Pass the SALT 2026

Fractum: an open-source CLI for Threshold-Based Cold Storage of Critical Secrets
2026-07-02 , Amphitheater 122

Shamir's Secret Sharing (SSS) has been trusted for decades by organizations like ICANN (DNSSEC root key ceremonies), Banks, Coinbase, Defense industry ; yet it remains largely inaccessible to individual practitioners and small teams who need cold storage for cryptocurrency wallets, SSH keys, infra recovery keys, or root CA credentials.
Between "encrypt it and pray you never lose the key" and a $50K HSM deployment there is a missing category: how do you back up the one secret that protects everything else, for years, with no single point of failure and no network?

This talk introduces Fractum, offline, FOSS command-line tool that encrypts a file with AES-256-GCM and splits the key, not the file, using Shamir's Secret Sharing, so any K of N shares recover it and fewer than K reveal nothing.

Attendees will take away: a clear mental model of how threshold cryptography works in practice, an understanding of the security properties (and honest limitations) of implementing SSS in Python, and a free tool they can use immediately for their own cold storage needs.

GitHub: https://github.com/katvio/fractum


The gap no one talks about (3 min):
Copying encrypted files to several locations feels safe but means one key compromise exposes everything. Fractum targets cold storage for scenarios that need security in years, not sessions: cryptocurrency wallets, root CA and offline signing keys, disaster-recovery and break-glass credentials, digital inheritance.

Encrypt the file, split the key (6 min):
AES-256-GCM with metadata as AAD and a fresh key per encryption; Shamir over GF(2¹²⁸) and why information-theoretic security differs from computational (with K-1 shares every secret is equally likely). Post-Quantum Ready by construction: with no public-key crypto, Shor has nothing to attack. Real-world precedents: ICANN DNSSEC ceremonies, Trezor SLIP-39, Ledger Recover, Banks and Military industry.

Building it in Python: the honest version (4 min):
- Memory hygiene on mutable buffers: mlock(), multi-pass overwrite, deterministic wipe
- Honest limitations: Python immutable bytes/str leave copies, garbage-collection timing, OS swap and crash dumps, no side-channel resistance
- Air-gapped design: '--network=none' Docker guarantee, no telemetry, self-contained share archives
- Supply chain: minimal dependencies, GPG-signed tags, SHA-256 integrity checking

Demo: encrypt, split, reconstruct (4 min):
Pre-recorded terminal session inside a '--network=none' Docker container. Encrypt a file, split into 3-of-5 shares, attempt reconstruction with 2 shares (fails, by design), reconstruct with 3 shares (succeeds). Inspect the share metadata and integrity verification.

Trust, limitations, and what comes next (4 min):
Open source makes trust inspectable; it does not prove the release is authentic, the dependencies clean, or the host uncompromised. Roadmap: independent audit, migrate to an audited SSS library (Privy), formal verification.

Resources:


Slides: pts2026/question_uploads/PTS2026-TALK-21-Fractum_NdTooQg.pdf

Cédric is a seasoned DevSecOps and infrastructure engineer with 10yrs of experience spanning defense, blockchain, and cloud-native environments. He began his career working on safety-critical software in the defense industry, then moved into the blockchain space as a DevSecOps & SRE for the Tezos Foundation. He now runs his own digital agency, delivering security, and key management services to key accounts across banking and SaaS. His expertise sits at the intersection of cybersec, supply chain security, and applied cryptography, with a particular interest in privacy-preserving technologies. Company: Katvio.com