recovering the original secret of secret sharing

What is the specific process of recovering the original secret of secret sharing? Is the parties with secret shares communicating with each other and exchanging secret shares, and if the number of secret shares greater than or equal to the threshold is collected, the secret will be recovered, or a third party will collect the secret shares to restore the secret, how is it generally done in the current scheme , what are the advantages and disadvantages of these two methods.

What is the specific process of recovering the original secret of secret sharing?

That depends entirely on what you intend on doing with the secret.

Secret sharing is rarely done as the entire cryptosystem; instead, it is usually a component in something larger. For example, if the shared secret is an AES key that a specific unit needs to decrypt, we might end up sending all the shares to that unit (and it may recover the secret).

In addition, sometimes no one explicitly recovers the secret; instead, the secret recovery is done implicitly as a part of the operation. If this sounds mysterious, consider this relatively simple scenario:

• We secret share a secret exponent $\alpha$, and we want to perform a joint computation $z^\alpha \bmod p$, given a value $z$

• We use a Shamir Secret Sharing scheme to distribute $\alpha$ over a number of shares $(x_1, y_1), (x_2, y_2), ..., (x_n, y_n)$

• When we want to compute the value $z^\alpha$, we select $t$ willing share owners, and send $z$ to each of them. Each one computes $z^{y_i I_i}$ (where $I_i$ is the interpolation coefficient $\prod_{m=0, m\ne i}^{m<t}x_i/(x_m - x_i)$), and publishes it

• The group coordinator takes all the published values, and multiplies them together; the result is $\prod z^{y_i I_i} = z^{\sum y_i I_i} = z^\alpha$

That is, we did computation based on the shared secret, while never explicitly recovering it.