We have just released FROST v3.0.0. You can find frost-core and the ciphersuite crates available on crates.io. This stable release follows v3.0.0-rc.0, which introduced the bulk of the changes in this major version. If you are upgrading from v2.x, please read the RC release post for the full picture—the changes described here are what’s new since the release candidate. Full release notes are on GitHub, and the updated documentation book is at frost.zfnd.org.
What Changed Since v3.0.0-rc.0
The changes between the release candidate and the final release are modest but meaningful. On the security front, SigningKey is no longer Copy and now implements ZeroizeOnDrop, meaning signing keys are automatically wiped from memory when they go out of scope. dkg::round2::Package has received the same treatment. These changes reduce the window during which sensitive key material exists in memory and bring FROST in line with security best practices for cryptographic implementations.
There is also a bug fix: verify_signature_share() now correctly calls the Ciphersuite::pre_commitment_aggregate() hook, which was added in the RC to support custom pre-aggregation logic but was inadvertently omitted from the per-share verification path.
Finally, PublicKeyPackage::new() now takes min_signers as an Option. Passing None is useful when the threshold is not known at construction time—for example, when deserializing packages from older versions.
Contributors
Thank you to everyone who contributed to this release: @conradoplg, @natalieesk and @BeeFlea.