v0.8.1b1

Added

• Adds a SonarQube quality gate check that prevents deployments until analysis meets quality thresholds.
• Adds nested CodeQL SARIF support and uploads CodeQL reports as workflow artifacts.
• Adds a dedicated Python tests workflow with multi-version support and integrated analysis.
• Adds a poetry-plugin-export step for generating Snyk requirements.
• Adds new configuration files for SonarQube, SonarCloud, and GitHub Pages (including a new jekyll-gh-pages.yml).
• Adds Node.js and Wrangler installation steps and a manual deployment trigger via workflow_dispatch.
• Adds comprehensive gmpy2 type stubs to improve type checking and IDE support.
• Adds FAQ documentation for the Verifiable Secret Sharing library.

Changed

• Changes workflow actions to use explicit commit hashes for improved reproducibility.
• Changes linter configuration by replacing Flake8 and Black with Ruff.
• Changes SonarQube workflow logging to include emojis and detailed output for quality gate status.
• Changes quality gate checks by updating endpoints and task naming for clearer status handling.
• Improves CI/CD workflows through refined caching keys, enhanced report processing, and updated dependency digests.
• Refines GitHub Actions and Jekyll site configurations for more reliable deployments and clearer site navigation.
• Updates Python version requirements (to ≥3.10 and 3.13) and adjusts type annotations and error handling in cryptographic functions.
• Refines dependency configurations (including CodeQL, CycloneDX, and Node.js) to ensure build stability.

Fixed

• Fixes CycloneDX SBOM generation command syntax and error handling.
• Fixes Jekyll build command and working directory issues to ensure correct site deployment.
• Fixes deployment command paths in GitHub Actions workflows.

Removed

• Removes Flake8 report handling from the SonarQube workflow.
• Removes the Pyright typecheck step from the Python tests workflow.
• Removes deprecated GitHub Actions workflow files (e.g. sonarcloud.yml and debricked.yml) and redundant project name parameters in Cloudflare Pages deploy commands.

Security

• Adds a Bandit security configuration for enhanced code analysis.
• Adds SHA3-256 hash verification for reports to secure artifact integrity.
• Enhances constant-time comparisons and mitigates timing attacks in the VSS module.
• Refactors and secures the VSS module by standardizing constant-time operations and improving secure RNG.
• Improves input validation and encoding in randomness functions for stronger timing security.

v0.8.0b3

What's Changed

• Update snyk/actions digest to cdb7600 by @renovate in #21

Full Changelog: v0.8.0b2...v0.8.0b3

v0.8.0b2

This release focuses on enhanced security, memory management, and code clarity for the Post-Quantum Feldman VSS library.

Major Highlights:

• Enhanced Memory Management: Implemented a MemoryMonitor class and integrated memory safety checks throughout the code to prevent excessive memory allocation and potential denial-of-service vulnerabilities. This drastically improves the library's robustness, especially when dealing with large threshold values and bit lengths.
• Improved Error Handling and Forensics: Enhanced exception handling throughout the codebase with more detailed forensic data included in exceptions for debugging/auditing purposes. Added get_forensic_data to errors for better debugging. Sanitized errors are used by default to prevent information leakage.
• Enhanced Security: Further hardened constant-time operations, Byzantine fault tolerance, and memory safety. Enhanced comments and documentation for security-sensitive areas of the code.

