github.com/consensys/gnark-crypto@v0.14.0/CHANGELOG.md (about)

     1  <a name="v0.11.1"></a>
     2  ## [v0.11.1] - 2023-07-11
     3  
     4  ### Fix
     5  - ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428))
     6  
     7  
     8  <a name="v0.11.0"></a>
     9  ## [v0.11.0] - 2023-05-02
    10  ### Build
    11  - go generate
    12  - generify bn254 changes
    13  - generify bn254 kzg changes
    14  - generify marshal changes
    15  - generify bn254 kzg changes
    16  - bump go1.20
    17  - update ci github action dependencies
    18  
    19  ### Chore
    20  - PR feedback
    21  
    22  ### Docs
    23  - make comments more godoc friendly
    24  - remove comment
    25  - remove DO NOT EDIT from non-autogenerated files
    26  
    27  ### Feat
    28  - fix v computation in ECDSA signature ([#385](https://github.com/ConsenSys/gnark-crypto/issues/385))
    29  - make `mapToCurve` public to allow for custom cofactor clearing ([#372](https://github.com/ConsenSys/gnark-crypto/issues/372))
    30  - add Double in affine coordinates
    31  - kzg.Vk.WriteRawTo
    32  - bn254 encoder to support uint64 slices
    33  - **pairing:** return 1 after easy part if result is 1
    34  
    35  ### Fix
    36  - handle all bitmask in point deserialization
    37  - littleEndian -> bigEndian
    38  - import utils
    39  - don't ignore multiexp error
    40  - minor errors
    41  - generation mistake
    42  - bn254 incorporate evals into kzg batch challenge
    43  - **kzg:** nb of digests in BatchVerifyMultiPoints should be nonzeo
    44  - **linter:** ineffassign in Fpk marshal
    45  
    46  ### Perf
    47  - **kzg:** remove G2 scalar mul in single verification
    48  
    49  ### Refactor
    50  - break pedersen key into proving (committing) and verifying
    51  - move roundtrip func to utils
    52  - reflect kzg changes in plookup
    53  - reflect kzg changes in permutation
    54  - kzg tests
    55  - kzg.NewSRS to return two structs
    56  - marshal pk, vk separately
    57  - break up kzg srs; NewSRS for bn254
    58  - export endomorphisms
    59  - **BatchDecompressKarabina:** handle g2=g3=0 case "explicitly"
    60  - **DecompressKarabina:** handle g2=g3=0 case "explicitly"
    61  
    62  ### Revert
    63  - do not export endomorphisms
    64  - NewSRS to return a pointer again
    65  - revive whole SRS serialization
    66  - reflect kzg.srs revival in other packages
    67  - limited revival of kzg.Srs
    68  
    69  ### Style
    70  - no loop when serializing one object only
    71  
    72  ### Pull Requests
    73  - Merge pull request [#391](https://github.com/ConsenSys/gnark-crypto/issues/391) from ConsenSys/develop
    74  - Merge pull request [#386](https://github.com/ConsenSys/gnark-crypto/issues/386) from ConsenSys/perf/kzg-verify
    75  - Merge pull request [#384](https://github.com/ConsenSys/gnark-crypto/issues/384) from ConsenSys/refactor/break-pedersen-notowermod
    76  - Merge pull request [#379](https://github.com/ConsenSys/gnark-crypto/issues/379) from ConsenSys/feat/encode-uint64-slices
    77  - Merge pull request [#378](https://github.com/ConsenSys/gnark-crypto/issues/378) from ConsenSys/refactor/break-kzg-srs
    78  - Merge pull request [#382](https://github.com/ConsenSys/gnark-crypto/issues/382) from ConsenSys/refactor/not-export-endo
    79  - Merge pull request [#380](https://github.com/ConsenSys/gnark-crypto/issues/380) from omerfirmak/elim-pedersen-alloc
    80  - Merge pull request [#374](https://github.com/ConsenSys/gnark-crypto/issues/374) from ConsenSys/fix/BatchVerifyMultiPoints-0
    81  - Merge pull request [#376](https://github.com/ConsenSys/gnark-crypto/issues/376) from ConsenSys/refactor/export-endo
    82  - Merge pull request [#375](https://github.com/ConsenSys/gnark-crypto/issues/375) from ConsenSys/refactor/FinalExp
    83  - Merge pull request [#377](https://github.com/ConsenSys/gnark-crypto/issues/377) from ConsenSys/fix/fold-kzg-fs
    84  - Merge pull request [#371](https://github.com/ConsenSys/gnark-crypto/issues/371) from omerfirmak/elim-pedersen-alloc
    85  - Merge pull request [#369](https://github.com/ConsenSys/gnark-crypto/issues/369) from ConsenSys/build/updateci
    86  
    87  
    88  <a name="v0.10.0"></a>
    89  ## [v0.10.0] - 2023-03-29
    90  ### Build
    91  - ran go generate
    92  
    93  ### Docs
    94  - added Generator docs
    95  - add TODO with small domain warning
    96  - **pairing:** add comments
    97  
    98  ### Feat
    99  - add ECDSA public key recover from message, signature and recovery info ([#347](https://github.com/ConsenSys/gnark-crypto/issues/347))
   100  - added comment for bitAt function
   101  - added sis.py
   102  - add reference test
   103  - merge fft branch and cosmetic edits
   104  - parallel.Execute with 1 task fast path
   105  - added fft.WithNbTasks
   106  - FFT signature now takes an option variadic
   107  - expose NaiveMulMod for gnark
   108  - experiment parallel sis
   109  - restored latest fft
   110  - restored fp, fr, etc
   111  
   112  ### Fix
   113  - code generation fp6
   114  - mods smaller than 5; overestimating nbword
   115  - invalid infinity point encoding
   116  - SIS on 64bit only
   117  - **MillerLoop:** return 1 when size(pairs)=0 after infinity filter
   118  
   119  ### Perf
   120  - faster init + simplify bit processing loop
   121  - fix todo with small domain path
   122  - optimized sis
   123  - kzg BatchOpenSinglePoint more parallelization
   124  - kept the fastest method for sis
   125  - use bitset in batch invert
   126  - iop ratio more parallelization. reuse cosets
   127  - 3 muls instead of 4 sis
   128  - less memallocs, check for zeroes
   129  - experiment without memcopy not great
   130  - minor optim in iop package
   131  - **bls24-317:** optimize final exp
   132  - **bn254:** use Fuentes et al. instead of Duquesne-Ghammam hard part
   133  - **bw6-756:** optimize GT subgroup membership
   134  - **pairings:** isolate first iteration to avoid a MulByLine
   135  - **pairings:** isolate last iteration to avoid a double/add
   136  - **stark-curve:** no subgroup check on prime-order curve
   137  
   138  ### Refactor
   139  - expose fft.Generator() method
   140  - export bls12-381 tower
   141  - expose bn254 tower to gnark
   142  - move Hash in _test.go file
   143  - fft.WithCoset() -> fft.OnCoset()
   144  - sis.py -> sis.sage
   145  - **pairings:** make DoubleStep and AddMixedStep private
   146  
   147  ### Style
   148  - remove dead comments
   149  - code cleaning
   150  - more code cleaning
   151  - code cleaning
   152  - cosmetic edits
   153  
   154  ### Test
   155  - minor fixes and skip 32bit
   156  - update test_cases.json
   157  - skip tensor commitment test on 32bit arch for now
   158  - added sis sage test case generation
   159  - still good
   160  
   161  ### Pull Requests
   162  - Merge pull request [#368](https://github.com/ConsenSys/gnark-crypto/issues/368) from ConsenSys/develop
   163  - Merge pull request [#366](https://github.com/ConsenSys/gnark-crypto/issues/366) from ConsenSys/refactor/pairings
   164  - Merge pull request [#365](https://github.com/ConsenSys/gnark-crypto/issues/365) from ConsenSys/fix/gentime-field-bugs
   165  - Merge pull request [#364](https://github.com/ConsenSys/gnark-crypto/issues/364) from jtraglia/update-tested-go-versions
   166  - Merge pull request [#363](https://github.com/ConsenSys/gnark-crypto/issues/363) from ConsenSys/fix/infencoding
   167  - Merge pull request [#361](https://github.com/ConsenSys/gnark-crypto/issues/361) from ConsenSys/perf/plonk
   168  - Merge pull request [#360](https://github.com/ConsenSys/gnark-crypto/issues/360) from ConsenSys/bls12381-tower-gnark
   169  - Merge pull request [#359](https://github.com/ConsenSys/gnark-crypto/issues/359) from SherLzp/develop
   170  - Merge pull request [#356](https://github.com/ConsenSys/gnark-crypto/issues/356) from ConsenSys/perf/bn24317-FinalExp
   171  - Merge pull request [#354](https://github.com/ConsenSys/gnark-crypto/issues/354) from ConsenSys/bn254-tower-gnark
   172  - Merge pull request [#351](https://github.com/ConsenSys/gnark-crypto/issues/351) from ConsenSys/perf/bw6-756/GT-subgroup-check
   173  - Merge pull request [#349](https://github.com/ConsenSys/gnark-crypto/issues/349) from ConsenSys/perf/subgroup-check-stark
   174  - Merge pull request [#344](https://github.com/ConsenSys/gnark-crypto/issues/344) from ConsenSys/perf/tensor-commitment
   175  - Merge pull request [#345](https://github.com/ConsenSys/gnark-crypto/issues/345) from ConsenSys/feat/fftopt
   176  - Merge pull request [#263](https://github.com/ConsenSys/gnark-crypto/issues/263) from AlexandreBelling/perf/tensor-commitment
   177  - Merge pull request [#260](https://github.com/ConsenSys/gnark-crypto/issues/260) from AlexandreBelling/experimental/tensor-commitment
   178  
   179  
   180  <a name="v0.9.1"></a>
   181  ## [v0.9.1] - 2023-02-14
   182  ### Build
   183  - go generate
   184  - weird staticcheck rule
   185  - generify
   186  - generify
   187  - generify parallel .Complete
   188  - generify fixes
   189  - generify parallel computeGJ
   190  - generify bn254 mimc changes
   191  - remove G2Exist flag from curves config
   192  
   193  ### Chore
   194  - remove safeStack
   195  - simpler dst for hash.WriteString
   196  - staticcheck
   197  - more ToBigIntRegular -> BigInt and another little thing
   198  - ToBigIntRegular -> BigInt
   199  - remove codegen temp files
   200  - delete temp files
   201  - setNbOutputs covered by topSort now
   202  - remove two other topological sorts
   203  
   204  ### Docs
   205  - fix incorrect statement
   206  - innerWork
   207  - update DOI in README.md
   208  
   209  ### Feat
   210  - SliceToElementSlice to be generic
   211  - some gkr; claim/subclaim in sumcheck seems untenable
   212  - Merkle tree to panic upon hash write error
   213  - pedersen_hash added to stark curve
   214  - signing interface changes and bn254 impl
   215  - add Vector support to ecc marshal encoder ([#336](https://github.com/ConsenSys/gnark-crypto/issues/336))
   216  - gkr.Circuit.MemoryRequirements
   217  - can pass workers pool in
   218  - parallel versions of computing gate inputs
   219  - more "subtle" parallelization tools
   220  - edDSA to write element by element
   221  - hash.ToField compatible with hash.Hash
   222  - generify parallel.Execute
   223  - pre-hashed message in eddsa
