  # ignore .dropbox-cache and other Dropbox-related files    
+kb       # ignore anything as described by .kbignore files          
+```
+
+<!-- summarize version = 0.0.9 -->
+
+### End signed statement
+
+<hr>
+
+#### Notes
+
+With keybase you can sign any directory's contents, whether it's a git repo,
+source code distribution, or a personal documents folder. It aims to replace the drudgery of:
+
+  1. comparing a zipped file to a detached statement
+  2. downloading a public key
+  3. confirming it is in fact the author's by reviewing public statements they've made, using it
+
+All in one simple command:
+
+```bash
+keybase dir verify
+```
+
+There are lots of options, including assertions for automating your checks.
+
+For more info, check out https://keybase.io/docs/command_line/code_signing

data/bin/secretsharing

@@ -0,0 +1,111 @@
+#!/usr/bin/env ruby
+
+require 'highline/import'
+
+begin
+  require 'secretsharing'
+rescue LoadError
+  require 'rubygems'
+  require 'secretsharing'
+end
+
+include SecretSharing::Shamir
+
+# FIXME : Need to be able to specify bitlength of random secret
+# FIXME : Need tests
+# FIXME : Allow specify a fixed secret that is a num or a String
+
+# Build up a Hash of all of the options chosen
+choices = {}
+
+say("\nShamir's Secret Sharing\n")
+
+say("\nWould you like to 'encode' a new secret as shares, or 'decode' one from existing shares?\n")
+choose do |menu|
+  menu.prompt = 'Action? '
+
+  menu.choice(:encode) do
+    choices[:action] = :encode
+  end
+
+  menu.choice(:decode) do
+    choices[:action] = :decode
+  end
+end
+
+if choices[:action] == :encode
+
+  say("\nWould you like to create a 'random' secret, or will you provide a 'fixed' one?\n")
+  choose do |menu|
+    menu.prompt = 'Type? '
+
+    menu.choice(:random) do
+      choices[:secret_type] = :random
+    end
+
+    menu.choice(:fixed) do
+      choices[:secret_type] = :fixed
+    end
+  end
+
+  if choices[:secret_type] == :fixed
+    choices[:secret_password] = ask('Enter your numeric password:  ', Integer) { |q| q.validate = /^[0-9]+$/ }
+  end
+
+  choices[:secret_n] = ask('How many total shares (n) do you want to distribute?  ', Integer) { |q| q.in = 2..512 }
+  choices[:secret_k] = ask('How many of the total shares (k) are required to reveal the secret?  ', Integer) { |q| q.in = 2..512 }
+
+  @c = SecretSharing::Shamir::Container.new(choices[:secret_n], choices[:secret_k])
+
+  if choices[:secret_type] == :fixed
+    @c.secret = SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN.new(choices[:secret_password].to_s))
+  else
+    @c.secret = SecretSharing::Shamir::Secret.new
+  end
+
+  say("\n========================================\n")
+  say("Encoded Secret:\n\n")
+  say("(k) Value: #{choices[:secret_k]}\n")
+  say("(n) Value: #{choices[:secret_n]}\n")
+  say("\n")
+  say("Secret (Bignum): \n")
+  say(@c.secret.secret.to_s)
+  say("\n")
+  say("Secret (Base64 Compacted & URL Safe): \n")
+  say(@c.secret.to_s)
+  say("\n")
+  say("Secret has valid_hmac? \n")
+  say(@c.secret.valid_hmac?.to_s + "\n")
+  say("\n")
+  say("Shares:\n")
+  @c.shares.each { |s| say s.to_s }
+  say("\n========================================\n")
+
+elsif choices[:action] == :decode
+  say("\n")
+  choices[:secret_k] = ask('How many of shares (k) are required to reveal this secret?  ', Integer) { |q| q.in = 2..512 }
+
+  @c = SecretSharing::Shamir::Container.new(choices[:secret_k])
+
+  say("\n")
+  shares =  ask("Enter the '#{choices[:secret_k]}' shares one at a time with a RETURN after each:", lambda { |ans| ans =~ /^-?\d+$/ ? Integer(ans) : ans }) do |q|
+    q.gather = choices[:secret_k]
+  end
+
+  shares.map { |s| @c << s }
+
+  say("\n")
+  if @c.secret?
+    say("\n========================================\n")
+    say("Decoded Secret:\n\n")
+    say("(k) Value: #{choices[:secret_k]}\n")
+    say("\n")
+    say("Secret (Bignum): \n")
+    say(@c.secret.secret.to_s)
+    say("\n")
+    say("Secret (Base64 Compacted & URL Safe): \n")
+    say(@c.secret.to_s)
+    say("\n")
+    say("\n========================================\n")
+  end
+end

