github.com/consensys/gnark-crypto@v0.14.0/CHANGELOG.md (about) 1 <a name="v0.11.1"></a> 2 ## [v0.11.1] - 2023-07-11 3 4 ### Fix 5 - ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428)) 6 7 8 <a name="v0.11.0"></a> 9 ## [v0.11.0] - 2023-05-02 10 ### Build 11 - go generate 12 - generify bn254 changes 13 - generify bn254 kzg changes 14 - generify marshal changes 15 - generify bn254 kzg changes 16 - bump go1.20 17 - update ci github action dependencies 18 19 ### Chore 20 - PR feedback 21 22 ### Docs 23 - make comments more godoc friendly 24 - remove comment 25 - remove DO NOT EDIT from non-autogenerated files 26 27 ### Feat 28 - fix v computation in ECDSA signature ([#385](https://github.com/ConsenSys/gnark-crypto/issues/385)) 29 - make `mapToCurve` public to allow for custom cofactor clearing ([#372](https://github.com/ConsenSys/gnark-crypto/issues/372)) 30 - add Double in affine coordinates 31 - kzg.Vk.WriteRawTo 32 - bn254 encoder to support uint64 slices 33 - **pairing:** return 1 after easy part if result is 1 34 35 ### Fix 36 - handle all bitmask in point deserialization 37 - littleEndian -> bigEndian 38 - import utils 39 - don't ignore multiexp error 40 - minor errors 41 - generation mistake 42 - bn254 incorporate evals into kzg batch challenge 43 - **kzg:** nb of digests in BatchVerifyMultiPoints should be nonzeo 44 - **linter:** ineffassign in Fpk marshal 45 46 ### Perf 47 - **kzg:** remove G2 scalar mul in single verification 48 49 ### Refactor 50 - break pedersen key into proving (committing) and verifying 51 - move roundtrip func to utils 52 - reflect kzg changes in plookup 53 - reflect kzg changes in permutation 54 - kzg tests 55 - kzg.NewSRS to return two structs 56 - marshal pk, vk separately 57 - break up kzg srs; NewSRS for bn254 58 - export endomorphisms 59 - **BatchDecompressKarabina:** handle g2=g3=0 case "explicitly" 60 - **DecompressKarabina:** handle g2=g3=0 case "explicitly" 61 62 ### Revert 63 - do not export endomorphisms 64 - NewSRS to return a pointer again 65 - revive whole SRS serialization 66 - reflect kzg.srs revival in other packages 67 - limited revival of kzg.Srs 68 69 ### Style 70 - no loop when serializing one object only 71 72 ### Pull Requests 73 - Merge pull request [#391](https://github.com/ConsenSys/gnark-crypto/issues/391) from ConsenSys/develop 74 - Merge pull request [#386](https://github.com/ConsenSys/gnark-crypto/issues/386) from ConsenSys/perf/kzg-verify 75 - Merge pull request [#384](https://github.com/ConsenSys/gnark-crypto/issues/384) from ConsenSys/refactor/break-pedersen-notowermod 76 - Merge pull request [#379](https://github.com/ConsenSys/gnark-crypto/issues/379) from ConsenSys/feat/encode-uint64-slices 77 - Merge pull request [#378](https://github.com/ConsenSys/gnark-crypto/issues/378) from ConsenSys/refactor/break-kzg-srs 78 - Merge pull request [#382](https://github.com/ConsenSys/gnark-crypto/issues/382) from ConsenSys/refactor/not-export-endo 79 - Merge pull request [#380](https://github.com/ConsenSys/gnark-crypto/issues/380) from omerfirmak/elim-pedersen-alloc 80 - Merge pull request [#374](https://github.com/ConsenSys/gnark-crypto/issues/374) from ConsenSys/fix/BatchVerifyMultiPoints-0 81 - Merge pull request [#376](https://github.com/ConsenSys/gnark-crypto/issues/376) from ConsenSys/refactor/export-endo 82 - Merge pull request [#375](https://github.com/ConsenSys/gnark-crypto/issues/375) from ConsenSys/refactor/FinalExp 83 - Merge pull request [#377](https://github.com/ConsenSys/gnark-crypto/issues/377) from ConsenSys/fix/fold-kzg-fs 84 - Merge pull request [#371](https://github.com/ConsenSys/gnark-crypto/issues/371) from omerfirmak/elim-pedersen-alloc 85 - Merge pull request [#369](https://github.com/ConsenSys/gnark-crypto/issues/369) from ConsenSys/build/updateci 86 87 88 <a name="v0.10.0"></a> 89 ## [v0.10.0] - 2023-03-29 90 ### Build 91 - ran go generate 92 93 ### Docs 94 - added Generator docs 95 - add TODO with small domain warning 96 - **pairing:** add comments 97 98 ### Feat 99 - add ECDSA public key recover from message, signature and recovery info ([#347](https://github.com/ConsenSys/gnark-crypto/issues/347)) 100 - added comment for bitAt function 101 - added sis.py 102 - add reference test 103 - merge fft branch and cosmetic edits 104 - parallel.Execute with 1 task fast path 105 - added fft.WithNbTasks 106 - FFT signature now takes an option variadic 107 - expose NaiveMulMod for gnark 108 - experiment parallel sis 109 - restored latest fft 110 - restored fp, fr, etc 111 112 ### Fix 113 - code generation fp6 114 - mods smaller than 5; overestimating nbword 115 - invalid infinity point encoding 116 - SIS on 64bit only 117 - **MillerLoop:** return 1 when size(pairs)=0 after infinity filter 118 119 ### Perf 120 - faster init + simplify bit processing loop 121 - fix todo with small domain path 122 - optimized sis 123 - kzg BatchOpenSinglePoint more parallelization 124 - kept the fastest method for sis 125 - use bitset in batch invert 126 - iop ratio more parallelization. reuse cosets 127 - 3 muls instead of 4 sis 128 - less memallocs, check for zeroes 129 - experiment without memcopy not great 130 - minor optim in iop package 131 - **bls24-317:** optimize final exp 132 - **bn254:** use Fuentes et al. instead of Duquesne-Ghammam hard part 133 - **bw6-756:** optimize GT subgroup membership 134 - **pairings:** isolate first iteration to avoid a MulByLine 135 - **pairings:** isolate last iteration to avoid a double/add 136 - **stark-curve:** no subgroup check on prime-order curve 137 138 ### Refactor 139 - expose fft.Generator() method 140 - export bls12-381 tower 141 - expose bn254 tower to gnark 142 - move Hash in _test.go file 143 - fft.WithCoset() -> fft.OnCoset() 144 - sis.py -> sis.sage 145 - **pairings:** make DoubleStep and AddMixedStep private 146 147 ### Style 148 - remove dead comments 149 - code cleaning 150 - more code cleaning 151 - code cleaning 152 - cosmetic edits 153 154 ### Test 155 - minor fixes and skip 32bit 156 - update test_cases.json 157 - skip tensor commitment test on 32bit arch for now 158 - added sis sage test case generation 159 - still good 160 161 ### Pull Requests 162 - Merge pull request [#368](https://github.com/ConsenSys/gnark-crypto/issues/368) from ConsenSys/develop 163 - Merge pull request [#366](https://github.com/ConsenSys/gnark-crypto/issues/366) from ConsenSys/refactor/pairings 164 - Merge pull request [#365](https://github.com/ConsenSys/gnark-crypto/issues/365) from ConsenSys/fix/gentime-field-bugs 165 - Merge pull request [#364](https://github.com/ConsenSys/gnark-crypto/issues/364) from jtraglia/update-tested-go-versions 166 - Merge pull request [#363](https://github.com/ConsenSys/gnark-crypto/issues/363) from ConsenSys/fix/infencoding 167 - Merge pull request [#361](https://github.com/ConsenSys/gnark-crypto/issues/361) from ConsenSys/perf/plonk 168 - Merge pull request [#360](https://github.com/ConsenSys/gnark-crypto/issues/360) from ConsenSys/bls12381-tower-gnark 169 - Merge pull request [#359](https://github.com/ConsenSys/gnark-crypto/issues/359) from SherLzp/develop 170 - Merge pull request [#356](https://github.com/ConsenSys/gnark-crypto/issues/356) from ConsenSys/perf/bn24317-FinalExp 171 - Merge pull request [#354](https://github.com/ConsenSys/gnark-crypto/issues/354) from ConsenSys/bn254-tower-gnark 172 - Merge pull request [#351](https://github.com/ConsenSys/gnark-crypto/issues/351) from ConsenSys/perf/bw6-756/GT-subgroup-check 173 - Merge pull request [#349](https://github.com/ConsenSys/gnark-crypto/issues/349) from ConsenSys/perf/subgroup-check-stark 174 - Merge pull request [#344](https://github.com/ConsenSys/gnark-crypto/issues/344) from ConsenSys/perf/tensor-commitment 175 - Merge pull request [#345](https://github.com/ConsenSys/gnark-crypto/issues/345) from ConsenSys/feat/fftopt 176 - Merge pull request [#263](https://github.com/ConsenSys/gnark-crypto/issues/263) from AlexandreBelling/perf/tensor-commitment 177 - Merge pull request [#260](https://github.com/ConsenSys/gnark-crypto/issues/260) from AlexandreBelling/experimental/tensor-commitment 178 179 180 <a name="v0.9.1"></a> 181 ## [v0.9.1] - 2023-02-14 182 ### Build 183 - go generate 184 - weird staticcheck rule 185 - generify 186 - generify 187 - generify parallel .Complete 188 - generify fixes 189 - generify parallel computeGJ 190 - generify bn254 mimc changes 191 - remove G2Exist flag from curves config 192 193 ### Chore 194 - remove safeStack 195 - simpler dst for hash.WriteString 196 - staticcheck 197 - more ToBigIntRegular -> BigInt and another little thing 198 - ToBigIntRegular -> BigInt 199 - remove codegen temp files 200 - delete temp files 201 - setNbOutputs covered by topSort now 202 - remove two other topological sorts 203 204 ### Docs 205 - fix incorrect statement 206 - innerWork 207 - update DOI in README.md 208 209 ### Feat 210 - SliceToElementSlice to be generic 211 - some gkr; claim/subclaim in sumcheck seems untenable 212 - Merkle tree to panic upon hash write error 213 - pedersen_hash added to stark curve 214 - signing interface changes and bn254 impl 215 - add Vector support to ecc marshal encoder ([#336](https://github.com/ConsenSys/gnark-crypto/issues/336)) 216 - gkr.Circuit.MemoryRequirements 217 - can pass workers pool in 218 - parallel versions of computing gate inputs 219 - more "subtle" parallelization tools 220 - edDSA to write element by element 221 - hash.ToField compatible with hash.Hash 222 - generify parallel.Execute 223 - pre-hashed message in eddsa 224 - pre-hashed message in ecdsa 225 - thread-safe pool 226 - adds Vector in field package 227 - first sumcheck attempt. Need specialized fiatshamir 228 - more usable WriteString instead of "Decompose" 229 - generify Decomposition solution 230 - decomposing long challenge names bn254 231 - generic sumcheck prover and verifier 232 - start ECDSA on secp256k1 233 - generate fp with addchain stark-curve 234 - MSM and