Detailed Changes:

• Core Security Enhancements:

  • constant_time_compare: Added input validation for gmpy2.mpz types.
  • secure_redundant_execution: Added a deterministically selected result to prevent timing side-channels, and added a more robust approach for gathering results in concurrent.futures.ThreadPoolExecutor.
  • _find_secure_pivot: Updated with constant-time update to minimum value and added more secure swaps. Added improved error check- ensure we're not returning a row with a zero pivot.
  • _compute_combined_randomizer Added type hints for function parameter.
  • _process_echo_consistency: Added input validation and more comprehensive Byzantine evidence collection.
  • _detect_byzantine_behavior: Added more explicit checks for malformed commitments and safer element access. Now explicitly requires passing the zero commitment check.
  • ``_generate_invalidity_evidence`: Added additional evidence about consistency checks.
  • secure_exp: Optimization: For safe primes p=2q+1, reduce modulo q instead of p-1. Check memory safety before proceeding.
  • create_polynomial_proof: Removed the use of id() for commitment keys and replaced it with the use of a secure cryptographic hashing algorithm to generate commitment keys, significantly improving the uniqueness and security of the keys.

• Memory Management:

  • MemoryMonitor Class: Added a MemoryMonitor class to track allocated memory and prevent exceeding limits.
  • check_allocation, allocate, release, get_usage_stats: Implemented methods for memory tracking and management.
  • check_memory_safety: Added comprehensive memory safety checks throughout the code.
  • estimate_mpz_size: Added a function to estimate memory usage of gmpy2.mpz numbers.
  • Integrated memory safety checks within CyclicGroup.exp, CyclicGroup.efficient_multi_exp, FeldmanVSS._evaluate_polynomial, and FeldmanVSS._secure_matrix_solve.

• Error Handling & Forensic Data:

  • Custom Exception Classes: Enhanced SecurityError, SerializationError, VerificationError, and ParameterError with fields like detailed_info, severity, timestamp, data_format, checksum_info, parameter_name, parameter_value, and expected_type for more comprehensive error reporting. Added get_forensic_data to errors for better debugging.
  • Detailed Error Messages: Added forensic data collection for debugging/auditing purposes.
  • Sanitized Errors: Sanitized errors are used by default to prevent information leakage.
  • Enhanced Input Validation: Added additional input validation and logging to various methods.
  • Corrected potential errors: Fixed a potential error that might occur if the input was undefined

• Code Quality & Clarity:

  • Type Hinting: Added type hints throughout the code for improved readability and maintainability.
  • Docstring Improvements: Enhanced docstrings for better clarity and consistency.
  • Removed Unnecessary Code: Removed code to free up memory in a class, as it is automatically handled by garbage collector.
  • Function Renaming: Renamed memory_safe_mpz_mul to check_memory_safety for more clarity.

• Bug Fixes:

  • Fixed an error with the input type of a function.

• Dependency Updates:

  • Updated requires-python version.
  • Updated dependencies version.

• Documentation:

  • Updated the documentation to accurately reflect the current codebase.
  • Enhanced docstrings throughout the code for better clarity and consistency.
  • Updated System Requirements section.
  • Added PyPi link.

Breaking Changes:

• Some exceptions now inherit from the custom classes (SecurityError, SerializationError, VerificationError, ParameterError) to provide additional diagnostic information. This should be backwards compatible in most cases, but code that specifically catches Exception may need to be updated.

Security Notes:

• This release addresses potential denial-of-service vulnerabilities related to excessive memory allocation.
• This release adds a deterministically selected result to prevent timing side-channels.
• This release adds a challenge consistency check to help detect malicious tampering.
• As a reminder, this library still has timing side-channel and fault injection vulnerabilities that cannot be adequately addressed in pure Python. These issues require implementation in a lower-level language like Rust to fix properly.

Upgrade Notes:

• It is highly recommended to upgrade to this version for improved security and stability.
• Pay special attention to the "Breaking Changes" section if your code relies on catching specific exception types.

