Comment by phkahler

This part:

"The useful part is not that the secret is hard to compute from too few shares. It is that too few shares contain no information about the secret. With one share missing, every possible secret is still possible."

Reminds me of factoring numbers with the Quadratic Sieve or its variants. You find a system of congruences mod n that eventually allow you to compute prime factors, but until you have enough of them that isn't possible. I've often wondered... Each congruence must contain some information right? What space are we reducing degrees of freedom in?

Same thing here, each piece restricts the space of polynomials, but does not restrict it enough to tell where the key crosses the axis.