v0.15.0

What's Changed

Features

• Eisenstein integers (#543).
• Poseidon2 (#553).
• BabyBear and KoalaBear fields: 31-bit vanilla Go implementation (#558, #577).
• FFLonK (#498).
• KZG MPC setup (#589).
• Hash registry with state storer (#564).
• Miller loop with direct sextic extension (BW6-761) (#608).

Performance Improvements

• Add assembly implementations: Vector::Add, Sub, and ScalarMul (purego included) (#536).
• AVX512 optimizations: vector.Sum, vector.InnerProduct + assembly refactor (#547).
• AVX512 vector operations: KoalaBear and BabyBear fields (#568).
• ARM64 assembly optimizations: 4 and 6 words modulus (#554).
• ARM NEON assembly: KoalaBear and BabyBear fields (#588).
• Subgroup check optimizations (#557).
• SetBytes performance: Avoids allocations in non-fast paths (#599).

Fixes

• Polynomial evaluation (#539).
• Shplonk Buffer sizing (#551).
• Typos (#562, #610).
• Comment and variable naming fixes (#603).

Refactors

• Removed curves: BLS12-378 and BW6-756 (#534).
• SIS cleanup (#596).
• Removed ECC Encoder dependency: FFT domain marshal (#565).
• Cleaned IOP (#587).

Documentation

• Updated README (#533).
• Documented batchAddAffine function (#555).
• Updated element package documentation (#572).
• Less verbose Apache 2 header (#570).
• Fixed non-generated headers (#571).
• Changed copyright year to 2025 (#595).

Full Changelog: v0.14.0...v0.15.0

v0.14.0

What's Changed

• refactor: correct comments by @yelhousni in #511
• Feat/pedersen batch verify by @Tabaie in #517
• build: update runner and go version by @gbotrel in #531
• perf: remove uneeded bucket init in affine coordinates fixes #529 by @gbotrel in #530
• feat: Pedersen vector commitment scheme multi VK verification by @ivokub in #527
• chore: fix some function names by @drawdrop in #526
• fix: fixes #522 with bound check before computing twiddles when domain has no precompute set by @gbotrel in #523
• refactor(bls12-381, bls12-377): MillerLoopFixed corresponds to gnark by @yelhousni in #524

New Contributors

• @drawdrop made their first contribution in #526

Full Changelog: v0.13.0...v0.14.0

v0.13.0

What's Changed

• perf, feat, refactor: improve some plonk primitives by @gbotrel in #456
• ci: update ci workflows by @gbotrel in #460
• Feat/kzg dummy srs by @ThomasPiellard in #458
• Perf: faster final exponentiation (hard part) for BW6 curves by @yelhousni in #459
• feat: wrap existing hash-to-field for implementing hash.Hash interface by @ivokub in #464
• Refactor(BW6): use revisited Ate pairing instead of Tate by @yelhousni in #465
• fix: remove duplicate gkr template generation by @ivokub in #439
• fix: edge case where domain cardinality is 1 by @gbotrel in #454
• Perf: KZG with fixed-argument pairing in affine coordinates by @yelhousni in #466
• Refactor: re-introduce points in KZG verification key by @yelhousni in #469
• Add SIS to BLS12-377 by @AlexandreBelling in #470
• chore(deps): bump golang.org/x/crypto from 0.10.0 to 0.17.0 by @dependabot in #473
• feat: allow hashing Fiat-Shamir transcript challenge without hashing to field first by @ivokub in #474
• perf,memory: fft without precompute by @gbotrel in #472
• refactor: kzg srs template by @yelhousni in #475
• doc: update hash to curve rfc ref and impl comment by @hussein-aitlahcen in #478
• feat: adds byteorder option in mimc New by @gbotrel in #480
• perf: optimize curve membership test by @yelhousni in #487
• refactor: make pedersen vk fields public by @ahmetyalp in #488
• fix: gkr add gate evaluate by @BeratOz01 in #490
• fix: fixes #491 by @ThomasPiellard in #492
• Chores: export the unrolled FFT64 out of SIS by @AlexandreBelling in #496
• feat: ECDSA error types by @ivokub in #497
• perf: add kzg.UnsafeToBytes and kzg.UnsafeFromBytes methods by @gbotrel in #499
• refactor: move test utils package into isolation to avoid every user to import test stuff by @gbotrel in #500
• perf: unsafe.WriteSlice (#501) by @gbotrel in #503
• perf(ecc): optimize affine Add, Sub and Double by @yelhousni in #509
• perf(ecc): faster affine Add by @yelhousni in #510
• perf: KZG verification uses JointScalarMultiplication by @yelhousni in #493
• fix: sis limb-decomposition works with log-two_bound > 8 by @AlexandreBelling in #512
• refactor: remove E3 Conjugate from BW6 by @yelhousni in #514
• perf(bn254): optimize affine pairing with doubleAndAdd by @yelhousni in #506
• fix: flaky FRI test by @ivokub in #518
• docs: describe length extension attack for MiMC hash function. by @ivokub in #520
• fix(bandersnatch): GLV bounds + test by @yelhousni in #516

