Skip to content

Releases: coinbase/cb-mpc

CB-MPC v0.1.1

21 Jan 17:29
@github-actions github-actions
v0.1.1
cb60753
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
CB-MPC v0.1.1 Latest
Latest

This is a cumulative release including all changes since v0.1.0. The primary focus is security, featuring multiple fixes and hardening changes across crypto primitives, ZK proofs, and protocol-level validation. We recommend that all users upgrade to this version.

Security fixes & hardening

  • Side-channel resistance improvements:
    • Make key curve operations more consistently constant-time (including constant-time point operations and constant-time conditional selection/copy helpers).
    • Replace non-constant-time equality checks in core buffer/types with constant-time comparisons.
    • Enforce constant-time-capable curves for certain operations and reduce scalars mod q where required.
  • Correctness/security fixes in crypto primitives:
    • RSA-OAEP: correctly configure the MGF1 hash (previously could fall back to SHA-1 unintentionally).
    • AES-GCM: zeroize decrypted plaintext on authentication failure to avoid leaving sensitive data in memory.
    • Fix constant-time big-number comparison corner cases (e.g., negative values).
  • Memory-safety fixes:
    • Prevent an out-of-bounds read in PVE message handling by validating buffer sizes before slicing.
    • Prevent potential buffer/offset issues in serialization/conversion paths by adding bounds and overflow checks.
  • Stronger input validation across proofs and protocols:
    • Add range checks and curve point validation in ZK verifiers; add parameter validation for Fischlin-style proofs.
    • Fix vector hash encoding to include length/size prefixes; add unit test coverage.
    • Add batch size consistency checks across protocols (including ECDSA, Schnorr, and DKG).
    • Add additional validation for secret sharing indices/thresholds and broader protocol message validation.

Developer & integration improvements

  • Enable more flexible t-of-n operation participation by identifying parties via unique party names (indices become session-local rather than persistent).
  • Go/FFI refactor: move C memory allocation helpers into a dedicated FFI module and update CGO bindings accordingly.
  • Miscellaneous cleanup and robustness improvements (removal of unused code paths, additional assertions/checks).

Behavior / compatibility notes

  • Validation is stricter by design: malformed inputs that previously slipped through (or triggered asserts) may now return explicit errors earlier.
  • Paillier randomness generation now fails with an error when the sampled value is not coprime to N; callers should handle the error.
  • Go/CGO consumers who depended on internal headers/types may need minor include/import updates and a rebuild.
Assets 4
Loading

CB-MPC 0.1.0

26 Mar 13:30
@github-actions github-actions
cb-mpc-v0.1.0
dc7ce21
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
CB-MPC 0.1.0

This is the initial public release of Coinbase Open Source MPC Library.

This release contains the following:

  • The complete source code for Coinbase Open Source MPC Library
  • Cryptographic code, specifications and theory documents for the MPC Library
  • External code review report from Cure53
  • For full details and instructions see README.md
Loading