release: publish 0.3.1 with bits() security fix and other post-0.3.0 changes to crates.io

[dobby-coder]

Problem

The latest published version on crates.io is 0.3.0 (uploaded 2023-03-16). Multiple commits have landed on main since, including a security fix that is not available to downstream users of the crate from crates.io.

Most notably:

• dcf1eba — fix(security): make bits() produce all bits from input slice (PR fix(security): make bits() produce all bits from input slice #13, fixes bits() function produces only 8 bits from any input, severely weakening KV1 and Waters schemes #12)

  The bits() helper in src/util.rs previously produced only min(input_len, 8) bits, collapsing the identity space of the KV1 and Waters schemes to 2^8 = 256. PostGuard production isn't affected (uses CGWKV+MKEM), but any external user of ibe with the kv1 or waters features on crates.io still receives the buggy version.

Other unreleased changes on main:

• 12ee537 — test: realistic-identity collision tests for KV1 and Waters
• 2d4b3a8 — chore: bump criterion to 0.8
• 95a4fed — docs: drop AI-slop tells from README and mkem doc comment
• c4842f3 — ci: bump actions/checkout to v4 and add clippy lint job
• e1a8ea9 — chore: clean up clippy warnings
• bc1a0cc / 23bb1be — fix README references to src/ibe
• f711982 — fix(ci): replace deprecated wasm32-wasi with wasm32-wasip1

CHANGELOG.md also stops at the 0.3.0 entry and no v0.3.x git tags exist in this repo.

What to do

1. Decide the next version. The security fix is non-breaking API-wise but changes the identity-derivation output for KV1/Waters users (existing USKs become incompatible), which is arguably breaking for those two schemes — 0.4.0 may be more honest than 0.3.1. CGWKV/CGWFO/CGW/Boyen-Waters/Waters-Naccache users are unaffected.
2. Add a ## 0.3.1 (or 0.4.0) section to CHANGELOG.md summarising the changes above, with a clear callout that KV1 and Waters identity derivation has changed and previously-issued USKs for those schemes will no longer decrypt.
3. Bump version in Cargo.toml.
4. Tag the release (vX.Y.Z) and run cargo publish.

Why this matters

The security fix has been on main since #12 was closed but is not yet reaching crates.io users. Anyone consuming ibe = "0.3" from crates.io with the kv1 or waters features today still has the identity-collapse bug.

Out of scope

• Bumping rand/getrandom/the curve stack — blocked on pg-curve updates (see chore: update dependencies #25 / chore: update dependencies #26 history). Not a blocker for this release.

[dobby-coder]

/dobby please pick this up — P1 release task with a security angle: publish the post-0.3.0 bits() security fix (and the other unreleased changes on main) to crates.io. Issue body covers versioning trade-off (0.3.1 vs 0.4.0 given the KV1/Waters identity-derivation change), CHANGELOG entry, Cargo.toml bump, tag, and cargo publish. Triggered as fan-out from encryption4all/dobby#78.

[dobby-coder]

Dobby sees the release task! Dobby will check the unreleased changes on main, prepare the CHANGELOG and version bump, and propose a draft PR. Dobby cannot push to crates.io himself — the actual cargo publish and git tag will need a maintainer with credentials.

[dobby-coder]

Plan

Version: 0.4.0 (recommended)

The crate's public Rust API is unchanged, so a strict reading of SemVer allows 0.3.1. But the bits() fix changes the identity-derivation output for KV1 and Waters, which means any USK or ciphertext previously issued by a downstream user of those schemes silently stops working. For a security/cryptography crate, that's the kind of behavior change a minor bump exists to signal — patch-level surprises are how downstream users miss the breakage.

This agent will propose 0.4.0 in the PR. Easy to flip to 0.3.1 if you'd rather.

Changes (post-0.3.0, on main)

fix(security): bits() produces all bits — KV1/Waters identity space restored (#13, fixes #12)
test: realistic-identity collision tests for KV1 and Waters (#13)
chore: bump criterion to 0.8 (#26)
chore: replace unmaintained paste dev-dep with pastey (#31)
chore: silence unused-import warning in test_ibe macro (#34)
chore: clean up clippy warnings (#16, #21)
docs: drop AI-slop tells from README and mkem doc (#24)
docs: fix README reference src/pke -> src/ibe (#20)
docs: standardize README + add PostGuard logo (#11)
ci: bump actions/checkout to v4, add clippy lint job (#15, #22)
ci: replace deprecated wasm32-wasi with wasm32-wasip1
chore(benches): remove commented-out unpack_pk benchmark (#19)

Files this agent will change

• Cargo.toml — version = "0.4.0"
• CHANGELOG.md — new ## 0.4.0 section with a clear callout that KV1 and Waters identity derivation has changed; previously issued USKs for those schemes no longer decrypt

Verification

• cargo fmt --all -- --check
• cargo build --release
• cargo test --all-features
• cargo package --allow-dirty (dry-run the publish bundle)

Out of scope (will not touch)

• rand / getrandom / curve-stack bumps — blocked on pg-curve per ibe#25/chore: update dependencies #26 history.

What still needs you

This agent can't run cargo publish or git tag — both require crates.io / push credentials. After the PR merges, the manual maintainer steps are:

git tag -a v0.4.0 -m "v0.4.0" && git push origin v0.4.0
cargo publish

This agent will include that snippet in the PR body.

[dobby-coder]

Release PR opened: #35 (CI green; flipped to ready for review). After merge, the maintainer steps are tag v0.4.0 and cargo publish — full command snippet is in the PR body.