QuorumPony
Download
// documentation

How QuorumPony works.

A reference for what happens under the hood, from splitting a secret to gathering enough cards to bring it back. For step-by-step help, see support.

The split

When you split a secret, QuorumPony builds a random polynomial over the finite field GF(2^8) whose constant term is your secret, with the threshold setting its degree. Each card is the value of that polynomial at a distinct point. Because the polynomial is otherwise random, any group of cards smaller than the threshold is consistent with every possible secret, which is why they reveal nothing.

What a card holds

A card carries one share: its point and the value there, plus enough identifying information to tell which backup it belongs to and how many are needed. Each card has a QR code for scanning and a printed code you can type by hand. A card does not contain the secret, and on its own it does not narrow down what the secret could be.

Recovery

To recover, gather at least the threshold number of cards from the same split and scan or type them. QuorumPony interpolates the polynomial through those points and reads the secret off the constant term. Extra cards beyond the threshold are fine; fewer than the threshold cannot recover it, by design.

Checking a card

Check a card confirms that a stored card is intact and which backup it belongs to, without rebuilding or revealing the secret. It lets you verify a backup periodically, or sort a mixed pile back into its sets, without exposing anything.

Printable cards

Every card can be exported to a clean PDF. Print the set, then store the pages in separate places or hand them to people you trust. Paper has no battery to die and no firmware to rot, which makes it a good medium for a backup meant to last.

Where things live

Everything happens on your device. The secret is split and recovered locally, nothing is uploaded, and QuorumPony keeps no copy of the secret once you are done. A copied secret clears from the clipboard after 90 seconds, and the secret is hidden when the app goes to the background.

Permissions

  • Camera — to scan a card's QR code during recovery or a check.
  • Face ID / Touch ID — to unlock the app, if you enable the biometric lock.

There is no network permission, because the app makes no network requests.

Open source

The cryptographic core is public under Apache-2.0 at github.com/norsehorse-dev/QuorumPonyCore: constant-time Shamir Secret Sharing over GF(2^8) with no external dependencies. You can read exactly how the split and recovery work rather than taking this page's word for it. See the open-source page for more.