Releases: Consensys/gnark-crypto
Releases · Consensys/gnark-crypto
v0.9.1
What's Changed
- Add STARK curve by @yelhousni in #299
- feat: Add ECDSA by @yelhousni in #310
- feat: introduce field.Vector by @gbotrel in #311
- fix: number of rounds for mimc by @yelhousni in #320
- nuke element.Bit() fixes #306 by @gbotrel in #331
- feat: iop arguments by @ThomasPiellard in #282
- fix: mimc pow7 by @Tabaie in #333
- perf: gkr improvements by @gbotrel in #328
- perf: gkr improvements by @Tabaie in #319
- field agnostic fiat shamir challenge names by @Tabaie in #308
- feat: add Vector support to ecc marshal encoder by @gbotrel in #336
- bn254 mimc test vector by @Tabaie in #323
Full Changelog: v0.9.0...v0.9.1
Contributors
gbotrel, Tabaie, and 2 other contributors
Assets 2
v0.9.0
What's Changed
New features
- GKR by @Tabaie in #243
- Efficiently verifiable Pedersen commitments by @Tabaie in #266
- secp256k1 curve by @yelhousni in #277
element.SetBytesCanonical,element.BigEndianandelement.LittleEndianby @gbotrel in #286
Performance
- MSM uses batch affine addition (up to 60% speedup 🎉 ) by @gbotrel in #261
- Faster G2 subgroup membership on BN254 by @yelhousni in #251
- arm64,purego: field arithmetic mul for arm64 and cleanup build tags by @gbotrel in #257
Refactor and cleanup
- Field package exposes Hash by @Tabaie in #271
- Remove
internal/dependencies in field generated code by @gbotrel in #287 - Removes
FromMontandToMontfromfield.Elementapi by @gbotrel in #288 - ToBigIntRegular is deprecated, introduce BigInt method by @gbotrel in #290
Fixes
- MiMC reasons with p-digits block by @ThomasPiellard in #265
Full Changelog: v0.8.0...v0.9.0
Contributors
gbotrel, Tabaie, and 2 other contributors
Assets 2
v0.8.0
[v0.8.0] - 2022-08-03
This version was partially audited by Kudelski Security for the Algorand Foundation. (TODO insert report link).
The scope of the audit covered bn254 and bls12-381 packages (including field arithmetic).
Feat
- field/goldilocks (more efficient 1-limb modulus arith) (#177)
- field/generator suppors 1-limb modulus (#175)
- field.SetRandom zero-alloc uniform sampling
- E6/E12/E24: GT torus-based batch compression/decompression
- fri: modified challenge generation so it fits in a snark variable
- fri: added check of correctness between rounds
Fix
- Handle edge case in Karabina decompression (#219)
- check nbTasks config when running msm, test all possible c-bit windows in when testing.Short not set) (#226)
- element.SetString(_) returns error if invalid input instead of panic
- expand_msg_xmd copy bug, a few tests (#201)
- closes #199. Correct bound in eddsa key gen template
Perf
- remove unecessary inverse in KZG-verify
- faster GLV scalar decompostion
Refactor & Docs
- moved consensys/goff into field/goff (#204)
- clean comments in curves (#193)
- remove dead code (#230)
- cosmetic changes (#197)
- replace modulus generated by constants, add zero-alloc SetRandom (#194)
- remove uneeded x86 asm and files (#192)
- polish readme.md with updated godoc subpackage links (#235)
- acknowledge that inv(0)==0 in comments as a convention (#233)
- added note in pairing godoc - doesn't check inputs are in correct subgroup (#231)
- add security estimates of implemented curves in comments
Test
- fix #205 - msm bench with different bases (#206)
- vectors generated using https://github.com/armfazh/h2c-go-ref
- all curves: compress/decompress pairing result
Pull Requests
- Merge pull request #232 from ConsenSys/docs/comments
- Merge pull request #229 from ConsenSys/update_deps
- Merge pull request #227 from ConsenSys/fix/element_setstring
- Merge pull request #228 from ConsenSys/fix/race/test
- Merge pull request #224 from ConsenSys/refactor/scalarmul
- Merge pull request #220 from ConsenSys/perf/kzg-verify
- Merge pull request #223 from ConsenSys/doc/security-estimates-curves
- Merge pull request #216 from ConsenSys/feat/poly
- Merge pull request #217 from ConsenSys/string-utils
- Merge pull request #213 from ConsenSys/perf/glv
- Merge pull request #129 from ConsenSys/feat/GT-compression
- Merge pull request #209 from ConsenSys/codegen/svdw-not-e4
- Merge pull request #203 from ConsenSys/tests/bn254-vectors
- Merge pull request #196 from ConsenSys/patch/hashToFpGeneric
- Merge pull request #202 from ConsenSys/gbotrel/issue199
- Merge pull request #200 from tyGavinZJU/develop
- Merge pull request #85 from ConsenSys/feat/fri
v0.6.1
[v0.6.1] - 2022-02-15
Feat
- MiMC has no "seed" parameter and now uses Miyaguchi Preneel construction
- FFT cosets uses full two-adicity, Plookup, KZG and permutation modified accordingly
- twistededwards: Extended coordinates (a=-1) (faster, not complete)
- bls24-315: faster G2 membership test
Pull Requests
- Merge pull request #152 from ConsenSys/feat/clean_kzg
- Merge pull request #145 from ConsenSys/fix/fft_cosets
- Merge pull request #147 from ConsenSys/sswu-fp-generic-rebased
- Merge pull request #146 from ConsenSys/perf-mimc-constants
- Merge pull request #144 from ConsenSys/constant-time-equals
