[RESULT][VOTE] Release Apache Milagro (incubating) Crypto Libraries v1.0.0
Hi, Re tags: https://github.com/apache/incubator-milagro-crypto-c/releases/tag/1.0.0 https://github.com/apache/incubator-milagro-crypto-js/releases/tag/1.0.0 The vote to release the above is now closed and has passed with 3 x +1 binding votes: Julian Feinauer Justin Mclean Furkan Kamaci And 1 non-binding +1 vote: Brian Spector Vote thread: https://lists.apache.org/thread.html/8a3c98ff63f0cefe72873e1c1b65ec727c2a3c3f0a2517c055f029e7@%3Cgeneral.incubator.apache.org%3E The following remedial actions have been taken: Both of the above tags now have release notes. The DISCLAIMER files in both repos have been reformatted The license files in both libraries now have the correct copyright notices We will now publish the archives to: https://dist.apache.org/repos/dist/release/incubator/milagro/ And in the process ensure that the KEYS file is in the root of this directory (rather than in each release's subdirectory). Once the repos have been pushed to http://www.apache.org/dist/incubator/milagro/ and the mirrors updated, I will update the project's website (https://milagro.apache.org/users.html) to include download links to the mirrors and then send out the appropriate announcements. On behalf of the Milagro community, I would like to extend our thanks to the IPMC for their votes and guidance, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 1 Primrose Street London, UK EC2A 2EX https://qredo.com Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[VOTE] Release Apache Milagro (incubating) Crypto Libraries v1.0.0
Hi, This is a call to vote to release the Apache Milagro (incubating) Crypto Libraries v1.0.0. The Apache Milagro (incubating) community has voted to approve this release with 5 x +1 votes. The vote thread can be found here: https://lists.apache.org/thread.html/7d788b5f3b293bb5545612d9f8af59a005f6407d57d826a1d2a2a563@%3Cdev.milagro.apache.org%3E (Note that my original [VOTE] email doesn't render for some reason, but its contents can be seen further down in the thread) And a summary of the result: https://lists.apache.org/thread.html/6b320894a91d5ac298f71b1fab168127de6e75ba4763ab0b1b896a0f@%3Cdev.milagro.apache.org%3E This release includes both C and JavaScript libraries tagged as v1.0.0 in the following repositories: Crypto C Library: https://github.com/apache/incubator-milagro-crypto-c/tags milagro-crypto-c is a modern cryptographic C library that focuses on Elliptic Curve Cryptography but has support for legacy systems that require RSA. There is support for three different security levels; 128, 192 and 256 bit. It has been written only in C and has no external dependencies other than an entropy source. Measures have been taken in the code base to prevent side channel attacks. Pairing based cryptography (PBC) is a maturing field that has recently gained widespread acceptance. The library supports schemes that make use of PBC such as BLS for short signatures and MPIN for multi-factor authentication (MFA). Crypto JavaScript Library: https://github.com/apache/incubator-milagro-crypto-js/tags milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has all the same functionality, API and even the intermediate calculated values in the functions are the same. This library allows you to run MFA using MPIN in the browser which, to the best of our knowledge, is the only such implementation of MFA in this context. Both libraries have been under active development for many years and the APIs haven't changed in several months. There are extensive tests using third party test vectors and the tooling required to deploy this software into a modern software project. We believe that the code base has reached the point that we can perform general availability (GA) releases. The compressed archives from these release along with a SHA512 checksum, PGP signature and PGP key file are being staged here: https://dist.apache.org/repos/dist/dev/incubator/milagro Specifically, for the C library: Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz.sha512 PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz.asc Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/team.keys And for the JavaScript library: Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz.sha512 PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz.asc Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/team.keys Please note that the project's website (https://milagro.apache.org) has been updated to include the standard Apache incubator disclaimer and documentation for the above two libraries. Please note that download links for the above two release have not been included, but will be as soon as the release's approval has been completed and the archives are available for public download. We now kindly request that the Incubator PMC members review and vote on this incubator release as follows: [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove with the reason Checklist for reference: [ ] Download links are valid [ ] Checksums and PGP signatures are valid [ ] DISCLAIMER, LICENCE & NOTICE files are included [ ] Source code archives have correct names matching the current release. [ ] All source code files have licence headers [ ] No compiled binaries are included [ ] Libraries build correctly and all tests pass (as per the instructions in their respective readme files) on either Windows, Mac or Linux. The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release. Many thanks, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 1 Prim
