[quote="omershlo, post:4, topic:4294"]
A few remarks:

• It seems that your use case will benefit significantly from PVSS. VSS scheme will handle malicious dealer at distribution protocol. PVSS will also handle bad secret share holders (custodians) at reconstruction protocol and will flag the ones that are revealing bad shares.
• I would suggest to not assume the dealer is honest such that you would be able to capture for example hacked client that distributes secret shares wrongly.
• As best practice I think you should stick with existing P/VSS schemes and not try something not proven (i.e. publishing share hashes) or introduce new assumptions.
• There is another VSS scheme, by Pedersen. Maybe libs implementing this scheme will fit more your code base. check out the paper: Non-interactive and information-theoretic secure verifiable secret sharing or just the protocol given in section 2.3 in [1]
• Rust implementation for Feldman VSS supports multiple elliptic curves, update secret shares and share validation.

[1] https://github.com/KZen-networks/multi-party-schnorr/blob/master/papers/provably_secure_distributed_schnorr_signatures_and_a_threshold_scheme.pdf
[/quote]