   224  - pre-hashed message in ecdsa
   225  - thread-safe pool
   226  - adds Vector in field package
   227  - first sumcheck attempt. Need specialized fiatshamir
   228  - more usable WriteString instead of "Decompose"
   229  - generify Decomposition solution
   230  - decomposing long challenge names bn254
   231  - generic sumcheck prover and verifier
   232  - start ECDSA on secp256k1
   233  - generate fp with addchain stark-curve
   234  - MSM and BatchScalarMul on secp256k1
   235  - ListHash
   236  - generify MessageCounter fix
   237  - generify gkr test vec gen fixes
   238  - generify gkr fixes
   239  - generify non-test vector gkr test changes
   240  - generify gkr changes
   241  - generify sumcheck changes
   242  - small_rational to and from bytes
   243  - generified gkr tests. test case generation still not working
   244  - some test generification
   245  - generify gkr.tmpl
   246  - edDsa SignFr and VerifyFr
   247  - nuke element.Bit() closes [#306](https://github.com/ConsenSys/gnark-crypto/issues/306) ([#331](https://github.com/ConsenSys/gnark-crypto/issues/331))
   248  - generic pool
   249  - generify multi-fan-out input bugfix
   250  - generified benchmark, parallelism and top sort
   251  - add minimal implem of stark curve
   252  - clean ups
   253  - basic benchmarking
   254  - test vector utils for all
   255  - a first attempt at separate test vector utils
   256  - parsing polynomials; more trouble than worth
   257  - remove unused test hash entries
   258  - gkr test vector codegen works for rationals
   259  - autogen gkr tests
   260  - code generation for poly.Text
   261  - better polynomial.Text for bn254
   262  - small_rational to use big.Int underneath
   263  - identity gate, 2 instances test on Q - prover side
   264  - Load test circuit and test hash function
   265  - sumcheck for rationals
   266  - more smallrational features
   267  - polynomial codegen to use simpler FieldDependency data structure
   268  - all necessary functions for the polynomial package
   269  - codegen for gkr
   270  - neg, sub, equal, double
   271  - codegen for sumcheck
   272  - some experimental rational
   273  - just a few lines
   274  - gkr verifier
   275  - Verify stub. shared claim mgmt structure. prover refactor to come
   276  - gkr prover
   277  - gkr sumcheck combine and computeGJ
   278  - some gkr prover stuff
   279  - three kinds of topological sort
   280  - MORE ABSTRACTION 🥲 Evaluating the final claim may be hard
   281  - **ecdsa:** use aes-ctr in signing randomness
   282  - **templates:** ecdsa package for all curves
   283  
   284  ### Fix
   285  - static checks
   286  - no repeated claims in FinalEvalProof
   287  - mimc pow7
   288  - single multilin test works
   289  - number of rounds for mimc
   290  - sumcheck test
   291  - parallelization bug
   292  - remove mimc printfs
   293  - WriteString returns no error now
   294  - side-stepped thread-safe pool issue
   295  - some debugging
   296  - serialization of stark-curve points
   297  - Multilin tests with toy input-independent hash work
   298  - use ProveFinalEval, make member vars of proof public
   299  - eddsa: separate field element and non-field-element hash inputs
   300  - minor error
   301  - eddsa to use WriteString
   302  - align challenge name, prepending with zeros to avoid field overflow
   303  - ecdsa on secp256k1 working
   304  - merge with develop
   305  - an attempt at input verification
   306  - computeGJ works correctly for mul gate
   307  - mul gate test passes
   308  - package name
   309  - correct field type
   310  - generify the fix
   311  - verifier input building bug
   312  - more noRedundancy bugs
   313  - noRedundancy bugs
   314  - multi-counting outs to the same wire
   315  - ignored errors in sumcheck.setupTranscript
   316  - sumcheck "bad proof accepted"
   317  - accepting bad proofs
   318  - sumcheck claim test
   319  - MessageCounter.Reset
   320  - staticcheck
   321  - uncomment gkr test vec gen
   322  - gkr test-vec gen errors
   323  - generify changes in small_rational maphashes
   324  - fake hash consistency
   325  - staticcheck
   326  - some gkr test vec errors
   327  - no hardcoded fr.Element in sumcheck test case gen
   328  - gkr challenges for SmallRational
   329  - sumcheck testcase gen compiles
   330  - gkr test case generator compiles
   331  - gkr_test files compile
   332  - bn254 sumcheck tests pass
   333  - fiatshamir to write bindings one by one
   334  - single input two identity gates test fixed, but fails
   335  - closes [#316](https://github.com/ConsenSys/gnark-crypto/issues/316) big int pool doesn't allow nil values
   336  - no expectation of ins/outs lumped together in tests
   337  - topological sort no longer group inputs and outputs
   338  - reintroduce some deleted autogens
   339  - generification
   340  - bn254 seems correct. test vector reordering needed
   341  - gofmt
   342  - yoda, multi-fan-out input bug
   343  - remove "enormousArray" hack, minimize unsafe.Pointer use
   344  - free mallocs
   345  - an "evaluate" missing the pool argument
   346  - errors in rational sumcheck
   347  - remove unreachable return
   348  - writeKey quotation marks
   349  - save new hash entries
   350  - still inconsistency betw rational and bn254
   351  - snapshot for hash inconsistency error
   352  - remove auto-generated test files
   353  - test vec gen works
   354  - manually edited main.go for gkr test vec gen
   355  - snapshot: gkr test vector generation
   356  - wrong type for wireAssignent
   357  - minor ones
   358  - rough edges for rationals
   359  - some corrections for rationals
   360  - restored hash elements incorrectly marked as unnecessary
   361  - more staticcheck fixes
   362  - better string search to make staticcheck happy
   363  - no redeclaring "err" to make staticcheck happy
   364  - all gkr tests pass
   365  - no compile errors, rational cases pass
   366  - setElement more consistent with SetInterface
   367  - setElement method that would work on fr and rationals
   368  - codegen for gkr test cases, compiles
   369  - gkr tests on rationals pass
   370  - no in-place operations
   371  - id circuit verification passes
   372  - fewer gkr test instances by default
   373  - some codegen mistakes
   374  - many instances of small circuits
   375  - remove challengeSeed from sumcheck input
   376  - **EdDSA:** enforce hash function as FS challenge
   377  - **curves:** copy scalars in JointScalarMul
   378  - **ecdsa:** avoid only 1 inverse in verify
   379  - **secp256k1:** bound cRrange by 15 for MSM
   380  - **secp256k1:** code generation for msm
   381  - **stark-curve:** point encoder (a!=0)
   382  - **stark-curve:** svdw hash-to-curve (coeff A!=0)
   383  - **template:** entries var re-declared
   384  
   385  ### Perf
   386  - parallelize computeGJ more effectively
   387  - parallel Fold
   388  - step 2 Combine
   389  - step 1, use the new pool for computeGJ and next
   390  - minor adjustements to iop package ([#334](https://github.com/ConsenSys/gnark-crypto/issues/334))
   391  - mimc on bls12-377/fr uses x^17 as a permutation
   392  - multilin.Fold without writing top part in memory
   393  - parallel WireAssignment.Complete for bn254
   394  - simplify gkr pool
   395  - workerPool in gkr
   396  - reduced many memory leaks to two
   397  - parallelism in computeGJ but faulty
   398  - concurrency in computeGJ. to make pool maps thread-safe
   399  - some rudimentary parallelism
   400  - **ecdsa:** avoid 2 inverses in verify (affine scalarMul)
   401  - **ecdsa:** no bigInt allocation
   402  
   403  ### Refactor
   404  - include secp256k1 in code generation
   405  - move some routines from gkrVectors
   406  - Pedersen hash on stark-curve
   407  - remove Decompose entirely
   408  - plookup.Table -> fr.Vector
   409  - element imports field/pool and field/hash to avoid cycles
   410  - remove dead code (FFT params for secp256k1)
   411  - concile ecdsa and eddsa on signature interface
   412  - smallRational out of gkr
   413  - remove fr/ packages from secp256k1
   414  - generify most gkr test vector ops
   415  - remove "proofEquals" from gkr test vgen
   416  - remove subclaim class
   417  - remove ToField interface
   418  - get rid of ParsedTestCase
   419  - include secp256k1 in code generation
   420  - move all fake hashes to test_vector_utils
   421  - cleaner sumcheck test-vec generation
   422  - clean iop APIs + add Marshal methods ([#337](https://github.com/ConsenSys/gnark-crypto/issues/337))
   423  - gkr tests to work with fiatshamir.transcript
   424  - remove unused file
   425  - fixing gkr tests
   426  - sumcheck and gkr to use fiatshamir package
   427  - **ecdsa:** follows SEC 1 v-2
   428  - **ecdsa:** make public params exportable to gnark
   429  - **ecdsa:** remove Params struct
   430  - **ecdsa:** marshal + follow interface
   431  - **ecdsa:** make hashToInt accessible for gnark
   432  
   433  ### Revert
   434  - deleted mimc.Write documentation
   435  - Remove EdDSA SignNum and VerifyNum
   436  - remove SignNum and VerifyNum
   437  - mimc to take in multiple elements
   438  - don't doubly hash finalEvalProof when an input wire is skipped
   439  - roll back cgo in memory management
   440  
   441  ### Style
   442  - some simplification, remove some dead code
   443  - remove unnecessary variable
   444  - remove some dead code
   445  - format
   446  - rename rational_cases to test_vectors
   447  - don't name unused variables
   448  - improved comments
   449  
   450  ### Test
   451  - more debug output
   452  - printfs in mimc
   453  - mimc to write out its ins and outs
   454  - a couple of benchmarks with some printfs
   455  - add ecdsa benchmarks
   456  - failing test
   457  - replicate failure in small_rational
   458  - MapHash consistency
   459  - vector with 4 instances
   460  - bigger instances
   461  - add failing verification tests
   462  - trilinear - single claim
   463  - a simple test vector for sumcheck
   464  - rational using big.Int is a failure
   465  - mimc test fails, most likely due to overflow
   466  - mimc; rational overflowing. TODO: Replace int64 with big.Int
   467  - vectors: more
   468  - some extra logging for 16M memory failure
   469  - more tests, mimc circuit fails
   470  - more usable message counter
   471  - fundamental flaw found in computeGJ
   472  - failing test for mul gate
