In AWS, client-side encryption is the act of encrypting data before sending it to Amazon S3. To enable client-side encryption, you have the following options: (1) Use a customer master key (CMK) stored in AWS Key Management Service (AWS KMS); (2) Use a master key that you store within your application. To protect your data privacy against the cloud, it is better to use your master key that you store within your application. However, if you lost your master key, you would be able to decrypt the encrypted data stored in Amazon S3.
Suppose that you decide to use Shamir’s secret sharing scheme for your master key recovery. Shamir’s Secret Sharing is an algorithm in cryptography introduced by Adi Shamir. It is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part. To reconstruct the original secret, a minimum number of parts is required.