BatchScalarMul on secp256k1 235 - ListHash 236 - generify MessageCounter fix 237 - generify gkr test vec gen fixes 238 - generify gkr fixes 239 - generify non-test vector gkr test changes 240 - generify gkr changes 241 - generify sumcheck changes 242 - small_rational to and from bytes 243 - generified gkr tests. test case generation still not working 244 - some test generification 245 - generify gkr.tmpl 246 - edDsa SignFr and VerifyFr 247 - nuke element.Bit() closes [#306](https://github.com/ConsenSys/gnark-crypto/issues/306) ([#331](https://github.com/ConsenSys/gnark-crypto/issues/331)) 248 - generic pool 249 - generify multi-fan-out input bugfix 250 - generified benchmark, parallelism and top sort 251 - add minimal implem of stark curve 252 - clean ups 253 - basic benchmarking 254 - test vector utils for all 255 - a first attempt at separate test vector utils 256 - parsing polynomials; more trouble than worth 257 - remove unused test hash entries 258 - gkr test vector codegen works for rationals 259 - autogen gkr tests 260 - code generation for poly.Text 261 - better polynomial.Text for bn254 262 - small_rational to use big.Int underneath 263 - identity gate, 2 instances test on Q - prover side 264 - Load test circuit and test hash function 265 - sumcheck for rationals 266 - more smallrational features 267 - polynomial codegen to use simpler FieldDependency data structure 268 - all necessary functions for the polynomial package 269 - codegen for gkr 270 - neg, sub, equal, double 271 - codegen for sumcheck 272 - some experimental rational 273 - just a few lines 274 - gkr verifier 275 - Verify stub. shared claim mgmt structure. prover refactor to come 276 - gkr prover 277 - gkr sumcheck combine and computeGJ 278 - some gkr prover stuff 279 - three kinds of topological sort 280 - MORE ABSTRACTION 🥲 Evaluating the final claim may be hard 281 - **ecdsa:** use aes-ctr in signing randomness 282 - **templates:** ecdsa package for all curves 283 284 ### Fix 285 - static checks 286 - no repeated claims in FinalEvalProof 287 - mimc pow7 288 - single multilin test works 289 - number of rounds for mimc 290 - sumcheck test 291 - parallelization bug 292 - remove mimc printfs 293 - WriteString returns no error now 294 - side-stepped thread-safe pool issue 295 - some debugging 296 - serialization of stark-curve points 297 - Multilin tests with toy input-independent hash work 298 - use ProveFinalEval, make member vars of proof public 299 - eddsa: separate field element and non-field-element hash inputs 300 - minor error 301 - eddsa to use WriteString 302 - align challenge name, prepending with zeros to avoid field overflow 303 - ecdsa on secp256k1 working 304 - merge with develop 305 - an attempt at input verification 306 - computeGJ works correctly for mul gate 307 - mul gate test passes 308 - package name 309 - correct field type 310 - generify the fix 311 - verifier input building bug 312 - more noRedundancy bugs 313 - noRedundancy bugs 314 - multi-counting outs to the same wire 315 - ignored errors in sumcheck.setupTranscript 316 - sumcheck "bad proof accepted" 317 - accepting bad proofs 318 - sumcheck claim test 319 - MessageCounter.Reset 320 - staticcheck 321 - uncomment gkr test vec gen 322 - gkr test-vec gen errors 323 - generify changes in small_rational maphashes 324 - fake hash consistency 325 - staticcheck 326 - some gkr test vec errors 327 - no hardcoded fr.Element in sumcheck test case gen 328 - gkr challenges for SmallRational 329 - sumcheck testcase gen compiles 330 - gkr test case generator compiles 331 - gkr_test files compile 332 - bn254 sumcheck tests pass 333 - fiatshamir to write bindings one by one 334 - single input two identity gates test fixed, but fails 335 - closes [#316](https://github.com/ConsenSys/gnark-crypto/issues/316) big int pool doesn't allow nil values 336 - no expectation of ins/outs lumped together in tests 337 - topological sort no longer group inputs and outputs 338 - reintroduce some deleted autogens 339 - generification 340 - bn254 seems correct. test vector reordering needed 341 - gofmt 342 - yoda, multi-fan-out input bug 343 - remove "enormousArray" hack, minimize unsafe.Pointer use 344 - free mallocs 345 - an "evaluate" missing the pool argument 346 - errors in rational sumcheck 347 - remove unreachable return 348 - writeKey quotation marks 349 - save new hash entries 350 - still inconsistency betw rational and bn254 351 - snapshot for hash inconsistency error 352 - remove auto-generated test files 353 - test vec gen works 354 - manually edited main.go for gkr test vec gen 355 - snapshot: gkr test vector generation 356 - wrong type for wireAssignent 357 - minor ones 358 - rough edges for rationals 359 - some corrections for rationals 360 - restored hash elements incorrectly marked as unnecessary 361 - more staticcheck fixes 362 - better string search to make staticcheck happy 363 - no redeclaring "err" to make staticcheck happy 364 - all gkr tests pass 365 - no compile errors, rational cases pass 366 - setElement more consistent with SetInterface 367 - setElement method that would work on fr and rationals 368 - codegen for gkr test cases, compiles 369 - gkr tests on rationals pass 370 - no in-place operations 371 - id circuit verification passes 372 - fewer gkr test instances by default 373 - some codegen mistakes 374 - many instances of small circuits 375 - remove challengeSeed from sumcheck input 376 - **EdDSA:** enforce hash function as FS challenge 377 - **curves:** copy scalars in JointScalarMul 378 - **ecdsa:** avoid only 1 inverse in verify 379 - **secp256k1:** bound cRrange by 15 for MSM 380 - **secp256k1:** code generation for msm 381 - **stark-curve:** point encoder (a!=0) 382 - **stark-curve:** svdw hash-to-curve (coeff A!=0) 383 - **template:** entries var re-declared 384 385 ### Perf 386 - parallelize computeGJ more effectively 387 - parallel Fold 388 - step 2 Combine 389 - step 1, use the new pool for computeGJ and next 390 - minor adjustements to iop package ([#334](https://github.com/ConsenSys/gnark-crypto/issues/334)) 391 - mimc on bls12-377/fr uses x^17 as a permutation 392 - multilin.Fold without writing top part in memory 393 - parallel WireAssignment.Complete for bn254 394 - simplify gkr pool 395 - workerPool in gkr 396 - reduced many memory leaks to two 397 - parallelism in computeGJ but faulty 398 - concurrency in computeGJ. to make pool maps thread-safe 399 - some rudimentary parallelism 400 - **ecdsa:** avoid 2 inverses in verify (affine scalarMul) 401 - **ecdsa:** no bigInt allocation 402 403 ### Refactor 404 - include secp256k1 in code generation 405 - move some routines from gkrVectors 406 - Pedersen hash on stark-curve 407 - remove Decompose entirely 408 - plookup.Table -> fr.Vector 409 - element imports field/pool and field/hash to avoid cycles 410 - remove dead code (FFT params for secp256k1) 411 - concile ecdsa and eddsa on signature interface 412 - smallRational out of gkr 413 - remove fr/ packages from secp256k1 414 - generify most gkr test vector ops 415 - remove "proofEquals" from gkr test vgen 416 - remove subclaim class 417 - remove ToField interface 418 - get rid of ParsedTestCase 419 - include secp256k1 in code generation 420 - move all fake hashes to test_vector_utils 421 - cleaner sumcheck test-vec generation 422 - clean iop APIs + add Marshal methods ([#337](https://github.com/ConsenSys/gnark-crypto/issues/337)) 423 - gkr tests to work with fiatshamir.transcript 424 - remove unused file 425 - fixing gkr tests 426 - sumcheck and gkr to use fiatshamir package 427 - **ecdsa:** follows SEC 1 v-2 428 - **ecdsa:** make public params exportable to gnark 429 - **ecdsa:** remove Params struct 430 - **ecdsa:** marshal + follow interface 431 - **ecdsa:** make hashToInt accessible for gnark 432 433 ### Revert 434 - deleted mimc.Write documentation 435 - Remove EdDSA SignNum and VerifyNum 436 - remove SignNum and VerifyNum 437 - mimc to take in multiple elements 438 - don't doubly hash finalEvalProof when an input wire is skipped 439 - roll back cgo in memory management 440 441 ### Style 442 - some simplification, remove some dead code 443 - remove unnecessary variable 444 - remove some dead code 445 - format 446 - rename rational_cases to test_vectors 447 - don't name unused variables 448 - improved comments 449 450 ### Test 451 - more debug output 452 - printfs in mimc 453 - mimc to write out its ins and outs 454 - a couple of benchmarks with some printfs 455 - add ecdsa benchmarks 456 - failing test 457 - replicate failure in small_rational 458 - MapHash consistency 459 - vector with 4 instances 460 - bigger instances 461 - add failing verification tests 462 - trilinear - single claim 463 - a simple test vector for sumcheck 464 - rational using big.Int is a failure 465 - mimc test fails, most likely due to overflow 466 - mimc; rational overflowing. TODO: Replace int64 with big.Int 467 - vectors: more 468 - some extra logging for 16M memory failure 469 - more tests, mimc circuit fails 470 - more usable message counter 471 - fundamental flaw found in computeGJ 472 - failing test for mul gate 473 - simplest possible test, two instances of an identity gate 474 475 ### Pull Requests 476 - Merge pull request [#342](https://github.com/ConsenSys/gnark-crypto/issues/342) from ConsenSys/develop 477 - Merge pull request [#308](https://github.com/ConsenSys/gnark-crypto/issues/308) from ConsenSys/304-field-agnostic-fiat-shamir-challenge-names 478 - Merge pull request [#319](https://github.com/ConsenSys/gnark-crypto/issues/319) from ConsenSys/perf/gkr 479 - Merge pull request [#328](https://github.com/ConsenSys/gnark-crypto/issues/328) from ConsenSys/perf/gkrpool 480 - Merge pull request [#333](https://github.com/ConsenSys/gnark-crypto/issues/333) from ConsenSys/fix/mimc-pow7 481 - Merge pull request [#327](https://github.com/ConsenSys/gnark-crypto/issues/327) from ConsenSys/pedersen-hash 482 - Merge pull request [#320](https://github.com/ConsenSys/gnark-crypto/issues/320) from ConsenSys/fix/mimc-rounds 483 - Merge pull request [#312](https://github.com/ConsenSys/gnark-crypto/issues/312) from ConsenSys/signature/pre-hashed 484 - Merge pull request [#311](https://github.com/ConsenSys/gnark-crypto/issues/311) from ConsenSys/feat/element/vector 485 - Merge pull request [#310](https://github.com/ConsenSys/gnark-crypto/issues/310) from ConsenSys/feat/ecdsa 486 - Merge pull request [#298](https://github.com/ConsenSys/gnark-crypto/issues/298) from ConsenSys/secp256k1/MSM 487 - Merge pull request [#309](https://github.com/ConsenSys/gnark-crypto/issues/309) from ConsenSys/chore/tobigintregular-deprecated 488 - Merge pull request [#305](https://github.com/ConsenSys/gnark-crypto/issues/305) from ConsenSys/test/fiatshamir-mimc 489 - Merge pull request [#299](https://github.com/ConsenSys/gnark-crypto/issues/299) from ConsenSys/feat/stark-curve 490 - Merge pull request [#285](https://github.com/ConsenSys/gnark-crypto/issues/285) from ConsenSys/refac/gkr-fiatshamir 491 - Merge pull request [#259](https://github.com/ConsenSys/gnark-crypto/issues/259) from ConsenSys/bench/gkr 492 493 494 <a name="v0.9.0"></a> 495 ## [v0.9.0] - 2023-01-05 496 ### Build 497 - re-ran gofmt with go1.19, updated ci to that 498 499 ### Docs 500 - added audit.pdf and updated link in README 501 502 ### Feat 503 - field.Hash ([#271](https://github.com/ConsenSys/gnark-crypto/issues/271)) 504 - add secp256k1 curve 505 506 ### Fix 507 - make BigInt a pointer receiver 508 - remove generated fr/pedersen package from secp256k1 509 - rebase on develop 510 - no compressed marshall because no spare bit 511 - **secp256k1:** no partitionScalars because there is no spare bit 512 513 ### Fix 514 - typos ([#262](https://github.com/ConsenSys/gnark-crypto/issues/262)) 515 516 ### Perf 517 - **MSM:** save 4 mul in ext-Jac add 518 - **bn254:** faster subgroup membership 519 520 ### Refactor 521 - rebase on develop (field api) 522 - mark ToBigIntRegular as deprecated, introduce BigInt method ([#290](https://github.com/ConsenSys/gnark-crypto/issues/290)) 523 - clean code generation for endo-based computations ([#281](https://github.com/ConsenSys/gnark-crypto/issues/281)) 524 - **bn254:** remove unused variable (fixedCoeff) 525 526 ### Style 527 - typo 528 529 ### Pull Requests 530 - Merge pull request [#297](https://github.com/ConsenSys/gnark-crypto/issues/297) from ConsenSys/develop 531 - Merge pull request [#277](https://github.com/ConsenSys/gnark-crypto/issues/277) from ConsenSys/feat/secp256k1 532 - Merge pull request [#251](https://github.com/ConsenSys/gnark-crypto/issues/251) from ConsenSys/perf/IsInSubGroup-BN 533 - Merge pull request [#250](https://github.com/ConsenSys/gnark-crypto/issues/250) from ConsenSys/docs/audit 534 - Merge pull request [#245](https://github.com/ConsenSys/gnark-crypto/issues/245) from ConsenSys/perf/extJac-add 535 - Merge pull request [#240](https://github.com/ConsenSys/gnark-crypto/issues/240) from ConsenSys/go1.19 536 537 538 <a name="v0.8.0"></a> 539 ## [v0.8.0] - 2022-08-04 540 ### Build 541 - updated go.mod direct deps 542 - go mod tidy 543 - update bavard dep 544 - ran go generate after dev merge 545 - faster ci path ([#185](https://github.com/ConsenSys/gnark-crypto/issues/185)) 546 - increase CI timeout 547 - fix BatchInvert renaming in SSWU templates 548 549 ### Chore 550 - bls12-381 vectors: u 551 - fix some merge issues 552 - merge develop 553 - resolve conflicts with non-mont-params 554 555 ### Ci 556 - fix slack integration + adds golanglint-ci ([#184](https://github.com/ConsenSys/gnark-crypto/issues/184)) 557 - revert most of last commit 558 - use self hosted runners 559 560 ### Clean 561 - replace modulus generated by constants, add zero-alloc SetRandom ([#194](https://github.com/ConsenSys/gnark-crypto/issues/194)) 562 - remove uneeded x86 asm and files ([#192](https://github.com/ConsenSys/gnark-crypto/issues/192)) 563 564 ### Docs 565 - updated changelog for v0.8.0 566 - polish readme.md with updated godoc subpackage links ([#235](https://github.com/ConsenSys/gnark-crypto/issues/235)) 567 - acknowledge that inv(0)==0 in comments as a convention ([#233](https://github.com/ConsenSys/gnark-crypto/issues/233)) 568 - correct some comments 569 - added note in pairing godoc - doesn't check inputs are in correct subgroup ([#231](https://github.com/ConsenSys/gnark-crypto/issues/231)) 570 - add security estimates of implemented curves in comments 571 - prepare v0.8.0 release notes 572 - added twitter handle and security policy links 573 - updated doi 574 575 ### Feat 576 - simplified low degree check 577 - lagrange polys, a couple of poly funcs 578 - eq folding, unify small and large interfaces 579 - addition of multiple rounds in fri 580 - some folding in bn254 581 - supsub 582 - closes [#137](https://github.com/ConsenSys/gnark-crypto/issues/137) moves consensys/goff into field/goff ([#204](https://github.com/ConsenSys/gnark-crypto/issues/204)) 583 - tests used gopter for polynomials (bls377, no code gen yet) 584 - multilin for all fields 585 - field/goldilocks (more efficient 1-limb modulus arith) ([#177](https://github.com/ConsenSys/gnark-crypto/issues/177)) 586 - fields in fri proofs are exported 587 - code gen for previous commit 588 - code gen for previous refactor 589 - field/generator suppors 1-limb modulus ([#175](https://github.com/ConsenSys/gnark-crypto/issues/175)) 590 - simplification of the final evaluation check 591 - simplify deriveQueriesPositions 592 - removed polynomial package bls24315 593 - removed polynomial package 594 - code gen 595 - simplified deriveQueriesPosition 596 - code gen for polynomials 597 - a few polynomial utility functions, separate multilin_tests 598 - regen polynomial 599 - addition of ID in proof of proximity (for FiatShamir) 600 - added finer grained error handling 601 - exposed Claimed value 602 - Open returns an error, addition of getter for rho 603 - code gen 604 - addition of opening tests 605 - addition of opening+verification 606 - merge develop 607 - code gen for previous fix 608 - code gen for kzg refactor 609 - added Fiat Shamir for the (folding) challenges in fri 610 - code gen for fri 611 - **E12:** GT torus-based compression/decompression 612 - **E12:** GT torus-based batch compression/decompression 613 - **E24:** GT torus-based batch compression/decompression 614 - **E6:** GT torus-based batch compression/decompression 615 - **fri:** added check of correctness between rounds, test OK 616 - **fri:** modified challenge generation so it fits in a snark variable 617 - **fri:** evaluation field is exported 618 - **fri:** removed unsused variable 619 620 ### Fix 621 - Handle edge case in Karabina decompression ([#219](https://github.com/ConsenSys/gnark-crypto/issues/219)) 622 623 ### Fix 624 - check nbTasks config when running msm, test all possible c-bit windows in when testing.Short not set) ([#226](https://github.com/ConsenSys/gnark-crypto/issues/226)) 625 - race condition with supportAdx relique in internal/fptower 626 - element.SetString(_) returns error if invalid input instead of panic 627 - bavard dependency 628 - Torus compression exception case 629 - ToMont takes non-reference 630 - q in tests requires isogeny 631 - svdw parameters: z=1 not i 632 - expand_msg_xmd copy bug, a few tests ([#201](https://github.com/ConsenSys/gnark-crypto/issues/201)) 633 - "e3" bug and change sign0 to the recent std specification 634 - closes [#199](https://github.com/ConsenSys/gnark-crypto/issues/199). Correct bound in eddsa key gen template 635 - expand_msg_xmd copy bug, a few tests 636 - 8*Limbs could be too many bytes 637 - right length argument for ExpandMsgXmd 638 - remove supportAdx redundant test ([#186](https://github.com/ConsenSys/gnark-crypto/issues/186)) 639 - evaluation is an array instead of a slice 640 - twoInv defined in init, removed dead code, unexport nbRounds 641 - fixed unhandled errors 642 - fixed conflict 643 - fixed queries positions 644 - fixed wrong indexation generator inverse 645 - rebase on develop 646 - wrong size for Merkle path opening 647 - fixed unhandled error 648 - fixed condition written out of scope, tests with gopter OK 649 - fixed parity error 650 - fixed unhandled error 651 - fri test ok, need to clean and optimize 652 - TestDeriveQueriesPositions passes 653 - fixed failing tests (polynomial.go, bls12-381) 654 - dusted off polynomial.go (bls377, no code gen yet) 655 656 ### Perf 657 - remove unecessary inverse in KZG-verify 658 - faster GLV scalar decompostion 659 660 661 ### Refactor 662 - fft is done in the main loop 663 - kzg uses DivideByXminusA from polynomial module 664 - ScalarMul -> ScalarMultiplication 665 - everything related to multilinear polynomials in the same file 666 - verbose names 667 - same codegen for sswu and svdw 668 - sswu and svdw in "define"s 669 - ScalarMulUnconverted -> ScalarMultiplicationAffine 670 - moved divByXminusa to polynomial.go 671 - BatchScalarMul -> BatchScalarMultiplication 672 - parameters passed in regular form 673 - lots of ffts removed 674 - polynomial -> []frElement in fri 675 - removed Commit function 676 - NewPolynomial -> New 677 - removed test DivPolyByXminusA from kzg, DivPolyBy -> DivBy 678 - sswuMap -> mapToCurve 679 - clean comments in curves ([#193](https://github.com/ConsenSys/gnark-crypto/issues/193)) 680 - DivideByXMinusA returns a pointer 681 - **polynomial:** Copy() --> GetCopy() 682 683 ### Style 684 - remove dead code ([#230](https://github.com/ConsenSys/gnark-crypto/issues/230)) 685 - inneficient -> inefficient 686 - cosmetic changes ([#197](https://github.com/ConsenSys/gnark-crypto/issues/197)) 687 - replace modulus generated by constants, add zero-alloc SetRandom ([#194](https://github.com/ConsenSys/gnark-crypto/issues/194)) 688 - remove unneeded x86 asm and files ([#192](https://github.com/ConsenSys/gnark-crypto/issues/192)) 689 - polish readme.md with updated godoc