You don’t really want to split the key (as in if the key is n bytes, split it in 3 segments of n/3 bytes) because if one has two segments, I imagine it’s not inconceivable to infer the third segment from the public key and the other two (though I haven’t made the math).
Rather you have a private key p of n bytes. Create two cryptographically random keys k1 and k2 of n bytes each. Derive a key k3=(p XOR k1) XOR k2. k1, k2 and k3 are your distributed keys. To recompute p you need to do p = (k3 XOR k2) XOR k1.
A XOR is trivial to implement and I would expect be reasonably robust.
