@dan-hassan re the truncated hashes, you should mention that balanced with the need for shorter shares, generating a 16 byte collision is safely infeasible.

publishing share hashes: you could publish a list of hashes, with some random numbers too, say 17 values. if a share's hash is one of those values, then you know it's a valid share, but if there are also random values, you only know the number of shares is between 1 and 17. (there are probably more efficient ways to achieve this though, that doesn't have a fixed maximum limit on number of shares)