data/gemfiles/Gemfile.ci

@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+gem 'multi_json'
+gem 'rake'
+gem 'minitest'
+gem 'highline'
+gem 'mocha'

data/lib/secretsharing.rb

@@ -1 +1,26 @@
+# -*- encoding: utf-8 -*-
+
+# Copyright 2011-2015 Glenn Rempe
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'openssl'
+require 'digest/sha1'
+require 'base64'
+require 'multi_json'
+
+require 'secretsharing/version'
 require 'secretsharing/shamir'
+require 'secretsharing/shamir/container'
+require 'secretsharing/shamir/share'
+require 'secretsharing/shamir/secret'

data/lib/secretsharing/shamir.rb

@@ -1,298 +1,96 @@
-require 'openssl'
-require 'digest/sha1'
-require 'base64'
+# -*- encoding: utf-8 -*-
 
-module SecretSharing
-	# The SecretSharing::Shamir class can be used to share random
-	# secrets between n people, so that k < n people can recover the
-	# secret, but k-1 people learn nothing (in an information-theoretical
-	# sense) about the secret.
-	#
-	# For a theoretical background, see 
-	# http://www.cs.tau.ac.il/~bchor/Shamir.html or
-	# http://en.wikipedia.org/wiki/Secret_sharing#Shamir.27s_scheme
-	#
-	# To share a secret, create a new SecretSharing::Shamir object and
-	# then call the create_random_secret() method. The secret is now in
-	# the secret attribute and the shares are an array in the shares attribute.
-	#
-	# Alternatively, you can call the set_fixed_secret() method with an
-	# OpenSSL::BN object (or something that can be passed to OpenSSL::BN.new)
-	# to set your own secret.
-	#
-	# To recover a secret, create a SecretSharing::Shamir object and
-	# add the necessary shares to it using the '<<' method. Once enough
-	# shares have been added, the secret can be recovered in the secret
-	# attribute.
-	class Shamir
-		attr_reader :n, :k, :secret, :secret_bitlength, :shares
-
-		DEFAULT_SECRET_BITLENGTH = 256
-
-		# To create a new SecretSharing::Shamir object, you can
-		# pass either just n, or k and n.
-		#
-		# For example:
-		#   s = SecretSharing::Shamir.new(5, 3)
-		# to create an object for 3 out of 5 secret sharing.
-		#
-		# or
-		#   s = SecretSharing::Shamir.new(3)
-		# for 3 out of 3 secret sharing.
-		def initialize(n, k=n)
-			if k > n then
-				raise ArgumentError, 'k must be smaller or equal than n'
-			end	
-			if k < 2 then
-				raise ArgumentError, 'k must be greater or equal to two'
-			end
-			if n > 255 then
-				raise ArgumentError, 'n must be smaller than 256'
-			end
-			@n = n
-			@k = k
-			@secret = nil
-			@shares = []
-			@received_shares = []
-		end
-
-		# Check whether the secret is set.
-		def secret_set?
-			! @secret.nil?
-		end
-
-		# Create a random secret of a certain bitlength. Returns the
-		# secret and stores it in the 'secret' attribute.
-		def create_random_secret(bitlength = DEFAULT_SECRET_BITLENGTH)
-			raise 'secret already set' if secret_set?
-			raise 'max bitlength is 1024' if bitlength > 1024
-			@secret = get_random_number(bitlength)
-			@secret_bitlength = bitlength
-			create_shares
-			@secret
-		end
-
-		# Set the secret to a fixed OpenSSL::BN value. Stores it
-		# in the 'secret' attribute, creates the corresponding shares and
-		# returns the secret
-		def set_fixed_secret(secret)
-			raise 'secret already set' if secret_set?
-			if secret.class != OpenSSL::BN then