Future Work:

• Further hardening of constant-time operations.
• More comprehensive testing and auditing.
• Fixing issues with Type Hints by creating custom stubs

v0.7.6-beta

Changed

• Major Refactor and Enhancements: This version introduces significant internal changes and improvements, building upon version 0.7.5b0. While the public API remains largely compatible, many functions have been optimized, rewritten, or enhanced for security and performance.
• Enhanced Security:
  • Improved fault injection countermeasures in secure_redundant_execution. Increased redundancy from 3 to 5 executions, added random execution ordering, and introduced small random delays to decorrelate execution timing. Used more robust constant-time comparisons for all result permutations.
  • hash_to_group now uses strict rejection sampling without fallback to modular reduction, eliminating a potential (though minor) bias. Increased the number of attempts and added domain separation to improve the success rate of rejection sampling.
  • Enhanced domain separation in _enhanced_encode_for_hash with type tagging and length prefixing to prevent collision attacks.
  • Improved validation during deserialization of commitments and proofs, including stricter checks on data types, structures, and cryptographic parameters (primality, generator validity, range checks).
  • Added more comprehensive Byzantine fault tolerance in _refresh_shares_additive, including an echo broadcast mechanism for consistency verification, adaptive quorum-based detection of Byzantine parties, and enhanced collusion detection.
  • Introduced _detect_byzantine_behavior for more thorough detection of malicious behavior, including inconsistent shares, invalid commitments, and equivocation.
  • Added cryptographic proof generation for invalid shares (_create_invalidity_proof) and for correct share refreshing (_generate_refresh_consistency_proof).
  • Improved collusion detection using network analysis algorithms (_enhanced_collusion_detection).
  • Added secure constant-time summation of shares (_secure_sum_shares) to prevent timing attacks during share refreshing.
  • Implemented a more secure randomized pivot selection strategy in _find_secure_pivot to prevent timing-based side-channel attacks during Gaussian elimination.
  • Added better handling of extra entropy during commitment creation and verification
  • Added more detailed diagnostics to error messages.
  • Improved sanitization of error messages.
  • Added handling for potential failures during random shuffle and delay.
• Performance Optimizations:
  • Optimized batch_verify_shares with caching of intermediate values and batch processing for improved performance with large batches.
  • Optimized _refresh_shares_additive for better performance in asynchronous environments, reduced communication complexity, and more efficient verification.
  • Improved parallelism in _process_verification_batches.
  • Optimized efficient_multi_exp with adaptive window sizing and selective precomputation.
  • Pre-compute powers of generator with multi-level windows.
  • Dynamic window sizing based on prime size.
• API Changes (Minor):
  • Added optional sanitize_error_func, function_name, and context parameters to secure_redundant_execution for better error handling and context.
  • Added optional original_commitments and participant_ids parameters to refresh_shares.
  • Renamed create_commitments_and_proof to create_commitments_with_proof for clarity.
  • The _find_secure_pivot function's output is now deterministic with respect to its inputs, even though it uses randomness internally. This improves testability.
• Bug Fixes:
  • Fixed potential TypeError in constant_time_compare when comparing mixed types. Now uses a consistent conversion approach.
  • Fixed various potential issues in deserialization methods by adding stricter type and structure checks.
  • Fixed potential error in _secure_matrix_solve by using gmpy2.invert for modular inversion.
• Code Quality:
  • Improved type hints and documentation throughout the code.
  • Added more comprehensive input validation and error handling.
  • Used gmpy2.mpz consistently for all integer arithmetic to ensure consistent handling and prevent potential type-related issues.
  • Improved logging and warning messages.

v0.7.5-beta

This release focuses on enhancing security, improving performance, and refining the API for better usability and robustness. It addresses several potential vulnerabilities and incorporates feedback from the alpha testing phase.

Key Changes and Improvements:

Security Enhancements

• hash_to_group Bias Mitigation:

  • Increased the maximum attempts for rejection sampling in hash_to_group from 100 to 1000. This significantly reduces the already slight statistical bias introduced by the fallback modular reduction, making it even more negligible.

• Enhanced Domain Separation in Hashing:

  • Replaced length-prefixed encoding in _enhanced_encode_for_hash with a more robust scheme that includes type tagging. This scheme explicitly encodes the type of each input (bytes, string, int/mpz) before its length, providing stronger domain separation. This prevents a wider range of potential collision attacks.

