-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathNEWS
115 lines (113 loc) · 8.08 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
Copyright (C) 2006, 2007, 2009,
2015, 2016, 2017, 2018, 2019 Heiko Stamer <HeikoStamer@gmx.net>
Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU Free Documentation License, Version 1.3 or any later
version published by the Free Software Foundation; with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is
included in the sources of this package and additionally can be obtained from
Internet <https://www.gnu.org/licenses>.
1.3.18 This release is two-fold: first, it fixes some bugs (e.g. iterated S2K)
of the OpenPGP interface, and second, it adds functionality for handling
v5 keys and signatures (see RFC 4880bis-07).
1.3.17 This is a maintenance release that fixes a major bug in the VSSHE module
(Groth's shuffle protocol). The verification of the special component E_d
with respect to membership in the underlying commitment group has been
done wrongly by a fast exponentiation function with fixed bases. Hence
the check of membership for this component is always bypassed and thus
a malicious prover may disturb the shuffle process by supplying a bad
value. However, it is extremely difficult to bypass the other checks, if
E_d is tampered (e.g. set to zero).
Please note that the vulnerability has only an impact on the optimized
shuffle interfaces (e.g. TMCG_VerifyStackEquality_Groth) of LibTMCG.
Moreover, some other minor improvements are included in this release.
1.3.16 In this release AEAD support has been added to the OpenPGP interface.
Please note that this feature is specified by working draft only and was
not part of the aged RFC 4880. Moreover, some bugs have been fixed and
some library constants (e.g. TMCG_MAX_CARDS) have been adjusted.
1.3.15 This is a maintenance release that fixes some bugs, e.g. in the Botan
support of functions from module mpz_srandom. Moreover, some interfaces
of the OpenPGP implemenation have been added and removed. For some
modules of LibTMCG a basic exception handling has been introduced.
1.3.14 With this release three additional parameters for the control of secure
memory allocation have been added to init_libTMCG(). They are explained
in the reference manual. Moreover, the OpenPGP interface has been
enhanced in several way, e.g., ECDH, ECDSA and EdDSA are supported now.
1.3.13 This release contains again a lot of major improvements for the still
undocumented OpenPGP interface, e.g. C++ classes for basic structures
like public keys or signatures. The PRNG from Botan is used for as an
additional source of randomness, if LibTMCG is configured and built with
the new option --with-botan. This reduces the impact of possible hidden
bugs in libgcrypt. Moreover, the hash function family SHA3 is emulated,
if the runtime version of libgcrypt is too old to support it natively.
1.3.12 Major improvements for OpenPGP interfaces have been achieved. Notable are
the new classes for processing public key structures. Moreover, a second
indepent hash algorithm (SHA3) has been included for computing the oracle
hash function g(). This adds the requirement of libgcrypt >= 1.7.0 for
dependencies and breaks compatibility of NIZK or generator verifiablility
with instances that have been compiled with older versions of LibTMCG.
Finally, small bugs (e.g. leading zeros for PKCS#1) are fixed now.
1.3.11 Some small enhancements for the OpenPGP interfaces and the library
initialization have been implemented. Unfortunately, the changes
may require also an update of the application code to be effective.
1.3.10 With this release the RSA signature generation/verification for OpenPGP
is introduced. Moreover, a function for preparing certification
signatures has been added.
1.3.9 This releases fixes two minor bugs in the OpenPGP implementation.
1.3.8 The S2K count for OpenPGP private key encryption has been increased to a
reasonable value. Moreover, some additional code fragments (e.g. parsing
of OpenPGP packets) have been improved.
1.3.7 This is again a maintenance release fixing some minor bugs and leaks.
1.3.6 Again, this is a maintenance release that fixes some bugs and introduces
limited support for OpenPGP V3 signatures (RFC 4880).
1.3.5 This is a maintenance release fixing some memory leaks found by Valgrind
and some other minor bugs.
1.3.4 The DKG tools have been removed from this release. These programs are
continued in a separate package called Distributed Privacy Guard (DKGPG).
1.3.3 Small enhancements for DKG tools have been added, e.g., programs for
basic information about a private threshold key, proactive refresh of
a shared tDSS key, and verification of a detached signature are now
included. The default TCP/IP port range starts now from 55000.
1.3.2 Major improvements for distributed key generation (DKG) and threshold
cryptography have been added. For example, the robust DSA compatible
threshold signature scheme of Canetti et al. is now included. LibTMCG
contains an implementation of these protocols that provides threshold
decryption and signatures for OpenPGP (RFC 4880). However, such schemes
are of independent interest and can be used for distributed electronic
card games (e.g. drop-out tolerance) as well. Finally some bugfixes
improve the robustness of the reliable broadcast protocol (RBC).
1.3.1 Small enhancements have been added. In particular, the class VSSHE now
provides a simple variant of the SetupGenerators_publiccoin().
1.3.0 This is mainly a bugfix release that removes some issues found by
coverity scan. However, there are also some new undocumented protocols
and experimental support for distributed key generation has been added.
The most important change is a verifiable setup of VTMF group generator.
For some advanced protocols (e.g. Groth's shuffle) with more than two
parties the distributed coin flipping protocol (EDCF) should be used.
1.2.0 The default security parameters have been updated to current state of
the art. The complexity of hash function g() was improved. Unfortunately,
this breaks compatibility with instances that have been compiled with
older versions of LibTMCG.
The configure switch --with-gmp has been added in order to find the
required libgmp on a non-standard path (e.g. on MacOS). Non-interactive
versions of the verifiable shuffle resp. rotation protocol provide more
efficient instantiations with soundness based on the well-known
Fiat-Shamir heuristic. The interactive versions of the protocols have
been strengthened against malicious verifiers by coin flipping between
prover and verifier. Finally a protocol for reliable broadcast is now
included. Last but not least, the documentation has been improved.
1.1.3 The VRHE scheme provides an efficient HVZK argument for cyclic shuffle.
1.1.2 Small bugfixes have been applied in order to compile with gcc 4.3.x.
1.1.1 A major security bug (missing range check) was fixed, which allows an
adversary to choose trivial group generators. This flaw has a crucial
impact on the confidentiality of private cards. Thus, we strongly
recommend all users to update LibTMCG as soon as possible.
1.1.0 Some interfaces were changed to allow the creation of keys without
included non-interactive zero-knowledge proof of validity. In
particular, this is more convenient whenever the new VTMF encoding
scheme is used. Further some optimizations have been applied.
1.0.1 A weakness in TMCG_CreateStackSecret() was corrected which may lead
to a biased shuffle in some circumstances. Note that SecureSkat is
not affected by this issue. Furthermore, the documentation has been
improved and the function version_libTMCG() was added.
1.0.0 Groth's HVZK shuffle argument provides a major improvement in terms
of reduced communication and computational complexity.