[quote="tetratorus, post:5, topic:4294"]
The project I’m working on also uses PVSS, and we used a modification of the Shoenmaker’s scheme. One thing to note about the Schoenmakers’ scheme is that the secret is of the form G^s (look at page 7)… This means you can’t use a scalar secret, which is what private keys normally are.

You can convert Schoenmakers’ scheme to use scalar secrets, but you end up either needing to implement some form of verifiable encryption of discrete log or accepting a failure mode where a malicious node can stall an honest node during the key generation phase. We decided to go with the latter and do batched key generations upfront and restart the PVSS process with different nodes if there are failures.

You may also want to take a look at proactive secret sharing, to handle mobile adversaries that can compromise several servers over time. Those schemes usually come in two flavors: adding some sort of “0-y-intercept” polynomial or resharing subshares.
[/quote]