subpackage links ([#235](https://github.com/ConsenSys/gnark-crypto/issues/235)) 690 - acknowledge that inv(0)==0 in comments as a convention ([#233](https://github.com/ConsenSys/gnark-crypto/issues/233)) 691 - added note in pairing godoc - doesn't check inputs are in correct subgroup ([#231](https://github.com/ConsenSys/gnark-crypto/issues/231)) 692 - add security estimates of implemented curves in comments 693 694 695 ### Test 696 - cleanup 697 - fix [#205](https://github.com/ConsenSys/gnark-crypto/issues/205) - msm bench with different bases ([#206](https://github.com/ConsenSys/gnark-crypto/issues/206)) 698 - bn254 hash to g2 699 - vectors generated using https://github.com/armfazh/h2c-go-ref 700 - complete tests for bn254g1, not cross verified 701 - empty msg, q, q0, q1 702 - added BitLen test 703 - reduce load on CI 704 - **all curves:** compress/decompress pairing result 705 706 ### Pull Requests 707 - Merge pull request [#237](https://github.com/ConsenSys/gnark-crypto/issues/237) from ConsenSys/develop 708 - Merge pull request [#232](https://github.com/ConsenSys/gnark-crypto/issues/232) from ConsenSys/docs/comments 709 - Merge pull request [#229](https://github.com/ConsenSys/gnark-crypto/issues/229) from ConsenSys/update_deps 710 - Merge pull request [#227](https://github.com/ConsenSys/gnark-crypto/issues/227) from ConsenSys/fix/element_setstring 711 - Merge pull request [#228](https://github.com/ConsenSys/gnark-crypto/issues/228) from ConsenSys/fix/race/test 712 - Merge pull request [#224](https://github.com/ConsenSys/gnark-crypto/issues/224) from ConsenSys/refactor/scalarmul 713 - Merge pull request [#220](https://github.com/ConsenSys/gnark-crypto/issues/220) from ConsenSys/perf/kzg-verify 714 - Merge pull request [#223](https://github.com/ConsenSys/gnark-crypto/issues/223) from ConsenSys/doc/security-estimates-curves 715 - Merge pull request [#216](https://github.com/ConsenSys/gnark-crypto/issues/216) from ConsenSys/feat/poly 716 - Merge pull request [#217](https://github.com/ConsenSys/gnark-crypto/issues/217) from ConsenSys/string-utils 717 - Merge pull request [#215](https://github.com/ConsenSys/gnark-crypto/issues/215) from ConsenSys/develop 718 - Merge pull request [#213](https://github.com/ConsenSys/gnark-crypto/issues/213) from ConsenSys/perf/glv 719 - Merge pull request [#211](https://github.com/ConsenSys/gnark-crypto/issues/211) from ConsenSys/develop 720 - Merge pull request [#129](https://github.com/ConsenSys/gnark-crypto/issues/129) from ConsenSys/feat/GT-compression 721 - Merge pull request [#209](https://github.com/ConsenSys/gnark-crypto/issues/209) from ConsenSys/codegen/svdw-not-e4 722 - Merge pull request [#203](https://github.com/ConsenSys/gnark-crypto/issues/203) from ConsenSys/tests/bn254-vectors 723 - Merge pull request [#196](https://github.com/ConsenSys/gnark-crypto/issues/196) from ConsenSys/patch/hashToFpGeneric 724 - Merge pull request [#202](https://github.com/ConsenSys/gnark-crypto/issues/202) from ConsenSys/gbotrel/issue199 725 - Merge pull request [#200](https://github.com/ConsenSys/gnark-crypto/issues/200) from tyGavinZJU/develop 726 - Merge pull request [#85](https://github.com/ConsenSys/gnark-crypto/issues/85) from ConsenSys/feat/fri 727 728 729 <a name="v0.7.0"></a> 730 ## [v0.7.0] - 2022-03-25 731 ### Build 732 - reran go generate 733 - rebase on develop 734 - rebase on develop 735 - add bw6-633 and bw6-756 to kzg constructor 736 - run go generate 737 - rebase branch on develop 738 - add bls12-378 to kzg and hash 739 - templates for bw6-756 740 - templates for bw6-756 741 - add bls12-378 to kzg and hash 742 743 ### Ci 744 - update workflows 745 - update ci workflows 746 - update github action workflows 747 - named workflows 748 - develop shorter ci workflow, master longer 749 - remove circleCI 750 - updated circleci to latest golang img 751 - updated github workflow to go 1.18 752 753 ### Docs 754 - prepare changelog.md for v0.7.0 755 - updated hyperelliptic links for twisted ed Add and MixedAdd 756 - updated DOI 757 758 ### Feat 759 - sweet parameters for BLS12-377 G1 SSWU 760 - add bw6-756 (2-chain w/ bls12-378 GT-strong) 761 - SSWU for BLS12-378 (GT-strong) 762 - sweet parameters for BLS12-377 G2 SSWU (23-isogeny) 763 - sweet parameters for BW6-761 G2 SSWU 764 - added element.Uint64() method 765 - sweet parameters for BW6-633 G2 SSWU 766 - SSWU for BW6-756 (outter to GT-strong) 767 - add BLS12-378, a GT-strong SNARK-friendly inner curve 768 - added ecc/twistededwards/ID 769 - sweet parameters for BW6-633 G1 SSWU 770 - removed dead code in fft 771 - sweet parameters for BW6-761 G1 SSWU 772 - add BLS12-378, a GT-strong SNARK-friendly inner curve 773 - sweet parameters for BLS24-315 G1 SSWU 774 - add bw6-756 (2-chain w/ bls12-378 GT-strong) 775 - **bls12-378:** add companion twisted edwards to GT-strong BLS12-378 776 - **bls12-378:** add companion twisted edwards to GT-strong BLS12-378 777 - **bw6-756:** add companion twisted Edwards 778 - **bw6-756:** add companion twisted Edwards 779 780 ### Fix 781 - IsUint64 coherence with other methods, convert from montgomery beforehands 782 - twisted curve formulae for GT-strong embedded curve (a != -1) 783 - templating twistededwards for BW6-756 after PR[#160](https://github.com/ConsenSys/gnark-crypto/issues/160) 784 - templating twistededwards for BLS12-378 after PR[#160](https://github.com/ConsenSys/gnark-crypto/issues/160) 785 - run go generate on new curves 786 - add bls12-378 to signature package after change 787 - sswu gopter generators repeatable rng 788 - increment maxSignatures 789 - rebase after change 790 - changing Z to be the qnr instead of isogeny degree seems to work 791 - increment maxSignatures 792 - FrMultiplicativeGen overwritten 793 - **bls12-378:** set root of unity for FFT 794 - **bls12-378:** set root of unity for FFT 795 - **bw6-633:** typo FrMultiplicativeGen=13 796 - **sswu:** specify CoordExtRoot for BLS12-377 797 798 ### Refactor 799 - move signature/ constructors to signature/eddsa 800 - eddsa generated for all twisted ed curve, including bandersnatch 801 - twistededwards.go -> curve.go 802 - bandersnatch generated with endo 803 - generating bandersnatch without endo with same templates 804 - make twistededwards all template generated 805 - **sswu template:** NotOne is not always used 806 - **sswu template:** NotOne is not always used 807 808 ### Style 809 - correct comment in config file 810 - cleaned comments related to cosets 811 812 ### Test 813 - add few edge cases to test twistededwards 814 815 ### Tests 816 - mark test as Parallel. Check testing.Short() in most tests 817 818 ### Pull Requests 819 - Merge pull request [#171](https://github.com/ConsenSys/gnark-crypto/issues/171) from ConsenSys/test/twistedEdwards 820 - Merge pull request [#170](https://github.com/ConsenSys/gnark-crypto/issues/170) from ConsenSys/fix/generators_sswu 821 - Merge pull request [#167](https://github.com/ConsenSys/gnark-crypto/issues/167) from ConsenSys/ci/shorter-tests 822 - Merge pull request [#166](https://github.com/ConsenSys/gnark-crypto/issues/166) from ConsenSys/ci_new 823 - Merge pull request [#164](https://github.com/ConsenSys/gnark-crypto/issues/164) from ConsenSys/ci/go1.18 824 - Merge pull request [#128](https://github.com/ConsenSys/gnark-crypto/issues/128) from ConsenSys/feat/GT-strong-BLS12-BW6 825 - Merge pull request [#127](https://github.com/ConsenSys/gnark-crypto/issues/127) from ConsenSys/feat/GT-strong-BLS12 826 - Merge pull request [#160](https://github.com/ConsenSys/gnark-crypto/issues/160) from ConsenSys/refactor-eddsa 827 - Merge pull request [#156](https://github.com/ConsenSys/gnark-crypto/issues/156) from ConsenSys/sswu-all 828 - Merge pull request [#154](https://github.com/ConsenSys/gnark-crypto/issues/154) from ConsenSys/fix/fft-mulGen 829 - Merge pull request [#153](https://github.com/ConsenSys/gnark-crypto/issues/153) from zhiqiangxu/opt_NewDomain 830 831 832 <a name="v0.6.1"></a> 833 ## [v0.6.1] - 2022-02-15 834 ### Build 835 - **templates:** fix G2 point template 836 837 ### Chore 838 - genericize c-time sswu 839 - removed the last sswu if 840 - remove second if, auto-gen removal of first if 841 - clean up mess regarding inv(0) conflict 842 - removed redundant function SetHex 843 - addressed all "small" feedback points 844 - remove unnecessary benchmarks, remove og equals, rename diff 845 846 ### Docs 847 - updated changelog.md for v0.6.1 848 - updated bibtex citation key 849 - updated bibtex citation 850 - added DOI and bibtex citation in readme.md 851 852 ### Feat 853 - code gen 854 - adapted permutation argument to nrw kzg api 855 - check that the generator is of correct order 856 - kzg Verify function takes the opening point 857 - sqrtRatio for any field, needs tests 858 - precomputed values for q = 1 mod 8 859 - bls12-381 g1 hash auto generated 860 - standardize sqrt 861 - move big int slicing to bavard 862 - generic isogeny map 863 - attempt to generate evaluate_poly 864 - bls12-381 HashToG1 works 865 - "generify" additional field operations 866 - BLS12-381 G1 isogeny (very inefficient) 867 - SqrtRatio. Non-qr case fails 868 - modified templates + fix plookup table 869 - adapted plookup using the new fft 870 - constant time Equal with tests and benchmarks 871 - mimc constants are exported 872 - deleted addchain 873 - modified fft templates 874 - generic coset on bn254, tests ok 875 - x64 assembly 876 - generic selection using bitwise operations 877 - **twistededwards:** Extended coordinates (a=-1) (faster, not complete) 878 879 ### Fix 880 - code generation "oops" with `testPairElement` class name 881 - fixed fuzz fft 882 - restored addchain 883 - forgot to commit bls12377 modifs 884 - 1st if statement in sswu 885 - constant-time sqrtRatio 886 - some feedback addressed 887 - remove useless mulBy11 test, replace mulBy11 with mulByZ 888 - all sqrtRatio works 889 - sqrtRatio works for bls12-377 (p = 1 mod 8) 890 - some eval_poly debugging 