Patch changes (no effect on compatibility):
- Upgrade to Go 1.23.2 (https://go.dev/doc/devel/release#go1.23.minor)
- Update dependencies
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20241004191011-08a83c5af9f8
Client API: 51.6
Client Communication: 27.0
Database: 7.8.0
Node Communication: 31.1
Node Configuration: 18.2
Node Configuration:
- All MPC protocol methods can be toggled on and off, and are DISABLED by default. You must explicitly enable the ones you need.
Patch changes (no effect on compatibility):
- Fixed error with DNS lookup when using iOS SDKs
- SDKv2 method for signing with a recovered schnorr private key
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20240905004112-7c4916698cc9
Client API: 54.0
Client Communication: 29.0
Database: 7.10.0
Node Communication: 32.0
Node Configuration: 21.0 (!)
MPC protocol features such as GenerateKey, Sign, PublicKey, etc. can now be enabled or disabled per MPC protocol, and by default all methods are DISABLED. This means that without changes to the configuration file, the node will not be able to use the given MPC protocol, and it will fail to start.
Each MPC protocol (here we use DKLS19 as an example) now have a configuration section called DKLS19.Features that can look like this:
[DKLS19.Features]
GenerateKey = true
GeneratePresignatures = true
Sign = true
SignWithPresignature = true
GenerateRecoveryData = false
PublicKey = true
ChainCode = true
Reshare = false
CopyKey = false
BackupKeyShare = false
RestoreKeyShare = false
ExportKeyShares = false
ImportKeyShares = false
BIP32GenerateSeed = false
BIP32DeriveFromSeed = false
BIP32DeriveFromKey = false
BIP32ConvertKey = false
BIP32ExportSeed = false
BIP32ImportSeed = false
BIP32Info = false
Each MPC protocol can have a different feature set. Check the example configuration for a complete list of features for each protocol. The feature names correspond to methods in the SDK. If a feature is not listed, it defaults to false.
Also, some configuration options have been removed from the MPC protocols, as they are now controlled through the protocol features instead. This includes options such as EnableResharing, EnableShareBackup, EnableExport,
EnableERSExport and EnableBIP32ExportSeed.
If all features for an MPC protocol are disabled, the MPC node will refuse to start. In this case you should just
disable the protocol completely in the configuration.
Do not just enable all features without considering the impact of doing so. Especially features that allow export of
key shares in some way should be used with caution. In the example above the potentially dangerous features are
GenerateRecoveryData, BackupKeyShare, ExportKeyShares and BIP32ExportSeed.
Patch changes (no effect on compatibility):
- Fixed error with DNS lookup when using iOS SDKs
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20240905004112-7c4916698cc9
Client API: 51.6
Client Communication: 27.0
Database: 7.8.0
Node Communication: 31.1
Node Configuration: 18.2
Patch changes (no effect on compatibility):
- Change release to depend on libmpc version from go.mod
- Update dependencies
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20240806205939-81131f6468ab
Database: 7.8.0
Client API: 51.6
Client Communication: 27.0
Node Communication: 31.1
Node Configuration: 18.2
Database:
- migrate key data for RSA to a new format
- migrate key data for symmetric key protocols MRZ15 and WRK17 to new format
Node Communication:
- Changed protocol implementation for RSA (removed SEPH20RSA)
Node Configuration:
- Support for the following crypt algorithms when hashing API keys: MD5, SHA256, SHA512, bcrypt, Argon2i, Argon2id
- Renamed SEPH20RSA to ADN06 to reflect the new RSA implementation
- Removed KeySize for the MRZ15 protocol
Client API:
- Java/C SDKv2: Added support for RSA, AES and HMAC
- Go SDKv2: Renamed some static finalize methods to match other methods
- Go SDKv2: Added support for RSA signing, decryption, export and import
- Go SDKv2: New methods for AES and HMAC operations
- SDKv1 (Go, Node.js, Java, C): The AES CTR Keystream method now accepts key stream lengths that are not multiples of 16 bytes
- SDKv1 (Go, Node.js, Java, C): The AES CTR Encrypt and Decrypt methods now accept ciphertext/plaintexts with lengths that are not multiples of 16 bytes
- SDKv1 (Go, Node.js, Java, C): A new max of 16384 bytes in introduced for plaintexts and ciphertexts in the AES-CTR, AES-CBC, and AES-GCM encrypt/decrypt methods
- SDKv1 (Go, Node.js, Java, C): A new max of 16384 bytes for the AES-GCM additional data is introduced
- SDKv1 (Go, Node.js, Java, C): The AES GCMEncrypt/GCMDecrypt methods now require a nonce of 12 bytes (previously, any nonce length of 1-16 bytes was accepted)
- SDKv1 (Go, Node.js, Java, C): The RFC5649 Blob length is limited to 8192 bytes.
