Publicly verifiable encryption

What is claimed is: 1 . A method for key management, comprising: receiving from a computing device, a plurality of parts of a secret, wherein the plurality of parts are individually encrypted and individually associated with respective public parts; transmitting, to the computing device, a random challenge; receiving, from the computing device, after transmitting the random challenge, a subset of parts of the plurality of parts, wherein the subset of parts are in a decrypted state; determining, using the subset of parts in the decrypted state and a corresponding subset of the respective public parts, that the subset of parts corresponds to a polynomial function with a degree corresponding to a quantity of parts in the subset of parts; and verifying, based at least in part on determining that the subset corresponds to the polynomial function, that the individually encrypted plurality of parts corresponds to the secret without revealing the secret. 2 . The method of claim 1 , wherein the quantity is a threshold quantity of parts usable to determine that the subset of parts corresponds to the polynomial function without revealing the secret. 3 . The method of claim 1 , wherein: an evaluation of the polynomial function determined using the subset of parts and at least one additional part in the decrypted state results in the secret, and the evaluation of the polynomial function corresponding to the secret is unobtainable using only the subset of parts in the decrypted state. 4 . The method of claim 1 , wherein the quantity is based at least in part on a total quantity of parts in the individually encrypted plurality of parts. 5 . The method of claim 1 , wherein receiving the plurality of parts comprises: receiving, from a client application on the computing device, a request to back up the secret that is usable by the client application on the computing device; and receiving, from the client application after receiving the request to back up the secret, the individually encrypted plurality of parts, wherein the verifying is performed based at least in part on receiving the request to back up the secret. 6 . The method of claim 5 , wherein the client application is an application that supports access to a custodial token platform and the verifying is performed on one or more servers supporting the custodial token platform. 7 . The method of claim 1 , wherein the random challenge includes a selection of the subset of the parts in an encrypted state. 8 . An apparatus for key management, comprising: one or more memories storing processor-executable code; and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to: receive from a computing device, a plurality of parts of a secret, wherein the plurality of parts are individually encrypted and individually associated with respective public parts; transmit, to the computing device, a random challenge; receive, from the computing device, after transmitting the random challenge, a subset of parts of the plurality of parts, wherein the subset of parts are in a decrypted state; determine, using the subset of parts in the decrypted state and a corresponding subset of the respective public parts, that the subset of parts corresponds to a polynomial function with a degree corresponding to a quantity of parts in the subset of parts; and verifying, based at least in part on determining that the subset corresponds to the polynomial function, that the individually encrypted plurality of parts corresponds to the secret without revealing the secret. 9 . The apparatus of claim 8 , wherein the quantity is a threshold quantity of parts usable to determine that the subset of parts corresponds to the polynomial function without revealing the secret. 10 . The apparatus of claim 8 , wherein: an evaluation of the polynomial function determined using the subset of parts and at least one additional part in the decrypted state results in the secret, and the evaluation of the polynomial function corresponding to the secret is unobtainable using only the subset of parts in the decrypted state. 11 . The apparatus of claim 8 , wherein the quantity is based at least in part on a total quantity of parts in the individually encrypted plurality of parts. 12 . The apparatus of claim 8 , wherein, to receive the plurality of parts, the one or more processors are individually or collectively operable to execute the code to cause the apparatus to: receive, from a client application on the computing device, a request to back up the secret that is usable by the client application on the computing device; and receive, from the client application after receiving the request to back up the secret, the individually encrypted plurality of parts, wherein the verifying is performed based at least in part on receiving the request to back up the secret. 13 . The apparatus of claim 12 , wherein the client application is an application that supports access to a custodial token platform and the verifying is performed on one or more servers supporting the custodial token platform. 14 . The apparatus of claim 8 , wherein the random challenge includes a selection of the subset of the parts in an encrypted state. 15 . A non-transitory computer-readable medium storing code for key management, the code comprising instructions executable by one or more processors to: receive from a computing device, a plurality of parts of a secret, wherein the plurality of parts are individually encrypted and individually associated with respective public parts; transmit, to the computing device, a random challenge; receive, from the computing device, after transmitting the random challenge, a subset of parts of the plurality of parts, wherein the subset of parts are in a decrypted state; determine, using the subset of parts in the decrypted state and a corresponding subset of the respective public parts, that the subset of parts corresponds to a polynomial function with a degree corresponding to a quantity of parts in the subset of parts; and verifying, based at least in part on determining that the subset corresponds to the polynomial function, that the individually encrypted plurality of parts corresponds to the secret without revealing the secret. 16 . The non-transitory computer-readable medium of claim 15 , wherein the quantity is a threshold quantity of parts usable to determine that the subset of parts corresponds to the polynomial function without revealing the secret. 17 . The non-transitory computer-readable medium of claim 15 , wherein: an evaluation of the polynomial function determined using the subset of parts and at least one additional part in the decrypted state results in the secret, and the evaluation of the polynomial function corresponding to the secret is unobtainable using only the subset of parts in the decrypted state. 18 . The non-transitory computer-readable medium of claim 15 , wherein the quantity is based at least in part on a total quantity of parts in the individually encrypted plurality of parts. 19 . The non-transitory computer-readable medium of claim 15 , wherein the instructions to receive the plurality of parts are executable by the one or more processors to: receive, from a client application on the computing device, a request to back up the secret that is usable by the client application on the computing device; and receive, from the client application after receivin