FW: [ANNOUNCE] Apache Milagro (incubating) Crypto C & JS Libraries 1.0.0 release
Hi, This email to annou...@apache.org just got approved, so I thought I'd forward it here in case anyone's not subscribed to that list. Many thanks to everyone again. Regards, John -Original Message- From: John McCane-Whitney Sent: 09 September 2019 19:02 To: annou...@apache.org Subject: [ANNOUNCE] Apache Milagro (incubating) Crypto C & JS Libraries 1.0.0 release Hi, On behalf of the Apache Milagro (incubating) community, I'd like to announce our first ASF releases: Apache Milagro Crypto C 1.0.0-incubating milagro-crypto-c is a modern cryptographic C library that focuses on Elliptic Curve Cryptography but has support for legacy systems that require RSA. There is support for three different security levels; 128, 192 and 256 bit. It has been written only in C and has no external dependencies other than an entropy source. Measures have been taken in the code base to prevent side channel attacks. Pairing based cryptography (PBC) is a maturing field that has recently gained widespread acceptance. The library supports schemes that make use of PBC such as BLS for short signatures and MPIN for multi-factor authentication (MFA). Release notes: https://github.com/apache/incubator-milagro-crypto-c/releases/tag/1.0.0 Documentation: http://milagro.apache.org/cdocs/index.html Apache Milagro Crypto JS 1.0.0-incubating milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has all the same functionality, API and even the intermediate calculated values in the functions are the same. This library allows you to run software only MFA (multi-factor authentication) using M-PIN in the browser which, to the best of our knowledge, is the only such implementation of software only MFA (multi-factor authentication) in this context. Release notes: https://github.com/apache/incubator-milagro-crypto-js/releases/tag/1.0.0 Documentation: http://milagro.apache.org/docs/amcl-javascript-api/ Source distributions for both can be found here: http://milagro.apache.org/docs/downloads/ Please refer to each repo's README for build and test instructions. Vote result thread: https://lists.apache.org/thread.html/8631d1d67fc2c846f68ef7cdb2e2914e870cdfaaa943e78c0349f458@%3Cgeneral.incubator.apache.org%3E Many thanks to all our contributors and mentors and to the IPMC for their input and guidance. John McCane-Whitney Director of Product Qredo Ltd. Apache Milagro (incubating) is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. smime.p7s Description: S/MIME cryptographic signature
[VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
are required to approve this release. Many thanks, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 Kemp House 152 - 160 City Road London EC1V 2NX https://qredo.com Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: [VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security
InRelease' is not signed.
E: Failed to fetch
http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403
Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports
InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y
--no-install-recommends ca-certificates cmake g++ gcc git
make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal
at Context. (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" :
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are
to build from the source releases and NOT the GitHub tags as these are not
immutable. Also the Docker files and build shell scripts refer to GitHub and
not the source release. I understand that these distinctions may be difficult
considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a
release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney
wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating)
Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this
release with 6 +1 votes. The vote result thread can be found here:
>
>
https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release
tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description
and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA)
is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for
initializing zero-knowledge proof multi-factor authentication (ZKP-MFA)
networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in
conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except
for its Master Secret and acts as a distributed private key generation server.