- Node.js SDKv2: Add method sdkVersion() and tsmVersion() to TSMClient
- Node.js SDKv2: Add method copyKey() to ECDSA and Schnorr
- Node.js SDKv2: Add util method privateKeyToPKIXPublicKey()
- Node.js SDKv2: Add util method shamirRecombine()
Client Communication:
- Changed endpoints for RSA
- Change to endpoints and transport types for symmetric operations (AES, HMAC, CMAC, AN10922, RFC5649)
Patch changes (no effect on compatibility):
- SDKv2 logs warning on major client communication mismatch between sdk and node
- Update dependencies
- OIDC Access Token Authentication: Now supports arrays in audience of tokens (https://openid.net/specs/openid-connect-core-1_0-35.html#IDToken)
Mobile frameworks have been built using: golang.org/x/mobile v0.0.0-20240806205939-81131f6468ab
Database: 7.10.0
Node Communication: 32.0 (!)
Node Configuration: 20.1 (!)
Client API: 54.0 (!)
Client Communication: 29.0 (!)
Node Communication:
- Added support for copying a key for DKLS19, SEPH18S and SEPD19S
Client API:
- Go SDKv2: Add method SDKVersion() and TSMVersion() to get the version of the SDK and TSM.
- Go SDKv2: Add method method CopyKey() to ECDSA and Schnorr
- Go SDKv2: Add private key derivation for ECDSA and Schnorr
- Go SDKv2: go-tsm-sdkv2 (gitlab release) now uses proper Go versioning i.e. vNN.OO.PP (prefixed 'v')
Client Communication:
- Added endpoints for KeyCopy to DKLS19, SEPH18S and SEPD19S
Patch changes (no effect on compatibility):
- Fix segmentation fault error when doing hardened bip32 derivation using Node.js SDKv2
- Set custom HTTP response headers in configuration
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b
Client API: 52.3 (!)
Client Communication: 27.1
Database: 7.8.0
Node Communication: 31.2
Node Configuration: 18.2
Node Communication:
- Added support for node communication over Redis
- Added support for load balancing when using AMQP for node communication
Node Configuration:
- Added configuration for Redis communication
- Added DynamicQueues parameter to AMQP configuration
Client API:
- Go SDKv2: Add util method to compute public key from private key
- Go SDKv2: Added static tsmutils.ShamirRecombine() method
Patch changes (no effect on compatibility):
- Improved error handling for Go SDKv2 tsmutils.ShamirSecretShare() method
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20240404231514-09dbf07665ed
Client API: 51.6
Client Communication: 27.0
Database: 7.8.0
Node Communication: 31.1
Node Configuration: 18.2
Client API:
- Java/C/Node.JS: Removed embedded nodes from clients
- Java/C SDKv2: Added EC package for various EC related operations
- Mobile SDKv1: Added RecoverKeyEdDSA for ERS
Patch changes (no effect on compatibility):
- Reduced size of mobile libraries, build with newer gomobile to avoid XCode 15.3 framework error.
Build with golang.org/x/mobile v0.0.0-20240404231514-09dbf07665ed
Database: 7.8.0
Node Communication: 31.0
Node Configuration: 18.1
Client API: 51.4
Client Communication: 27.0
Node Communication:
- Multi-instance optimizations. This breaks compatibility with older multi-instance versions.
Node Configuration:
- Log configuration parser moved to viper and internal go-toml upgraded to go-toml/v2. Configuration now uses a custom Duration struct for proper unmarshalling
- Configuration parser moved from go-toml to viper, allowing multiple configuration files to be parsed as one and overriding configuration values with environment variables
Client API:
- Node.js SDKv2
- C SDKv2: Removed a output parameter from sign that was never used.
Patch changes (no effect on compatibility):
- Fixed a bug in the s3 audit logger location
- Upgraded to Go 1.22.0 (<https://go.dev/doc/devel/release#go1.22.minor>)
- Added cosign to pipeline, signing our docker images pushed to the ECR and Nexus registries.
- Fixed an issue with empty structs in configuration
- Fixed some memory issues that could appear when running under high load in C and Java SDKs.
- Fix README example for gitlab.com/Blockdaemon/go-tsm-sdkv2
Client API: 51.1 (!)
Client Communication: 27.0
Database: 7.8.0
Node Communication: 31.0 (!)
Node Configuration: 18.1 (!)