New Contributors

• @dependabot made their first contribution in #473
• @ahmetyalp made their first contribution in #488
• @BeratOz01 made their first contribution in #490

Full Changelog: v0.12.1...v0.13.0

v0.12.1

What's Changed

• fix: GLV exponentiation in GT with large exponents by @ThomasPiellard in #451 Security Advisory
• feat: kzg extended transcript by @ThomasPiellard in #452
• perf(fft): introduce cache efficient bit reverse shuffling by @gbotrel in #446
• perf: Improve performance of point equality checks by @jsign in #450

Full Changelog: v0.12.0...v0.12.1

v0.12.0

What's Changed

• fix malleability sig by @ThomasPiellard in #449 https://nvd.nist.gov/vuln/detail/CVE-2023-44273

• perf: multiexp, avoid direct coordinate access to check for zero points by @jsign in #414

• perf: edwards, improve the performance of Add, MixedAdd and IsOnCurve by @jsign in #441

• perf: edwards, avoid inversions in Add in extended points by @jsign in #442

• ci: update ci workflows by @gbotrel in #447

Full Changelog: v0.11.2...v0.12.0

v0.11.2

What's Changed

• Fix some typos by @jtraglia in #394
• Adding testing for deserialization of G1 and G2 points by @asanso in #393
• Fix some implicit memory aliasing in for loops by @jtraglia in #395
• Do not XOR with zero by @jtraglia in #398
• Disable check shadowing in govet linter by @jtraglia in #397
• Add a bunch of "nosec G404" comments in test code by @jtraglia in #399
• Enable misspell linter & fix findings by @jtraglia in #401
• Fix RSis.CopyWithFreshBuffer by @AlexandreBelling in #402
• feat: Marshal [][]fr.Element by @Tabaie in #400
• Run golangci-lint on generated files by @jtraglia in #396
• docs: ConsenSys -> Consensys by @Tabaie in #406
• msm: semaphore to limit CPUs + better split strategy (up to 25% perf boost on 96cores) by @gbotrel in #403
• Feat/fold pedersen by @Tabaie in #407
• fix: do not read empty slices as nil by @Tabaie in #410
• fix: incorrect semaphore init could cause msm deadlock by @gbotrel in #411
• edwards: optimize point negation by @jsign in #413
• Feat/gkr custom gates by @Tabaie in #419
• perf: fast path for SIS with logTwoBound: 8, logTwoDegree: 6 by @gbotrel in #416
• feat: add WriteRawTo, UnsafeReadFrom to kzg.ProvingKey by @gbotrel in #422
• Fix/gkr eq bug by @Tabaie in #421
• feat: add AsyncReadFrom to fr.Vector and fft.Domain by @gbotrel in #424
• fix: ECDSA HashToInt bytes-bits mismatch by @ivokub in #428
• Small optimization over the memory usage of MiMC by @AlexandreBelling in #435
• perf: improve fft domain memory footprint by @gbotrel in #437
• Refactor/gkr test vectors by @Tabaie in #425
• v0.11.2 by @gbotrel in #438

New Contributors

• @asanso made their first contribution in #393
• @jsign made their first contribution in #413

Full Changelog: v0.11.1...v0.11.2

v0.11.1

Security

Fixed bug in hashing to field when computing and verifying ECDSA signatures (#427, fix #428). Thanks @samngmco for reporting.

Full Changelog: v0.11.0...v0.11.1

v0.10.1

Security

Fixed bug in hashing to field when computing and verifying ECDSA signatures (#427, fix #428). Thanks @samngmco for reporting.

Full Changelog: v0.10.0...v0.10.1

v0.9.2

Security

Fixed bug in hashing to field when computing and verifying ECDSA signatures (#427, fix #428). Thanks @samngmco for reporting.

Full Changelog: v0.9.1...v0.9.2

v0.11.0

What's Changed

• build: update ci github action dependencies by @gbotrel in #369
• Eliminate 2 allocations per Pedersen call by @omerfirmak in #371
• Fix/fold kzg fs by @Tabaie in #377
• Add CopyWithFreshBuffer a function to copy the state by @AlexandreBelling in #370
• Refactor: final exponentiation in pairings by @yelhousni in #375
• Refactor: export endomorphisms by @yelhousni in #376
• fix(kzg): nb of digests in BatchVerifyMultiPoints should be nonzeo by @yelhousni in #374
• Precompute point multiplication results in pedersen by @omerfirmak in #380
• Refactor: do not export endomorphisms + Double in affine by @yelhousni in #382
• Refactor/break kzg srs by @Tabaie in #378
• Feat/encode uint64 slices by @Tabaie in #379
• refactor: break pedersen key into proving (committing) and verifying by @Tabaie in #384
• Perf: KZG verification in a single point by @yelhousni in #386
• make mapToCurve public to allow for custom cofactor clearing by @hussein-aitlahcen in #372
• feat: fix v computation in ECDSA signature by @ivokub in #385
• Update the limb decomposition of the SIS by @AlexandreBelling in #389
• fix: handle all bitmask in point deserialization

New Contributors

• @omerfirmak made their first contribution in #371
• @hussein-aitlahcen made their first contribution in #372

Full Changelog: v0.10.0...v0.11.0