In the use case where it is safeguarding shares of secrets, it is up to the
application developer to implement back-end application logic to hold those
shares securely. Examples include using Hardware Security Modules (HSMs) via an
on-board PKCS#11 implementation to create a realm of key encryption keys, or
multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an
secp256k1 public key from a Fiduciary D-TA and then to subs
[jira] [Updated] (INCUBATOR-244) "Redirect cycle detected for URL https://www.apache.org/dist/incubator/milagro/
[ https://issues.apache.org/jira/browse/INCUBATOR-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] John McCane-Whitney updated INCUBATOR-244: -- Priority: Blocker (was: Major) > "Redirect cycle detected for URL > https://www.apache.org/dist/incubator/milagro/ > --- > > Key: INCUBATOR-244 > URL: https://issues.apache.org/jira/browse/INCUBATOR-244 > Project: Incubator > Issue Type: Bug > Components: subversion > Reporter: John McCane-Whitney >Priority: Blocker > > Hi, > I'm seeing the above error when trying to upload files for a new release. > I've tried a couple of SVN clients in Windows (TortoiseSVN & SmartSVN) and > they both give the same error. > I previously used TortoiseSVN to upload all the files that are currently in > that repo at the end of August with no issues. > I've also have no problems accessing > https://dist.apache.org/repos/dist/dev/incubator/milagro/ - I authenticate > first with my Apache account, then can upload files. With apache.org/dist, > it shows the error before getting to the point where it asks for my > credentials. > I had a quick Google which seemed to suggest this is a website config issue > and not a client-side problem. Can you help? -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[jira] [Created] (INCUBATOR-244) "Redirect cycle detected for URL https://www.apache.org/dist/incubator/milagro/
John McCane-Whitney created INCUBATOR-244: - Summary: "Redirect cycle detected for URL https://www.apache.org/dist/incubator/milagro/ Key: INCUBATOR-244 URL: https://issues.apache.org/jira/browse/INCUBATOR-244 Project: Incubator Issue Type: Bug Components: subversion Reporter: John McCane-Whitney Hi, I'm seeing the above error when trying to upload files for a new release. I've tried a couple of SVN clients in Windows (TortoiseSVN & SmartSVN) and they both give the same error. I previously used TortoiseSVN to upload all the files that are currently in that repo at the end of August with no issues. I've also have no problems accessing https://dist.apache.org/repos/dist/dev/incubator/milagro/ - I authenticate first with my Apache account, then can upload files. With apache.org/dist, it shows the error before getting to the point where it asks for my credentials. I had a quick Google which seemed to suggest this is a website config issue and not a client-side problem. Can you help? -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[jira] [Closed] (INCUBATOR-244) "Redirect cycle detected for URL https://www.apache.org/dist/incubator/milagro/
[ https://issues.apache.org/jira/browse/INCUBATOR-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] John McCane-Whitney closed INCUBATOR-244. - Resolution: Not A Problem > "Redirect cycle detected for URL > https://www.apache.org/dist/incubator/milagro/ > --- > > Key: INCUBATOR-244 > URL: https://issues.apache.org/jira/browse/INCUBATOR-244 > Project: Incubator > Issue Type: Bug > Components: subversion > Reporter: John McCane-Whitney >Priority: Blocker > > Hi, > I'm seeing the above error when trying to upload files for a new release. > I've tried a couple of SVN clients in Windows (TortoiseSVN & SmartSVN) and > they both give the same error. > I previously used TortoiseSVN to upload all the files that are currently in > that repo at the end of August with no issues. > I've also have no problems accessing > https://dist.apache.org/repos/dist/dev/incubator/milagro/ - I authenticate > first with my Apache account, then can upload files. With apache.org/dist, > it shows the error before getting to the point where it asks for my > credentials. > I had a quick Google which seemed to suggest this is a website config issue > and not a client-side problem. Can you help? -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[jira] [Commented] (INCUBATOR-244) "Redirect cycle detected for URL https://www.apache.org/dist/incubator/milagro/
[ https://issues.apache.org/jira/browse/INCUBATOR-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16943517#comment-16943517 ] John McCane-Whitney commented on INCUBATOR-244: --- My mistake - I should have been uploading to https://dist.apache.org/repos/dist/release/incubator/milagro/ > "Redirect cycle detected for URL > https://www.apache.org/dist/incubator/milagro/ > --- > > Key: INCUBATOR-244 > URL: https://issues.apache.org/jira/browse/INCUBATOR-244 > Project: Incubator > Issue Type: Bug > Components: subversion > Reporter: John McCane-Whitney >Priority: Blocker > > Hi, > I'm seeing the above error when trying to upload files for a new release. > I've tried a couple of SVN clients in Windows (TortoiseSVN & SmartSVN) and > they both give the same error. > I previously used TortoiseSVN to upload all the files that are currently in > that repo at the end of August with no issues. > I've also have no problems accessing > https://dist.apache.org/repos/dist/dev/incubator/milagro/ - I authenticate > first with my Apache account, then can upload files. With apache.org/dist, > it shows the error before getting to the point where it asks for my > credentials. > I had a quick Google which seemed to suggest this is a website config issue > and not a client-side problem. Can you help? -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[RESULT] [VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
