Table of Contents

Namespace PostQuantum.SecretSharing

Classes

DealerCommitment

A lightweight, dealer-published commitment to the single intended secret. The dealer computes it once with Compute(ReadOnlySpan<byte>) and publishes it out-of-band to every trustee; each quorum checks its reconstructed secret with Verify(ZeroizingBuffer, ReadOnlySpan<byte>).

SecretShare

One parsed .pqss share: its public metadata plus the (deliberately non-public) y-coordinate data and integrity material. Construct shares with Split(ReadOnlySpan<byte>, SharePolicy), serialize with Export(), and parse with Import(ReadOnlySpan<byte>).

SecretSharingException

Abstract base for every exception thrown by PostQuantum.SecretSharing. Catch this to handle any library-originated failure uniformly.

ShamirSecretSharing

The public facade for Shamir's Secret Sharing over GF(2⁸) with strict-CBOR .pqss shares. Provides splitting (with or without dealer authentication) and exactly-k reconstruction.

ShareAuthenticationException

Thrown when share authentication fails: an ML-DSA-65 signature does not verify, a share's embedded dealer key does not match the pinned expectedDealerPublicKey, or authenticated reconstruction was requested but a share carries no signature.

ShareConsistencyException

Thrown when a set of shares is individually well-formed but cannot belong to one coherent split: mismatched split identifiers, differing (k, n, secretLength) or authentication metadata, duplicate share indices, or — after interpolation — a reconstructed secret whose HKDF check value does not match.

ShareFormatException

Thrown when share bytes are not a valid, strictly-canonical v1 .pqss encoding: malformed CBOR, non-canonical encoding (indefinite lengths, non-shortest integers, out-of-order or duplicate keys), trailing bytes, wrong CBOR major type for a field, unknown keys, or a field whose presence contradicts the declared authentication mode.

SharePolicy

A threshold policy: split a secret into TotalShares shares such that any Threshold of them reconstruct it and any fewer reveal nothing.

SharePolicyException

Thrown when a threshold policy is invalid or violated: k < 2 (including the banned k = 1), k > n, n > 255, secret length out of range, a share index outside 1..n, or a reconstruct call given a number of shares not equal to k.

WrappedSecret

Helpers for the wrap pattern: the correct way to apply threshold custody to data that may be low-entropy (passphrases, PINs) or large.

WrappedSplit

The result of a wrapped split: the shares of the random key-encryption key (KEK), plus the non-secret Envelope (the AES-256-GCM ciphertext of your real secret). Distribute the shares to trustees and store the envelope anywhere — it is useless without a quorum.

ZeroizingBuffer

A fixed-size byte buffer for secret material that is zeroed on disposal and is allocated on the pinned object heap so the garbage collector can never relocate (and thus silently copy) the secret elsewhere in memory.

Interfaces

IShareAuthenticator

A dealer-side signer that authenticates the canonical bytes of a share.

Enums

ShareAuthenticationKind

Identifies the algorithm used to authenticate a share, mirroring the authAlgorithm field (key 9) of the .pqss format.