   473  - simplest possible test, two instances of an identity gate
   474  
   475  ### Pull Requests
   476  - Merge pull request [#342](https://github.com/ConsenSys/gnark-crypto/issues/342) from ConsenSys/develop
   477  - Merge pull request [#308](https://github.com/ConsenSys/gnark-crypto/issues/308) from ConsenSys/304-field-agnostic-fiat-shamir-challenge-names
   478  - Merge pull request [#319](https://github.com/ConsenSys/gnark-crypto/issues/319) from ConsenSys/perf/gkr
   479  - Merge pull request [#328](https://github.com/ConsenSys/gnark-crypto/issues/328) from ConsenSys/perf/gkrpool
   480  - Merge pull request [#333](https://github.com/ConsenSys/gnark-crypto/issues/333) from ConsenSys/fix/mimc-pow7
   481  - Merge pull request [#327](https://github.com/ConsenSys/gnark-crypto/issues/327) from ConsenSys/pedersen-hash
   482  - Merge pull request [#320](https://github.com/ConsenSys/gnark-crypto/issues/320) from ConsenSys/fix/mimc-rounds
   483  - Merge pull request [#312](https://github.com/ConsenSys/gnark-crypto/issues/312) from ConsenSys/signature/pre-hashed
   484  - Merge pull request [#311](https://github.com/ConsenSys/gnark-crypto/issues/311) from ConsenSys/feat/element/vector
   485  - Merge pull request [#310](https://github.com/ConsenSys/gnark-crypto/issues/310) from ConsenSys/feat/ecdsa
   486  - Merge pull request [#298](https://github.com/ConsenSys/gnark-crypto/issues/298) from ConsenSys/secp256k1/MSM
   487  - Merge pull request [#309](https://github.com/ConsenSys/gnark-crypto/issues/309) from ConsenSys/chore/tobigintregular-deprecated
   488  - Merge pull request [#305](https://github.com/ConsenSys/gnark-crypto/issues/305) from ConsenSys/test/fiatshamir-mimc
   489  - Merge pull request [#299](https://github.com/ConsenSys/gnark-crypto/issues/299) from ConsenSys/feat/stark-curve
   490  - Merge pull request [#285](https://github.com/ConsenSys/gnark-crypto/issues/285) from ConsenSys/refac/gkr-fiatshamir
   491  - Merge pull request [#259](https://github.com/ConsenSys/gnark-crypto/issues/259) from ConsenSys/bench/gkr
   492  
   493  
   494  <a name="v0.9.0"></a>
   495  ## [v0.9.0] - 2023-01-05
   496  ### Build
   497  - re-ran gofmt with go1.19, updated ci to that
   498  
   499  ### Docs
   500  - added audit.pdf and updated link in README
   501  
   502  ### Feat
   503  - field.Hash ([#271](https://github.com/ConsenSys/gnark-crypto/issues/271))
   504  - add secp256k1 curve
   505  
   506  ### Fix
   507  - make BigInt a pointer receiver
   508  - remove generated fr/pedersen package from secp256k1
   509  - rebase on develop
   510  - no compressed marshall because no spare bit
   511  - **secp256k1:** no partitionScalars because there is no spare bit
   512  
   513  ### Fix
   514  - typos ([#262](https://github.com/ConsenSys/gnark-crypto/issues/262))
   515  
   516  ### Perf
   517  - **MSM:** save 4 mul in ext-Jac add
   518  - **bn254:** faster subgroup membership
   519  
   520  ### Refactor
   521  - rebase on develop (field api)
   522  - mark ToBigIntRegular as deprecated, introduce BigInt method ([#290](https://github.com/ConsenSys/gnark-crypto/issues/290))
   523  - clean code generation for endo-based computations ([#281](https://github.com/ConsenSys/gnark-crypto/issues/281))
   524  - **bn254:** remove unused variable (fixedCoeff)
   525  
   526  ### Style
   527  - typo
   528  
   529  ### Pull Requests
   530  - Merge pull request [#297](https://github.com/ConsenSys/gnark-crypto/issues/297) from ConsenSys/develop
   531  - Merge pull request [#277](https://github.com/ConsenSys/gnark-crypto/issues/277) from ConsenSys/feat/secp256k1
   532  - Merge pull request [#251](https://github.com/ConsenSys/gnark-crypto/issues/251) from ConsenSys/perf/IsInSubGroup-BN
   533  - Merge pull request [#250](https://github.com/ConsenSys/gnark-crypto/issues/250) from ConsenSys/docs/audit
   534  - Merge pull request [#245](https://github.com/ConsenSys/gnark-crypto/issues/245) from ConsenSys/perf/extJac-add
   535  - Merge pull request [#240](https://github.com/ConsenSys/gnark-crypto/issues/240) from ConsenSys/go1.19
   536  
   537  
   538  <a name="v0.8.0"></a>
   539  ## [v0.8.0] - 2022-08-04
   540  ### Build
   541  - updated go.mod direct deps
   542  - go mod tidy
   543  - update bavard dep
   544  - ran go generate after dev merge
   545  - faster ci path ([#185](https://github.com/ConsenSys/gnark-crypto/issues/185))
   546  - increase CI timeout
   547  - fix BatchInvert renaming in SSWU templates
   548  
   549  ### Chore
   550  - bls12-381 vectors: u
   551  - fix some merge issues
   552  - merge develop
   553  - resolve conflicts with non-mont-params
   554  
   555  ### Ci
   556  - fix slack integration + adds golanglint-ci ([#184](https://github.com/ConsenSys/gnark-crypto/issues/184))
   557  - revert most of last commit
   558  - use self hosted runners
   559  
   560  ### Clean
   561  - replace modulus generated by constants, add zero-alloc SetRandom ([#194](https://github.com/ConsenSys/gnark-crypto/issues/194))
   562  - remove uneeded x86 asm and files ([#192](https://github.com/ConsenSys/gnark-crypto/issues/192))
   563  
   564  ### Docs
   565  - updated changelog for v0.8.0
   566  - polish readme.md with updated godoc subpackage links ([#235](https://github.com/ConsenSys/gnark-crypto/issues/235))
   567  - acknowledge that inv(0)==0 in comments as a convention ([#233](https://github.com/ConsenSys/gnark-crypto/issues/233))
   568  - correct some comments
   569  - added note in pairing godoc - doesn't check inputs are in correct subgroup ([#231](https://github.com/ConsenSys/gnark-crypto/issues/231))
   570  - add security estimates of implemented curves in comments
   571  - prepare v0.8.0 release notes
   572  - added twitter handle and security policy links
   573  - updated doi
   574  
   575  ### Feat
   576  - simplified low degree check
   577  - lagrange polys, a couple of poly funcs
   578  - eq folding, unify small and large interfaces
   579  - addition of multiple rounds in fri
   580  - some folding in bn254
   581  - supsub
   582  - closes [#137](https://github.com/ConsenSys/gnark-crypto/issues/137) moves consensys/goff into field/goff ([#204](https://github.com/ConsenSys/gnark-crypto/issues/204))
   583  - tests used gopter for polynomials (bls377, no code gen yet)
   584  - multilin for all fields
   585  - field/goldilocks (more efficient 1-limb modulus arith) ([#177](https://github.com/ConsenSys/gnark-crypto/issues/177))
   586  - fields in fri proofs are exported
   587  - code gen for previous commit
   588  - code gen for previous refactor
   589  - field/generator suppors 1-limb modulus ([#175](https://github.com/ConsenSys/gnark-crypto/issues/175))
   590  - simplification of the final evaluation check
   591  - simplify deriveQueriesPositions
   592  - removed polynomial package bls24315
   593  - removed polynomial package
   594  - code gen
   595  - simplified deriveQueriesPosition
   596  - code gen for polynomials
   597  - a few polynomial utility functions, separate multilin_tests
   598  - regen polynomial
   599  - addition of ID in proof of proximity (for FiatShamir)
   600  - added finer grained error handling
   601  - exposed Claimed value
   602  - Open returns an error, addition of getter for rho
   603  - code gen
   604  - addition of opening tests
   605  - addition of opening+verification
   606  - merge develop
   607  - code gen for previous fix
   608  - code gen for kzg refactor
   609  - added Fiat Shamir for the (folding) challenges in fri
   610  - code gen for fri
   611  - **E12:** GT torus-based compression/decompression
   612  - **E12:** GT torus-based batch compression/decompression
   613  - **E24:** GT torus-based batch compression/decompression
   614  - **E6:** GT torus-based batch compression/decompression
   615  - **fri:** added check of correctness between rounds, test OK
   616  - **fri:** modified challenge generation so it fits in a snark variable
   617  - **fri:** evaluation field is exported
   618  - **fri:** removed unsused variable
   619  
   620  ### Fix
   621  - Handle edge case in Karabina decompression ([#219](https://github.com/ConsenSys/gnark-crypto/issues/219))
   622  
   623  ### Fix
   624  - check nbTasks config when running msm, test all possible c-bit windows in when testing.Short not set) ([#226](https://github.com/ConsenSys/gnark-crypto/issues/226))
   625  - race condition with supportAdx relique in internal/fptower
   626  - element.SetString(_) returns error if invalid input instead of panic
   627  - bavard dependency
   628  - Torus compression exception case
   629  - ToMont takes non-reference
   630  - q in tests requires isogeny
   631  - svdw parameters: z=1 not i
   632  - expand_msg_xmd copy bug, a few tests ([#201](https://github.com/ConsenSys/gnark-crypto/issues/201))
   633  - "e3" bug and change sign0 to the recent std specification
   634  - closes [#199](https://github.com/ConsenSys/gnark-crypto/issues/199). Correct bound in eddsa key gen template
   635  - expand_msg_xmd copy bug, a few tests
   636  - 8*Limbs could be too many bytes
   637  - right length argument for ExpandMsgXmd
   638  - remove supportAdx redundant test ([#186](https://github.com/ConsenSys/gnark-crypto/issues/186))
   639  - evaluation is an array instead of a slice
   640  - twoInv defined in init, removed dead code, unexport nbRounds
   641  - fixed unhandled errors
   642  - fixed conflict
   643  - fixed queries positions
   644  - fixed wrong indexation generator inverse
   645  - rebase on develop
   646  - wrong size for Merkle path opening
   647  - fixed unhandled error
   648  - fixed condition written out of scope, tests with gopter OK
   649  - fixed parity error
   650  - fixed unhandled error
   651  - fri test ok, need to clean and optimize
   652  - TestDeriveQueriesPositions passes
   653  - fixed failing tests (polynomial.go, bls12-381)
   654  - dusted off polynomial.go (bls377, no code gen yet)
   655  
   656  ### Perf
   657  - remove unecessary inverse in KZG-verify
   658  - faster GLV scalar decompostion
   659  
   660  
   661  ### Refactor
   662  - fft is done in the main loop
   663  - kzg uses DivideByXminusA from polynomial module
   664  - ScalarMul -> ScalarMultiplication
   665  - everything related to multilinear polynomials in the same file
   666  - verbose names
   667  - same codegen for sswu and svdw
   668  - sswu and svdw in "define"s
