Arbitrary "M-of-N" secret-sharing protocols are a well-studied topic in cryptography, and are apparently so useful that Bitcoin Script devoted a whole opcode to them.
In this blog post, I write:
Suppose we run a bank, and suppose that our bank stores all its gold in one big safe. And suppose that we have three people on our board of directors. We want to ensure that a single unscrupulous director cannot open the safe and steal all the gold. Therefore, we cut three distinct keys, and we craft the safe so that it requires two of these three keys to be inserted simultaneously, in order to open the safe.
Fans of Sean Connery might recognize this as more or less the setup to The Great Train Robbery, except for our “two out of three” requirement. I have not been able to discover any real-world mechanical analogue to the “two-out-of-three” mechanism.
So I ask you!
There is certainly an easy way to construct an "N-of-N" locking mechanism, such that you can get the safe open only when all N keys are inserted. (You just stack the locks vertically down the door, and make sure any single bolt by itself is strong enough to keep the door shut.) "2-of-2" mechanisms are used in bank safety deposit boxes.
I imagine it isn't hard to construct a "1-of-N" locking mechanism, along the lines of the Borromean rings, but I haven't found any such mechanisms patented or for sale.
I have not found any references to "M-of-N" locking mechanisms in the real world, nor can I immediately imagine how to construct one (except the brute-force method of obtaining N-choose-M different key safes, each protected by an M-of-M mechanism). Has any inventor ever designed such a physical mechanism? Does any real-world use-case exist for such a mechanism?