Copyright (C) 2006, 2007, 2009, 2015, 2016, 2017, 2018, 2019 Heiko Stamer Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the sources of this package and additionally can be obtained from Internet . 1.3.18 This release is two-fold: first, it fixes some bugs (e.g. iterated S2K) of the OpenPGP interface, and second, it adds functionality for handling v5 keys and signatures (see RFC 4880bis-07). 1.3.17 This is a maintenance release that fixes a major bug in the VSSHE module (Groth's shuffle protocol). The verification of the special component E_d with respect to membership in the underlying commitment group has been done wrongly by a fast exponentiation function with fixed bases. Hence the check of membership for this component is always bypassed and thus a malicious prover may disturb the shuffle process by supplying a bad value. However, it is extremely difficult to bypass the other checks, if E_d is tampered (e.g. set to zero). Please note that the vulnerability has only an impact on the optimized shuffle interfaces (e.g. TMCG_VerifyStackEquality_Groth) of LibTMCG. Moreover, some other minor improvements are included in this release. 1.3.16 In this release AEAD support has been added to the OpenPGP interface. Please note that this feature is specified by working draft only and was not part of the aged RFC 4880. Moreover, some bugs have been fixed and some library constants (e.g. TMCG_MAX_CARDS) have been adjusted. 1.3.15 This is a maintenance release that fixes some bugs, e.g. in the Botan support of functions from module mpz_srandom. Moreover, some interfaces of the OpenPGP implemenation have been added and removed. For some modules of LibTMCG a basic exception handling has been introduced. 1.3.14 With this release three additional parameters for the control of secure memory allocation have been added to init_libTMCG(). They are explained in the reference manual. Moreover, the OpenPGP interface has been enhanced in several way, e.g., ECDH, ECDSA and EdDSA are supported now. 1.3.13 This release contains again a lot of major improvements for the still undocumented OpenPGP interface, e.g. C++ classes for basic structures like public keys or signatures. The PRNG from Botan is used for as an additional source of randomness, if LibTMCG is configured and built with the new option --with-botan. This reduces the impact of possible hidden bugs in libgcrypt. Moreover, the hash function family SHA3 is emulated, if the runtime version of libgcrypt is too old to support it natively. 1.3.12 Major improvements for OpenPGP interfaces have been achieved. Notable are the new classes for processing public key structures. Moreover, a second indepent hash algorithm (SHA3) has been included for computing the oracle hash function g(). This adds the requirement of libgcrypt >= 1.7.0 for dependencies and breaks compatibility of NIZK or generator verifiablility with instances that have been compiled with older versions of LibTMCG. Finally, small bugs (e.g. leading zeros for PKCS#1) are fixed now. 1.3.11 Some small enhancements for the OpenPGP interfaces and the library initialization have been implemented. Unfortunately, the changes may require also an update of the application code to be effective. 1.3.10 With this release the RSA signature generation/verification for OpenPGP is introduced. Moreover, a function for preparing certification signatures has been added. 1.3.9 This releases fixes two minor bugs in the OpenPGP implementation. 1.3.8 The S2K count for OpenPGP private key encryption has been increased to a reasonable value. Moreover, some additional code fragments (e.g. parsing of OpenPGP packets) have been improved. 1.3.7 This is again a maintenance release fixing some minor bugs and leaks. 1.3.6 Again, this is a maintenance release that fixes some bugs and introduces limited support for OpenPGP V3 signatures (RFC 4880). 1.3.5 This is a maintenance release fixing some memory leaks found by Valgrind and some other minor bugs. 1.3.4 The DKG tools have been removed from this release. These programs are continued in a separate package called Distributed Privacy Guard (DKGPG). 1.3.3 Small enhancements for DKG tools have been added, e.g., programs for basic information about a private threshold key, proactive refresh of a shared tDSS key, and verification of a detached signature are now included. The default TCP/IP port range starts now from 55000. 1.3.2 Major improvements for distributed key generation (DKG) and threshold cryptography have been added. For example, the robust DSA compatible threshold signature scheme of Canetti et al. is now included. LibTMCG contains an implementation of these protocols that provides threshold decryption and signatures for OpenPGP (RFC 4880). However, such schemes are of independent interest and can be used for distributed electronic card games (e.g. drop-out tolerance) as well. Finally some bugfixes improve the robustness of the reliable broadcast protocol (RBC). 1.3.1 Small enhancements have been added. In particular, the class VSSHE now provides a simple variant of the SetupGenerators_publiccoin(). 1.3.0 This is mainly a bugfix release that removes some issues found by coverity scan. However, there are also some new undocumented protocols and experimental support for distributed key generation has been added. The most important change is a verifiable setup of VTMF group generator. For some advanced protocols (e.g. Groth's shuffle) with more than two parties the distributed coin flipping protocol (EDCF) should be used. 1.2.0 The default security parameters have been updated to current state of the art. The complexity of hash function g() was improved. Unfortunately, this breaks compatibility with instances that have been compiled with older versions of LibTMCG. The configure switch --with-gmp has been added in order to find the required libgmp on a non-standard path (e.g. on MacOS). Non-interactive versions of the verifiable shuffle resp. rotation protocol provide more efficient instantiations with soundness based on the well-known Fiat-Shamir heuristic. The interactive versions of the protocols have been strengthened against malicious verifiers by coin flipping between prover and verifier. Finally a protocol for reliable broadcast is now included. Last but not least, the documentation has been improved. 1.1.3 The VRHE scheme provides an efficient HVZK argument for cyclic shuffle. 1.1.2 Small bugfixes have been applied in order to compile with gcc 4.3.x. 1.1.1 A major security bug (missing range check) was fixed, which allows an adversary to choose trivial group generators. This flaw has a crucial impact on the confidentiality of private cards. Thus, we strongly recommend all users to update LibTMCG as soon as possible. 1.1.0 Some interfaces were changed to allow the creation of keys without included non-interactive zero-knowledge proof of validity. In particular, this is more convenient whenever the new VTMF encoding scheme is used. Further some optimizations have been applied. 1.0.1 A weakness in TMCG_CreateStackSecret() was corrected which may lead to a biased shuffle in some circumstances. Note that SecureSkat is not affected by this issue. Furthermore, the documentation has been improved and the function version_libTMCG() was added. 1.0.0 Groth's HVZK shuffle argument provides a major improvement in terms of reduced communication and computational complexity.