Changelog
Start typing to search…
Back to All

Builder Vault (TSM) Release 71.0.0

June 12th, 2025 by Torben Lauritzen

Versions

Client API: 62.0 (!)
Client Communication: 31.0 (!)
Database: 7.12.0
Node Communication: 34.1
Node Configuration: 25.0 (!)

Changelog

Node Configuration:
- Added ExportKey, ImportKey, ExportKeyShare, ImportKeyShare to SEPH18S, DKLS19, DKLS23, 	
  and SEPD19s
- Removed BackupKeyShare, RestoreKeyShare, ExportKeyShares, and ImportKeyShares from 
  SEPH18S, DKLS19, DKLS23, and SEPD19s
- Added ExportKey, ImportKey, ExportKeyShare, ImportKeyShare to SEPH18S, DKLS19, DKLS23, 
  and SEPD19S
- Removed BackupKeyShare, RestoreKeyShare, ExportKeyShares, and ImportKeyShares from 
  SEPH18S, DKLS19, DKLS23, and SEPD19S

Client API:
- Added countPresignatures() method to Node.js and WASM SDKv2
- Added utility method GenerateRSAKeyPair to generate encoded RSA public and private key
- Added methods ExportKeyShare/ImportKeyShare to export and import key shares and presignatures
- Removed BackupKeyShare and RestoreKeyShare (ECDSA, Schnorr)
- Renamed ExportKeyShares/ImportKeyShares to ExportKey/ImportKey
- Renamed generateEcdsaKey to generateEcdsaKeyPair in the Java SDK to be consistent with Golang

Client Communication:
- Added endpoints for export key share and import key share
- Removed endpoints for backup share and restore share
Patch changes (no effect on compatibility):
- When using WrappingKey(), the keys created by a node are automatically in the 
  import/export white list.

Details

Legacy SDK

The legacy SDK is now officially end of life and has been removed. Version 70 is the last major version that supports the legacy SDK.

This also means that the JCE provider has been removed.

Finally, tsmcli has also been removed. The purpose of tsmcli was to create users and administrators, but they are no longer used in the latest SDK.

Export and import changes

There have been some changes to how import and export work. Prior to version 71, there were the following ways of
exporting and importing keys:

  • BackupKeyShare/RestoreKeyShare: Would do a local (unencrypted) export of a key share that could later be restored.
  • ExportKeyShares/ImportKeyShares: Would export a (encrypted) raw key share and chain code to all players participating in the MPC protocol. This key share would be rerandomized, so to use the imported key, you needed all the shares.

In version 71 these methods have been changed:

ExportKeyShares/ImportKeyShares have been renamed to ExportKey/ImportKey to make it clearer that you are actually exporting the entire key. The functionality remains the same.

BackupKeyShare/RestoreKeyShare have been replaced by the new methods ExportKeyShare/ImportKeyShare. They work similarly to BackupKeyShare/RestoreKeyShare, but with a few significant differences:

  • The exported key share is encrypted with a wrapping key
  • The export can (optionally) include presignatures as well. If presignatures are exported, then they are removed from the source to reduce the risk of reusing a presignature.

These changes apply to ECDSA, Schnorr, RSA, AES, and HMAC. Note that only ECDSA and Schnorr support the ExportKeyShare/ImportKeyShare methods.