• Deserialization Validation Improvements:

  • deserialize_commitments and deserialize_commitments_with_proof now include significantly more rigorous validation checks:
    • Generator Validation: Verifies that the deserialized generator is within the valid range (1 < generator < prime - 1) and that it's a valid generator for the given prime. For safe primes, it checks g^q != 1 mod p, where q = (p-1)/2.
    • Commitment and Randomizer Range Checks: Ensures all deserialized commitment and randomizer values are within the expected range [0, prime-1].
    • Commitment Structure Validation: Confirms each commitment has the correct structure: (commitment, randomizer) or (commitment, randomizer, extra_entropy).
    • Proof Structure Validation (for deserialize_commitments_with_proof): Adds comprehensive checks for the presence and correct types of all required fields within the deserialized proof structure (blinding_commitments, challenge, responses, commitment_randomizers, blinding_randomizers, timestamp). Also verifies the consistency of lengths between the different proof components.
    • Timestamp Validation (for deserialize_commitments_with_proof): Checks that the timestamp within the proof is not in the future (allowing for a small clock skew) and is not excessively old (warning if older than 90 days).

• Byzantine Fault Tolerance in Share Refreshing:

  • The _refresh_shares_additive method (implementing Chen & Lindell's Protocol 5) has received several improvements to its Byzantine fault tolerance:
    • Adaptive Quorum-Based Byzantine Detection: Consistency checks during share refreshing now use an adaptive quorum. The required consistency ratio for accepting a party's shares increases dynamically based on the number of participants and the detected threat level. This makes it harder for colluding adversaries to disrupt the refresh process.
    • Enhanced Evidence Collection: The _detect_byzantine_behavior function now collects more detailed evidence when Byzantine behavior is detected, including information about inconsistent shares, invalid commitments, and equivocation (sending different values to different participants).
    • Improved Collusion Detection: The _enhanced_collusion_detection function uses a more sophisticated graph analysis approach to identify potential collusion patterns. It considers both the number of invalid shares and the overlap in the participants targeted by those invalid shares.
    • Echo Consistency Protocol: The _process_echo_consistency function has been significantly enhanced to provide stronger detection of equivocation. It uses cryptographically secure fingerprints of shared values to ensure consistent information among participants.

• Constant-Time Operations:

  • The _secure_matrix_solve function now uses gmpy2.invert() instead of powmod() for modular inversion during Gaussian elimination. gmpy2.invert() is designed for constant-time modular inversion, offering better protection against timing side-channels.
  • The verify_dual_commitments function now incorporates constant_time_compare to check the validity of commitment proofs. This ensures constant-time verification, preventing potential leakage of information about the secret values.

Performance Optimizations

• Dynamic Window Sizing in CyclicGroup:

  • The _precompute_powers method in the CyclicGroup class now uses a more sophisticated dynamic window sizing strategy for precomputation. This adaptive logic considers the size of the prime and adjusts the small window size accordingly, leading to better performance across a wider range of prime sizes.

• Verification Batch Size Calculation:

  • The _calculate_optimal_batch_size function now takes into account the number of available CPU cores (using multiprocessing.cpu_count()) to determine the optimal batch size for verification. This improves parallelism and reduces verification time, especially for large numbers of shares.

API and Usability Refinements

• Clearer Error Messages and Warnings: Many error messages and warnings have been improved to provide more specific and informative diagnostics.
• Type Hinting and Documentation: The code has been thoroughly reviewed and updated with comprehensive type hints and docstrings, improving readability and maintainability.
• Consistent Use of gmpy2: The code now consistently uses gmpy2.mpz for all integer arithmetic within the CyclicGroup and FeldmanVSS classes, ensuring consistent behavior and leveraging gmpy2's performance optimizations.