-				# create OpenSSL bignum
-				secret = OpenSSL::BN.new(secret)
-			end
-			raise 'max bitlength is 1024' if secret.num_bits > 1024
-			@secret = secret
-			@secret_bitlength = secret.num_bits
-			create_shares
-			@secret
-		end
-
-		# The secret in a password representation (Base64-encoded)
-		def secret_password
-			if ! secret_set? then
-				raise "Secret not (yet) set."
-			end
-			Base64.encode64([@secret.to_s(16)].pack('h*')).split("\n").join
-		end
-
-		# Add a secret share to the object. Accepts either a
-		# SecretSharing::Shamir::Share instance or a string representing one.
-		# Returns true if enough shares have been added to recover the secret,
-		# false otherweise.
-		def <<(share)
-			# convert from string if needed
-			if share.class != SecretSharing::Shamir::Share then
-				if share.class == String then
-					share = SecretSharing::Shamir::Share.from_string(share)
-				else
-					raise ArgumentError 'SecretSharing::Shamir::Share ' \
-					                  + 'or String needed'
-				end
-			end
-			if @received_shares.include? share then
-				raise 'share has already been added'
-			end
-			if @received_shares.length == @k then
-				raise 'we already have enough shares, no need to add more'
-			end
-			@received_shares << share
-			if @received_shares.length == @k then
-				recover_secret
-				return true
-			end
-			false
-		end
-
-		# Computes the smallest prime of a given bitlength. Uses prime_fasttest
-		# from the OpenSSL library with 20 attempts to be compatible to openssl
-		# prime, which is used in the OpenXPKI::Crypto::Secret::Split library.
-		def self.smallest_prime_of_bitlength(bitlength)
-			# start with 2^bit_length + 1
-			test_prime = OpenSSL::BN.new((2**bitlength + 1).to_s)	
-			prime_found = false
-			while (! prime_found) do
-				# prime_fasttest? 20 do be compatible to
-				# openssl prime, which is used in
-				# OpenXPKI::Crypto::Secret::Split
-				prime_found = test_prime.prime_fasttest? 20
-				test_prime += 2
-			end
-			test_prime
-		end
-
-		private
-		# Creates a random number of a certain bitlength, optionally ensuring
-		# the bitlength by setting the highest bit to 1.
-		def get_random_number(bitlength, highest_bit_one = true)
-			byte_length = (bitlength / 8.0).ceil
-			rand_hex = OpenSSL::Random.random_bytes(byte_length).each_byte. \
-			                           to_a.map { |a| "%02x" % a }.join('')
-			rand = OpenSSL::BN.new(rand_hex, 16)
-			begin
-				rand.mask_bits!(bitlength)
-			rescue OpenSSL::BNError
-				# never mind if there was an error, this just means
-				# rand was already smaller than 2^bitlength - 1
-			end
-			if highest_bit_one then
-				rand.set_bit!(bitlength)
-			end	
-			rand
-		end
+# Copyright 2011-2015 Glenn Rempe
 
-		# Creates the shares by computing random coefficients for a polynomial
-		# and then computing points on this polynomial.
-		def create_shares
-			@coefficients = []
-			@coefficients[0] = @secret
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 
-			# round up to next nibble
-			next_nibble_bitlength = @secret_bitlength + \
-			                        (4 - (@secret_bitlength % 4))
-			prime_bitlength = next_nibble_bitlength + 1
-			@prime = self.class.smallest_prime_of_bitlength(prime_bitlength)
+#     http://www.apache.org/licenses/LICENSE-2.0
 