891 - No isogeny func if no isogeny data 892 - Generic TestElement0Inverse error 893 - bls12-381 g1 encode to curve works 894 - first G1 isogeny test passes 895 - sqrtRatio for p = 3 mod 4 works 896 - extended coordinates complete but not unified 897 - fixed imports in code gen 898 - removed old addchain files 899 - fixed some ops in lookup vector 900 - fixed permutation proofs 901 - fixed fuzzer 902 - removed seed from Sum 903 - removed seed from mimc (fixes [#194](https://github.com/ConsenSys/gnark-crypto/issues/194)) 904 - clean, remove experimental second version of select 905 - delete autogen assembly 906 - delete unused assembly 907 - errors in reversion 908 - generate 909 - fixed review: m is modified locally and returned 910 - fixes [#126](https://github.com/ConsenSys/gnark-crypto/issues/126) the domain was not created correctly 911 - SetInterface returns error if input is nil 912 - fixed gosec 913 - mimc is compliant with ethereum 914 - twisted edwards templates 915 - **tEdwards:** cofactor ToMont() not FromMont() 916 917 ### Perf 918 - init constants in sync.Once in MiMC 919 - **bandersnatch:** extended coordinates 920 - **bls24-315:** faster G2 membership test 921 922 ### Refactor 923 - property based testing for SqrtRatio, move sgn0 to ecc package 924 - property based testing of IntToMont 925 - Move field related funcs to field.Field 926 - CurveInfo 927 928 ### Revert 929 - Inverse0 to have own PR 930 - no assemly 931 932 ### Style 933 - remove excessive logs 934 - rename `TempForHash` to `HashUtils` 935 - Cleanup and test vectors for for bls12-381 G1 936 - cleanup 937 - Isogeny to be package-private 938 - removed addchain folders 939 - match function hierarchy: Select -> select_ -> _selectGeneric 940 - remove redundant check 941 942 ### Test 943 - possible fix 944 - obnoxious verbosity 945 - include decimal in error msg 946 - for BigIntMatchUint64Slice with verbose error messages 947 - c1 value computed correctly. c2 is wrong 948 - extracting test data for iso-g1 from faz's implementation 949 - vectors form standard doc for existing ExpandMsgXmd implementation 950 - bench: add x=y cases 951 - match against generic implementation 952 953 ### Pull Requests 954 - Merge pull request [#152](https://github.com/ConsenSys/gnark-crypto/issues/152) from ConsenSys/feat/clean_kzg 955 - Merge pull request [#145](https://github.com/ConsenSys/gnark-crypto/issues/145) from ConsenSys/fix/fft_cosets 956 - Merge pull request [#147](https://github.com/ConsenSys/gnark-crypto/issues/147) from ConsenSys/sswu-fp-generic-rebased 957 - Merge pull request [#146](https://github.com/ConsenSys/gnark-crypto/issues/146) from ConsenSys/perf-mimc-constants 958 - Merge pull request [#144](https://github.com/ConsenSys/gnark-crypto/issues/144) from ConsenSys/constant-time-equals 959 - Merge pull request [#125](https://github.com/ConsenSys/gnark-crypto/issues/125) from ConsenSys/fix/mimc_miyaguchipreneel 960 - Merge pull request [#143](https://github.com/ConsenSys/gnark-crypto/issues/143) from ConsenSys/feat/cmov 961 - Merge pull request [#140](https://github.com/ConsenSys/gnark-crypto/issues/140) from ConsenSys/inv(0)=0 962 - Merge pull request [#110](https://github.com/ConsenSys/gnark-crypto/issues/110) from ConsenSys/feat/tEd-extended 963 - Merge pull request [#123](https://github.com/ConsenSys/gnark-crypto/issues/123) from ConsenSys/perf/BLS24-G2-IsInSubGroup 964 965 966 <a name="v0.6.0"></a> 967 ## [v0.6.0] - 2022-01-03 968 ### Build 969 - remove duplicate import in template 970 - add E8 and E24 types to bls24_315.go to export to gnark 971 - aiming for determinitic addchain generation on CI 972 - fix gosec unhandled errors 973 - tell CI to ignore non-deterministic addchain generated output 974 - gitignore generated addition chains 975 - run go mod tidy 976 - fix marshal template for bls24 977 978 ### Chore 979 - generify 32bit fix 980 - staticcheck, correct commented formula for outer loop iterations 981 - Take out InverseOld 982 - generify semicompressed 983 - Not demanding 64bit arch. TODO: Test correctness on one 984 - mathfmt, change correctionFac from var to consts, cite Pornin 985 - Autogen all tests. TODO: bls12-377 fr loops 986 - signed/unsigned versions of SOS mont for comparison 987 988 ### Docs 989 - v0.6.0 draft release notes 990 - zkteam -> gnark 991 - update field IsUIint64 doc 992 993 ### Feat 994 995 - **plookup:** added plookup lookup proof 996 - **field:** generate optimized addition chains for Sqrt & Legendre exp functions 997 - **field:** added field.SetInt64, support for intX and uintX [#109](https://github.com/ConsenSys/gnark-crypto/issues/109) 998 - **field:** added UnmarshalJSON and MarshalJSON on fields 999 - **field:** added field.Text(base) to return field element string in a given base, like big.Int 1000 - **field:** field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16) 1001 - **kzg:** test tampered proofs with quotient set to zero 1002 - **bls24:** Fp-Fp2-Fp4-Fp12-Fp24 tower 1003 1004 1005 ### Fix 1006 - Optimization 3 works, but with many watches 1007 - started adding the missing parts of the quotietn 1008 - fixed bug for 64b 1009 - 32bit compatible assertMatch for bn254/fp 1010 - semi-compressed bn254/fp 1011 - Update factor negation works 1012 - fixed doc file 1013 - number of iterations corrected. integration tests pass 1014 - unbroke the tests 1015 - ensure ecc.Info() is set 1016 - fix neg template to actually use borrow value 1017 - All bn254 tests pass but TestMonReduceNegFixed 1018 - ecc.Info() returns lightweight field info, without calling the whole field generation including addchain generations 1019 - fixes [#104](https://github.com/ConsenSys/gnark-crypto/issues/104) code generation for saturated modulus like secp256k1 incorrect. added secp256k1 test 1020 - fixed quotient computation 1021 - fixed test generation 1022 - fixed file generation 1023 - removed error for invalid domain size in kzg 1024 - Neg passes, lingering issues with test randomizer 1025 - remove use of R15 for small moduli mul [#113](https://github.com/ConsenSys/gnark-crypto/issues/113) 1026 - fixed doc generation 1027 - template used file path for doc instead of file name 1028 - fixed exp takes a value, not a pointer. also random field generation test don't generate addchains 1029 - temporaries element in addition chain back to pointers, they will be on the stack anyway, simple template 1030 - fixed exp template takes element name as parameter 1031 - restored randomness generation via Fiat Shamir 1032 - unused code (nSquare) 1033 - computation of last piece of quotient ok 1034 - Non-const t: Precomputation gives little speedup: 1511,1463,1551 1035 - Optimization 3 works, removed debugging code, down to 1879 ns/op 1036 - init addchain cache only when needed 1037 - full proof (without Fiat Shamir) passes 1038 - **bls24:** fix Fp24 test 1039 - **bn254:** correct Expt() addchain 1040 - **plookup:** removed sortByT function, only sort.Sort() is called now 1041 - **plookup:** computation of h0, hn ok 1042 - **plookup:** fixed lookup vector: t must be ordered 1043 - **plookup:** fixed wrong bound for completion of t and f 1044 - **plookup:** computation of h is correct 1045 - **plookup:** computation of Z ok 1046 1047 ### Perf 1048 - Branch-free signed non-mont word multiplication 1049 - Field element - Word multiplication implemented 1050 - Replace mulWRegular with faster branched version 1051 - partial rollback for bn254-fp 1052 - Four update factor vars 1053 - fewer helper variables 1054 - Combined updates factor to be signed, next: fewer helper vars 1055 - Field element - Word multiplication implemented 1056 - signed sos ftw 1057 - Batch each 2 u,v updates. Update factors correct result incorrect 1058 - Inlined conversion factor manipulation 1059 - Removed debug logic 1060 - Linear comb w 1 MontRed instead of 2. Slow (debug logic inline) 1061 - field inverse optimizations 1062 - **Miller loops:** specialized mul by curve coeff 1063 - **bls12-381:** faster Miller loop (sparse-sparse mul) 1064 - **bls12-381:** faster final exp (faster expt) 1065 - **bls24:** compute frobenius coefficients 1066 - **bn254:** better short addition chain for Expt() 1067 - **bn254:** addchain with max squares (weighting mul x2.6 cyclosq) 1068 1069 ### Refactor 1070 - SOS Montgomery Reduction 1071 - **bn254:** G2 memebership test uses psi directly 1072 1073 ### Revert 1074 - remove mathfmt (for now) 1075 1076 ### Style 1077 - comments and proofs 1078 - removed debug printing 1079 - more expressive argument name for `approximate` 1080 - comments 1081 - all "//" to be followed with a space 1082 - Compute number of iterations only in field.go only 1083 - hardcoded values shall be consts 1084 - broke inv 1085 - comments 1086 - minor changes 1087 - Some commentary 1088 - Hand-inlined rsh31, comments, single correction factor 1089 - removed commented code used for debugging 1090 - mathfmt 1091 - code cleaning 1092 - separated tables and vectors in two files, cleaned code 1093 - Some more commentary 1094 - **plookup:** changed naming for rows and columns 1095 - **plookup:** removed all the printing 1096 1097 ### Test 1098 - BenchInverse to call InverseOld 1099 - Autogen correction factor checking test 1100 - Autogen Montgomery reduction tests 1101 - added property test for addchain based fixed exp 1102 - deterministic sqrt bench 1103 - Consistency check on top 1104 1105 ### Pull Requests 1106 - Merge pull request [#121](https://github.com/ConsenSys/gnark-crypto/issues/121) from ConsenSys/perf/ML-doubling 1107 - Merge pull request [#111](https://github.com/ConsenSys/gnark-crypto/issues/111) from ConsenSys/field-intX-support 1108 - Merge pull request [#114](https://github.com/ConsenSys/gnark-crypto/issues/114) from ConsenSys/fix-dynamic-link 1109 - Merge pull request [#108](https://github.com/ConsenSys/gnark-crypto/issues/108) from ConsenSys/perf/bls12381-pairing 1110 - Merge pull request [#106](https://github.com/ConsenSys/gnark-crypto/issues/106) from ConsenSys/improvement/field-inv-pornin20 1111 - Merge pull request [#105](https://github.com/ConsenSys/gnark-crypto/issues/105) from ConsenSys/field-from-json 1112 - Merge pull request [#83](https://github.com/ConsenSys/gnark-crypto/issues/83) from ConsenSys/experiment/BLS24 1113 - Merge pull request [#102](https://github.com/ConsenSys/gnark-crypto/issues/102) from ConsenSys/feat/plookup 1114 - Merge pull request [#97](https://github.com/ConsenSys/gnark-crypto/issues/97) from ConsenSys/feat-addchain 1115 - Merge pull request [#99](https://github.com/ConsenSys/gnark-crypto/issues/99) from ConsenSys/feat-addchain-expt 1116 1117 1118 <a name="v0.5.3"></a> 1119 ## [v0.5.3] - 2021-11-03 1120 ### Docs 1121 - updated CHANGELOG.md for v0.5.3 1122 1123 ### Feat 1124 - subgroup check optional in decoder, parallel checks on slices 1125 - added element.NewElement(v uint64) 1126 1127 ### Fix 1128 - **fp12:** compressed cyclotomic square (receiver == argument) 1129 1130 ### Perf 1131 - **bn:** faster G2 membership test 1132 1133 ### Style 1134 - cmp(zero) == -1 -> sign() == -1 1135 1136 ### Pull Requests 1137 - Merge pull request [#96](https://github.com/ConsenSys/gnark-crypto/issues/96) from ConsenSys/perf-decode-raw-points 1138 - Merge pull request [#95](https://github.com/ConsenSys/gnark-crypto/issues/95) from ConsenSys/perf/bn-g2-membership 1139 1140 1141 <a name="v0.5.2"></a> 1142 ## [v0.5.2] - 2021-10-26 1143 ### Build 1144 - updated CHANGELOG.md for v0.5.2 1145 - updated code generation with Projective parameter in Point 1146 - **templates:** homogenous projective coordinates for G1 (bw6) 1147 1148 ### Feat 1149 - add bandersnatch curve (twistedEdwards on bls12-381 with GLV) 1150 - linked info returned by ecc.Info with internal curve config package 1151 - added Bytes per field in ecc.info 1152 - added curveID.Info() which returns constants about a curve 1153 - moved element.Halve into templates 1154 - **bw6:** optimal Tate Miller loop with shared computations 1155 - **bw6-761:** opt. ate with shared squares and shared doublings (alg.2) 1156 1157 ### Fix 1158 - halve with full-bits moduli 1159 - **all twistedEdwards:** fix Add() in projective coordinates (issue 89) 1160 - **all twistedEdwards:** remove A as we assume A=-1 (issue 87) 1161 - **fiat-shamir:** added test to ensure len(challenge) > 0 1162 1163 ### Perf 1164 - Halve() directly on fp.Element 1165 - **all curves:** Halve() directly on fp.Element 1166 - **bn:** multiply ML external lines 2 by 2 (+multi-ML bench) 1167 - **wip:** Montgomery Rsh instead of mul by 1/2 1168 1169 ### Refactor 1170 - **templates:** unify twistedEdwards package across curves 1171 1172 ### Style 1173 - correct comments 1174 - factorize field info 1175 - fiat-shamir clean up 1176 - remove dead code (twoInv) 1177 - **tEdwards:** keep jubjub package for backward-compatibility 1178 - **tEdwards:** mulByA inside the package 1179 1180 ### Pull Requests 1181 - Merge pull request [#93](https://github.com/ConsenSys/gnark-crypto/issues/93) from ConsenSys/bandersnatch 1182 - Merge pull request [#90](https://github.com/ConsenSys/gnark-crypto/issues/90) from ConsenSys/fix/tEdwards-addProj-issue89 1183 - Merge pull request [#82](https://github.com/ConsenSys/gnark-crypto/issues/82) from ConsenSys/perf/bn254-ML 1184 - Merge pull request [#88](https://github.com/ConsenSys/gnark-crypto/issues/88) from ConsenSys/issue-87/twistedEdwards 1185 - Merge pull request [#81](https://github.com/ConsenSys/gnark-crypto/issues/81) from ConsenSys/ML/DoubleStep-Halve 1186 - Merge pull request [#77](https://github.com/ConsenSys/gnark-crypto/issues/77) from ConsenSys/BW6 1187 1188 1189 <a name="v0.5.1"></a> 1190 ## [v0.5.1] - 2021-09-21 1191 ### Build 1192 - remove unused code (nSquare Fp24) 1193 - replace go get by go install in CI workflow 1194 - make staticcheck happier 1195 - updated circleCI golang image 1196 1197 ### Docs 1198 - updated CHANGELOG.md with v0.5.1 release 1199 - highlight breaking change in twisted edwards and eddsa 1200 1201 ### Feat 1202 - reverted to non-asm field inverse 1203 - element.String() special path for uint64 and -uint64 values 1204 - added x86 assembly impl for field.Inverse 1205 - added element.IsUint64() 1206 - added element.Bit(..) to retrieve i-th bit in a field element 1207 - **Fp12:** implements the Karabina cyclotomic square in E12/E6 1208 - **Fp24:** implements the Karabina cyclotomic square in E24/E8 1209 - **Fp6:** implements the Karabina cyclotomic square in E6/E3 1210 - **e12:** implements batch decompression for karabina cyclo square 1211 - **e24:** implements batch decompression for karabina cyclo square 1212 - **experimental:** msm splits first chunk processing if scalar is on one word 1213 1214 ### Fix 1215 - use low c bits only for small values in msm 1216 1217 ### Perf 1218 - **bls12:** faster G2 membership (eprint 2021/1130 sec.4) 1219 - **bls12-377:** use asm MubBy5 as MulByNonResidue 1220 - **bls24:** mix Karabina+GS+BatchInvert for faster FinalExp (Expt) 1221 - **bw6-633:** fast GT-subgroup check 1222 1223 ### Pull Requests 1224 - Merge pull request [#76](https://github.com/ConsenSys/gnark-crypto/issues/76) from ConsenSys/msm-ones 1225 - Merge pull request [#75](https://github.com/ConsenSys/gnark-crypto/issues/75) from ConsenSys/feat/karabina 1226 1227 1228 <a name="v0.5.0"></a> 1229 ## [v0.5.0] - 2021-08-23 1230 ### Build 1231 - added pairing test to bls24-315 generation 1232 - added fft code gen for bls24-315 1233 - update github workflow with go 1.17 1234 - use 1.17rc2 golang while waiting for circleCI image 1235 - fix gosec unhandled errors warnings 1236 - ran go genearte for kzg on bw6-633 1237 - fix gofuzz target for kzg 1238 - prepare changelog for v0.5.0 1239 - re-ran go genearte 1240 - go mod tidy 1241 - add bls24-315 to fiat-shamir and to readme 1242 - added ecc code gen for bls24-315 1243 - replace fr.Bytes in mimc blocksize 1244 - added eddsa code gen for bls24-315 1245 - added twisted edward codegen for bls24-315 1246 - added mimc to code gen path for bls24-315 1247 - added kzg code generation for bls24-315 1248 - re-ran go:generate 1249 - make staticcheck happier 1250 - **bw6-633:** remove twistededwards until script finds coeff 1251 1252 ### Clean 1253 - **kzg:** NewSRS returns error if size < 2 1254 1255 ### Cleanup 1256 - kzg.Scheme fft.Domain moved into methods that needs it only 1257 1258 ### Doc 1259 - fix eddsa Bytes doc to indicate returned bytes slice is in compressed form 1260 1261 ### Docs 1262 - fix go report card link 1263 - updated readme with go1.17 1264 - update ecc.md 1265 - add bls24/bw6 to the implemented curves func and doc 1266 - update readme with bw6-633 1267 - cosmetics and minor fixes 1268 - added EdDSA godoc example 1269 - added missing original copyright in merkletree pacakage + package doc 1270 - most package now have a package level doc 1271 - added fft package level doc 1272 - formated and expanded package godoc for field elements 1273 1274 ### Feat 1275 - added Reference benchamrk for continuous benchmarking. fixes [#54](https://github.com/ConsenSys/gnark-crypto/issues/54) 1276 - added curve level go-fuzz fuzz function 1277 - added ecc.utils.NextPowerOfTwo used in fft and kzg 1278 - kzg Commit takes an optional CPUSemaphore 1279 - MultiExp now takes a ecc.MultiExpConfig to set the CPUSemaphore and scalars repr 1280 - MultiExp returns error if len(points) != len(scalars) 1281 - package doc is not mixed with code generation but inside a dedicated template for better formating and maintenance 1282 - added Bytes() method on Digest (polynomial commitment) 1283 - added ecc.Implemented() that returns list of curve fully implemented 1284 - added code gen for modified fft 1285 - init bw6-633 curve 1286 - added Marshal() in field elements. Simplified interfaces in polynomial/ 1287 - addition of kzg for bn254 1288 - kzg NewSRS takes alpha as big.Int 1289 - kzg.SRS is a separate struct 1290 - affine add, remove digest methods 1291 - kzg is now strongly typed with the curve 1292 - removed mock commitment 1293 - added Clone() method on Digests 1294 - addition of kzg for all curves + tests OK 1295 - save allocation when possible when adding 2 polynomials 1296 - ecc encoder now handles []Element so gnark don't have to 1297 - ecc encoders uses binary.Write and binary.Read to support basic types 1298 - added ecc.Implemented() that returns list of curve fully implemented 1299 - added Reference benchmarks for continuous benchmarking. fixes [#54](https://github.com/ConsenSys/gnark-crypto/issues/54) 1300 - added curve level go-fuzz fuzz functions 1301 - **all curves:** faster GT membership 1302 - **twisted Edwards:** tests use gopter, no more hardcoded values 1303 1304 ### Fix 1305 - CommitmentScheme interface matches kzg and mockCommitment 1306 - fixed staticchek 1307 - fixes [#37](https://github.com/ConsenSys/gnark-crypto/issues/37) 1308 - fixed some errors handling in transcript.go 1309 - fixed unhandled errors (G104) 1310 - fixed conflicts 1311 - handled error pointed by gosec (Fiat Shamir) 1312 - h function is reset after deriving a challenge 1313 - kzg.dividePolyByXminusA doesn't need the fft domain 1314 - fixed fft cosets, tests OK + code gen 1315 - kzg srs size in benchmarks 1316 - restored kzg 1317 - removed old version of polynomials using interface in bw6-633 1318 - fixed Domain serialization 1319 - kzg return type more homogeneous 1320 - mock Digest ScalarMul didn't modify the caller 1321 - fft with coset is now thread safe. style adjustements in code 1322 - e2 x86 asm incorrect offset when x is 0 1323 - fixes [#49](https://github.com/ConsenSys/gnark-crypto/issues/49) 1324 - proper error handling for polynomial commitments + code gen 1325 - remove Code generated comments in bls24/internal which is not generated 1326 - fixes [#51](https://github.com/ConsenSys/gnark-crypto/issues/51) 1327 - use crypto/rand instead of math/rand in ecc/../utils.go 