Release 1.0.0-BETA

Author: satiracode

LICENSE.md

@@ -0,0 +1,168 @@
+Apache License
+==============
+
+_Version 2.0, January 2004_  
+_&lt;<http://www.apache.org/licenses/>&gt;_
+
+### Terms and Conditions for use, reproduction, and distribution
+
+#### 1. Definitions
+
+“License” shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+“Licensor” shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+“Legal Entity” shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, “control” means **(i)** the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or **(ii)** ownership of fifty percent (50%) or more of the
+outstanding shares, or **(iii)** beneficial ownership of such entity.
+
+“You” (or “Your”) shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+“Source” form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+“Object” form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+“Work” shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work (an example is provided in the Appendix below).
+
+“Derivative Works” shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+“Contribution” shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work
+by the copyright owner or by an individual or Legal Entity authorized to submit
+on behalf of the copyright owner. For the purposes of this definition,
+“submitted” means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems, and
+issue tracking systems that are managed by, or on behalf of, the Licensor for
+the purpose of discussing and improving the Work, but excluding communication
+that is conspicuously marked or otherwise designated in writing by the copyright
+owner as “Not a Contribution.”
+
+“Contributor” shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+#### 2. Grant of Copyright License
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+#### 3. Grant of Patent License
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable (except as stated in this section) patent license to make, have
+made, use, offer to sell, sell, import, and otherwise transfer the Work, where
+such license applies only to those patent claims licensable by such Contributor
+that are necessarily infringed by their Contribution(s) alone or by combination
+of their Contribution(s) with the Work to which such Contribution(s) was
+submitted. If You institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work or a
+Contribution incorporated within the Work constitutes direct or contributory
+patent infringement, then any patent licenses granted to You under this License
+for that Work shall terminate as of the date such litigation is filed.
+
+#### 4. Redistribution
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof
+in any medium, with or without modifications, and in Source or Object form,
+provided that You meet the following conditions:
+
+* **(a)** You must give any other recipients of the Work or Derivative Works a copy of
+  this License; and
+* **(b)** You must cause any modified files to carry prominent notices stating that You
+  changed the files; and
+* **(c)** You must retain, in the Source form of any Derivative Works that You distribute,
+  all copyright, patent, trademark, and attribution notices from the Source form
+  of the Work, excluding those notices that do not pertain to any part of the
+  Derivative Works; and
+* **(d)** If the Work includes a “NOTICE” text file as part of its distribution, then any
+  Derivative Works that You distribute must include a readable copy of the
+  attribution notices contained within such NOTICE file, excluding those notices
+  that do not pertain to any part of the Derivative Works, in at least one of the
+  following places: within a NOTICE text file distributed as part of the
+  Derivative Works; within the Source form or documentation, if provided along
+  with the Derivative Works; or, within a display generated by the Derivative
+  Works, if and wherever such third-party notices normally appear. The contents of
+  the NOTICE file are for informational purposes only and do not modify the
+  License. You may add Your own attribution notices within Derivative Works that
+  You distribute, alongside or as an addendum to the NOTICE text from the Work,
+  provided that such additional attribution notices cannot be construed as
+  modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+#### 5. Submission of Contributions
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted
+for inclusion in the Work by You to the Licensor shall be under the terms and
+conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of
+any separate license agreement you may have executed with Licensor regarding
+such Contributions.
+
+#### 6. Trademarks
+
+This License does not grant permission to use the trade names, trademarks,
+service marks, or product names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+#### 7. Disclaimer of Warranty
+
+Unless required by applicable law or agreed to in writing, Licensor provides the
+Work (and each Contributor provides its Contributions) on an “AS IS” BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
+solely responsible for determining the appropriateness of using or
+redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+#### 8. Limitation of Liability
+
+In no event and under no legal theory, whether in tort (including negligence),
+contract, or otherwise, unless required by applicable law (such as deliberate
+and grossly negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special, incidental,
+or consequential damages of any character arising as a result of this License or
+out of the use or inability to use the Work (including but not limited to
+damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has
+been advised of the possibility of such damages.
+
+#### 9. Accepting Warranty or Additional Liability
+
+While redistributing the Work or Derivative Works thereof, You may choose to
+offer, and charge a fee for, acceptance of support, warranty, indemnity, or
+other liability obligations and/or rights consistent with this License. However,
+in accepting such obligations, You may act only on Your own behalf and on Your
+sole responsibility, not on behalf of any other Contributor, and only if You
+agree to indemnify, defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason of your
+accepting any such warranty or additional liability.