- Merge pull request #125 from ConsenSys/fix/mimc_miyaguchipreneel
- Merge pull request #143 from ConsenSys/feat/cmov
- Merge pull request #140 from ConsenSys/inv(0)=0
- Merge pull request #110 from ConsenSys/feat/tEd-extended
- Merge pull request #123 from ConsenSys/perf/BLS24-G2-IsInSubGroup
v0.6.0
[v0.6.0] - 2021-12-22
Feat
- plookup: added plookup lookup proof
- field: generate optimized addition chains for Sqrt & Legendre exp functions
- field: added field.SetInt64, support for intX and uintX #109
- field: added UnmarshalJSON and MarshalJSON on fields
- field: added field.Text(base) to return field element string in a given base, like big.Int
- field: field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16)
- kzg: test tampered proofs whith quotient set to zero
- bls24: Fp-Fp2-Fp4-Fp12-Fp24 tower
Fix
- fixes #104 code generation for saturated modulus like secp256k1 incorrect. added secp256k1 test
Perf
- field inverse is ~30-70% faster (implements Pornin's optimizations)
- bls12-381: faster Miller loop (sparse-sparse mul)
- bls12-381: faster final exp (faster expt)
- bn254: better short addition chain for Expt()
- bn254: addchain with max squares (weighting mul x2.6 cyclosq)
Pull Requests
- Merge pull request #111 from ConsenSys/field-intX-support
- Merge pull request #114 from ConsenSys/fix-dynamic-link
- Merge pull request #108 from ConsenSys/perf/bls12381-pairing
- Merge pull request #106 from ConsenSys/improvement/field-inv-pornin20
- Merge pull request #105 from ConsenSys/field-from-json
- Merge pull request #83 from ConsenSys/experiment/BLS24
- Merge pull request #102 from ConsenSys/feat/plookup
- Merge pull request #97 from ConsenSys/feat-addchain
- Merge pull request #99 from ConsenSys/feat-addchain-expt
v0.5.3
[v0.5.3] - 2021-10-30
Feat, perf
- all curves: subgroup check optional in decoder (default = true), and is done in parallel when unmarshalling slices of points #96
- bn254: faster G2 membership test #95
- added element.NewElement(v uint64) convenient API
Fix
- fp12: compressed cyclotomic square (receiver == argument)
v0.5.2
[v0.5.2] - 2021-10-26
Fix
- all twistedEdwards: fix Add() in projective coordinates (issue #89 )
- fiat-shamir: added test to ensure len(challenge) > 0
Feat
- bw6: optimal Tate Miller loop with shared computations
- bw6-761: opt. ate with shared squares and shared doublings (alg.2)
- add bandersnatch curve (twistedEdwards on bls12-381 with GLV)
- added curveID.Info() which returns constants about a curve
- added element.Halve()
Perf
- bn: multiply ML external lines 2 by 2 (+multi-ML bench)
Refactor
- templates: unify twistedEdwards package across curves
Pull Requests
- Merge pull request #93 from ConsenSys/bandersnatch
- Merge pull request #90 from ConsenSys/fix/tEdwards-addProj-issue89
- Merge pull request #82 from ConsenSys/perf/bn254-ML
- Merge pull request #88 from ConsenSys/issue-87/twistedEdwards
- Merge pull request #81 from ConsenSys/ML/DoubleStep-Halve
- Merge pull request #77 from ConsenSys/BW6
v0.5.1
[v0.5.1] - 2021-09-21
Pull Requests
Feat
- added element.IsUint64()
- element.String() special path for uint64 and -uint64 values
- added element.Bit(..) to retrieve i-th bit in a field element
- Fp12: implements the Karabina cyclotomic square in E12/E6
- Fp24: implements the Karabina cyclotomic square in E24/E8
- Fp6: implements the Karabina cyclotomic square in E6/E3
- e12: implements batch decompression for karabina cyclo square
- e24: implements batch decompression for karabina cyclo square
- experimental: msm splits first chunk processing if scalar is on one word
Perf
- bls12: faster G2 membership (eprint 2021/1130 sec.4)
- bls12-377: use asm MubBy5 as MulByNonResidue
- bls24: mix Karabina+GS+BatchInvert for faster FinalExp (Expt)
- bw6-633: fast GT-subgroup check
v0.4.0 - gurvy -> gnark-crypto
[v0.4.0] - 2021-03-31
Refactor
- gurvy -> gnark-crypto
- moved interop tests under github.com/consensys/gnark-tests
- bls381 -> bls12-381
- bls377 -> bls12-377
- bn256 -> bn254
- migrated MiMC and EdDSA from gnark into gnark-crypto
- migrated gnark/backend/fft into gnark-crypto
- migrated goff packages into ./field/...
- cleaning internal/generator pattern
Ci
- testing with go 1.15, go 1.16 on Windows, MacOS, Linux (+arch=32bits)
Docs
- added ecc/ecc.md and field/field.md
Feat
- multiExp in full extended jacobian coordinates
Fix
- handle case where numCPU < 4 in precomputeExpTable
- incorrect comment and size returned in twistededwards SetBytes fixes #34
- point.SetBytes can now be called concurently with same byte slice input
[v0.3.8] - 2021-02-01
Bls377
- final exp hard part eprint 2020/875
- ML entirely on the twist (ABLR)
Bls381
- final exp hard part eprint 2020/875
- ML entirely on the twist (ABLR)
- change G1 and G2 generators for interop
Bn256
- inline lineEval() in MilleLoop
- ML entirely on the twist (ABLR)
- change G1 and G2 generators for interop
Bw6
- add E6 and pairing tests
- correct comments in FinalExp
- fix bw6 pairing API to take slices of points and mutualize squares
- change G1 and G2 generators for interop