Pass the SALT 2026

Shamir's Secret Sharing (SSS) has been trusted for decades by organizations like ICANN (DNSSEC root key ceremonies), Trezor (SLIP-39), and Coinbase ; yet it remains largely inaccessible to individual practitioners and small teams who need cold storage for cryptocurrency wallets, SSH keys, infra recovery keys, or root CA credentials.

This talk introduces Fractum, an open-source (MIT) CLI tool that combines AES-256-GCM authenticated encryption with Shamir's Secret Sharing over GF(2^8) to split sensitive files into K-of-N threshold shares. Designed as an air-gapped, portable & offline-first tool with zero network dependencies, This tool brings information-theoretic security to anyone with a terminal.

I will walk through the cryptographic design decisions: why GCM over CBC, how polynomial interpolation in GF(256) actually works at the byte level, how we handle entropy collection from multiple sources, and the trade-offs of implementing memory protection (SecureString with mlock and multi-pass overwrite) in a garbage-collected language like Python. A pre-recorded demo will show a full encrypt-split-distribute-reconstruct cycle running inside a network-isolated Docker container.

Attendees will take away: a clear mental model of how threshold cryptography works in practice, an understanding of the security properties (and honest limitations) of implementing SSS in Python, and a free tool they can use immediately for their own cold storage needs.

GitHub: https://github.com/katvio/fractum