README.md

@@ -1,24 +1,30 @@
 # TKeeper
+![](assets/gitkeeper.png)
 
-**TKeeper** is a threshold signature service that provides a simple REST API for distributed signing using **GG20 (Threshold ECDSA)** and **FROST (Threshold Schnorr)** protocols. The service abstracts the complexity of multiparty computation: to sign a message, a client just needs to send a single HTTP request.
+**TKeeper** is a threshold signature service that provides a simple REST API for distributed signing using **GG20 (Threshold ECDSA)** and **FROST (Threshold Schnorr)** protocols. The service abstracts the complexity of multiparty computation: to sign a message or generate a key, a client just needs to send a single HTTP request.  
+Powered by [tss4j](https://github.com/exploit-org/tss4j) - our threshold cryptography library.
 
 It is suitable for custody systems, MPC-based wallets, and backend services that require distributed key management and signing without exposing private keys to any single participant.
 
-We avoid using high-level abstractions such as `BigInteger` for handling sensitive data. All arithmetic operations on secret shares and cryptographic material are performed through low-level bindings over **libgmp**, allowing precise memory control and zeroing. For highly sensitive values (such as private key shares), **SecretBox** from **libsodium** is used for encryption in memory. The memory encryption key is generated every time application is started. For local persistent storage, TKeeper uses **RocksDB**, with all secret data encrypted with your **seal** key before being written to disk.
-
 ---
 
 ## Requirements
 
 TKeeper depends on several native libraries for cryptographic operations. Make sure the following are installed on the system:
 
 - [libsodium](https://github.com/jedisct1/libsodium) – used for secure memory handling and Ed25519 point ops
-- [libgmp](https://gmplib.org/) – used for arbitrary-precision arithmetic
+- [libgmp](https://gmplib.org/) – used for arbitrary-precision arithmetic (constant time for sensitive data)
 - [libsecp256k1](https://github.com/bitcoin-core/secp256k1) – used for Secp256k1 point ops
 
 Make sure these libraries are available in your environment and linked correctly.
+
+> TKeeper doesn't require these libs on Windows x64, Linux x64, and macOS Apple Silicon, as it includes precompiled native dependencies for these platforms.
+
 ___
 
 ## Documentation
-See [docs](docs) for detailed documentation on, or visit [docs.exploit.org/tkeeper](https://docs.exploit.org/tkeeper) for
-user-friendly documentation.
+See [docs](docs) for detailed documentation, or visit [docs.exploit.org/tkeeper](https://docs.exploit.org/tkeeper) for
+user-friendly view.
+
+## License
+Finja is licensed under the [Apache License, Version 2.0](LICENSE.md)

SECURITY.md

@@ -0,0 +1,6 @@
+# Reporting Security Issues
+Don't hesitate to report security issues. If you discover a potential security vulnerability in this project, please report it as soon as possible:
+
+> security@exploit.org
+
+Having PoC is not required, but it will help us to fix the issue faster.

assets/gitkeeper.png

@@ -7,16 +7,6 @@ plugins {
 repositories {
     mavenCentral()
     mavenLocal()
-
-    maven {
-        url 'http://maven.hub/'
-        credentials {
-            username mavenUsername
-            password mavenPassword
-        }
-
-        allowInsecureProtocol = true
-    }
 }
 
 dependencies {
@@ -37,13 +27,18 @@ dependencies {
 
     implementation 'com.fasterxml.jackson.module:jackson-module-kotlin:2.18.3'
 
-    implementation 'org.exploit.tss:gg20:0.0.2.4'
-    implementation 'org.exploit.tss:frost:0.0.2.4'
+    implementation 'org.exploit:gg20:0.0.1'
+    implementation 'org.exploit:frost:0.0.1'
+
+    implementation 'org.exploit:ed25519:0.0.1'
+    implementation 'org.exploit:secp256k1:0.0.1'
 
-    implementation 'org.exploit.tss:ed25519:0.0.2.4'
-    implementation 'org.exploit.tss:secp256k1:0.0.2.4'
+    implementation 'org.exploit:tss4j:0.0.1'
+    implementation 'org.exploit:crypto:1.0.0'
 
-    implementation 'org.exploit.tss:core:0.0.2.4'
+    implementation("org.exploit:tss4j-natives:1.0.0:linux-amd64@jar")
+    implementation("org.exploit:tss4j-natives:1.0.0:macos-aarch64@jar")
+    implementation("org.exploit:tss4j-natives:1.0.0:windows-amd64@jar")
 
     implementation 'com.nimbusds:nimbus-jose-jwt:10.2'
 