Hi everyone, Re tag: https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0 The vote to release the above is now closed and has passed with 3 x +1 binding votes: Julian Feinauer Dave Fisher Jean-Frederic Clere And 2 non-binding +1 votes: Brian Spector Howard Kitto Vote thread: https://lists.apache.org/thread.html/3534ffe75887ed70a025b8cf7dc166e3644917ea9e4ab4d4f407f7f4@%3Cgeneral.incubator.apache.org%3E The archives have now been uploaded to: https://dist.apache.org/repos/dist/release/incubator/milagro/ and have been automatically pushed to: http://www.apache.org/dist/incubator/milagro/ Once all the mirrors have been updated, we will update the project's download page (https://milagro.apache.org/docs/downloads/) to include download links to the mirrors and then send out the appropriate announcements. For the next release, we will address the following issues raised during the vote: - Add missing licence headers to all source code files - Ensure that all build scripts, docker files and documentation refer to building from official signed source archives On behalf of the Milagro community, I would like to extend our thanks to the IPMC for their votes and guidance, Regards, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 Kemp House 152 - 160 City Road London EC1V 2NX https://qredo.com Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[RESULT][VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi, Re: Apache Milagro (incubating) Crypto-C V2.0.1 Release Tag: https://github.com/apache/incubator-milagro-crypto-c/releases/tag/2.0.1 The vote to release the above is now closed and has passed with 3 x +1 binding votes: -Justin McClean -Nick Kew -Jean-Frederic Clere Vote thread: https://lists.apache.org/thread.html/r92b1add055e42743bb1d4f1f6219bbe1e86180cb12f0deef67b7f273%40%3Cgeneral.incubator.apache.org%3E Although the vote passed, the following items will be addressed in the next release: - Get the release signing public key into the "strong set" - Remove author tags - Update copyright year in the LICENSE & NOTICES files - Add missing ASF headers to 4 x source files We will now publish the archives to: https://dist.apache.org/repos/dist/release/incubator/milagro/ Once the repos have been pushed to http://www.apache.org/dist/incubator/milagro/ and the mirrors updated, we will update the project's website (https://milagro.apache.org) to include download links to the mirrors and updated product documentation. We'll then send out the appropriate announcements. Many thanks from the Milagro community to our mentors and to the IPMC for their votes and guidance, Regards, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 Kemp House 152 - 160 City Road London EC1V 2NX https://qredo.com Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[ANNOUNCE] Apache Milagro (incubating) Crypto-C V2.0.1 released
Hi, On behalf of the Apache Milagro (incubating) community, I'd like to announce the release of Apache Milagro (incubating) Crypto-C V2.0.1 OVERVIEW: Apache Milagro Crypto C is a standards compliant C cryptographic library with no external dependencies and v2.0.1-incubating is the second Apache Software foundation release of this library. There are two main additions to the library and they both impact the API hence the jump from v1.0.0 to v2.0.1: Shamir's Secret Sharing (SSS) has been added to the library. There is also functionality combining the existing BLS solution with SSS to enable signature aggregation without revealing the secret key share. This change is required by the Milagro DTA (https://github.com/apache/incubator-milagro-dta) and will allow subsequent releases of the DTA to be built from an official Apache release of the crypto-c library. The Paillier additively homomorphic cryptosystem has also been added to the library which will be required by subsequent releases of the DTA to enable Multi-Party Computation of cryptocurrency wallet addresses and subsequently to create transaction signatures for these wallets. The library now also supports Python 3 and formulas in the documentation are now rendered using MathJax. RELEASE: The official release can be downloaded from the Apache Milagro website: http://milagro.apache.org/docs/downloads/ Release notes including a full description of the library and rationale for this release can be found here: https://github.com/apache/incubator-milagro-crypto-c/releases/tag/2.0.1 Instructions on how to build (including documentation) and test the project can be found in the project's README: https://github.com/apache/incubator-milagro-crypto-c Full documentation for the library is also hosted here: http://milagro.apache.org/docs/amcl-c-api-2.0.0/ On behalf of the Milagro community, I would like to thank all our contributors, mentors and the IPMC., John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 Kemp House 152 – 160 City Road London EC1V 2NX https://qredo.com Apache Milagro (incubating) is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.
[VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi, This is a call to vote on the release of the Apache Milagro (incubating) Crypto C Library v2.0.1 The Apache Milagro (incubating) community has voted to approve this release with 5 x +1 votes. The vote result thread can be found here: https://lists.apache.org/thread.html/r37dd9eca0a5b8dc4035713826a84b2ba807cfd67c2d07fafe8a64f34%40%3Cdev.milagro.apache.org%3E Apache Milagro (incubating) Crypto-C V2.0.1 Release Tag: https://github.com/apache/incubator-milagro-crypto-c/releases/tag/2.0.1 OVERVIEW: Apache Milagro Crypto C 2.0.1-incubating is the second Apache Software foundation release of this library. There are two main additions to the library and they both impact the API hence the jump from v1.0.0 to v2.0.1: Shamir's Secret Sharing (SSS) has been added to the library. There is also functionality combining the existing BLS solution with SSS to enable signature aggregation without revealing the secret key share. This change is required by the Milagro DTA (https://github.com/apache/incubator-milagro-dta) and will allow subsequent releases of the DTA to be built from an official Apache release of the crypto-c library. The Paillier additively homomorphic cryptosystem has also been added to the library which will be required by subsequent releases of the DTA to enable Multi-Party Computation of cryptocurrency wallet addresses and subsequently to create transaction signatures for these wallets. The library now also supports Python 3 and formulas in the documentation are now rendered using MathJax. Please see the README (https://github.com/apache/incubator-milagro-crypto-c) for build/test instructions, a list of contributors and guidelines on how to contribute yourself. The README also includes instructions on how to build the documentation, and the online version of the documentation (http://milagro.apache.org/docs/amcl-c-api/) will be updated once the release is complete (as will the download page on the same site). RELEASE: The repo has the required DISCLAIMER, NOTICE and LICENSE file in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the README on Ubuntu, Fedora, MacOS and Windows The compressed archives from this release along with a SHA512 checksum, PGP signature and PGP key file are being staged here: Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.sha512 PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.asc Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS We now kindly request that the Incubator PMC members review and vote on this incubator release as follows: [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (please provide reason) Checklist for reference: [ ] Download links are valid [ ] Checksums and PGP signatures are valid [ ] DISCLAIMER, LICENCE & NOTICE files are included [ ] Source code archives have correct names matching the current release. [ ] All source code files have licence headers [ ] No compiled binaries are included [ ] Libraries build correctly and all tests pass (as per the instructions in the readme file) The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release. Many thanks, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 Kemp House 152 - 160 City Road London EC1V 2NX https://qredo.com Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi Justin, Many thanks for testing our release out and for your feedback. Comments inline below. Would the fixes proposed below for a subsequent release be sufficient for you to change your vote or should we implement them now and revote? Regards. John > -Original Message- > From: Justin Mclean > Sent: 15 January 2020 02:04 > To: general@incubator.apache.org > Subject: Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1 > > Hi, > > Currently I’m -1 on this release due to the author tags, which may imply it > contains 3rd party code, whose licenses not listed in LICENSE. There's > probably an explanation for why they are there and if given I’ll change my > vote. Most of the author tags are leftover from the initial software grant from CertiVox and have no IP consequences. However, we'll remove ALL author tags in the next release. > > I checked: > - incubating in name > - signatures and disclaimer exist > - LICENSE is incorrect as it contains "Copyright 2019 The Apache Software > Foundation” in the appendix. We'll fix in the next release. > - NOTICE has incorrect year Also to be fixed in the next release. > - A couple of files are missing ASF headers [1][2][3][4] (assuming they are > files > created at the ASF) Also to be fixed in the next release. > - can compile from source > > The code contains a large number of author tags, author tags are usually > frowned on at the ASF. Some are from current committers and others are > not. What this in the original code