QuorumPony
Download
// security

The security model.

What protects your secret, what the threat model is, and where the boundaries are, stated plainly, because security you can't understand isn't security.

The cryptography

  • Real Shamir Secret Sharing. Your secret becomes the constant term of a random polynomial over the finite field GF(2^8); each card is one point on that polynomial. Recovering the secret is polynomial interpolation from any K points.
  • Information-theoretic below the threshold. With fewer than K cards, every possible secret is equally consistent with what you hold. A card on its own, or any group smaller than the threshold, reveals literally nothing, not "computationally hard to break", but nothing.
  • Constant-time, no dependencies. The field arithmetic runs in constant time to avoid leaking through timing, and the core has no external dependencies, so there is little surface to audit and nothing pulled in that you cannot read.

Everything happens on your device

QuorumPony is fully offline. There is no account, no sync, and no server. Splitting and recovery happen entirely on your phone, your secret is never transmitted, and the app keeps no copy of it once you are done. You can run the whole app in airplane mode.

Handling the secret in memory

  • Biometric lock. Lock the app behind Face ID or Touch ID.
  • Clipboard auto-clear. A secret you copy clears from the clipboard automatically after 90 seconds.
  • Screen privacy. The secret is hidden when QuorumPony goes to the background, so it does not sit in the app switcher.

Threat model

QuorumPony protects the confidentiality of a secret you split, on the assumption that you distribute the cards sensibly. Below the threshold, the secret is information-theoretically hidden. The flip side is the design itself: anyone who gathers the threshold number of cards can recover the secret, so choosing the split and where the cards go is the real security decision, and it is yours to make. It does not defend against malware on a compromised, unlocked phone, and it cannot help if you store enough cards together that a single thief reaches the threshold.

No network surface

There is no QuorumPony server, and the app makes no network requests at all. There is nothing to breach, nothing to leak, and no telemetry. See the privacy policy for the exact detail.

Open to inspection

The cryptographic core is open source under Apache-2.0. You do not have to take any of the above on faith. Read the constant-time field arithmetic and the split-and-recover logic, and check it yourself.

Reporting a vulnerability

If you find a security issue, email NorseHorse@norsehor.se with details and, ideally, a way to reproduce it. To encrypt the report, use the OpenPGP public key with subject SECURITY. Please give a reasonable window to ship a fix before public disclosure. QuorumPony is a one-person project, so a clear report gets a faster fix.