-			# compute random coefficients
-			(1..k-1).each do |x|
-				@coefficients[x] = get_random_number(@secret_bitlength)
-			end
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
-			(1..n).each do |x|
-				@shares[x-1] = construct_share(x, prime_bitlength)
-			end
-		end	
-
-		# Construct a share by evaluating the polynomial at x and creating
-		# a SecretSharing::Shamir::Share object.
-		def construct_share(x, bitlength)
-			p_x = evaluate_polynomial_at(x)
-			SecretSharing::Shamir::Share.new(x, p_x, @prime, bitlength)
-		end
-
-		# Evaluate the polynomial at x.
-		def evaluate_polynomial_at(x)
-			result = OpenSSL::BN.new('0')
-			@coefficients.each_with_index do |coeff, i|
-				result += coeff * OpenSSL::BN.new(x.to_s)**i
-				result %= @prime
-			end
-			result
-		end
-
-		# Recover the secret by doing Lagrange interpolation.
-		def recover_secret
-			@secret = OpenSSL::BN.new('0')
-			@received_shares.each do |share|
-				l_x = l(share.x, @received_shares)
-				summand = share.y * l_x
-				summand %= share.prime
-				@secret += summand
-				@secret %= share.prime
-			end
-			@secret
-		end
-		
-		# Part of the Lagrange interpolation.
-		# This is l_j(0), i.e.
-		# \prod_{x_j \neq x_i} \frac{-x_i}{x_j - x_i}
-		# for more information compare Wikipedia:
-		# http://en.wikipedia.org/wiki/Lagrange_form
-		def l(x, shares)
-			(shares.select { |s| s.x != x }.map do |s|
-				minus_xi = OpenSSL::BN.new((-s.x).to_s)
-				one_over_xj_minus_xi = OpenSSL::BN.new((x - s.x).to_s) \
-				                       .mod_inverse(shares[0].prime)
-				minus_xi.mod_mul(one_over_xj_minus_xi, shares[0].prime)
-			end.inject { |p, f| p.mod_mul(f, shares[0].prime) })
-		end
-	end
-
-	# A SecretSharing::Shamir::Share object represents a share in the
-	# Shamir secret sharing scheme. The share consists of a point (x,y) on
-	# a polynomial over Z/Zp, where p is a prime.
-	class SecretSharing::Shamir::Share
-		attr_reader :x, :y, :prime_bitlength, :prime
-
-		FORMAT_VERSION = '0'
-
-		# Create a new share with the given point, prime and prime bitlength.
-		def initialize(x, y, prime, prime_bitlength)
-			@x = x
-			@y = y
-			@prime = prime
-			@prime_bitlength = prime_bitlength
-		end
-
-		# Create a new share from a string format representation. For
-		# a discussion of the format, see the to_s() method.
-		def self.from_string(string)
-			version = string[0,1]
-			if version != '0' then
-				raise "invalid share format version #{version}."
-			end
-			x = string[1,2].hex
-			prime_bitlength = 4 * string[-2,2].hex + 1
-			p_x_str = string[3, string.length - 9]
-			checksum = string[-6, 4]
-			computed_checksum = Digest::SHA1.hexdigest(p_x_str)[0,4].upcase
-			if checksum != computed_checksum then
-				raise "invalid checksum. expected #{checksum}, " + \
-				      "got #{computed_checksum}"
-			end
-			prime = SecretSharing::Shamir. \
-			        smallest_prime_of_bitlength(prime_bitlength)
-			self.new(x, OpenSSL::BN.new(p_x_str, 16), prime, prime_bitlength)
-		end
-
-		# A string representation of the share, that can for example be
-		# distributed in printed form.
-		# The string is an uppercase hexadecimal string of the following
-		# format: ABBC*DDDDEEEE, where
-		# * A (the first nibble) is the version number of the format, currently
-		#   fixed to 0.
-		# * B (the next byte, two hex characters) is the x coordinate of the