when donated or have they been added > later? Is any of this code 3rd party code with an incorrect ASF header? > > I also had one test fail test_python_mpin_install_BLS381 Please can you provide details of your environment - particularly the OS/version and also what version of Python you're running? We thought this might be due to Python 2.7 (the README incorrectly states that 2.7 is supported - also to be resolved in the next release), however I can't replicate the issue using Python 2.7 on Ubuntu 18, so it may be some other issue. > > Thanks, > Justin > > 1. incubator-milagro-crypto-c- > 2.0.1/cmake/determine_word_size/check_16.c > 2. incubator-milagro-crypto-c- > 2.0.1/cmake/determine_word_size/check_32.c > 3. incubator-milagro-crypto-c- > 2.0.1/cmake/determine_word_size/check_64.c\ > 4. incubator-milagro-crypto-c-2.0.1/scripts/buildMulti.sh > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi Justin/Nick, Thanks for clarification around the chain of trust - of course we're happy to follow further guidance if required. Also, just to clarify re: the signature file - it's currently being staged in the relevant subdirectory here: https://dist.apache.org/repos/dist/dev When/if this vote passes, we'll move it to: https://dist.apache.org/repos/dist/release >From where it automatically gets copied to: https://www.apache.org/dist/ We'll then update our downloads page (http://milagro.apache.org/docs/downloads/) to include links for the new release including the signature. We believe this is the Apache Way, but also happy to amend if required. Regards, John > -Original Message- > From: Justin Mclean > Sent: 16 January 2020 20:28 > To: general@incubator.apache.org > Subject: Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1 > > Hi, > > > Couple of apparent problems with the PGP signature: > > > > (1) Shouldn't it be visible from the download page? > > It is [1] (apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.asc) > > > (2) I wasn't able to establish a chain of trust. > > That a nice to have not a requirement for a release. And different reviewers > may or may not be in the chain of trust. > > Thanks, > Justin > > 1. https://dist.apache.org/repos/dist/dev/incubator/milagro/apache- > milagro-crypto-c-2.0.1-incubating/ > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: May 2022 Podling Reporting Timeline
Hi, Milagro too - we will also add ours to the May report. Regards, John McCane-Whitney > -Original Message- > From: Eason Chen > Sent: 22 April 2022 04:04 > To: general > Cc: d...@eventmesh.apache.org > Subject: Re: May 2022 Podling Reporting Timeline > > EventMesh also missed for not receiving reminder email, we will add it later. > > On Fri, Apr 22, 2022 at 8:38 AM tan zhongyi > wrote: > > > > brpc also missed the pod report of April. > > > > Maybe we are too used to wait for reminder email from Justin. > > > > Anyway, I will provide pod report in May if needed. > > > > Thanks. > > > > > > > > 发件人: Mingshen Sun > > 日期: 星期五, 2022年4月22日 上午2:00 > > 收件人: general@incubator.apache.org , > > d...@teaclave.apache.org > > 主题: Re: May 2022 Podling Reporting Timeline Hi all, > > > > I'm from the Teaclave project. I just noticed that we missed April's > > report because of the reminder issue. > > > > Should we add it in May's report also? I see some discussions here but > > no conclusion yet. > > > > For Teaclave, we have no problem with adding an additional report in May. > > > > Mingshen > > > > > > On Thu, Apr 21, 2022 at 5:29 AM John D. Ament > wrote: > > > > > > Hi Christofer > > > > > > On Thu, Apr 21, 2022 at 4:47 AM Christofer Dutz > > > > > > wrote: > > > > > > > Hi John, > > > > > > > > guess I missed the second part of your email ;-) > > > > > > > > Well, I am a bit unsure if we really should skip the ones that for > > > > example missed to submit last month because nobody reminded them, > > > > but I think in such a case it would be half a year of information > > > > missing. Even if this might not be too useful for the board, I think > > > > it's > useful to the IPMC. > > > > > > > > > > Basically, I can't (personally) fault a podling for not reporting > > > when no reminders were sent out. We failed to hold up our side of > > > the agreement in my mind. It's great that some podlings still did > > > the work to get a report put together. Perhaps we review those in > > > the past 3 months of missed reports and also report them? I'm not sure. > > > > > > > > > > > > > > So, I think podlings that missed filling in their parts in the > > > > last 3 months, should still report this time. But that's just my > > > > opinion. > > > > > > > > > > I agree with you, the problem is that every podling (other than new > > > podlings possibly) has missed a report (at least from the board's > > > point of