Guides

Upgrading from v70

This page contains information about upgrading from v70 LTS to the latest release. You may want to do this to get access to the latest features.

📘

While all our releases are production quality, we only guarantee that LTS releases will receive non-breaking patches. If you wish to minimise upgrades with breaking changes, we recommend that you use our latest LTS release (v70) and only upgrade when the next LTS release is available.

Upgrading from v70 to v71

Changes to Import/Export and Backup/Restore

There have been some changes to how import and export work. Prior to version 71, there were the following ways of exporting and importing keys:

  • BackupKeyShare/RestoreKeyShare: Would do a local (unencrypted) export of a key share that could later be restored.
  • ExportKeyShares/ImportKeyShares: Would export a (encrypted) raw key share and chain code to all players participating in the MPC protocol. This key share would be rerandomized, so to use the imported key, you needed all the shares.

In version 71 these methods have been changed:

ExportKeyShares/ImportKeyShares have been renamed to ExportKey/ImportKey to make it clearer that you are actually exporting the entire key. The functionality remains the same.

BackupKeyShare/RestoreKeyShare have been replaced by the new methods ExportKeyShare/ImportKeyShare. They work similarly to BackupKeyShare/RestoreKeyShare, but with a few significant differences:

  • The exported key share is encrypted with a wrapping key
  • The export can (optionally) include presignatures as well. If presignatures are exported, then they are removed from the source to reduce the risk of reusing a presignature.

These changes apply to ECDSA, Schnorr, RSA, AES, and HMAC. Note that only ECDSA and Schnorr support the ExportKeyShare/ImportKeyShare methods.

Key Import using Node's Own Wrapping Key

When an MPC node exports a key share, the share is wrapped using a provided public wrapping key. The node only accepts this key if it exist in a whitelist in the node's configuration. The node's own public wrapping key is now automatically part of this whitelist. This means that you can now always import key shares that were earlier exported by the node itself, without manually having to add the node's public wrapping key to the whitelist.

Updated 15 days ago