1328 - kzg serilization test comparing address instead of value 1329 - **all curves:** IsInSubGroup shouldn't test E12 elements but GT 1330 - **bls12-377:** fix coefficients for Shallue-van de Woestijne hash-to-G2 1331 - **bls24-315:** E2 Mul + no template 1332 - **bw6:** use crypto/rand instead of math/rand 1333 - **bw6:** add GenBigInt and rename utils_test.go to utils.go 1334 - **bw6:** use crypto/rand instead of math/rand 1335 - **bw6-633:** fft 1336 - **bw6-633:** fix final exp 1337 - **bw6-633:** correct coefficients in SWU hash-to-curve 1338 - **bw6-633:** clear cofactor and subgroup membership for G1 and G2 1339 - **bw6-633:** GLV when fr.Limbs is odd 1340 - **kzg:** alpha generation is up to the caller when calling NewScheme 1341 - **kzg:** incorrect poly size in Open 1342 - **msm:** seems doing the inner msm sequentially with little available cpus is bad idea 1343 - **template:** IsInSubGroup shouldn't test E12 elements but GT 1344 - **template:** include GLV case when fr.Limbs is odd 1345 - **template:** code generation for bw6-633 eddsa 1346 - **template:** fix MapToCurve test 1347 - **template:** cyclotomic suqare test 1348 - **template:** Expt test to include negative seed 1349 - **templates:** no psi for bw6 endomorphism test 1350 - **twisted Edwards:** fixed Neg(), and fixes [#57](https://github.com/ConsenSys/gnark-crypto/issues/57) 1351 1352 ### Perf 1353 - minor perf improvments in bw6 tower 1354 - minor serialization chaanges in kzg 1355 - **all curves:** twisted Edwards companions arithmetic with a=-1 1356 - **bls12:** faster G2 clear cofactor 1357 - **bls12:** faster G2 subgroup checks --> psi^2=phi+1 1358 - **bls12:** faster G2 subgroup checks 1359 - **bls12-377:** remove one add, one sub in e2.Square 1360 - **bn:** optimize Expt (no conditional branching) 1361 - **bn254:** Expt in 2-NAF 1362 - **bw6:** replace Inverse and FrobeniusCube by conjugate 1363 - **bw6:** new optimized final exp (hard part) 1364 - **bw6-633:** divide G1 cofactor formula by 4 1365 - **bw6-633:** optimized hard part in final exp 1366 - **fft:** introduced flatten kernel for n==8 and asm impl for butterfly to minimize memory writes 1367 1368 ### Refactor 1369 - removed deprecated MulAssign, AddAssign and SubAssign apis 1370 - moved crypto/* under / 1371 - ported accumulator/ and polynomial/ from gnark 1372 - moved fr/polynomial/kzg to fr/kzg 1373 - ported mock commitment scheme from gnark 1374 - moved duplicated ecc/xxx/CPUSemaphore to ecc/ 1375 - remove dead code in pairing 1376 - BatchJacobianToAffineG1Affine -> BatchJacobianToAffineG1 1377 - removed hash functions recorded in transcript.go 1378 - ./crypto/fiat-shamir --> ./fiat-shamir/ 1379 - **bls12-377:** change G1 generator to match other libs 1380 - **bls12-377:** change G2 generator (+Fp QNR) to match other libs 1381 - **bls12-377:** remove unused sync.Pool in pairing 1382 - **bw6:** Pairing according to ABLR 2013/722 with Fp6/Fp3 1383 - **kzg:** Proof -> OpeningProof. BatchProofsSinglePoint -> BatchOpeningProof 1384 - **kzg:** removed Scheme, package level methods with SRS and domain as parameter 1385 1386 ### Style 1387 - replaced conditionals with template variable to return fuzzed element 1388 - gopter generators are code generated and return values. siimplifies non-sense in templates 1389 - cleaner error message in Element.SetInterface 1390 - cosmetics 1391 - code cleaning in kzg 1392 - go fmt 1393 - code cleaning in polynomial and kzgé 1394 - clean comments 1395 - ComputeChallenge error re-indent 1396 - **fft:** use close(chan) 1397 - **kzg:** cosmetics 1398 - **kzg:** cosmetics 1399 1400 ### Test 1401 - added mulGeneric vs mul assembly on E2 in bn254 and bls12-381 1402 - bls24-315 added mulGeneric vs mulAsm E2 test 1403 - **all curves:** test endomorphisms phi and psi 1404 - **curves:** use IsInSubGroup instead IsOnCurve MapToCurveG1Svdw test 1405 - **template:** include bw6 in pairing_test.go 1406 1407 ### Tests 1408 - added e2.Neg test in code generation 1409 1410 ### Pull Requests 1411 - Merge pull request [#70](https://github.com/ConsenSys/gnark-crypto/issues/70) from ConsenSys/develop 1412 - Merge pull request [#68](https://github.com/ConsenSys/gnark-crypto/issues/68) from ConsenSys/fft-cleanup 1413 - Merge pull request [#64](https://github.com/ConsenSys/gnark-crypto/issues/64) from ConsenSys/feat/bw6-633 1414 - Merge pull request [#65](https://github.com/ConsenSys/gnark-crypto/issues/65) from ConsenSys/feat/kzgserialization 1415 - Merge pull request [#63](https://github.com/ConsenSys/gnark-crypto/issues/63) from ConsenSys/feat/kzg_update 1416 - Merge pull request [#61](https://github.com/ConsenSys/gnark-crypto/issues/61) from ConsenSys/feat/bls24-315 1417 - Merge pull request [#59](https://github.com/ConsenSys/gnark-crypto/issues/59) from ConsenSys/ci/fuzzandbench 1418 - Merge pull request [#58](https://github.com/ConsenSys/gnark-crypto/issues/58) from ConsenSys/refactor/bw6-761-pairing 1419 - Merge pull request [#55](https://github.com/ConsenSys/gnark-crypto/issues/55) from ConsenSys/feat/GT-membership 1420 - Merge pull request [#48](https://github.com/ConsenSys/gnark-crypto/issues/48) from ConsenSys/feat/kzg 1421 - Merge pull request [#50](https://github.com/ConsenSys/gnark-crypto/issues/50) from ConsenSys/fix/fft 1422 - Merge pull request [#46](https://github.com/ConsenSys/gnark-crypto/issues/46) from ConsenSys/fix/domain_precompute 1423 - Merge pull request [#45](https://github.com/ConsenSys/gnark-crypto/issues/45) from ConsenSys/hotfix/issue_36 1424 - Merge pull request [#44](https://github.com/ConsenSys/gnark-crypto/issues/44) from ConsenSys/feat/mul_by_13 1425 - Merge pull request [#42](https://github.com/ConsenSys/gnark-crypto/issues/42) from ConsenSys/feat/fiat_shamir 1426 - Merge pull request [#41](https://github.com/ConsenSys/gnark-crypto/issues/41) from ConsenSys/docs/godoc 1427 1428 1429 <a name="v0.4.0"></a> 1430 ## [v0.4.0] - 2021-03-31 1431 ### Build 1432 - updated go.mod 1433 - updated CI and go.mod files 1434 - updated to latest goff 1435 - updated goff to fix incorrect min stack size 1436 - fix slack notification 1437 - added .gitlint file 1438 - run on develop and master only 1439 - test on more archs and targets 1440 - faster path for testing.Short. remove some dead code 1441 - make staticcheck happy, remove dead code 1442 - added github action workflow, wip 1443 1444 ### Ci 1445 - install asmfmt before test step, now that goff field generation tests are included 1446 - move dep install up 1447 - ignore G204 rule in gosec (process lauched with var) 1448 - testing pr on develop with go 1.15 and go 1.16 1449 1450 ### Docs 1451 - added changelog for v0.4.0 1452 - add ecc/ecc.md and field/field.md 1453 - updated README.md 1454 - updated package doc 1455 1456 ### Feat 1457 - msm in full extJac 1458 - use add extJac to sum buckets 1459 - e2 bls381 asm mul clean 1460 - e2 asm bls381 square clean 1461 - bls381 e2 asm mul by non residue clean up 1462 - first step in clobbered bp refactor. e2 asm: bn256 stable, bls381 wip 1463 - use add extJac to sum buckets 1464 1465 ### Fix 1466 - handle case where numCPU < 4 in precomputeExpTable 1467 - incorrect comment and size returned in twistededwards SetBytes fixes [#34](https://github.com/ConsenSys/gnark-crypto/issues/34) 1468 - point.SetBytes can now be called concurently with same byte slice input 1469 1470 1471 ### Perf 1472 - delay coordinates conversion 1473 - delay coordinates conversion 1474 1475 ### Refactor 1476 - moved interop tests under github.com/consensys/gnark-tests 1477 - cosmetics 1478 - gurvy -> gnark-crypto 1479 - bls381 -> bls12-381, bls377 -> bls12-377 1480 - curve -> ecc 1481 - moved utils/ into curve/ 1482 - e2_bn256 --> e2_bn254 1483 - moved gurvy.go into curve/curve.go 1484 - renamed BN256 to BN254 1485 - moved curves under curve/ 1486 - migrated gnark/polynomial under fr/ 1487 - ported mimc and eddsa from gnark 1488 - factorized parallelize function and moved asm/amd64 into tower package 1489 - cleaning internal/generator pattern 1490 - checkpoint 1491 - migrated gnark/backend/fft into fft/ 1492 - migrated goff packages into /field/... 1493 - moved curves into /curve/... 1494 1495 ### Style 1496 - consistent copyright holder and year 1497 - remove some empty lines 1498 - rename point bench functions 1499 - refactor reduceAfterSub... to modReduce... 1500 - rename point bench functions 1501 1502 ### Pull Requests 1503 - Merge pull request [#35](https://github.com/ConsenSys/gnark-crypto/issues/35) from ConsenSys/refactor/monorepo 1504 - Merge pull request [#33](https://github.com/ConsenSys/gnark-crypto/issues/33) from ConsenSys/msm/full-extJac 1505 - Merge pull request [#32](https://github.com/ConsenSys/gnark-crypto/issues/32) from ConsenSys/fix/clobbered_bp 1506 1507 1508 <a name="v0.3.8"></a> 1509 ## [v0.3.8] - 2021-02-01 1510 ### Bls377 1511 - final exp hard part eprint 2020/875 1512 - ML entirely on the twist (ABLR) 1513 - ML entirely on the twist (ABLR) 1514 1515 ### Bls381 1516 - final exp hard part eprint 2020/875 1517 - no precompute and go routines in pairing, wip 1518 - ML entirely on the twist (ABLR) 1519 - ML entirely on the twist (ABLR) 1520 - change G1 and G2 generators for interop 1521 1522 ### Bn256 1523 - inline lineEval() in MilleLoop 1524 - ML entirely on the twist (ABLR) 1525 - change G1 and G2 generators for interop 1526 1527 ### Bw6 1528 - add E6 tests 1529 - correct comments in FinalExp 1530 - add pairing tests 1531 - go fmt 1532 - fix bw6 pairing API to take slices of points and mutualize squares 1533 - go fmt 1534 - fix bw6 pairing API to take slices of points and mutualize squares 1535 1536 ### Bw761 1537 - change G1 and G2 generators for interop 1538 - PairingCheck API + ML bench 1539 - PairingCheck API + ML bench 1540 1541 ### Curves 1542 - get rid of goroutines in ML 1543 - g1/g2 template add proj to jac conversion 1544 - get rid of goroutines in ML 1545 - g1/g2 template add proj to jac conversion 