TKeeper

v1.0.6 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 2mo MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security bitcoin cryptography custody ecdsa

+10 more

high-risk java key-management kms mpc schnorr taproot threshold-cryptography threshold-signatures tss

Affected surfaces

auth breaking_upgrade

Summary

AI summary

GG20 signing now requires participant public‑key commitments to be present in storage.

Full changelog

Features

Added P-256 (secp256r1) curve support for threshold ECDSA (GG20), FROST signing, and threshold ECIES.

Updated

tss4j: upgraded to include EC-point binding in MtAwc respondent proofs (Π_{resp}).
The respondent now proves that the value used in the homomorphic MtA evaluation
corresponds to the discrete log of their Lagrange-weighted public key share,
preventing share substitution attacks.

Migration Notice

GG20 signing now requires participant public key commitments to be present in storage.
Commitments are stored automatically starting from version 1.0.2.

If your keys were generated on version 1.0.1 or earlier and have not been refreshed
on a later version, call key refresh before signing.

Keys generated or refreshed on 1.0.2+ are not affected.

Breaking Changes

GG20 signing mandates participant public‑key commitments stored in the database; keys generated on versions ≤ 1.0.1 must be refreshed before use.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TKeeper

Get notified when new releases ship.

About TKeeper

All releases →