There’s a rule in security that nobody talks about enough: complexity is the enemy of security.
Yet for decades, we’ve built our most critical infrastructure on exactly that — complexity layered on complexity, held together by third-party trust and 1970s mathematics.
Shamir’s Secret Sharing was elegant when Adi Shamir published it in 1979. Split a secret into n shares, require k to reconstruct it. Brilliant for its time. But in practice? You now have multiple secret fragments, multiple custodians, multiple failure points, and a reconstruction process that requires orchestration. Every share is a liability. Every custodian is an attack surface.
PKI isn’t much better. The entire model rests on trusting a Certificate Authority — a third party you’ve never met — to vouch for identity. We’ve seen how that ends. DigiNotar. Comodo. Nation-state CA compromises. The chain of trust is only as strong as its weakest link, and that link is always human.
So what replaces them?
A deterministic model that needs no shares and no intermediaries. The program itself becomes the cryptographic engine. The user becomes the sole authority. When the secret is derived — not stored — from factors only the user controls, there’s nothing to split, nothing to certify, and nothing to steal.
Add blockchain verification to that equation and you’ve replaced third-party trust with mathematical consensus. No CA needed. No shares in escrow. No reconstruction ceremony at 2 AM when something breaks.
The vault model assumes secrets must be kept somewhere. Zero-persistence assumes they should never exist long enough to need keeping.
Shamir’s solved the right problem for 1979. PKI solved the right problem for 1995. Neither was designed for a world where state actors harvest encrypted traffic and quantum decryption is a funding decision away.
The playbook needs updating. The architecture already exists.