- #689 (
ark-serialize
) AddCanonicalSerialize
andCanonicalDeserialize
impls forVecDeque
andLinkedList
.
- #577 (
ark-ff
,ark-ec
) AddAdditiveGroup
, a trait for additive groups (equipped with scalar field). - #593 (
ark-ec
) ChangeAffineRepr::xy()
to return owned values. - #633 (
ark-ec
) Generic pairing implementation for the curves from the BW6 family.
- #610 (
ark-ec
) Fix panic infinal_exponentiation
step for MNT4/6 curves if inverse does not exist.
- #603 (
ark-poly
) Reduce the number of field multiplications performed bySparseMultilinearExtension::evaluate
andDenseMultilinearExtension::evaluate
- #300 (
ark-ec
) Change the implementation ofHash
trait ofGroupProjective
to use the affine coordinates. - #302 (
ark-ff
) Renamefind_wnaf
tofind_naf
. - #310 (
ark-ec
,ark-ff
) Remove unnecessary internalPhantomData
. - #333 (
ark-poly
) Expose more properties ofEvaluationDomain
s. - #338 (
ark-ec
) Add missingUniformRand
trait bound toGroupAffine
. - #338 (workspace) Change to Rust 2021 edition.
- #345 (
ark-ec
,ark-serialize
) Change the serialization format for Twisted Edwards Curves. We now encode the Y coordinate and take the sign bit of the X coordinate, the default flag is also now the Positive X value. The old methods for backwards compatibility are located here - #348 (
ark-ec
) Renamemsm:{Fixed,Variable}BaseMSM:multi_scalar_mul
tomsm:{Fixed,Variable}:msm
to avoid redundancy. - #359 (
ark-test-templates
) Simplify the field and curve test macros. - #365 (
ark-ec
)- Move
COFACTOR
,COFACTOR_INV
, andis_in_correct_subgroup_assuming_on_curve()
from{SW,TE}CurveConfig
toCurveConfig
. - Add
mul_bits()
toAffineCurve
and provide a default implementation ofmul()
using this. - Remove duplicate function
scale_by_cofactor()
fromshort_weierstrass::GroupAffine
andtwisted_edwards_extended::GroupAffine
- Move
- #370 (all) Set the minimum
rust-version = 1.56
in the manifests of all crates. - #379 (
ark-ff
) RefactorField
implementation andPrimeField
trait:- Switch from hardcoded
FpXYZ
toFp<N>
based onconst
generics. - Move Montgomery arithmetic to an optional backend.
- Rename
field_new
macros toMontFp
,QuadExt
andCubicExt
macros. - Introduce
const fn
s for generating many constants. - Add default associated constants to reduce boilerplate.
- Rename
Fp*Parameters
toFp*Config
. - Add
From<u32>
,From<u16>
, andFrom<u8>
impl
s forBigInt<N>
. - Remove
FftConfig
; move its contents toFftField
.
- Switch from hardcoded
- #383 (
ark-ff
) RenameBigInteger::add_nocarry
toadd_with_carry
andsub_noborrow
tosub_with_borrow
. - #386 (
ark-ff
) RemovePrimeField::GENERATOR
, since it already exists onFftField
. - #393 (
ark-ec
,ark-ff
) RenameFpXParams
toFpXConfig
andFpXParamsWrapper
toFpXConfigWrapper
. - #396 (
ark-ec
) Removemul_bits
feature, and remove default implementations ofmul
andmul_by_cofactor_to_projective
. - #408 (
ark-ff
) Change the output ofDisplay
formatting forBigInt
andFp
from hex to decimal. - #412 (
ark-poly
) Rename UV/MVPolynomial to DenseUV/MVPolynomial. - #417 (
ark-ff
) RemoveToBytes
andFromBytes
. - #418 (
ark-ff
) Addsums_of_products
toField
andFp
- #422 (
ark-ff
) RemoveSquareRootField
, and move functionality toField
- #425 (
ark-ec
) RefactorVariableBase
struct toVariableBaseMSM
trait and implement it forGroupProjective
. - #438 (
ark-ec
) Rename modules, structs, and traits related toec
.short_weierstrass_jacobian
→short_weierstrass
twisted_edwards_extend
→twisted_edwards
GroupAffine
→Affine
GroupProjective
→Projective
ModelParameters
→CurveConfig
SWModelParameters
→SWCurveConfig
TEModelParameters
→TECurveConfig
MontgomeryModelParameters
→MontCurveConfig
- #440 (
ark-ff
) Add a method to construct a field element from an element of the underlying base prime field. - #443, #449 (