view). While there's the main review the IPMC takes on the > podlings' > > > reports, the board also reviews them. Since the IPMC lapsed on > > > maintaining this, it may end up over burdening the board to put out > > > a report that has every single podling reporting in it. > > > > > > > > > > > > > > Chris > > > > > > > > -Original Message- > > > > From: Christofer Dutz > > > > Sent: Donnerstag, 21. April 2022 10:42 > > > > To: general@incubator.apache.org > > > > Subject: RE: May 2022 Podling Reporting Timeline > > > > > > > > I should also add that some projects have failed to submit in the > > > > last 3 months, so I would add to this list: > > > > > > > > - brpc > > > > - Annotator > > > > - Crail > > > > - EventMesh > > > > - Flagon > > > > - Hivemail > > > > - InLong > > > > - Liminal > > > > - Marvin-AI > > > > - Milagro > > > > - Nemo > > > > - Pony Mail > > > > - Spot > > > > - Teaclave > > > > - Wayang > > > > > > > > So, we're also expecting these projects to report this month. > > > > > > > > Chris > > > > > > > > -Original Message- > > > > From: John D. Ament > > > > Sent: Mittwoch, 20. April 2022 18:24 > > > > To: general > > > > Subject: May 2022 Podling Reporting Timeline > > > > > > > > Note - I'm sending this a week early per procedure as we have some > > > > catch up to do. > > > > > > > > May 2022 Incubator report timeline: > > >
[VOTE] Release Apache Milagro (incubating) MPC v0.1
Hi, This is a call to vote on the release of the Apache Milagro (incubating) MPC v0.1 The Apache Milagro (incubating) community has voted to approve this release with 5 +1 votes. The vote result thread can be found here: https://lists.apache.org/thread/y95lold2mt751w6z2g5cycr9dr1rjsjr Release tag for Incubator-milagro-MPC: https://github.com/apache/incubator-milagro-MPC/releases/tag/0.1 OVERVIEW libmpc is a modern cryptographic C library that implements Multi-Party Computation, or MPC. This library implements the primitives necessary to instantiate the multi-party ECDSA signature scheme provided in Gennaro and Goldfeder’s “Fast Multiparty Threshold ECDSA with Fast Trustless Setup” (GG18) (https://eprint.iacr.org/2019/114.pdf). GG18 consists of a multiparty threshold signature scheme which enables distributed signing among n players such that any subgroup of size t + 1 can sign, whereas any group with t or fewer players cannot. This scheme is proven secure for any t <= n and provides significant reduction of computation and communication complexity comparing to other existing schemes. NCC Group has conducted a security assessment of libmpc (https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Qredo_Apache_Milagro_MPC_Cryptographic_Review_2020-07-16_v1.3.pdf). RELEASE RATIONALE libmpc has been under development for several years now, and we consider it to be stable enough to have a first official release. With this release, we also introduce a modernised docker-first build-system that we would like to extend to other Apache Milagro releases. We have taken this step to better support the most diverse development and deployment environments currently used by the community. Please provide feedback if there is anything you would like to see happening next. As always, please see the README for build/test instructions, a list of contributors and guidelines on how to contribute yourself. The repo has the required DISCLAIMER, NOTICE and LICENSE file in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file. The compressed archives from this release along with a SHA512 checksum, PGP signature and PGP key file are being staged here: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-mpc-0.1-incubating/ Specifically: Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-mpc-0.1-incubating/apache-milagro-mpc-0.1-incubating-src.tar.gz SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-mpc-0.1-incubating/apache-milagro-mpc-0.1-incubating-src.tar.gz.sha512 PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-mpc-0.1-incubating/apache-milagro-mpc-0.1-incubating-src.tar.gz.asc Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS Documentation can be found here: https://milagro.apache.org/docs/mpc-api-0.1/ (including a link at the bottom of the page to the Doxygen output from the MPC library). Please note that the project’s website (https://milagro.apache.org/) will be updated with download links as soon as the release’s approval has been completed and the archives are available for public download. We now kindly request that the Incubator PMC members review and vote on this incubator release as follows: [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove with the reason Checklist for reference: [ ] Download links are valid [ ] Checksums and PGP signatures are valid [ ] DISCLAIMER, LICENCE & NOTICE files are included [ ] Source code archives have correct names matching the current release. [ ] All source code files have licence headers [ ] No compiled binaries are included [ ] Libraries build correctly and all tests pass (as per the instructions in the readme file) The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release. Many thanks, John John McCane-Whitney DIRECTOR OF PRODUCT +44 (0) 7966 490687 qredo.com <http://www.qredo.com/> <https://www.linkedin.com/company/qredo> <https://twitter.com/qredonetwork> <http://www.qredo.com/> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [Mentors] Incubator report timeline
