v3.0.0

What's Changed

• Update SECURITY.md by @cryptom-dev in #287
• check whether the threshold and size of vs is equal by @asdfsx in #291
• Update range proof by @yycen in #289
• add check in modproof by @yycen in #323
• fix vss by @yycen in #324
• feat: Implement constant-time exponentiation and modular inverse in c… by @yycen in #328

Full Changelog: v2.0.2...v3.0.0

v2.0.2

What's Changed

• fix: compatibility of end channel output shift to pointer by @ZhAnGeek in #271
• add: Exposed random sources by @balena #275
• fix: Fixed nil pointer in String method() when no rounds left @olegfomenko #276
• fix: Fix update always round.ok @ZhAnGeek #282
• fix signing issue if the message is leading with 0x00 @zargarzadehm #284

New Contributors

• @balena made his first contribution in #275
• @zargarzadehm made his first contribution in #284
• @olegfomenko made his first contribution in #276

Full Changelog: v2.0.1...v2.0.2

v2.0.1

What's Changed

• use *common.SignatureData instead to fix issue #163 by @asdfsx in #251
• Update dependencies by @yycen in #270

New Contributors

• @asdfsx made their first contribution in #251

Full Changelog: v2.0.0...v2.0.1

v2.0.0

In v2.0.0 release, several updates added including 1) ECDSA protocol update according to GG18 paper update; 2) Fix of 2023 GHSA-5cjx-95fx-68q9 by Fireblocks; 3) Fix of 2023 Tsshock by Verichain; 4) Added more boundary condition checks according to various security reports; 5) Add session infomation for sub protocols to prevent message replay; 6) Added switches to optionally turn of heavy Paillier key proof in tss.params(do NOT use unless you are in a trusted setting or the Paillier key are already verified).

Compatibility with v1.3.5
It's generally not compatible with v1.3.5. Not recommend to make hacks to run with a mixture parties of both v2 and v1.3. The existing ECDSA wallet generated from v1.3 can be upgraded(from resharing) to v2 wallet. We recommend to update all parties and their wallet to v2 due to the security updates.

What's Changed

• Fix possible hash collision by @yycen in #233
• Update SECURITY.md by @ackratos in #241
• ECDSA protocol security updates by @yycen in #252
• Ecdsa proof session byte by @ZhAnGeek in #256
• Update tagged version hash encoding by @yycen in #257
• Update module name to v2 by @yycen in #262

New Contributors

• @ZhAnGeek made their first contribution in #256

Full Changelog: v1.3.5...v2.0.0

v1.3.5

New features

ECDSA child key derivation by @plopezlpz in #195 adds an init function NewLocalPartyWithKDD in ECDSA
Improve DLN proof verification performance by @pdyraga in #203 adds an entry in tss.Parameters

What's Changed

• fix: rebrand by @ackratos in #173
• Add checks in dlnproof [TOB-BIN-8] by @yycen in #180
• Allow to stop pre-parameters generator with a context by @pdyraga in #191
• update README.md to match the new version by @typestring in #185
• Add check in mta_proof by @yycen in #205
• Feature/hd cherry pick by @plopezlpz in #195
• Improve DLN proof verification performance for large signing groups by @pdyraga in #203

New Contributors

• @typestring made their first contribution in #185
• @plopezlpz made their first contribution in #195

Full Changelog: v1.3.3...v1.3.5

Various security fixes

Security updates

• Additional check when Ks mismatch in savedata and sortedID in #156
• Do not normalize IDs of Shamir's Secret Sharing by @pdyraga in #155
• Check paillier ciphertext in #151
• Bugfix for vss, check shareid when construct vss in #149
• Check length of bits of NTildej by @yycen in #146
• dlog smallgroup 8 by @ackratos in #115

Other updates

• Updated protobuf dependency and fixed type clash by @PlamenHristov in #141
• cherry pick > curve as parameter (#137) by @FitzLu in #139
• fix R and S may not be 32 bytes by @ackratos in #130
• S in eddsa signature is not encoded correctly by @ackratos in #122

Bug fix for EdDSA

This release fixes a minor issue in the EdDSA resharing code:

• The error any: message type "" isn't linked in was being caused by an unregistered Protobuf message type DGRound4Message used only in EdDSA resharing. The message type has been registered properly.

There have been no changes made to the public API.

Bug fixes

This bug fix release addresses these issues in the ECDSA protocols:

• Fix default pre-params concurrency with < 3 CPU cores (#93)

And in code shared by all protocols:

• Allow resharing when more than T+1 of the old committee participates (#95)
• Add fromPartyIdx validation for all incoming messages
• Add more basic sanity checks to PrepareForSigning
• Fix the location of an embedded protocol buffer struct definition

There have been no changes made to the public API.

Edwards-curve digital signature algorithm (EdDSA)

This release adds support for Edwards-curve digital signature algorithm (EdDSA).

The Edwards-curve digital signature algorithm (or EdDSA for short) is a digital signature scheme using a variant of Schnorr signatures based on twisted Edwards curves.

The packages in eddsa/... contain the EdDSA protocols for keygen, signing and re-sharing; the API was kept as similar as possible to the existing ECDSA protocols.

An announcement introducing this feature has been posted on the Binance blog.

Various bug fixes

Reminder: This software has been audited by security professionals, but some bugs may still exist.

In the interest of providing safe software to the open source community, a full security review of this library was carried out by Kudelski Security, a division of the Kudelski Group, and completed in October 2019. A copy of this report may be found in this repository.

Use of any open source software is at your own risk. You are reminded to review any software source code before use, especially in any systems that are handling financial transactions.

Security Audit Report: https://github.com/binance-chain/tss-lib/releases/download/v1.0.0/audit-binance-tss-lib-final-20191018.pdf