We’ve simply launched FROST v3.0.0. Yow will discover frost-core and the ciphersuite crates out there on crates.io. This steady launch follows v3.0.0-rc.0, which launched the majority of the adjustments on this main model. In case you are upgrading from v2.x, please learn the RC launch publish for the total image—the adjustments described listed below are what’s new for the reason that launch candidate. Full launch notes are on GitHub, and the up to date documentation e book is at frost.zfnd.org.
What Modified Since v3.0.0-rc.0
The adjustments between the discharge candidate and the ultimate launch are modest however significant. On the safety entrance, SigningKey is not Copy and now implements ZeroizeOnDrop, that means signing keys are robotically wiped from reminiscence once they exit of scope. dkg::round2::Package deal has acquired the identical remedy. These adjustments cut back the window throughout which delicate key materials exists in reminiscence and convey FROST in step with safety greatest practices for cryptographic implementations.
There may be additionally a bug repair: verify_signature_share() now accurately calls the Ciphersuite::pre_commitment_aggregate() hook, which was added within the RC to help customized pre-aggregation logic however was inadvertently omitted from the per-share verification path.
Lastly, PublicKeyPackage::new() now takes min_signers as an Possibility. Passing None is beneficial when the edge isn’t recognized at development time—for instance, when deserializing packages from older variations.
Contributors
Thanks to everybody who contributed to this launch: @conradoplg, @natalieesk and @BeeFlea.