   669  - ScalarMulUnconverted -> ScalarMultiplicationAffine
   670  - moved divByXminusa to polynomial.go
   671  - BatchScalarMul -> BatchScalarMultiplication
   672  - parameters passed in regular form
   673  - lots of ffts removed
   674  - polynomial -> []frElement in fri
   675  - removed Commit function
   676  - NewPolynomial -> New
   677  - removed test DivPolyByXminusA from kzg, DivPolyBy -> DivBy
   678  - sswuMap -> mapToCurve
   679  - clean comments in curves ([#193](https://github.com/ConsenSys/gnark-crypto/issues/193))
   680  - DivideByXMinusA returns a pointer
   681  - **polynomial:** Copy() --> GetCopy()
   682  
   683  ### Style
   684  - remove dead code ([#230](https://github.com/ConsenSys/gnark-crypto/issues/230))
   685  - inneficient -> inefficient
   686  - cosmetic changes ([#197](https://github.com/ConsenSys/gnark-crypto/issues/197))
   687  - replace modulus generated by constants, add zero-alloc SetRandom ([#194](https://github.com/ConsenSys/gnark-crypto/issues/194))
   688  - remove unneeded x86 asm and files ([#192](https://github.com/ConsenSys/gnark-crypto/issues/192))
   689  - polish readme.md with updated godoc subpackage links ([#235](https://github.com/ConsenSys/gnark-crypto/issues/235))
   690  - acknowledge that inv(0)==0 in comments as a convention ([#233](https://github.com/ConsenSys/gnark-crypto/issues/233))
   691  - added note in pairing godoc - doesn't check inputs are in correct subgroup ([#231](https://github.com/ConsenSys/gnark-crypto/issues/231))
   692  - add security estimates of implemented curves in comments
   693  
   694  
   695  ### Test
   696  - cleanup
   697  - fix [#205](https://github.com/ConsenSys/gnark-crypto/issues/205) - msm bench with different bases ([#206](https://github.com/ConsenSys/gnark-crypto/issues/206))
   698  - bn254 hash to g2
   699  - vectors generated using https://github.com/armfazh/h2c-go-ref
   700  - complete tests for bn254g1, not cross verified
   701  - empty msg, q, q0, q1
   702  - added BitLen test
   703  - reduce load on CI
   704  - **all curves:** compress/decompress pairing result
   705  
   706  ### Pull Requests
   707  - Merge pull request [#237](https://github.com/ConsenSys/gnark-crypto/issues/237) from ConsenSys/develop
   708  - Merge pull request [#232](https://github.com/ConsenSys/gnark-crypto/issues/232) from ConsenSys/docs/comments
   709  - Merge pull request [#229](https://github.com/ConsenSys/gnark-crypto/issues/229) from ConsenSys/update_deps
   710  - Merge pull request [#227](https://github.com/ConsenSys/gnark-crypto/issues/227) from ConsenSys/fix/element_setstring
   711  - Merge pull request [#228](https://github.com/ConsenSys/gnark-crypto/issues/228) from ConsenSys/fix/race/test
   712  - Merge pull request [#224](https://github.com/ConsenSys/gnark-crypto/issues/224) from ConsenSys/refactor/scalarmul
   713  - Merge pull request [#220](https://github.com/ConsenSys/gnark-crypto/issues/220) from ConsenSys/perf/kzg-verify
   714  - Merge pull request [#223](https://github.com/ConsenSys/gnark-crypto/issues/223) from ConsenSys/doc/security-estimates-curves
   715  - Merge pull request [#216](https://github.com/ConsenSys/gnark-crypto/issues/216) from ConsenSys/feat/poly
   716  - Merge pull request [#217](https://github.com/ConsenSys/gnark-crypto/issues/217) from ConsenSys/string-utils
   717  - Merge pull request [#215](https://github.com/ConsenSys/gnark-crypto/issues/215) from ConsenSys/develop
   718  - Merge pull request [#213](https://github.com/ConsenSys/gnark-crypto/issues/213) from ConsenSys/perf/glv
   719  - Merge pull request [#211](https://github.com/ConsenSys/gnark-crypto/issues/211) from ConsenSys/develop
   720  - Merge pull request [#129](https://github.com/ConsenSys/gnark-crypto/issues/129) from ConsenSys/feat/GT-compression
   721  - Merge pull request [#209](https://github.com/ConsenSys/gnark-crypto/issues/209) from ConsenSys/codegen/svdw-not-e4
   722  - Merge pull request [#203](https://github.com/ConsenSys/gnark-crypto/issues/203) from ConsenSys/tests/bn254-vectors
   723  - Merge pull request [#196](https://github.com/ConsenSys/gnark-crypto/issues/196) from ConsenSys/patch/hashToFpGeneric
   724  - Merge pull request [#202](https://github.com/ConsenSys/gnark-crypto/issues/202) from ConsenSys/gbotrel/issue199
   725  - Merge pull request [#200](https://github.com/ConsenSys/gnark-crypto/issues/200) from tyGavinZJU/develop
   726  - Merge pull request [#85](https://github.com/ConsenSys/gnark-crypto/issues/85) from ConsenSys/feat/fri
   727  
   728  
   729  <a name="v0.7.0"></a>
   730  ## [v0.7.0] - 2022-03-25
   731  ### Build
   732  - reran go generate
   733  - rebase on develop
   734  - rebase on develop
   735  - add bw6-633 and bw6-756 to kzg constructor
   736  - run go generate
   737  - rebase branch on develop
   738  - add bls12-378 to kzg and hash
   739  - templates for bw6-756
   740  - templates for bw6-756
   741  - add bls12-378 to kzg and hash
   742  
   743  ### Ci
   744  - update workflows
   745  - update ci workflows
   746  - update github action workflows
   747  - named workflows
   748  - develop shorter ci workflow, master longer
   749  - remove circleCI
   750  - updated circleci to latest golang img
   751  - updated github workflow to go 1.18
   752  
   753  ### Docs
   754  - prepare changelog.md for v0.7.0
   755  - updated hyperelliptic links for twisted ed Add and MixedAdd
   756  - updated DOI
   757  
   758  ### Feat
   759  - sweet parameters for BLS12-377 G1 SSWU
   760  - add bw6-756 (2-chain w/ bls12-378 GT-strong)
   761  - SSWU for BLS12-378 (GT-strong)
   762  - sweet parameters for BLS12-377 G2 SSWU (23-isogeny)
   763  - sweet parameters for BW6-761 G2 SSWU
   764  - added element.Uint64() method
   765  - sweet parameters for BW6-633 G2 SSWU
   766  - SSWU for BW6-756 (outter to GT-strong)
   767  - add BLS12-378, a GT-strong SNARK-friendly inner curve
   768  - added ecc/twistededwards/ID
   769  - sweet parameters for BW6-633 G1 SSWU
   770  - removed dead code in fft
   771  - sweet parameters for BW6-761 G1 SSWU
   772  - add BLS12-378, a GT-strong SNARK-friendly inner curve
   773  - sweet parameters for BLS24-315 G1 SSWU
   774  - add bw6-756 (2-chain w/ bls12-378 GT-strong)
   775  - **bls12-378:** add companion twisted edwards to GT-strong BLS12-378
   776  - **bls12-378:** add companion twisted edwards to GT-strong BLS12-378
   777  - **bw6-756:** add companion twisted Edwards
   778  - **bw6-756:** add companion twisted Edwards
   779  
   780  ### Fix
   781  - IsUint64 coherence with other methods, convert from montgomery beforehands
   782  - twisted curve formulae for GT-strong embedded curve (a != -1)
   783  - templating twistededwards for BW6-756 after PR[#160](https://github.com/ConsenSys/gnark-crypto/issues/160)
   784  - templating twistededwards for BLS12-378 after PR[#160](https://github.com/ConsenSys/gnark-crypto/issues/160)
   785  - run go generate on new curves
   786  - add bls12-378 to signature package after change
   787  - sswu gopter generators repeatable rng
   788  - increment maxSignatures
   789  - rebase after change
   790  - changing Z to be the qnr instead of isogeny degree seems to work
   791  - increment maxSignatures
   792  - FrMultiplicativeGen overwritten
   793  - **bls12-378:** set root of unity for FFT
   794  - **bls12-378:** set root of unity for FFT
   795  - **bw6-633:** typo FrMultiplicativeGen=13
   796  - **sswu:** specify CoordExtRoot for BLS12-377
   797  
   798  ### Refactor
   799  - move signature/ constructors to signature/eddsa
   800  - eddsa generated for all twisted ed curve, including bandersnatch
   801  - twistededwards.go -> curve.go
   802  - bandersnatch generated with endo
   803  - generating bandersnatch without endo with same templates
   804  - make twistededwards all template generated
   805  - **sswu template:** NotOne is not always used
   806  - **sswu template:** NotOne is not always used
   807  
   808  ### Style
   809  - correct comment in config file
   810  - cleaned comments related to cosets
   811  
   812  ### Test
   813  - add few edge cases to test twistededwards
   814  
   815  ### Tests
   816  - mark test as Parallel. Check testing.Short() in most tests
   817  
   818  ### Pull Requests
   819  - Merge pull request [#171](https://github.com/ConsenSys/gnark-crypto/issues/171) from ConsenSys/test/twistedEdwards
   820  - Merge pull request [#170](https://github.com/ConsenSys/gnark-crypto/issues/170) from ConsenSys/fix/generators_sswu
   821  - Merge pull request [#167](https://github.com/ConsenSys/gnark-crypto/issues/167) from ConsenSys/ci/shorter-tests
   822  - Merge pull request [#166](https://github.com/ConsenSys/gnark-crypto/issues/166) from ConsenSys/ci_new
   823  - Merge pull request [#164](https://github.com/ConsenSys/gnark-crypto/issues/164) from ConsenSys/ci/go1.18
   824  - Merge pull request [#128](https://github.com/ConsenSys/gnark-crypto/issues/128) from ConsenSys/feat/GT-strong-BLS12-BW6
   825  - Merge pull request [#127](https://github.com/ConsenSys/gnark-crypto/issues/127) from ConsenSys/feat/GT-strong-BLS12
   826  - Merge pull request [#160](https://github.com/ConsenSys/gnark-crypto/issues/160) from ConsenSys/refactor-eddsa
   827  - Merge pull request [#156](https://github.com/ConsenSys/gnark-crypto/issues/156) from ConsenSys/sswu-all
   828  - Merge pull request [#154](https://github.com/ConsenSys/gnark-crypto/issues/154) from ConsenSys/fix/fft-mulGen
   829  - Merge pull request [#153](https://github.com/ConsenSys/gnark-crypto/issues/153) from zhiqiangxu/opt_NewDomain
   830  
   831  
   832  <a name="v0.6.1"></a>
   833  ## [v0.6.1] - 2022-02-15
   834  ### Build
   835  - **templates:** fix G2 point template
   836  
   837  ### Chore
   838  - genericize c-time sswu
   839  - removed the last sswu if
   840  - remove second if, auto-gen removal of first if
   841  - clean up mess regarding inv(0) conflict
   842  - removed redundant function SetHex
   843  - addressed all "small" feedback points
   844  - remove unnecessary benchmarks, remove og equals, rename diff
   845  
   846  ### Docs
   847  - updated changelog.md for v0.6.1
   848  - updated bibtex citation key
   849  - updated bibtex citation
   850  - added DOI and bibtex citation in readme.md
   851  
   852  ### Feat
   853  - code gen
   854  - adapted permutation argument to nrw kzg api
   855  - check that the generator is of correct order
   856  - kzg Verify function takes the opening point
