Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dfns.co/llms.txt

Use this file to discover all available pages before exploring further.

Current release: v2.17.0.
v2.17.0
SecurityOperational
January 20th, 2026Security:
  • Updated to the released cggmp24 crate including an upstream security fix.
Operational:
  • IBM Z (s390x) architecture support added for signer builds.
  • Key import/export WASM module updated to the latest revision (remains compatible with the prior format).
  • Removed deprecated MAC options and stray gmp dependency; cggmp backend is now selectable via a build feature.
v2.16.3
New FeatureProtocolSecurity
October 28th, 2025Protocol:
  • Migrated to cggmp24. The signing protocol previously referenced as cggmp21 has been renamed and upgraded to its latest revision. Reference implementations of components used in this upgrade are published through the Hyperledger Lockness project.
  • ECDSA pre-signatures can no longer be used with HD derivation or raw signing.
  • Stark signing is now rejected at signer initialization.
Key import/export:
  • KeyImportResponse now includes the chain code for HD-derived keys.
  • Key import/export remains compatible with the prior WASM module format.
Operational:
  • HD wallet support added to KU23 full signing.
  • Replay protection re-enabled on signing requests.
  • Incoming client certificates are verified to match the server’s organization. Subject CN check is optional and configurable.
  • New CLI option to disable client cert verification.
  • Build base updated to Rust 1.89.
v2.14.3
Bug Fix
August 13th, 2025Protocol:
  • Patched cggmp21 dependency.
v2.14.2
OperationalSecurity
July 25th, 2025Healthcheck:
  • Healthcheck server migrated to HTTP, with shared cert validity and HTTP response helpers.
  • CA cert validity is now also checked.
Operational:
  • Migration scripts added with automatic migration number deduction.
  • Build base updated to Rust 1.88 / Rust 2024 edition.
  • S3 bucket uploads now always compute the checksum.
v2.14.0
New FeatureOperational
May 21st, 2025Storage:
  • Postgres support added with a Postgres fallback.
  • Redis dependency removed.
Signing:
  • HD derivation enabled for EdDSA keys.
  • Key import/export: FrostBitcoin support added.
Operational:
  • New key rotation subcommand.
  • tDH (threshold Diffie–Hellman) implementation added, with a new key share type.
v2.13.2
New FeatureOperational
January 24th, 2025Backup & restore:
  • L4 backup support introduced. L4 backup can be enabled independently of L3.
  • New backup restore CLI tool with batched, multi-phased operations.
  • Backup keys can now be read from OpenSSL PEM-DER files.
  • Backup restore output can be emitted in hex format.
Telemetry:
  • W3 Tracing Context propagation across services.
  • Span instrumentation added to SQL queries, delivery handshake, and secrets manager operations.
  • Resource attributes can be overridden via OTel exporter config.
v2.12.1
New FeatureOperational
September 30th, 2024Signing:
  • Bitcoin Schnorr: HD derivation and taproot support added.
  • KU23 pre-signatures batching introduced for higher throughput.
  • Stark pre-signatures added.
  • KU23 pre-signatures are now insensitive to participant identity ordering.
Cluster operations:
  • Added the ability to copy key shares to a smaller cluster.
  • Cluster info is now required for commands that previously assumed cluster awareness.
  • Removed the standalone generate command — keys are now generated on startup (configurable via feature flags).
  • Added a get-public-identity subcommand.
Reliability:
  • Graceful shutdown on SIGINT/SIGTERM.
  • TLS key handling and dev-cert flows reworked.
Telemetry:
  • New TRACECONTEXT_PROPAGATORS_HEADER setting.
v2.11.2
Initial Release
July 17th, 2024First release of the MPC Clusters signer tracked in this changelog.
Last modified on May 18, 2026