Hi Justin, As Milagro's October report wasn't signed off by our mentors, I was expecting to be asked to submit again in November (as mentioned in the October report) but don't see our name below. I'm also going to chase our mentors to try to ensure that they sign off. Regards, John McCane-Whitney Director of Product Qredo Ltd. On 26/10/2022, 09:13, "Justin Mclean" wrote: EXTERNAL EMAIL: Beware of phishing emails. Hi, Here is the next reporting timeline for the next Incubator report. [1] Wed November 02 Podling reports due by end of day Sun November 06 Shepherd reviews due by end of day Sun November 06 Summary due by end of day Tue November 08 Mentor signoff due by end of day Wed November 09 Report submitted to Board Wed November 16 Board meeting Expected to report are: Baremaps Celeborn Devlake Heron Kvrocks Linkis Livy Marvin-ai NLPcraft Pagespeed Ponymail Sdap Sedona Spot Streampark Teaclave Toree Training Tuweni Kind Regards, Justin 1. https://cwiki.apache.org/confluence/display/INCUBATOR/November2022 - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[VOTE][RESULT] Release Apache Milagro (incubating) MPC v0.1
Hi, Re: release tag for Incubator-milagro-MPC: https://github.com/apache/incubator-milagro-MPC/releases/tag/0.1 The vote to release the above is now closed and has passed with 3 binding votes: Justin Mclean Jean-Baptiste Onofré Jean-Frederic Clere And 4 non-binding votes: Giorgio Zoppi Kealan McCusker Stanislav Mihaylov John McCane-Whitney Vote thread: https://lists.apache.org/thread/plxrhhc0rl4tzson1j9vvky6ch1tsb1s We will presently publish the archives to: https://dist.apache.org/repos/dist/release/incubator/milagro/ Once the repos have been pushed to http://www.apache.org/dist/incubator/milagro/ and the mirrors updated, I will update the project's website (https://milagro.apache.org/users.html) to include download links to the mirrors and then send out the appropriate announcements. Many thanks to the IPMC for their votes and to the entire Milagro community for their efforts, guidance, and support. Regards, John John McCane-Whitney DIRECTOR OF PRODUCT +44 (0) 7966 490687 qredo.com <http://www.qredo.com/> <https://www.linkedin.com/company/qredo> <https://twitter.com/qredonetwork> <http://www.qredo.com/> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[ANNOUNCE] Apache Milagro MPC v0.1 (incubating) released.
Hi, On behalf of the Apache Milagro (incubating) community, I'd like to announce the release of Apache Milagro (incubating) MPC v0.1 OVERVIEW libmpc is a modern cryptographic C library that implements Multi-Party Computation, or MPC. This library implements the primitives necessary to instantiate the multi-party ECDSA signature scheme provided in Gennaro and Goldfeder’s “Fast Multiparty Threshold ECDSA with Fast Trustless Setup” (GG18) ( https://eprint.iacr.org/2019/114.pdf). GG18 consists of a multiparty threshold signature scheme which enables distributed signing among n players such that any subgroup of size t + 1 can sign, whereas any group with t or fewer players cannot. This scheme is proven secure for any t <= n and provides significant reduction of computation and communication complexity comparing to other existing schemes. NCC Group has conducted a security assessment of libmpc ( https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Qredo_Apache_Milagro_MPC_Cryptographic_Review_2020-07-16_v1.3.pdf ). RELEASE: The official release can be downloaded from the Apache Milagro website: http://milagro.apache.org/docs/downloads/ Release notes including a full description of the library and rationale for this release can be found here: https://github.com/apache/incubator-milagro-MPC/releases/tag/0.1 Instructions on how to build (including documentation) and test the project can be found in the project's README: https://github.com/apache/incubator-milagro-MPC Full documentation for the library is also hosted here: https://milagro.apache.org/docs/mpc-api-0.1/ On behalf of the Milagro community, I would like to thank all our contributors, mentors and the IPMC. Regards, John McCane-Whitney Apache Milagro (incubating) is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.