   857  - sqrtRatio for any field, needs tests
   858  - precomputed values for q = 1 mod 8
   859  - bls12-381 g1 hash auto generated
   860  - standardize sqrt
   861  - move big int slicing to bavard
   862  - generic isogeny map
   863  - attempt to generate evaluate_poly
   864  - bls12-381 HashToG1 works
   865  - "generify" additional field operations
   866  - BLS12-381 G1 isogeny (very inefficient)
   867  - SqrtRatio. Non-qr case fails
   868  - modified templates + fix plookup table
   869  - adapted plookup using the new fft
   870  - constant time Equal with tests and benchmarks
   871  - mimc constants are exported
   872  - deleted addchain
   873  - modified fft templates
   874  - generic coset on bn254, tests ok
   875  - x64 assembly
   876  - generic selection using bitwise operations
   877  - **twistededwards:** Extended coordinates (a=-1) (faster, not complete)
   878  
   879  ### Fix
   880  - code generation "oops" with `testPairElement` class name
   881  - fixed fuzz fft
   882  - restored addchain
   883  - forgot to commit bls12377 modifs
   884  - 1st if statement in sswu
   885  - constant-time sqrtRatio
   886  - some feedback addressed
   887  - remove useless mulBy11 test, replace mulBy11 with mulByZ
   888  - all sqrtRatio works
   889  - sqrtRatio works for bls12-377 (p = 1 mod 8)
   890  - some eval_poly debugging
   891  - No isogeny func if no isogeny data
   892  - Generic TestElement0Inverse error
   893  - bls12-381 g1 encode to curve works
   894  - first G1 isogeny test passes
   895  - sqrtRatio for p = 3 mod 4 works
   896  - extended coordinates complete but not unified
   897  - fixed imports in code gen
   898  - removed old addchain files
   899  - fixed some ops in lookup vector
   900  - fixed permutation proofs
   901  - fixed fuzzer
   902  - removed seed from Sum
   903  - removed seed from mimc (fixes [#194](https://github.com/ConsenSys/gnark-crypto/issues/194))
   904  - clean, remove experimental second version of select
   905  - delete autogen assembly
   906  - delete unused assembly
   907  - errors in reversion
   908  - generate
   909  - fixed review: m is modified locally and returned
   910  - fixes [#126](https://github.com/ConsenSys/gnark-crypto/issues/126) the domain was not created correctly
   911  - SetInterface returns error if input is nil
   912  - fixed gosec
   913  - mimc is compliant with ethereum
   914  - twisted edwards templates
   915  - **tEdwards:** cofactor ToMont() not FromMont()
   916  
   917  ### Perf
   918  - init constants in sync.Once in MiMC
   919  - **bandersnatch:** extended coordinates
   920  - **bls24-315:** faster G2 membership test
   921  
   922  ### Refactor
   923  - property based testing for SqrtRatio, move sgn0 to ecc package
   924  - property based testing of IntToMont
   925  - Move field related funcs to field.Field
   926  - CurveInfo
   927  
   928  ### Revert
   929  - Inverse0 to have own PR
   930  - no assemly
   931  
   932  ### Style
   933  - remove excessive logs
   934  - rename `TempForHash` to `HashUtils`
   935  - Cleanup and test vectors for for bls12-381 G1
   936  - cleanup
   937  - Isogeny to be package-private
   938  - removed addchain folders
   939  - match function hierarchy: Select -> select_ -> _selectGeneric
   940  - remove redundant check
   941  
   942  ### Test
   943  - possible fix
   944  - obnoxious verbosity
   945  - include decimal in error msg
   946  - for BigIntMatchUint64Slice with verbose error messages
   947  - c1 value computed correctly. c2 is wrong
   948  - extracting test data for iso-g1 from faz's implementation
   949  - vectors form standard doc for existing ExpandMsgXmd implementation
   950  - bench: add x=y cases
   951  - match against generic implementation
   952  
   953  ### Pull Requests
   954  - Merge pull request [#152](https://github.com/ConsenSys/gnark-crypto/issues/152) from ConsenSys/feat/clean_kzg
   955  - Merge pull request [#145](https://github.com/ConsenSys/gnark-crypto/issues/145) from ConsenSys/fix/fft_cosets
   956  - Merge pull request [#147](https://github.com/ConsenSys/gnark-crypto/issues/147) from ConsenSys/sswu-fp-generic-rebased
   957  - Merge pull request [#146](https://github.com/ConsenSys/gnark-crypto/issues/146) from ConsenSys/perf-mimc-constants
   958  - Merge pull request [#144](https://github.com/ConsenSys/gnark-crypto/issues/144) from ConsenSys/constant-time-equals
   959  - Merge pull request [#125](https://github.com/ConsenSys/gnark-crypto/issues/125) from ConsenSys/fix/mimc_miyaguchipreneel
   960  - Merge pull request [#143](https://github.com/ConsenSys/gnark-crypto/issues/143) from ConsenSys/feat/cmov
   961  - Merge pull request [#140](https://github.com/ConsenSys/gnark-crypto/issues/140) from ConsenSys/inv(0)=0
   962  - Merge pull request [#110](https://github.com/ConsenSys/gnark-crypto/issues/110) from ConsenSys/feat/tEd-extended
   963  - Merge pull request [#123](https://github.com/ConsenSys/gnark-crypto/issues/123) from ConsenSys/perf/BLS24-G2-IsInSubGroup
   964  
   965  
   966  <a name="v0.6.0"></a>
   967  ## [v0.6.0] - 2022-01-03
   968  ### Build
   969  - remove duplicate import in template
   970  - add E8 and E24 types to bls24_315.go to export to gnark
   971  - aiming for determinitic addchain generation on CI
   972  - fix gosec unhandled errors
   973  - tell CI to ignore  non-deterministic addchain generated output
   974  - gitignore generated addition chains
   975  - run go mod tidy
   976  - fix marshal template for bls24
   977  
   978  ### Chore
   979  - generify 32bit fix
   980  - staticcheck, correct commented formula for outer loop iterations
   981  - Take out InverseOld
   982  - generify semicompressed
   983  - Not demanding 64bit arch. TODO: Test correctness on one
   984  - mathfmt, change correctionFac from var to consts, cite Pornin
   985  - Autogen all tests. TODO: bls12-377 fr loops
   986  - signed/unsigned versions of SOS mont for comparison
   987  
   988  ### Docs
   989  - v0.6.0 draft release notes
   990  - zkteam -> gnark
   991  - update field IsUIint64 doc
   992  
   993  ### Feat
   994  
   995  - **plookup:** added plookup lookup proof
   996  - **field:** generate optimized addition chains for Sqrt & Legendre exp functions
   997  - **field:** added field.SetInt64, support for intX and uintX [#109](https://github.com/ConsenSys/gnark-crypto/issues/109)
   998  - **field:** added UnmarshalJSON and MarshalJSON on fields
   999  - **field:** added field.Text(base) to return field element string in a given base, like big.Int
  1000  - **field:** field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16)
  1001  - **kzg:** test tampered proofs with quotient set to zero
  1002  - **bls24:** Fp-Fp2-Fp4-Fp12-Fp24 tower
  1003  
  1004  
  1005  ### Fix
  1006  - Optimization 3 works, but with many watches
  1007  - started adding the missing parts of the quotietn
  1008  - fixed bug for 64b
  1009  - 32bit compatible assertMatch for bn254/fp
  1010  - semi-compressed bn254/fp
  1011  - Update factor negation works
  1012  - fixed doc file
  1013  - number of iterations corrected. integration tests pass
  1014  - unbroke the tests
  1015  - ensure ecc.Info() is set
  1016  - fix neg template to actually use borrow value
  1017  - All bn254 tests pass but TestMonReduceNegFixed
  1018  - ecc.Info() returns lightweight field info, without calling the whole field generation including addchain generations
  1019  - fixes [#104](https://github.com/ConsenSys/gnark-crypto/issues/104) code generation for saturated modulus like secp256k1 incorrect. added secp256k1 test
  1020  - fixed quotient computation
  1021  - fixed test generation
  1022  - fixed file generation
  1023  - removed error for invalid domain size in kzg
  1024  - Neg passes, lingering issues with test randomizer
  1025  - remove use of R15 for small moduli mul [#113](https://github.com/ConsenSys/gnark-crypto/issues/113)
  1026  - fixed doc generation
  1027  - template used file path for doc instead of file name
  1028  - fixed exp takes a value, not a pointer. also random field generation test don't generate addchains
  1029  - temporaries element in addition chain back to pointers, they will be on the stack anyway, simple template
  1030  - fixed exp template takes element name as parameter
  1031  - restored randomness generation via Fiat Shamir
  1032  - unused code (nSquare)
  1033  - computation of last piece of quotient ok
  1034  - Non-const t: Precomputation gives little speedup: 1511,1463,1551
  1035  - Optimization 3 works, removed debugging code, down to 1879 ns/op
  1036  - init addchain cache only when needed
  1037  - full proof (without Fiat Shamir) passes
  1038  - **bls24:** fix Fp24 test
  1039  - **bn254:** correct Expt() addchain
  1040  - **plookup:** removed sortByT function, only sort.Sort() is called now
  1041  - **plookup:** computation of h0, hn ok
  1042  - **plookup:** fixed lookup vector: t must be ordered
  1043  - **plookup:** fixed wrong bound for completion of t and f
  1044  - **plookup:** computation of h is correct
  1045  - **plookup:** computation of Z ok
  1046  
  1047  ### Perf
  1048  - Branch-free signed non-mont word multiplication
  1049  - Field element - Word multiplication implemented
  1050  - Replace mulWRegular with faster branched version
  1051  - partial rollback for bn254-fp
  1052  - Four update factor vars
  1053  - fewer helper variables
  1054  - Combined updates factor to be signed, next: fewer helper vars
  1055  - Field element - Word multiplication implemented
  1056  - signed sos ftw
  1057  - Batch each 2 u,v updates. Update factors correct result incorrect
  1058  - Inlined conversion factor manipulation
  1059  - Removed debug logic
  1060  - Linear comb w 1 MontRed instead of 2. Slow (debug logic inline)
  1061  - field inverse optimizations
  1062  - **Miller loops:** specialized mul by curve coeff
  1063  - **bls12-381:** faster Miller loop (sparse-sparse mul)
  1064  - **bls12-381:** faster final exp (faster expt)
  1065  - **bls24:** compute frobenius coefficients
  1066  - **bn254:** better short addition chain for Expt()
  1067  - **bn254:** addchain with max squares (weighting mul x2.6 cyclosq)
  1068  
  1069  ### Refactor
  1070  - SOS Montgomery Reduction
  1071  - **bn254:** G2 memebership test uses psi directly
  1072  
  1073  ### Revert
  1074  - remove mathfmt (for now)
  1075  
  1076  ### Style
  1077  - comments and proofs