Bug Fixes

• Fixed several minor inconsistencies and potential edge-case issues in serialization and deserialization methods.
• Addressed potential type errors in various functions by adding more robust input validation.

Potential Vulnerabilities (Acknowledged but Not Fully Addressed)

• Timing Side-Channels (Partially Addressed): Significant progress has been made in mitigating timing side-channels (e.g., gmpy2.invert(), constant_time_compare in verify_dual_commitments). However, a core concern remains: functions like constant_time_compare, _secure_matrix_solve, and _find_secure_pivot are implemented in pure Python. The Python interpreter and underlying hardware can still introduce timing variations. Full mitigation requires implementation in a lower-level language or using a well-vetted cryptographic library.

• secure_redundant_execution Assumptions: The secure_redundant_execution function still relies on the assumption that the provided function is deterministic and has no side effects.

• Bias in hash_to_group: Although reduced significantly, the hash_to_group function uses a fallback mechanism that can introduce a slight statistical bias. While negligible for large primes, this remains a theoretical weakness.

Note

This is a beta release. While extensive testing has been performed, there may still be undiscovered issues. It is recommended to thoroughly test this version in your environment before deploying it in a production setting.

v0.7.4-alpha

Major Security and Performance Enhancements:

• Robust Post-Quantum Security:

  • Improved hash_to_group in CyclicGroup to ensure uniform distribution for primes of any size, eliminating potential bias in commitment generation. This is critical for provable post-quantum security.
  • _enhanced_encode_for_hash now uses fixed-length byte representations for integers, guaranteeing deterministic hashing across all platforms and Python implementations. This prevents subtle inconsistencies and potential vulnerabilities.
  • _compute_hash_commitment_single (and thus _compute_hash_commitment) now use the deterministic integer encoding, ensuring consistent commitment values.
  • _find_secure_pivot implements a significantly more robust and constant-time pivot selection strategy during Gaussian elimination, mitigating timing side-channel attacks.
  • deserialize_commitments now validates that the deserialized prime is a safe prime if safe_prime is enabled in the config.
  • Extensive input validation added throughout the codebase to prevent incorrect usage and potential vulnerabilities.

• Improved Byzantine Fault Tolerance (BFT) in Share Refreshing:

  • refresh_shares_additive now implements adaptive quorum-based Byzantine detection. The required consistency ratio dynamically adjusts based on the number of participants and observed inconsistencies.
  • Shares from identified Byzantine parties are explicitly excluded from the share refresh process, preventing them from corrupting the secret.
  • More comprehensive evidence collection for Byzantine behavior, including consistency ratios.
  • Verification Proofs were added to the method.

• Performance Optimizations:

  • CyclicGroup now uses a SafeLRUCache (Least Recently Used cache) with a configurable capacity (defaulting to 128) for storing exponentiation results. This provides:
    • Bounded memory usage (prevents unbounded growth).
    • Automatic eviction of least recently used entries.
    • A cleaner and more standard caching interface.
  • _find_secure_pivot generates random bytes in a single block for improved efficiency.

• Correctness and Consistency:

  • create_enhanced_commitments now includes extra_entropy in the returned commitment tuples, ensuring that it's available for verification.
  • _verify_share_hash_based_single now correctly uses the extra_entropy during verification.
  • serialize_commitments and deserialize_commitments now correctly handle the extra_entropy for low-entropy secrets, ensuring round-trip consistency.
  • The number of tries in _find_generator was significantly increased.

• Code Quality and Maintainability:

  • Widespread addition of input validation to public and private methods.
  • Improved comments and clearer logic in many methods.

Version 0.7.0-Alpha

• Initial alpha release of the post-quantum secure Feldman VSS implementation.
• Features hash-based commitments, secure group operations, batch verification, serialization/deserialization, fault injection countermeasures, and integration with Pedersen VSS.
• Includes basic Byzantine fault detection during share refreshing.

v0.7.0-alpha

Initial release