Now we have launched FROST v2.2.0, which features a safety repair. There aren’t any breaking adjustments on this launch. For full particulars, please discuss with the launch notes.
Safety Repair
This launch provides validation for the min_signers parameter within the frost_core::keys::refresh features. Earlier than, it was not clear that it was not potential to alter min_signers with the refresh process. Utilizing a smaller worth wouldn’t lower the edge, and makes an attempt to signal utilizing a smaller threshold would fail. Moreover, after refreshing the shares with a smaller threshold, it might nonetheless be potential to signal with the unique threshold; nevertheless, this might trigger a safety loss to the participant’s shares. Now we have not decided the precise safety implications of doing so and judged it easier to only validate min_signers. If for some cause you will have finished a refresh share process with a smaller min_signers we strongly advocate migrating to a brand new key. Thanks BlockSec for reporting the discovering.
Different Adjustments
The Minimal Supported Rust Model (MSRV) has been up to date to 1.81, making all crates no-std, apart from frost-ed448. Distributed Key Era (DKG) refresh features have been added to the crate-specific refresh modules. Moreover, now we have added serialize_whole and deserialize_whole strategies for VerifiableSecretSharingCommitment. To additional improve customization choices, a brand new post_generate methodology has been carried out within the Ciphersuite, permitting for larger flexibility in ciphersuite configurations. We’ve additionally made documentation enhancements and improved check protection.
Acknowledgments
A giant thanks to all of the contributors who made this launch potential: @VolodymyrB, @StackOverflowExcept1on, @crStiv, @azuchi, @conradoplg and @natalieesk