@@ -61,7 +56,7 @@ dependencies {
 }
 
 group 'org.exploit'
-version '0.0.1-SNAPSHOT'
+version '1.0.0-BETA'
 
 java {
     sourceCompatibility = JavaVersion.VERSION_17
@@ -82,8 +77,7 @@ configurations.configureEach {
     resolutionStrategy {
         force(
                 "net.java.dev.jna:jna:5.17.0",
-                "net.java.dev.jna:jna-platform:5.17.0",
-                "org.exploit:crypto:0.0.9-patch1",
+                "net.java.dev.jna:jna-platform:5.17.0"
         )
     }
 }

build.gradle

@@ -9,6 +9,8 @@ TKeeper depends on several native libraries for cryptographic operations. Make s
 
 Make sure these libraries are available in your environment and linked correctly.
 
+> TKeeper doesn't require this libs on Windows x64, Linux x64, and macos Apple Silicon, as it includes precompiled native dependencies for these platforms.
+
 ---
 ## Build with Gradle
 

docs/BUILD.md

@@ -75,13 +75,4 @@ Trusted dealer mode may be useful in:
 - Recovery operations where the original key is known
 
 However, this mode **removes the trust separation** provided by MPC.  
-Only use it when distributed key generation (DKG) is not an option.
-
----
-
-## Summary
-
-- Submit one full private key → TKeeper splits and distributes shares to all peers
-- All nodes must be online during the process
-- Each peer receives and stores only their share
-- Should be used only when DKG is not feasible
+Only use it when distributed key generation (DKG) is not an option.

docs/STORE.md

@@ -0,0 +1,13 @@
+package org.exploit.keeper
+
+import io.quarkus.runtime.Quarkus
+import io.quarkus.runtime.annotations.QuarkusMain
+import org.exploit.tss.TSS
+
+@QuarkusMain
+class TKeeper
+
+fun main(args: Array<String>) {
+    TSS.loadLibraries()
+    Quarkus.run(*args)
+}

src/main/kotlin/org/exploit/keeper/TKeeper.kt

@@ -1,11 +1,11 @@
 package org.exploit.keeper.api.auth
 
 import org.eclipse.jetty.client.api.Request
-import org.exploit.crypto.Hash
 import org.exploit.crypto.curve.Ed25519Provider
 import org.exploit.jettyx.auth.Authorization
 import org.exploit.keeper.db.RocksKeyDB
 import org.exploit.keeper.extension.toBase64
+import org.exploit.tss.util.Hash
 
 class KeeperAuthenticator(private val db: RocksKeyDB): Authorization {
     private val initData by lazy {

src/main/kotlin/org/exploit/keeper/api/auth/KeeperAuthenticator.kt

@@ -11,7 +11,7 @@ import org.exploit.keeper.extension.toSchnorrSignature
 import org.exploit.keeper.util.cache.CachedValue
 import org.exploit.tss.exception.IdentifiableAbortException
 
-class TKeeperClient(val peerId: Int, auth: KeeperAuthenticator, url: String, jettyx: Jettyx) {
+class TKeeperClient(val peerId: Int, auth: KeeperAuthenticator, val url: String, jettyx: Jettyx) {
     private val publicKey: CachedValue<Ed25519PublicKey> = CachedValue(
         expireAfterMillis = 60 * 60 * 1000,
         compute = {

src/main/kotlin/org/exploit/keeper/api/client/TKeeperClient.kt

@@ -5,15 +5,12 @@ import jakarta.ws.rs.Path
 import jakarta.ws.rs.QueryParam
 import org.exploit.keeper.model.request.Store
 import org.exploit.keeper.service.core.KeeperStorageService
-import org.slf4j.Logger
-import org.slf4j.LoggerFactory
 
 @Path("/v1/storage")
 class KeyStoreController(private val storage: KeeperStorageService) {
     @POST
     @Path("/store")
     fun store(body: Store) {
-        LOGGER.info("Storing share for keyId: ${body.keyId}, curve: ${body.curve}")
         storage.storeShare(body)
     }
 
@@ -22,8 +19,4 @@ class KeyStoreController(private val storage: KeeperStorageService) {
     fun revert(@QueryParam("keyId") keyId: String) {
         storage.deleteShare(keyId)
     }
-
-    private companion object {
-        val LOGGER: Logger = LoggerFactory.getLogger(KeyStoreController::class.java)
-    }
 }