Copyright (C)  2006, 2007, 2009,
               2015, 2016, 2017, 2018, 2019 Heiko Stamer <HeikoStamer@gmx.net>

Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU Free Documentation License, Version 1.3 or any later
version published by the Free Software Foundation; with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is
included in the sources of this package and additionally can be obtained from
Internet <https://www.gnu.org/licenses>.

1.3.18 This release is two-fold: first, it fixes some bugs (e.g. iterated S2K)
       of the OpenPGP interface, and second, it adds functionality for handling
       v5 keys and signatures (see RFC 4880bis-07).
1.3.17 This is a maintenance release that fixes a major bug in the VSSHE module
       (Groth's shuffle protocol). The verification of the special component E_d
       with respect to membership in the underlying commitment group has been
       done wrongly by a fast exponentiation function with fixed bases. Hence
       the check of membership for this component is always bypassed and thus
       a malicious prover may disturb the shuffle process by supplying a bad
       value. However, it is extremely difficult to bypass the other checks, if
       E_d is tampered (e.g. set to zero).
       Please note that the vulnerability has only an impact on the optimized
       shuffle interfaces (e.g. TMCG_VerifyStackEquality_Groth) of LibTMCG.
       Moreover, some other minor improvements are included in this release.
1.3.16 In this release AEAD support has been added to the OpenPGP interface.
       Please note that this feature is specified by working draft only and was
       not part of the aged RFC 4880. Moreover, some bugs have been fixed and
       some library constants (e.g. TMCG_MAX_CARDS) have been adjusted.
1.3.15 This is a maintenance release that fixes some bugs, e.g. in the Botan
       support of functions from module mpz_srandom. Moreover, some interfaces
       of the OpenPGP implemenation have been added and removed. For some
       modules of LibTMCG a basic exception handling has been introduced.
1.3.14 With this release three additional parameters for the control of secure
       memory allocation have been added to init_libTMCG(). They are explained
       in the reference manual. Moreover, the OpenPGP interface has been
       enhanced in several way, e.g., ECDH, ECDSA and EdDSA are supported now.
1.3.13 This release contains again a lot of major improvements for the still
       undocumented OpenPGP interface, e.g. C++ classes for basic structures
       like public keys or signatures. The PRNG from Botan is used for as an 
       additional source of randomness, if LibTMCG is configured and built with
       the new option --with-botan. This reduces the impact of possible hidden
       bugs in libgcrypt. Moreover, the hash function family SHA3 is emulated,
       if the runtime version of libgcrypt is too old to support it natively.
1.3.12 Major improvements for OpenPGP interfaces have been achieved. Notable are
       the new classes for processing public key structures. Moreover, a second
       indepent hash algorithm (SHA3) has been included for computing the oracle
       hash function g(). This adds the requirement of libgcrypt >= 1.7.0 for
       dependencies and breaks compatibility of NIZK or generator verifiablility
       with instances that have been compiled with older versions of LibTMCG.
       Finally, small bugs (e.g. leading zeros for PKCS#1) are fixed now. 
1.3.11 Some small enhancements for the OpenPGP interfaces and the library
       initialization have been implemented. Unfortunately, the changes
       may require also an update of the application code to be effective.
1.3.10 With this release the RSA signature generation/verification for OpenPGP
       is introduced. Moreover, a function for preparing certification
       signatures has been added.
1.3.9 This releases fixes two minor bugs in the OpenPGP implementation.
1.3.8 The S2K count for OpenPGP private key encryption has been increased to a
      reasonable value. Moreover, some additional code fragments (e.g. parsing
      of OpenPGP packets) have been improved.
1.3.7 This is again a maintenance release fixing some minor bugs and leaks.
1.3.6 Again, this is a maintenance release that fixes some bugs and introduces
      limited support for OpenPGP V3 signatures (RFC 4880).
1.3.5 This is a maintenance release fixing some memory leaks found by Valgrind
      and some other minor bugs.
1.3.4 The DKG tools have been removed from this release. These programs are
      continued in a separate package called Distributed Privacy Guard (DKGPG).
1.3.3 Small enhancements for DKG tools have been added, e.g., programs for
      basic information about a private threshold key, proactive refresh of
      a shared tDSS key, and verification of a detached signature are now
      included. The default TCP/IP port range starts now from 55000.
1.3.2 Major improvements for distributed key generation (DKG) and threshold
      cryptography have been added. For example, the robust DSA compatible
      threshold signature scheme of Canetti et al. is now included. LibTMCG
      contains an implementation of these protocols that provides threshold
      decryption and signatures for OpenPGP (RFC 4880). However, such schemes
      are of independent interest and can be used for distributed electronic
      card games (e.g. drop-out tolerance) as well. Finally some bugfixes
      improve the robustness of the reliable broadcast protocol (RBC).
1.3.1 Small enhancements have been added. In particular, the class VSSHE now
      provides a simple variant of the SetupGenerators_publiccoin(). 
1.3.0 This is mainly a bugfix release that removes some issues found by
      coverity scan. However, there are also some new undocumented protocols
      and experimental support for distributed key generation has been added.
      The most important change is a verifiable setup of VTMF group generator.
      For some advanced protocols (e.g. Groth's shuffle) with more than two
      parties the distributed coin flipping protocol (EDCF) should be used.
1.2.0 The default security parameters have been updated to current state of
      the art. The complexity of hash function g() was improved. Unfortunately,
      this breaks compatibility with instances that have been compiled with
      older versions of LibTMCG. 
      The configure switch --with-gmp has been added in order to find the
      required libgmp on a non-standard path (e.g. on MacOS). Non-interactive
      versions of the verifiable shuffle resp. rotation protocol provide more
      efficient instantiations with soundness based on the well-known 
      Fiat-Shamir heuristic. The interactive versions of the protocols have
      been strengthened against malicious verifiers by coin flipping between
      prover and verifier. Finally a protocol for reliable broadcast is now
      included. Last but not least, the documentation has been improved.
1.1.3 The VRHE scheme provides an efficient HVZK argument for cyclic shuffle.
1.1.2 Small bugfixes have been applied in order to compile with gcc 4.3.x.
1.1.1 A major security bug (missing range check) was fixed, which allows an
      adversary to choose trivial group generators. This flaw has a crucial
      impact on the confidentiality of private cards. Thus, we strongly
      recommend all users to update LibTMCG as soon as possible.
1.1.0 Some interfaces were changed to allow the creation of keys without
      included non-interactive zero-knowledge proof of validity. In
      particular, this is more convenient whenever the new VTMF encoding
      scheme is used. Further some optimizations have been applied.
1.0.1 A weakness in TMCG_CreateStackSecret() was corrected which may lead
      to a biased shuffle in some circumstances. Note that SecureSkat is
      not affected by this issue. Furthermore, the documentation has been
      improved and the function version_libTMCG() was added.
1.0.0 Groth's HVZK shuffle argument provides a major improvement in terms
      of reduced communication and computational complexity.