1546 1547 ### Fp12 1548 - improved cyclotomicSquare 1549 1550 ### Fp6 1551 - cyclotomic square in Expt() 1552 1553 ### TwistedEdwards 1554 - addition of Marshal/Unmarshal+tests, addition of templates, modified GetEdwardsCurve to not expose order (in big.Int) 1555 1556 ### Pull Requests 1557 - Merge pull request [#29](https://github.com/ConsenSys/gnark-crypto/issues/29) from ConsenSys/youssef/bls12-finalExp 1558 - Merge pull request [#27](https://github.com/ConsenSys/gnark-crypto/issues/27) from ConsenSys/experimental/pairing 1559 - Merge pull request [#26](https://github.com/ConsenSys/gnark-crypto/issues/26) from ConsenSys/youssef/ML-ABLR 1560 - Merge pull request [#25](https://github.com/ConsenSys/gnark-crypto/issues/25) from ConsenSys/csquare 1561 - Merge pull request [#23](https://github.com/ConsenSys/gnark-crypto/issues/23) from ConsenSys/youssef/bw6-API-pairing 1562 1563 1564 <a name="v0.3.7"></a> 1565 ## [v0.3.7] - 2021-01-04 1566 1567 <a name="v0.3.6"></a> 1568 ## [v0.3.6] - 2020-12-22 1569 ### Bls377 1570 - multiple MillerLoops 1571 1572 ### Bls381 1573 - PairingCheck func for eth precompile 1574 - 1 MillerLoop func + error handling 1575 - fix MillerLoop (negative seed -> conjugate) 1576 - optimize the final exp hard part (alg2) 1577 - added e2.Mul x86 asm impl. sort of. 1578 - e2 --> added x86 asm impl for squaring 1579 - reverted result.Conjugate in pairing to previous (correct) version 1580 - fix build on non amd64 1581 - fix pairing interop test 1582 - added asm impl for MulByNonResidue 1583 - minor adjustements, wip 1584 - minor adjustements, wip 1585 - added bench in interop 1586 - added failing interop test 1587 - added scalar mul interop tests 1588 - more interop test on GT serialization 1589 1590 ### Bls831 1591 - multiple MillerLoops error handling 1592 1593 ### Bn256 1594 - multiple miller loops 1595 1596 ### Bw761 1597 - added e6 Bytes() and SetBytes() 1598 1599 ### Circleci 1600 - ignoring .s files when checking generate output 1601 1602 ### Feat 1603 - **bls381:** generalize tripleML to xML 1604 - **bls381:** factorize sq in 3 ML products 1605 1606 ### Fix 1607 - substitute == by Equal in e12 1608 - substitute == by Equal in e12 1609 1610 ### Marshal 1611 - len slice of points encoded on uint32 instead of uint64. 1612 - remove unecessary buffer allocatiosn in loop, added benchmark for e2.Sqrt 1613 - added BytesRead and BytesWritten to Decoder and Encoder objects 1614 1615 ### MultiExp 1616 - the function must be called from an affine point and return an affine poitn 1617 1618 ### Template 1619 - pairing test 1620 1621 ### Templates 1622 - Set func in g1/2 1623 - fix PairingCheck test 1624 - pairing tests 1625 - correct EFD URL in comments (g*p -> g1p) 1626 1627 ### Unmarshal 1628 - now perfoms subgroup check when deserializing points 1629 1630 ### Wip 1631 - added Bytes() and SetBytes() method on point with binary encoding and optional point compression 1632 1633 ### Pull Requests 1634 - Merge pull request [#21](https://github.com/ConsenSys/gnark-crypto/issues/21) from ConsenSys/youssef/MillerLoops 1635 - Merge pull request [#19](https://github.com/ConsenSys/gnark-crypto/issues/19) from ConsenSys/cleanup 1636 1637 1638 <a name="v0.3.5"></a> 1639 ## [v0.3.5] - 2020-10-19 1640 ### Bls377 1641 - re-exposing GT.MulByXXX methods needed by gnark standard library 1642 1643 1644 <a name="v0.3.4"></a> 1645 ## [v0.3.4] - 2020-10-19 1646 ### Curves 1647 - curve coeff b is package private 1648 1649 ### Multiexp 1650 - renamed MultiExpOpt to CPUSemaphore, and remove data race on the window size attribute. Made staticcheck and linter happy. 1651 1652 1653 <a name="v0.3.3"></a> 1654 ## [v0.3.3] - 2020-09-23 1655 1656 <a name="v0.3.0"></a> 1657 ## [v0.3.0] - 2020-09-22 1658 1659 <a name="v0.3.0-alpha"></a> 1660 ## [v0.3.0-alpha] - 2020-09-15 1661 ### BatchJacobianToAffine 1662 - don't allocate new slice to store product, use affine storage space instead 1663 1664 ### Bn256 1665 - added test to ensure e2 mul and square assembly impl matches generic ones 1666 - enabled inlined call to wrappers E2.Mul and E2.Square making G2 point addition 10% faster 1667 1668 ### Circleci 1669 - test only main point ops on 32 bit path 1670 - added -short option to tests to skip long or memory greedy tests 1671 1672 ### Curve 1673 - added BatchJacobianToAffine using montgomery batch inversion for G1 elements. Skipping G2 on this one 1674 1675 ### Curves 1676 - Generators() now return generators of the r-torsion group in Jacobian coordinates 1677 - added Generators() getter on all curves. Added BatchScalarMultiplication method with test 1678 - cleanup unused parameters for old scalar multiplication 1679 1680 ### MultiExpOptions 1681 - takes a semaphore (channel) of cpu instead of number of cpus 1682 - fix previous commit. 1683 1684 ### Multiexp 1685 - PartitionScalars is now private. CPU semaphore has a lock that's release when all go routines are scheduled in the multiexp 1686 - PartitionScalars now takes MultiExpOptions as optional argument too 1687 - now optionally takes choice of c, max cpus to use, and indicates if scalars are already preprocessed 1688 - code clean up. BatchScalarMultiplication now select window size depending on input length 1689 - renamed ScalarsToDigit to PartitionScalars 1690 - refactored ScalarsToDigit method so that duplicated code in multiExpcXX methods is largely reduced to allocating buckets on the stack 1691 - remove c=20 as it timeouts test on circle ci for now 1692 - api is now sync, like the rest of gx.go apis. 1693 - less samples in generated tests, bw761 generates less multiExp variant of c 1694 - added comments in code. still a lot (too much) template generated and duplicated code 1695 - taking into account available CPUs. slightly better extended addition formula. moved multi exp tests into their own function 1696 - wip, reverting to c divides 64 1697 - wip, added preprocessing of scalars to compute digits in the bucket method 1698 - remove test of c18 that seems to timeout 1699 - cosmetics and documentation 1700 - clean up bucket method, with 30percent gain on bn256 G1. WIP 1701 1702 ### Pairing 1703 - sender closes channel, not receiver 1704 1705 ### Points 1706 - made p.Neg() inlinable 1707 1708 ### ScalarsToDigits 1709 - reused method in BatchScalarMultiplication 1710 1711 ### UnsafeFromJacExtended 1712 - cosmetic, doc update 1713 1714 1715 <a name="v0.2.0"></a> 1716 ## [v0.2.0] - 2020-08-04 1717 ### Bls381 1718 - removed multi exp garbage, cleaned the tests using gopter 1719 - tests for the pairing use gopter, fixed String() on g1, g2 (thanks the templates again), implemented simple double and add for g1 and g2 using big.Int 1720 - got rid of the curve structure 1721 1722 ### Circleci 1723 - ensures that generated files are not hand modified 1724 - ensures that generated files are not hand modified. 1725 - new workflow with more insight on unit tests 1726 1727 ### Develop 1728 - skip Expt tests for now because the testpoint is not in the cyclotomic subgroup 1729 - merge refactor-api; resolve merge conflicts, TestE12Expt failing for some reason 1730 1731 ### WIP 1732 - optimized Miller loop 1733 1734 ### Pull Requests 1735 - Merge pull request [#11](https://github.com/ConsenSys/gnark-crypto/issues/11) from ConsenSys/refactor-cyclotomicsquare 1736 - Merge pull request [#10](https://github.com/ConsenSys/gnark-crypto/issues/10) from ConsenSys/refactor-constants 1737 - Merge pull request [#5](https://github.com/ConsenSys/gnark-crypto/issues/5) from ConsenSys/experimental-pairing-gen 1738 - Merge pull request [#4](https://github.com/ConsenSys/gnark-crypto/issues/4) from ConsenSys/endomul-remove 1739 1740 1741 <a name="v0.1.1"></a> 1742 ## [v0.1.1] - 2020-04-08 1743 1744 <a name="v0.1.0"></a> 1745 ## [v0.1.0] - 2020-04-07 1746 ### Pull Requests 1747 - Merge pull request [#2](https://github.com/ConsenSys/gnark-crypto/issues/2) from ConsenSys/develop 1748 1749 1750 <a name="v0.0.1"></a> 1751 ## v0.0.1 - 2020-03-23 1752 1753 [v0.11.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.11.0...v0.11.1 1754 [v0.11.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.10.0...v0.11.0 1755 [v0.10.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.1...v0.10.0 1756 [v0.9.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.0...v0.9.1 1757 [v0.9.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.8.0...v0.9.0 1758 [v0.8.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.7.0...v0.8.0 1759 [v0.7.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.6.1...v0.7.0 1760 [v0.6.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.6.0...v0.6.1 1761 [v0.6.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.3...v0.6.0 1762 [v0.5.3]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.2...v0.5.3 1763 [v0.5.2]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.1...v0.5.2 1764 [v0.5.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.5.0...v0.5.1 1765 [v0.5.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.4.0...v0.5.0 1766 [v0.4.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.8...v0.4.0 1767 [v0.3.8]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.7...v0.3.8 1768 [v0.3.7]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.6...v0.3.7 1769 [v0.3.6]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.5...v0.3.6 1770 [v0.3.5]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.4...v0.3.5 1771 [v0.3.4]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.3...v0.3.4 1772 [v0.3.3]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.0...v0.3.3 1773 [v0.3.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.3.0-alpha...v0.3.0 1774 [v0.3.0-alpha]: https://github.com/ConsenSys/gnark-crypto/compare/v0.2.0...v0.3.0-alpha 1775 [v0.2.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.1.1...v0.2.0 1776 [v0.1.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.1.0...v0.1.1 1777 [v0.1.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.0.1...v0.1.0