Class DealerCommitment
- Namespace
- PostQuantum.SecretSharing
- Assembly
- PostQuantum.SecretSharing.dll
A lightweight, dealer-published commitment to the single intended secret. The dealer computes it once with Compute(ReadOnlySpan<byte>) and publishes it out-of-band to every trustee; each quorum checks its reconstructed secret with Verify(ZeroizingBuffer, ReadOnlySpan<byte>).
public static class DealerCommitment
- Inheritance
-
DealerCommitment
- Inherited Members
Remarks
What this is for. The embedded per-share check value confirms that a quorum recovered a self-consistent secret, but it cannot catch a dealer who hands different (internally consistent) splits to different quorums — each reconstructs and check-verifies its own secret. A single commitment published to all trustees lets them notice that two quorums recovered different values: at most one can match the published commitment.
What this is NOT. This is not Verifiable Secret Sharing. It does not prove, before reconstruction, that the shares are consistent, and its guarantee holds only if the commitment is published through a channel the dealer cannot equivocate on (e.g. a broadcast all trustees see the same way) — exactly like pinning the dealer public key. A dealer who can show different commitments to different parties is not constrained by it. True VSS (Feldman/Pedersen) is a v2 goal; see KNOWN-GAPS.md.
Oracle caveat. The commitment is a hash of the secret, so for a low-entropy secret it is an offline guessing oracle, just like the check value. Commit to high-entropy secrets (or commit to the KEK of a wrapped secret).
Fields
Length
The commitment length in bytes (SHA-256).
public const int Length = 32
Field Value
Methods
Compute(ReadOnlySpan<byte>)
Computes the commitment SHA-256(secret). The dealer publishes this
once, out-of-band, to all trustees.
public static byte[] Compute(ReadOnlySpan<byte> secret)
Parameters
secretReadOnlySpan<byte>
Returns
- byte[]
Verify(ZeroizingBuffer, ReadOnlySpan<byte>)
Constant-time check that a reconstructed-secret buffer matches commitment.
public static bool Verify(ZeroizingBuffer reconstructed, ReadOnlySpan<byte> commitment)
Parameters
reconstructedZeroizingBuffercommitmentReadOnlySpan<byte>
Returns
Verify(ReadOnlySpan<byte>, ReadOnlySpan<byte>)
Constant-time check that reconstructed matches commitment.
public static bool Verify(ReadOnlySpan<byte> reconstructed, ReadOnlySpan<byte> commitment)
Parameters
reconstructedReadOnlySpan<byte>commitmentReadOnlySpan<byte>