Skip to content

Release v1.0.4

Choose a tag to compare

View all tags
@xlloit xlloit released this 10 Mar 23:19
· 77 commits to main since this release
v1.0.4
d418ae2
This commit was signed with the committer’s verified signature.
xlloit xlloyd
SSH Key Fingerprint: 3Mob4E6ZEM5UnDnZLDxdNe0atJA58GFjPXUWOb+lq5k
Verified
Learn about vigilant mode.

Security Fix

  • tss4j: updated to 0.0.10. It includes a correctness fix in GG20 MtA proof flow.

Malicious co-signer could forge MtA range proofs, enabling full secret share recovery in O(log q) signing sessions
via binary oracle on the respondent's secret share.

Recommended action

Upgrade immediately. If prior sessions involved untrusted co-signers, consider performing a key refresh.

Performance

  • Switched to virtual threads per request
  • Replaced BigInt text serialization with byte array encoding for internal
    communications
  • Server configuration fine-tuning
Assets 2
Loading