Skip to content

Releases: fystack/tss-lib

v3.0.1 - EdDSA Child Key Derivation

17 May 10:58
@anhthii anhthii
v3.0.1
8146a64
This commit was signed with the committer’s verified signature. The key has expired.
anhthii Cody
GPG key ID: DFBE205CE2069FE2
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.0.1 - EdDSA Child Key Derivation Latest
Latest

Highlights

This release adds EdDSA Child Key Derivation (CKD) so HD-wallet–style key
derivation works for Ed25519-based chains (e.g. Solana), and restores
pre-v3.0.0 CKD behavior needed for Edwards curves.

Features

  • EdDSA signing with HD key derivationeddsa/signing can now sign with
    a derived child key. Adds key_derivation_util.go
    (UpdatePublicKeyAndAdjustBigXj), wires the derivation delta into the local
    party and round_1, and adds an end-to-end test
    (TestE2EConcurrentWithHDDerive). Ported from fystack/tss-lib onto
    bnb-chain v3.0.0; the unrelated range-proof / Feldman-VSS changes and the
    ExtendedKey refactor from upstream were intentionally dropped, since v3.0.0
    already handles multi-curve internally via crypto.NewECPoint.

Fixes

  • CKD: reduce IL modulo N before the range check — restores the
    pre-v3.0.0 behavior of applying ilNum.Mod(N) before the range check in
    DeriveChildKey. v3.0.0 made the check strict per BIP-32, which mandates
    retrying with the next index when IL >= N. This library does not implement
    retry, and on Edwards curves N ≈ 2^252 so ~94% of raw 256-bit HMAC outputs
    exceed N — the strict check made EdDSA CKD effectively unusable.
    Trade-off: introduces a ~2^-4 modular bias on derived child public keys; the
    bias is washed out on private shares by the uniform parent share, so it does
    not enable key recovery or forgery, and it preserves address compatibility
    with wallets derived under prior library versions.

Maintenance

  • gofmt formatting fixes in common/constant_time.go and
    crypto/paillier/paillier.go.

Verification

  • crypto/ckd: PASS (BIP-32 test vectors for secp256k1)
  • eddsa/signing TestE2EConcurrentWithHDDerive: PASS
  • ecdsa/signing TestE2EWithHDKeyDerivation: PASS

Commits

  • 26baa22 add ecdsa derive signing logical
  • 2f5ab80 change priv version
  • 9751c3a ckd: reduce IL modulo N before range check
  • 8146a64 Fix format
Assets 2
Loading

EDdSA child key derivation

02 Dec 05:40
@vietddude vietddude
v2.0.3
560c835
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
EDdSA child key derivation 
Merge pull request #3 from fystack/revert

Restore Security Checks Removed in EdDSA CKD Commits
Loading