TKeeper

v1.0.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agents ai-security bitcoin cryptography custody ecdsa

+10 more

high-risk java key-management kms mpc schnorr taproot threshold-cryptography threshold-signatures tss

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Updated tss4j to 0.0.10 fixing a correctness issue that allowed malicious co-signers to forge MtA range proofs.

Full changelog

Security Fix

tss4j: updated to 0.0.10. It includes a correctness fix in GG20 MtA proof flow.

Malicious co-signer could forge MtA range proofs, enabling full secret share recovery in O(log q) signing sessions
via binary oracle on the respondent's secret share.

Recommended action

Upgrade immediately. If prior sessions involved untrusted co-signers, consider performing a key refresh.

Performance

Switched to virtual threads per request
Replaced BigInt text serialization with byte array encoding for internal
communications
Server configuration fine-tuning

Security Fixes

tss4j updated to 0.0.10 – fixes correctness flaw in GG20 MtA proof flow that allowed malicious co-signers to forge range proofs and recover secret shares (CVE not provided). Upgrade immediately; consider key refresh if prior sessions involved untrusted co‑signers.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TKeeper

Get notified when new releases ship.

About TKeeper

All releases →