-		#   point on the polynomial.
-		# * C (the next variable length of bytes) is the y coordinate of the
-		#   point on the polynomial.
-		# * D (the next two bytes, four hex characters) is the two highest
-		#   bytes of the SHA1 hash on the string representing the y coordinate,
-		#   it is used as a checksum to guard against typos
-		# * E (the next two bytes, four hex characters) is the bitlength of the
-		#   prime number in nibbles.
-		def to_s
-			# bitlength in nibbles to save space
-			prime_nibbles = (@prime_bitlength - 1) / 4 
-			p_x = ("%x" % @y).upcase
-			FORMAT_VERSION + ("%02x" % @x).upcase \
-				+ p_x \
-				+ Digest::SHA1.hexdigest(p_x)[0,4].upcase \
-				+ ("%02x" % prime_nibbles).upcase
-		end
-
-		# Shares are equal if their string representation is the same.
-		def ==(share)
-			share.to_s == self.to_s
-		end
-	end	
-end
+module SecretSharing
+  # Module for common methods shared across Container, Secret, or Share
+  module Shamir
+    # FIXME : Needs focused tests
+    # Creates a random number of a certain bitlength, optionally ensuring
+    # the bitlength by setting the highest bit to 1.
+    def get_random_number(bitlength)
+      byte_length = (bitlength / 8.0).ceil
+      rand_hex    = OpenSSL::Random.random_bytes(byte_length).each_byte.to_a.map { |a| sprintf('%02x', a) }.join('')
+      rand        = OpenSSL::BN.new(rand_hex, 16)
+
+      begin
+        rand.mask_bits!(bitlength)
+      rescue OpenSSL::BNError
+        # never mind if there was an error, this just means
+        # rand was already smaller than 2^bitlength - 1
+      end
+
+      rand.set_bit!(bitlength)
+      rand
+    end
+
+    # FIXME : Needs focused tests
+
+    # Evaluate the polynomial at x.
+    def evaluate_polynomial_at(x, coefficients, prime)
+      result = OpenSSL::BN.new('0')
+
+      coefficients.each_with_index do |c, i|
+        result += c * OpenSSL::BN.new(x.to_s)**i
+        result %= prime
+      end
+
+      result
+    end
+
+    # FIXME : Needs focused tests
+
+    # Part of the Lagrange interpolation.
+    # This is l_j(0), i.e.
+    # \prod_{x_j \neq x_i} \frac{-x_i}{x_j - x_i}
+    # for more information compare Wikipedia:
+    # http://en.wikipedia.org/wiki/Lagrange_form
+    def lagrange(x, shares)
+      prime        = shares.first.prime
+      other_shares = shares.reject { |s| s.x == x }
+
+      results = other_shares.map do |s|
+        minus_xi = OpenSSL::BN.new("#{-s.x}")
+        one_over_xj_minus_xi = OpenSSL::BN.new("#{x - s.x}").mod_inverse(prime)
+        minus_xi.mod_mul(one_over_xj_minus_xi, prime)
+      end
+
+      results.reduce { |a, e| a.mod_mul(e, prime) }
+    end
+
+    # FIXME : Needs focused tests
+
+    # Backported for Ruby 1.8.7, REE, JRuby, Rubinious
+    def usafe_decode64(str)
+      str = str.strip
+      return Base64.urlsafe_decode64(str) if Base64.respond_to?(:urlsafe_decode64)
+
+      if str.include?('\n')
+        fail(ArgumentError, 'invalid base64')
+      else
+        Base64.decode64(str)
+      end
+    end
+
+    # FIXME : Needs focused tests
+
+    # Backported for Ruby 1.8.7, REE, JRuby, Rubinious
+    def usafe_encode64(bin)
+      bin = bin.strip
+      return Base64.urlsafe_encode64(bin) if Base64.respond_to?(:urlsafe_encode64)
+      Base64.encode64(bin).tr("\n", '')
+    end
+  end # module Shamir
+end # module SecretSharing