Namespace PostQuantum.SecretSharing
Classes
- DealerCommitment
A lightweight, dealer-published commitment to the single intended secret. The dealer computes it once with Compute(ReadOnlySpan<byte>) and publishes it out-of-band to every trustee; each quorum checks its reconstructed secret with Verify(ZeroizingBuffer, ReadOnlySpan<byte>).
- SecretShare
One parsed
.pqssshare: its public metadata plus the (deliberately non-public) y-coordinate data and integrity material. Construct shares with Split(ReadOnlySpan<byte>, SharePolicy), serialize with Export(), and parse with Import(ReadOnlySpan<byte>).
- SecretSharingException
Abstract base for every exception thrown by PostQuantum.SecretSharing. Catch this to handle any library-originated failure uniformly.
- ShamirSecretSharing
The public facade for Shamir's Secret Sharing over GF(2⁸) with strict-CBOR
.pqssshares. Provides splitting (with or without dealer authentication) and exactly-kreconstruction.
- ShareAuthenticationException
Thrown when share authentication fails: an ML-DSA-65 signature does not verify, a share's embedded dealer key does not match the pinned
expectedDealerPublicKey, or authenticated reconstruction was requested but a share carries no signature.
- ShareConsistencyException
Thrown when a set of shares is individually well-formed but cannot belong to one coherent split: mismatched split identifiers, differing
(k, n, secretLength)or authentication metadata, duplicate share indices, or — after interpolation — a reconstructed secret whose HKDF check value does not match.
- ShareFormatException
Thrown when share bytes are not a valid, strictly-canonical v1
.pqssencoding: malformed CBOR, non-canonical encoding (indefinite lengths, non-shortest integers, out-of-order or duplicate keys), trailing bytes, wrong CBOR major type for a field, unknown keys, or a field whose presence contradicts the declared authentication mode.
- SharePolicy
A threshold policy: split a secret into
TotalSharesshares such that anyThresholdof them reconstruct it and any fewer reveal nothing.
- SharePolicyException
Thrown when a threshold policy is invalid or violated:
k < 2(including the bannedk = 1),k > n,n > 255, secret length out of range, a share index outside1..n, or a reconstruct call given a number of shares not equal tok.
- WrappedSecret
Helpers for the wrap pattern: the correct way to apply threshold custody to data that may be low-entropy (passphrases, PINs) or large.
- WrappedSplit
The result of a wrapped split: the shares of the random key-encryption key (KEK), plus the non-secret Envelope (the AES-256-GCM ciphertext of your real secret). Distribute the shares to trustees and store the envelope anywhere — it is useless without a quorum.
- ZeroizingBuffer
A fixed-size byte buffer for secret material that is zeroed on disposal and is allocated on the pinned object heap so the garbage collector can never relocate (and thus silently copy) the secret elsewhere in memory.
Interfaces
- IShareAuthenticator
A dealer-side signer that authenticates the canonical bytes of a share.
Enums
- ShareAuthenticationKind
Identifies the algorithm used to authenticate a share, mirroring the
authAlgorithmfield (key 9) of the.pqssformat.