How it works
One secret. Many keepers. No single point of failure. Here's how shattr turns any value you want to protect into N portions that only reconstruct when enough holders agree.
1.The shape of the idea
You hand shattr a secret and pick two numbers: how many portions to create (N) and how many are required to recover (T, the threshold). Shattr then produces N portions where any T of them can rebuild the secret, but T − 1 reveal nothing.
You pick the secret
A password, a recovery seed, an API key, an entire file. Anything that fits in a megabyte.
Shattr produces N portions
Hand each portion to a different person, machine, vault, or geography. Single portions are mathematically indistinguishable from random data.
Any T rebuild it
When the threshold meets, the secret comes back byte-for-byte. Fewer than T portions tell you literally nothing about the original.
2.Why this isn't magic
The trick is that two points always define a unique line. Three points define a unique parabola. T points define a unique polynomial of degree T − 1. Shattr hides your secret on that polynomial — and each portion is just one point on the curve.
For a 2-of-N split, shattr picks a random line that crosses the y-axis at your secret. Each portion is one (x, y) point on that line. Hand any two points back and there's exactly one line connecting them — and that line passes through your secret at x = 0.
Give shattr only one point and there are infinitely many lines through it. The remaining secret is uniformly random — every possible secret is equally likely. That's not a metaphor; that's the definition of perfect secrecy.
For higher thresholds, swap the line for a higher-degree polynomial. T points always pin down a degree-T − 1 curve. T − 1 points still leave infinitely many candidates.
3.Where this lands well
Anywhere "one person can lose or leak it" is the failure mode you don't want.
Production access
A 2-of-3 or 3-of-5 split of the root credential. No single engineer can act alone; no single laptop loss locks you out.
Cold-storage recovery
Split a wallet seed across a fireproof safe, a bank deposit box, and a trusted family member. Any two recover it.
Founder succession
Encode "if I'm hit by a bus" — three co-founders, lawyer, and CFO each hold a portion. Any three rebuild the master key.
Break-glass procedures
Hand portions to multiple on-call rotations. An incident needs collaboration, not a single keyholder waking up at 3am.
Encrypted-backup keys
Split the key that unlocks your backup archive. Lose any one portion and you're still fine; lose enough and you've genuinely lost the data — which is the point.
Team password vaults
Replace "the master password lives in one head" with "any three of these five people, together, can unlock it."
4.What shattr is not
- ✕Not a password manager. Shattr splits one specific secret at a time. If you want day-to-day credential storage, use a password manager and then split its master recovery key with shattr.
- ✕Not encryption that you can decrypt alone. If a single holder could recover the secret, it would defeat the point. The threshold is the feature, not a limitation.
- ✕Not a place we keep your secret. The public tools (create-share, decrypt) run entirely in your browser — see /security for the SRI-pinned proofs. The portal stores encrypted secrets server-side; the unencrypted form only ever exists transiently during a recovery.
- ✕Not magic. It's a 1979 algorithm by Adi Shamir, sitting on top of well-understood polynomial arithmetic over a finite field. The code is readable and the cryptography library is SRI-pinned.
5.Try it now
No account needed. Splits and recoveries happen in your browser.