VaultBridge.Shamir
1.0.0
dotnet add package VaultBridge.Shamir --version 1.0.0
NuGet\Install-Package VaultBridge.Shamir -Version 1.0.0
<PackageReference Include="VaultBridge.Shamir" Version="1.0.0" />
<PackageVersion Include="VaultBridge.Shamir" Version="1.0.0" />
<PackageReference Include="VaultBridge.Shamir" />
paket add VaultBridge.Shamir --version 1.0.0
#r "nuget: VaultBridge.Shamir, 1.0.0"
#:package VaultBridge.Shamir@1.0.0
#addin nuget:?package=VaultBridge.Shamir&version=1.0.0
#tool nuget:?package=VaultBridge.Shamir&version=1.0.0
VaultBridge.Shamir
A .NET implementation of Shamir's Secret Sharing over GF(256), ported from HashiCorp Vault's shamir package.
Byte-for-byte interoperable with shamir-secret-sharing (by Privy) for TypeScript/JavaScript.
License
The core Shamir implementation (GaloisField.cs, ShamirSecretSharing.cs, Share.cs) is ported from HashiCorp Vault, originally by IBM Corporation, and is licensed under the Mozilla Public License 2.0.
MPL-2.0 is file-level copyleft: the ported source files retain their MPL-2.0 license, but the package can be freely used in projects under any license.
Installation
dotnet add package VaultBridge.Shamir
Usage
Split a secret into shares
using VaultBridge.Shamir;
byte[] secret = GetMySecret(); // any byte array
// Create 5 shares, requiring any 3 to reconstruct
Share[] shares = ShamirSecretSharing.Split(secret, shares: 5, threshold: 3);
// Serialize for storage or transmission
string[] encoded = shares.Select(s => s.ToBase64()).ToArray();
Reconstruct from shares
// Deserialize
Share[] shares = encoded.Select(Share.FromBase64).ToArray();
// Any 3 (or more) of the 5 shares will recover the original secret
byte[] recovered = ShamirSecretSharing.Combine(shares);
Cross-language interop
Shares produced by this library are byte-for-byte compatible with Privy's TypeScript implementation. Each share is secretLength + 1 bytes: the y-values for each byte of the secret, followed by the x-coordinate as the final byte.
// TypeScript — reconstruct shares produced by VaultBridge.Shamir
import { combine } from 'shamir-secret-sharing';
const shares = encodedShares.map(s => Uint8Array.from(atob(s), c => c.charCodeAt(0)));
const secret = await combine(shares);
How it works
The implementation operates over GF(2^8) — the Galois field of 256 elements using the Rijndael (AES) irreducible polynomial x^8 + x^4 + x^3 + x + 1 (reduction constant 0x1B).
For each byte of the secret, a random polynomial of degree threshold - 1 is constructed with that byte as the intercept (constant term). The polynomial is evaluated at threshold or more unique x-coordinates (1–255) to produce shares. Reconstruction uses Lagrange interpolation at x = 0 to recover each byte.
Key properties:
- Information-theoretic security: Fewer than
thresholdshares reveal zero information about the secret - No dependencies: Pure .NET, zero external packages
- Constant-time operations: Division uses constant-time selection to prevent timing side-channels
Attribution
This is a .NET port of the Shamir's Secret Sharing implementation from HashiCorp Vault, originally authored by IBM Corporation and licensed under MPL-2.0.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0 | 325 | 2/28/2026 |