  1078  - removed debug printing
  1079  - more expressive argument name for `approximate`
  1080  - comments
  1081  - all "//" to be followed with a space
  1082  - Compute number of iterations only in field.go only
  1083  - hardcoded values shall be consts
  1084  - broke inv
  1085  - comments
  1086  - minor changes
  1087  - Some commentary
  1088  - Hand-inlined rsh31, comments, single correction factor
  1089  - removed commented code used for debugging
  1090  - mathfmt
  1091  - code cleaning
  1092  - separated tables and vectors in two files, cleaned code
  1093  - Some more commentary
  1094  - **plookup:** changed naming for rows and columns
  1095  - **plookup:** removed all the printing
  1096  
  1097  ### Test
  1098  - BenchInverse to call InverseOld
  1099  - Autogen correction factor checking test
  1100  - Autogen Montgomery reduction tests
  1101  - added property test for addchain based fixed exp
  1102  - deterministic sqrt bench
  1103  - Consistency check on top
  1104  
  1105  ### Pull Requests
  1106  - Merge pull request [#121](https://github.com/ConsenSys/gnark-crypto/issues/121) from ConsenSys/perf/ML-doubling
  1107  - Merge pull request [#111](https://github.com/ConsenSys/gnark-crypto/issues/111) from ConsenSys/field-intX-support
  1108  - Merge pull request [#114](https://github.com/ConsenSys/gnark-crypto/issues/114) from ConsenSys/fix-dynamic-link
  1109  - Merge pull request [#108](https://github.com/ConsenSys/gnark-crypto/issues/108) from ConsenSys/perf/bls12381-pairing
  1110  - Merge pull request [#106](https://github.com/ConsenSys/gnark-crypto/issues/106) from ConsenSys/improvement/field-inv-pornin20
  1111  - Merge pull request [#105](https://github.com/ConsenSys/gnark-crypto/issues/105) from ConsenSys/field-from-json
  1112  - Merge pull request [#83](https://github.com/ConsenSys/gnark-crypto/issues/83) from ConsenSys/experiment/BLS24
  1113  - Merge pull request [#102](https://github.com/ConsenSys/gnark-crypto/issues/102) from ConsenSys/feat/plookup
  1114  - Merge pull request [#97](https://github.com/ConsenSys/gnark-crypto/issues/97) from ConsenSys/feat-addchain
  1115  - Merge pull request [#99](https://github.com/ConsenSys/gnark-crypto/issues/99) from ConsenSys/feat-addchain-expt
  1116  
  1117  
  1118  <a name="v0.5.3"></a>
  1119  ## [v0.5.3] - 2021-11-03
  1120  ### Docs
  1121  - updated CHANGELOG.md for v0.5.3
  1122  
  1123  ### Feat
  1124  - subgroup check optional in decoder, parallel checks on slices
  1125  - added element.NewElement(v uint64)
  1126  
  1127  ### Fix
  1128  - **fp12:** compressed cyclotomic square (receiver == argument)
  1129  
  1130  ### Perf
  1131  - **bn:** faster G2 membership test
  1132  
  1133  ### Style
  1134  - cmp(zero) == -1 -> sign() == -1
  1135  
  1136  ### Pull Requests
  1137  - Merge pull request [#96](https://github.com/ConsenSys/gnark-crypto/issues/96) from ConsenSys/perf-decode-raw-points
  1138  - Merge pull request [#95](https://github.com/ConsenSys/gnark-crypto/issues/95) from ConsenSys/perf/bn-g2-membership
  1139  
  1140  
  1141  <a name="v0.5.2"></a>
  1142  ## [v0.5.2] - 2021-10-26
  1143  ### Build
  1144  - updated CHANGELOG.md for v0.5.2
  1145  - updated code generation with Projective parameter in Point
  1146  - **templates:** homogenous projective coordinates for G1 (bw6)
  1147  
  1148  ### Feat
  1149  - add bandersnatch curve (twistedEdwards on bls12-381 with GLV)
  1150  - linked info returned by ecc.Info with internal curve config package
  1151  - added Bytes per field in ecc.info
  1152  - added curveID.Info() which returns constants about a curve
  1153  - moved element.Halve into templates
  1154  - **bw6:** optimal Tate Miller loop with shared computations
  1155  - **bw6-761:** opt. ate with shared squares and shared doublings (alg.2)
  1156  
  1157  ### Fix
  1158  - halve with full-bits moduli
  1159  - **all twistedEdwards:** fix Add() in projective coordinates (issue 89)
  1160  - **all twistedEdwards:** remove A as we assume A=-1 (issue 87)
  1161  - **fiat-shamir:** added test to ensure len(challenge) > 0
  1162  
  1163  ### Perf
  1164  - Halve() directly on fp.Element
  1165  - **all curves:** Halve() directly on fp.Element
  1166  - **bn:** multiply ML external lines 2 by 2 (+multi-ML bench)
  1167  - **wip:** Montgomery Rsh instead of mul by 1/2
  1168  
  1169  ### Refactor
  1170  - **templates:** unify twistedEdwards package across curves
  1171  
  1172  ### Style
  1173  - correct comments
  1174  - factorize field info
  1175  - fiat-shamir clean up
  1176  - remove dead code (twoInv)
  1177  - **tEdwards:** keep jubjub package for backward-compatibility
  1178  - **tEdwards:** mulByA inside the package
  1179  
  1180  ### Pull Requests
  1181  - Merge pull request [#93](https://github.com/ConsenSys/gnark-crypto/issues/93) from ConsenSys/bandersnatch
  1182  - Merge pull request [#90](https://github.com/ConsenSys/gnark-crypto/issues/90) from ConsenSys/fix/tEdwards-addProj-issue89
  1183  - Merge pull request [#82](https://github.com/ConsenSys/gnark-crypto/issues/82) from ConsenSys/perf/bn254-ML
  1184  - Merge pull request [#88](https://github.com/ConsenSys/gnark-crypto/issues/88) from ConsenSys/issue-87/twistedEdwards
  1185  - Merge pull request [#81](https://github.com/ConsenSys/gnark-crypto/issues/81) from ConsenSys/ML/DoubleStep-Halve
  1186  - Merge pull request [#77](https://github.com/ConsenSys/gnark-crypto/issues/77) from ConsenSys/BW6
  1187  
  1188  
  1189  <a name="v0.5.1"></a>
  1190  ## [v0.5.1] - 2021-09-21
  1191  ### Build
  1192  - remove unused code (nSquare Fp24)
  1193  - replace go get by go install in CI workflow
  1194  - make staticcheck happier
  1195  - updated circleCI golang image
  1196  
  1197  ### Docs
  1198  - updated CHANGELOG.md with v0.5.1 release
  1199  - highlight breaking change in twisted edwards and eddsa
  1200  
  1201  ### Feat
  1202  - reverted to non-asm field inverse
  1203  - element.String() special path for uint64 and -uint64 values
  1204  - added x86 assembly impl for field.Inverse
  1205  - added element.IsUint64()
  1206  - added element.Bit(..) to retrieve i-th bit in a field element
  1207  - **Fp12:** implements the Karabina cyclotomic square in E12/E6
  1208  - **Fp24:** implements the Karabina cyclotomic square in E24/E8
  1209  - **Fp6:** implements the Karabina cyclotomic square in E6/E3
  1210  - **e12:** implements batch decompression for karabina cyclo square
  1211  - **e24:** implements batch decompression for karabina cyclo square
  1212  - **experimental:** msm splits first chunk processing if scalar is on one word
  1213  
  1214  ### Fix
  1215  - use low c bits only for small values in msm
  1216  
  1217  ### Perf
  1218  - **bls12:** faster G2 membership (eprint 2021/1130 sec.4)
  1219  - **bls12-377:** use asm MubBy5 as MulByNonResidue
  1220  - **bls24:** mix Karabina+GS+BatchInvert for faster FinalExp (Expt)
  1221  - **bw6-633:** fast GT-subgroup check
  1222  
  1223  ### Pull Requests
  1224  - Merge pull request [#76](https://github.com/ConsenSys/gnark-crypto/issues/76) from ConsenSys/msm-ones
  1225  - Merge pull request [#75](https://github.com/ConsenSys/gnark-crypto/issues/75) from ConsenSys/feat/karabina
  1226  
  1227  
  1228  <a name="v0.5.0"></a>
  1229  ## [v0.5.0] - 2021-08-23
  1230  ### Build
  1231  - added pairing test to bls24-315 generation
  1232  - added fft code gen for bls24-315
  1233  - update github workflow with go 1.17
  1234  - use 1.17rc2 golang while waiting for circleCI image
  1235  - fix gosec unhandled errors warnings
  1236  - ran go genearte for kzg on bw6-633
  1237  - fix gofuzz target for kzg
  1238  - prepare changelog for v0.5.0
  1239  - re-ran go genearte
  1240  - go mod tidy
  1241  - add bls24-315 to fiat-shamir and to readme
  1242  - added ecc code gen for bls24-315
  1243  - replace fr.Bytes in mimc blocksize
  1244  - added eddsa code gen for bls24-315
  1245  - added twisted edward codegen for bls24-315
  1246  - added mimc to code gen path for bls24-315
  1247  - added kzg code generation for bls24-315
  1248  - re-ran go:generate
  1249  - make staticcheck happier
  1250  - **bw6-633:** remove twistededwards until script finds coeff
  1251  
  1252  ### Clean
  1253  - **kzg:** NewSRS returns error if size < 2
  1254  
  1255  ### Cleanup
  1256  - kzg.Scheme fft.Domain moved into methods that needs it only
  1257  
  1258  ### Doc
  1259  - fix eddsa Bytes doc to indicate returned bytes slice is in compressed form
  1260  
  1261  ### Docs
  1262  - fix go report card link
  1263  - updated readme with go1.17
  1264  - update ecc.md
  1265  - add bls24/bw6 to the implemented curves func and doc
  1266  - update readme with bw6-633
  1267  - cosmetics and minor fixes
  1268  - added EdDSA godoc example
  1269  - added missing original copyright in merkletree pacakage + package doc
  1270  - most package now have a package level doc
  1271  - added fft package level doc
  1272  - formated and expanded package godoc for field elements
  1273  
  1274  ### Feat
  1275  - added Reference benchamrk for continuous benchmarking. fixes [#54](https://github.com/ConsenSys/gnark-crypto/issues/54)
  1276  - added curve level go-fuzz fuzz function
  1277  - added ecc.utils.NextPowerOfTwo used in fft and kzg
  1278  - kzg Commit takes an optional CPUSemaphore
  1279  - MultiExp now takes a ecc.MultiExpConfig to set the CPUSemaphore and scalars repr
  1280  - MultiExp returns error if len(points) != len(scalars)
  1281  - package doc is not mixed with code generation but inside a dedicated template for better formating and maintenance
  1282  - added Bytes() method on Digest (polynomial commitment)
  1283  - added ecc.Implemented() that returns list of curve fully implemented
  1284  - added code gen for modified fft
  1285  - init bw6-633 curve
  1286  - added Marshal() in field elements. Simplified interfaces in polynomial/
  1287  - addition of kzg for bn254
  1288  - kzg NewSRS takes alpha as big.Int
  1289  - kzg.SRS is a separate struct
  1290  - affine add, remove digest methods
  1291  - kzg is now strongly typed with the curve
  1292  - removed mock commitment
  1293  - added Clone() method on Digests
  1294  - addition of kzg for all curves + tests OK
  1295  - save allocation when possible when adding 2 polynomials
  1296  - ecc encoder now handles []Element so gnark don't have to
  1297  - ecc encoders uses binary.Write and binary.Read to support basic types
