Skip to content

frost-core v2.2.0

Latest
Latest
Compare
Choose a tag to compare
@conradoplg conradoplg released this 27 Aug 14:55
frost-core/v2.2.0
3ffc19d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security Fixes

  • Added validation for the min_signers parameter in the
    frost_core::keys::refresh functions. It was not clear that it is not
    possible to change min_signers with the refresh procedure. Using a smaller
    value would not decrease the threshold, and attempts to sign using a smaller
    threshold would fail. Additionally, after refreshing the shares with a smaller
    threshold, it would still be possible to sign with the original threshold;
    however, this could cause a security loss to the participant's shares. We have
    not determined the exact security implications of doing so and judged simpler
    to just validate min_signers. If for some reason you have done a refresh
    share procedure with a smaller min_signers we strongly recommend migrating
    to a new key. Thank you BlockSec for reporting the
    finding.

Other Changes

  • MSRV has been bumped to Rust 1.81, making all crates no-std (except
    frost-ed448).
  • Added DKG refresh functions to the crate-specific refresh modules.
  • Added VerifiableSecretSharingCommitment::{serialize,deserialize}_whole()
    methods.
  • Added Ciphersuite::post_generate() method to allow more ciphersuite
    customization.

Acknowledgments

A big thank you to all the contributors who made this release possible: @VolodymyrB, @StackOverflowExcept1on, @crStiv, @azuchi, @conradoplg and @natalieesk

Assets 2
Loading