  1298  - added ecc.Implemented() that returns list of curve fully implemented
  1299  - added Reference benchmarks for continuous benchmarking. fixes [#54](https://github.com/ConsenSys/gnark-crypto/issues/54)
  1300  - added curve level go-fuzz fuzz functions
  1301  - **all curves:** faster GT membership
  1302  - **twisted Edwards:** tests use gopter, no more hardcoded values
  1303  
  1304  ### Fix
  1305  - CommitmentScheme interface matches kzg and mockCommitment
  1306  - fixed staticchek
  1307  - fixes [#37](https://github.com/ConsenSys/gnark-crypto/issues/37)
  1308  - fixed some errors handling in transcript.go
  1309  - fixed unhandled errors (G104)
  1310  - fixed conflicts
  1311  - handled error pointed by gosec (Fiat Shamir)
  1312  - h function is reset after deriving a challenge
  1313  - kzg.dividePolyByXminusA doesn't need the fft domain
  1314  - fixed fft cosets, tests OK + code gen
  1315  - kzg srs size in benchmarks
  1316  - restored kzg
  1317  - removed old version of polynomials using interface in bw6-633
  1318  - fixed Domain serialization
  1319  - kzg return type more homogeneous
  1320  - mock Digest ScalarMul didn't modify the caller
  1321  - fft with coset is now thread safe. style adjustements in code
  1322  - e2 x86 asm incorrect offset when x is 0
  1323  - fixes [#49](https://github.com/ConsenSys/gnark-crypto/issues/49)
  1324  - proper error handling for polynomial commitments + code gen
  1325  - remove Code generated comments in bls24/internal which is not generated
  1326  - fixes [#51](https://github.com/ConsenSys/gnark-crypto/issues/51)
  1327  - use crypto/rand instead of math/rand in ecc/../utils.go
  1328  - kzg serilization test comparing address instead of value
  1329  - **all curves:** IsInSubGroup shouldn't test E12 elements but GT
  1330  - **bls12-377:** fix coefficients for Shallue-van de Woestijne hash-to-G2
  1331  - **bls24-315:** E2 Mul + no template
  1332  - **bw6:** use crypto/rand instead of math/rand
  1333  - **bw6:** add GenBigInt and rename utils_test.go to utils.go
  1334  - **bw6:** use crypto/rand instead of math/rand
  1335  - **bw6-633:** fft
  1336  - **bw6-633:** fix final exp
  1337  - **bw6-633:** correct coefficients in SWU hash-to-curve
  1338  - **bw6-633:** clear cofactor and subgroup membership for G1 and G2
  1339  - **bw6-633:** GLV when fr.Limbs is odd
  1340  - **kzg:** alpha generation is up to the caller when calling NewScheme
  1341  - **kzg:** incorrect poly size in Open
  1342  - **msm:** seems doing the inner msm sequentially with little available cpus is bad idea
  1343  - **template:** IsInSubGroup shouldn't test E12 elements but GT
  1344  - **template:** include GLV case when fr.Limbs is odd
  1345  - **template:** code generation for bw6-633 eddsa
  1346  - **template:** fix MapToCurve test
  1347  - **template:** cyclotomic suqare test
  1348  - **template:** Expt test to include negative seed
  1349  - **templates:** no psi for bw6 endomorphism test
  1350  - **twisted Edwards:** fixed Neg(), and fixes [#57](https://github.com/ConsenSys/gnark-crypto/issues/57)
  1351  
  1352  ### Perf
  1353  - minor perf improvments in bw6 tower
  1354  - minor serialization chaanges in kzg
  1355  - **all curves:** twisted Edwards companions arithmetic with a=-1
  1356  - **bls12:** faster G2 clear cofactor
  1357  - **bls12:** faster G2 subgroup checks --> psi^2=phi+1
  1358  - **bls12:** faster G2 subgroup checks
  1359  - **bls12-377:** remove one add, one sub in e2.Square
  1360  - **bn:** optimize Expt (no conditional branching)
  1361  - **bn254:** Expt in 2-NAF
  1362  - **bw6:** replace Inverse and FrobeniusCube by conjugate
  1363  - **bw6:** new optimized final exp (hard part)
  1364  - **bw6-633:** divide G1 cofactor formula by 4
  1365  - **bw6-633:** optimized hard part in final exp
  1366  - **fft:** introduced flatten kernel for n==8 and asm impl for butterfly to minimize memory writes
  1367  
  1368  ### Refactor
  1369  - removed deprecated MulAssign, AddAssign and SubAssign apis
  1370  - moved crypto/* under /
  1371  - ported accumulator/ and polynomial/ from gnark
  1372  - moved fr/polynomial/kzg to fr/kzg
  1373  - ported mock commitment scheme from gnark
  1374  - moved duplicated ecc/xxx/CPUSemaphore to ecc/
  1375  - remove dead code in pairing
  1376  - BatchJacobianToAffineG1Affine -> BatchJacobianToAffineG1
  1377  - removed hash functions recorded in transcript.go
  1378  - ./crypto/fiat-shamir --> ./fiat-shamir/
  1379  - **bls12-377:** change G1 generator to match other libs
  1380  - **bls12-377:** change G2 generator (+Fp QNR) to match other libs
  1381  - **bls12-377:** remove unused sync.Pool in pairing
  1382  - **bw6:** Pairing according to ABLR 2013/722 with Fp6/Fp3
  1383  - **kzg:** Proof -> OpeningProof. BatchProofsSinglePoint -> BatchOpeningProof
  1384  - **kzg:** removed Scheme, package level methods with SRS and domain as parameter
  1385  
  1386  ### Style
  1387  - replaced conditionals with template variable to return fuzzed element
  1388  - gopter generators are code generated and return values. siimplifies non-sense in templates
  1389  - cleaner error message in Element.SetInterface
  1390  - cosmetics
  1391  - code cleaning in kzg
  1392  - go fmt
  1393  - code cleaning in polynomial and kzgé
  1394  - clean comments
  1395  - ComputeChallenge error re-indent
  1396  - **fft:** use close(chan)
  1397  - **kzg:** cosmetics
  1398  - **kzg:** cosmetics
  1399  
  1400  ### Test
  1401  - added mulGeneric vs mul assembly on E2 in bn254 and bls12-381
  1402  - bls24-315 added mulGeneric vs mulAsm E2 test
  1403  - **all curves:** test endomorphisms phi and psi
  1404  - **curves:** use IsInSubGroup instead IsOnCurve MapToCurveG1Svdw test
  1405  - **template:** include bw6 in pairing_test.go
  1406  
  1407  ### Tests
  1408  - added e2.Neg test in code generation
  1409  
  1410  ### Pull Requests
  1411  - Merge pull request [#70](https://github.com/ConsenSys/gnark-crypto/issues/70) from ConsenSys/develop
  1412  - Merge pull request [#68](https://github.com/ConsenSys/gnark-crypto/issues/68) from ConsenSys/fft-cleanup
  1413  - Merge pull request [#64](https://github.com/ConsenSys/gnark-crypto/issues/64) from ConsenSys/feat/bw6-633
  1414  - Merge pull request [#65](https://github.com/ConsenSys/gnark-crypto/issues/65) from ConsenSys/feat/kzgserialization
  1415  - Merge pull request [#63](https://github.com/ConsenSys/gnark-crypto/issues/63) from ConsenSys/feat/kzg_update
  1416  - Merge pull request [#61](https://github.com/ConsenSys/gnark-crypto/issues/61) from ConsenSys/feat/bls24-315
  1417  - Merge pull request [#59](https://github.com/ConsenSys/gnark-crypto/issues/59) from ConsenSys/ci/fuzzandbench
  1418  - Merge pull request [#58](https://github.com/ConsenSys/gnark-crypto/issues/58) from ConsenSys/refactor/bw6-761-pairing
  1419  - Merge pull request [#55](https://github.com/ConsenSys/gnark-crypto/issues/55) from ConsenSys/feat/GT-membership
  1420  - Merge pull request [#48](https://github.com/ConsenSys/gnark-crypto/issues/48) from ConsenSys/feat/kzg
  1421  - Merge pull request [#50](https://github.com/ConsenSys/gnark-crypto/issues/50) from ConsenSys/fix/fft
  1422  - Merge pull request [#46](https://github.com/ConsenSys/gnark-crypto/issues/46) from ConsenSys/fix/domain_precompute
  1423  - Merge pull request [#45](https://github.com/ConsenSys/gnark-crypto/issues/45) from ConsenSys/hotfix/issue_36
  1424  - Merge pull request [#44](https://github.com/ConsenSys/gnark-crypto/issues/44) from ConsenSys/feat/mul_by_13
  1425  - Merge pull request [#42](https://github.com/ConsenSys/gnark-crypto/issues/42) from ConsenSys/feat/fiat_shamir
  1426  - Merge pull request [#41](https://github.com/ConsenSys/gnark-crypto/issues/41) from ConsenSys/docs/godoc
  1427  
  1428  
  1429  <a name="v0.4.0"></a>
  1430  ## [v0.4.0] - 2021-03-31
  1431  ### Build
  1432  - updated go.mod
  1433  - updated CI and go.mod files
  1434  - updated to latest goff
  1435  - updated goff to fix incorrect min stack size
  1436  - fix slack notification
  1437  - added .gitlint file
  1438  - run on develop and master only
  1439  - test on more archs and targets
  1440  - faster path for testing.Short. remove some dead code
  1441  - make staticcheck happy, remove dead code
  1442  - added github action workflow, wip
  1443  
  1444  ### Ci
  1445  - install asmfmt before test step, now that goff field generation tests are included
  1446  - move dep install up
  1447  - ignore G204 rule in gosec (process lauched with var)
  1448  - testing pr on develop with go 1.15 and go 1.16
  1449  
  1450  ### Docs
  1451  - added changelog for v0.4.0
  1452  - add ecc/ecc.md and field/field.md
  1453  - updated README.md
  1454  - updated package doc
  1455  
  1456  ### Feat
  1457  - msm in full extJac
  1458  - use add extJac to sum buckets
  1459  - e2 bls381 asm mul clean
  1460  - e2 asm bls381 square clean
  1461  - bls381 e2 asm mul by non residue clean up
  1462  - first step in clobbered bp refactor. e2 asm: bn256 stable, bls381 wip
  1463  - use add extJac to sum buckets
  1464  
  1465  ### Fix
  1466  - handle case where numCPU < 4 in precomputeExpTable
  1467  - incorrect comment and size returned in twistededwards SetBytes fixes [#34](https://github.com/ConsenSys/gnark-crypto/issues/34)
  1468  - point.SetBytes can now be called concurently with same byte slice input
  1469  
  1470  
  1471  ### Perf
  1472  - delay coordinates conversion
  1473  - delay coordinates conversion
  1474  
  1475  ### Refactor
  1476  - moved interop tests under github.com/consensys/gnark-tests
  1477  - cosmetics
  1478  - gurvy -> gnark-crypto
  1479  - bls381 -> bls12-381, bls377 -> bls12-377
  1480  - curve -> ecc
  1481  - moved utils/ into curve/
  1482  - e2_bn256 --> e2_bn254
  1483  - moved gurvy.go into curve/curve.go
  1484  - renamed BN256 to BN254
  1485  - moved curves under curve/
  1486  - migrated gnark/polynomial under fr/
  1487  - ported mimc and eddsa from gnark
  1488  - factorized parallelize function and moved asm/amd64 into tower package
  1489  - cleaning internal/generator pattern
  1490  - checkpoint
  1491  - migrated gnark/backend/fft into fft/
  1492  - migrated goff packages into /field/...
  1493  - moved curves into /curve/...
  1494  
  1495  ### Style
  1496  - consistent copyright holder and year
  1497  - remove some empty lines
  1498  - rename point bench functions
  1499  - refactor reduceAfterSub... to modReduce...
  1500  - rename point bench functions
  1501  
  1502  ### Pull Requests
  1503  - Merge pull request [#35](https://github.com/ConsenSys/gnark-crypto/issues/35) from ConsenSys/refactor/monorepo
  1504  - Merge pull request [#33](https://github.com/ConsenSys/gnark-crypto/issues/33) from ConsenSys/msm/full-extJac
  1505  - Merge pull request [#32](https://github.com/ConsenSys/gnark-crypto/issues/32) from ConsenSys/fix/clobbered_bp
  1506  
  1507  
  1508  <a name="v0.3.8"></a>
  1509  ## [v0.3.8] - 2021-02-01
  1510  ### Bls377
  1511  - final exp hard part eprint 2020/875
  1512  - ML entirely on the twist (ABLR)
  1513  - ML entirely on the twist (ABLR)
  1514  
  1515  ### Bls381
  1516  - final exp hard part eprint 2020/875
  1517  - no precompute and go routines in pairing, wip
  1518  - ML entirely on the twist (ABLR)
  1519  - ML entirely on the twist (ABLR)
  1520  - change G1 and G2 generators for interop
  1521  
  1522  ### Bn256
  1523  - inline lineEval() in MilleLoop
  1524  - ML entirely on the twist (ABLR)
  1525  - change G1 and G2 generators for interop
  1526  
  1527  ### Bw6
  1528  - add E6 tests
  1529  - correct comments in FinalExp
  1530  - add pairing tests
  1531  - go fmt
  1532  - fix bw6 pairing API to take slices of points and mutualize squares
  1533  - go fmt
  1534  - fix bw6 pairing API to take slices of points and mutualize squares
  1535  
  1536  ### Bw761
  1537  - change G1 and G2 generators for interop
  1538  - PairingCheck API + ML bench
  1539  - PairingCheck API + ML bench
  1540  
  1541  ### Curves
  1542  - get rid of goroutines in ML
  1543  - g1/g2 template add proj to jac conversion
  1544  - get rid of goroutines in ML
  1545  - g1/g2 template add proj to jac conversion
  1546  
  1547  ### Fp12
  1548  - improved cyclotomicSquare
  1549  
  1550  ### Fp6
  1551  - cyclotomic square in Expt()
  1552  
  1553  ### TwistedEdwards
  1554  - addition of Marshal/Unmarshal+tests, addition of templates, modified GetEdwardsCurve to not expose order (in big.Int)
  1555  
  1556  ### Pull Requests
  1557  - Merge pull request [#29](https://github.com/ConsenSys/gnark-crypto/issues/29) from ConsenSys/youssef/bls12-finalExp
  1558  - Merge pull request [#27](https://github.com/ConsenSys/gnark-crypto/issues/27) from ConsenSys/experimental/pairing
  1559  - Merge pull request [#26](https://github.com/ConsenSys/gnark-crypto/issues/26) from ConsenSys/youssef/ML-ABLR
  1560  - Merge pull request [#25](https://github.com/ConsenSys/gnark-crypto/issues/25) from ConsenSys/csquare
  1561  - Merge pull request [#23](https://github.com/ConsenSys/gnark-crypto/issues/23) from ConsenSys/youssef/bw6-API-pairing
  1562  
  1563  
  1564  <a name="v0.3.7"></a>
  1565  ## [v0.3.7] - 2021-01-04
  1566  
  1567  <a name="v0.3.6"></a>
  1568  ## [v0.3.6] - 2020-12-22
  1569  ### Bls377
  1570  - multiple MillerLoops
  1571  
  1572  ### Bls381
  1573  - PairingCheck func for eth precompile
  1574  - 1 MillerLoop func + error handling
  1575  - fix MillerLoop (negative seed -> conjugate)
  1576  - optimize the final exp hard part (alg2)
  1577  - added e2.Mul x86 asm impl. sort of.
  1578  - e2 --> added x86 asm impl for squaring
  1579  - reverted result.Conjugate in pairing to previous (correct) version
  1580  - fix build on non amd64
  1581  - fix pairing interop test
  1582  - added asm impl for MulByNonResidue
  1583  - minor adjustements, wip
  1584  - minor adjustements, wip
  1585  - added bench in interop
  1586  - added failing interop test
  1587  - added scalar mul interop tests
  1588  - more interop test on GT serialization
  1589  
  1590  ### Bls831
  1591  - multiple MillerLoops error handling
  1592  
  1593  ### Bn256
  1594  - multiple miller loops
  1595  
  1596  ### Bw761
  1597  - added e6 Bytes() and SetBytes()
  1598  
  1599  ### Circleci
  1600  - ignoring .s files when checking generate output
  1601  
  1602  ### Feat
  1603  - **bls381:** generalize tripleML to xML
  1604  - **bls381:** factorize sq in 3 ML products
  1605  
  1606  ### Fix
  1607  - substitute == by Equal in e12
  1608  - substitute == by Equal in e12
  1609  
  1610  ### Marshal
  1611  - len slice of points encoded on uint32 instead of uint64.
  1612  - remove unecessary buffer allocatiosn in loop, added benchmark for e2.Sqrt
  1613  - added BytesRead and BytesWritten to Decoder and Encoder objects
  1614  
  1615  ### MultiExp
  1616  - the function must be called from an affine point and return an affine poitn
  1617  
  1618  ### Template
  1619  - pairing test
  1620  
  1621  ### Templates
  1622  - Set func in g1/2
  1623  - fix PairingCheck test
  1624  - pairing tests
  1625  - correct EFD URL in comments (g*p -> g1p)
  1626  
  1627  ### Unmarshal
  1628  - now perfoms subgroup check when deserializing points
  1629  
  1630  ### Wip
  1631  - added Bytes() and SetBytes() method on point with binary encoding and optional point compression
  1632  
  1633  ### Pull Requests
  1634  - Merge pull request [#21](https://github.com/ConsenSys/gnark-crypto/issues/21) from ConsenSys/youssef/MillerLoops
  1635  - Merge pull request [#19](https://github.com/ConsenSys/gnark-crypto/issues/19) from ConsenSys/cleanup
  1636  
  1637  
  1638  <a name="v0.3.5"></a>
  1639  ## [v0.3.5] - 2020-10-19
  1640  ### Bls377
  1641  - re-exposing GT.MulByXXX methods needed by gnark standard library
  1642  
  1643  
  1644  <a name="v0.3.4"></a>
  1645  ## [v0.3.4] - 2020-10-19
  1646  ### Curves
  1647  - curve coeff b is package private
  1648  
  1649  ### Multiexp
  1650  - renamed MultiExpOpt to CPUSemaphore, and remove data race on the window size attribute. Made staticcheck and linter happy.
  1651  
  1652  
  1653  <a name="v0.3.3"></a>
  1654  ## [v0.3.3] - 2020-09-23
  1655  
  1656  <a name="v0.3.0"></a>
  1657  ## [v0.3.0] - 2020-09-22
  1658  
  1659  <a name="v0.3.0-alpha"></a>
  1660  ## [v0.3.0-alpha] - 2020-09-15
  1661  ### BatchJacobianToAffine
  1662  - don't allocate new slice to store product, use affine storage space instead
  1663  
  1664  ### Bn256
  1665  - added test to  ensure e2 mul and square assembly impl matches generic ones
  1666  - enabled inlined call to wrappers E2.Mul and E2.Square making G2 point addition 10% faster
  1667  
  1668  ### Circleci
  1669  - test only main point ops on 32 bit path
  1670  - added -short option to tests to skip long or memory greedy tests
  1671  
  1672  ### Curve
  1673  - added BatchJacobianToAffine using montgomery batch inversion for G1 elements. Skipping G2 on this one
  1674  
  1675  ### Curves
  1676  - Generators() now return generators of the r-torsion group in Jacobian coordinates
  1677  - added Generators() getter on all curves. Added BatchScalarMultiplication method with test
  1678  - cleanup unused parameters for old scalar multiplication
  1679  
  1680  ### MultiExpOptions
  1681  - takes a semaphore (channel) of cpu instead of number of cpus
  1682  - fix previous commit.
  1683  
  1684  ### Multiexp
  1685  - PartitionScalars is now private. CPU semaphore has a lock that's release when all go routines are scheduled in the multiexp
  1686  - PartitionScalars now takes MultiExpOptions as optional argument too
  1687  - now optionally takes choice of c, max cpus to use, and indicates if scalars are already preprocessed
  1688  - code clean up. BatchScalarMultiplication now select window size depending on input length
  1689  - renamed ScalarsToDigit to PartitionScalars
  1690  - refactored ScalarsToDigit method so that duplicated code in multiExpcXX methods is largely reduced to allocating buckets on the stack
  1691  - remove c=20 as it timeouts test on circle ci for now
  1692  - api is now sync, like the rest of gx.go apis.
  1693  - less samples in generated tests, bw761 generates less multiExp variant of c
  1694  - added comments in code. still a lot (too much) template generated and duplicated code
  1695  - taking into account available CPUs. slightly better extended addition formula. moved multi exp tests into their own function
  1696  - wip, reverting to c divides 64
  1697  - wip, added preprocessing of scalars to compute digits in the bucket method
  1698  - remove test of c18 that seems to timeout
  1699  - cosmetics and documentation
  1700  - clean up bucket method, with 30percent gain on bn256 G1. WIP
  1701  
  1702  ### Pairing
  1703  - sender closes channel, not receiver
  1704  
  1705  ### Points
  1706  - made p.Neg() inlinable
  1707  
  1708  ### ScalarsToDigits
  1709  - reused method in BatchScalarMultiplication
  1710  
  1711  ### UnsafeFromJacExtended
  1712  - cosmetic, doc update
  1713  
  1714  
  1715  <a name="v0.2.0"></a>
  1716  ## [v0.2.0] - 2020-08-04
  1717  ### Bls381
  1718  - removed multi exp garbage, cleaned the tests using gopter
  1719  - tests for the pairing use gopter, fixed String() on g1, g2 (thanks the templates again), implemented simple double and add for g1 and g2 using big.Int
  1720  - got rid of the curve structure
  1721  
  1722  ### Circleci
  1723  - ensures that generated files are not hand modified
  1724  - ensures that generated files are not hand modified.
  1725  - new workflow with more insight on unit tests
  1726  
  1727  ### Develop
  1728  - skip Expt tests for now because the testpoint is not in the cyclotomic subgroup
  1729  - merge refactor-api; resolve merge conflicts, TestE12Expt failing for some reason
  1730  
  1731  ### WIP
  1732  - optimized Miller loop
  1733  
  1734  ### Pull Requests
  1735  - Merge pull request [#11](https://github.com/ConsenSys/gnark-crypto/issues/11) from ConsenSys/refactor-cyclotomicsquare
  1736  - Merge pull request [#10](https://github.com/ConsenSys/gnark-crypto/issues/10) from ConsenSys/refactor-constants
  1737  - Merge pull request [#5](https://github.com/ConsenSys/gnark-crypto/issues/5) from ConsenSys/experimental-pairing-gen
  1738  - Merge pull request [#4](https://github.com/ConsenSys/gnark-crypto/issues/4) from ConsenSys/endomul-remove
  1739  
  1740  
  1741  <a name="v0.1.1"></a>
  1742  ## [v0.1.1] - 2020-04-08
  1743  
  1744  <a name="v0.1.0"></a>
  1745  ## [v0.1.0] - 2020-04-07
  1746  ### Pull Requests
  1747  - Merge pull request [#2](https://github.com/ConsenSys/gnark-crypto/issues/2) from ConsenSys/develop
  1748  
  1749  
  1750  <a name="v0.0.1"></a>
  1751  ## v0.0.1 - 2020-03-23
  1752  
  1753  [v0.11.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.11.0...v0.11.1
  1754  [v0.11.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.10.0...v0.11.0
  1755  [v0.10.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.1...v0.10.0
  1756  [v0.9.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.0...v0.9.1
  1757  [v0.9.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.8.0...v0.9.0
  1758  [v0.8.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.7.0...v0.8.0
  1759  [v0.7.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.6.1...v0.7.0
  1760  [v0.6.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.6.0...v0.6.1
  1761  [v0.6.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.3...v0.6.0
  1762  [v0.5.3]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.2...v0.5.3
  1763  [v0.5.2]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.1...v0.5.2
  1764  [v0.5.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.0...v0.5.1
  1765  [v0.5.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.4.0...v0.5.0
  1766  [v0.4.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.8...v0.4.0
  1767  [v0.3.8]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.7...v0.3.8
  1768  [v0.3.7]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.6...v0.3.7
  1769  [v0.3.6]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.5...v0.3.6
  1770  [v0.3.5]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.4...v0.3.5
  1771  [v0.3.4]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.3...v0.3.4
  1772  [v0.3.3]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.0...v0.3.3
  1773  [v0.3.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.0-alpha...v0.3.0
  1774  [v0.3.0-alpha]: https://github.com/ConsenSys/gnark-crypto/compare/v0.2.0...v0.3.0-alpha
  1775  [v0.2.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.1.1...v0.2.0
  1776  [v0.1.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.1.0...v0.1.1
  1777  [v0.1.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.0.1...v0.1.0