ark-ec
) Improve ergonomics of scalar multiplication.- Rename
ProjectiveCurve::mul(AsRef[u64])
toProjectiveCurve::mul_bigint(AsRef[u64])
. - Bound
ProjectiveCurve
byMul<ScalarField>
,for<'a> Mul<&'a ScalarField>
MulAssign<ScalarField>
,for<'a> MulAssign<&'a ScalarField>
- Bound
AffineCurve
byMul<ScalarField, Output = ProjectiveCurve>
for<'a> Mul<&'a ScalarField, Output = ProjectiveCurve>
- Rename
- #445 (
ark-ec
) Change theATE_LOOP_COUNT
in MNT4/6 curves to use 2-NAF. - #446 (
ark-ff
) AddCyclotomicMultSubgroup
trait and implement it for extension fields - #447 (
ark-ec
,ark-algebra-test-templates
) Rename and refactor group infrastructure, and test infrastructure for fields, groups, and pairings:- Create new
Group
trait and move some functionality fromProjectiveCurve
to it. - Refactor
add_assign_mixed
→add_assign
that's polymorphic over its RHS. - Rename
ProjectiveCurve
toCurveGroup: Group
.- Rename some associated types:
AffineCurve
→Affine
- Rename some methods:
batch_normalization_into_affine
→normalize_batch
prime_subgroup_generator
→generator
- Rename some associated types:
- Rename
AffineCurve
toAffineRepr
.- Rename associated types:
Projective
→Group
- Add methods:
- Add method
fn x(&self) -> Self::BaseField
that returns the x coordinate of the point. - Add method
fn y(&self) -> Self::BaseField
that returns the y coordinate of the point.
- Add method
- Rename methods:
zero()
→identity()
is_zero()
→is_identity()
into_projective()
→into_group()
prime_subgroup_generator()
→generator()
- Rename associated types:
- Add new
ScalarMul
trait that encapsulates scalar multiplication routines for arbitraryGroup
s.ScalarMul
trait has aMulBase
associated type to encapsulate bases for variable base and fixed-base scalar multiplication algorithms.ScalarMul
requiresAdd<Self::MulBase, Output = Self>
,AddAssign<Self::MulBase>
, andFrom<Self::MulBase>
.
- Rename
PairingEngine
toPairing
:- Rename associated types:
Fr
→ScalarField
G1Projective
→G1
G2Projective
→G2
Fqk
→TargetField: CyclotomicMultSubgroup
- Remove associated type
Fqe
. - Rename methods:
miller_loop
→multi_miller_loop
pairing
→multi_pairing
- Change method signatures:
product_of_pairings
→multi_pairing
- take two references to element iterators instead of an iterator of tuples.
miller_loop
andmulti_miller_loop
now- take two iterators over
impl Into<G1Prepared>
andimpl Into<G2Prepared>
as input, and - output
MillerLoopOutput
, which is a newtype wrapper aroundTargetField
.
- take two iterators over
final_exponentiation
now- takes as input a
MillerLoopOutput
, - outputs
PairingOutput
, which is a newtype aroundTargetField
, and which implementsGroup
andScalarMul
, allowing it to be used with the existing MSM infrastructure.
- takes as input a
- Pairings, which are the composition of Miller loops and final exponentiation, are changed accordingly.
- Rename associated types:
ark-algebra-test-templates
macro syntax is now simplified; see the test files intest-curves
for examples.
- Create new
- #463 (
ark-serialize
,ark-ff
,ark-ec
) Refactor serialization infrastructure to enable more flexibility and less repetition of code:- New
enum Compress
that indicates whether point compression should be enabled or not. - New
enum Validate
that indicates whether type-specific validation checks should be carried out or not. - New
trait Valid
that provides methods for checking whether a deserialized value of a given type passes appropriate validation checks. The trait has the following methodscheck
which checks a single value, andbatch_check
which checks a batch of values.
CanonicalSerialize
:- New signature for
serialize
that takes in an argumentcompress: Compress
- Old
serialize
→serialize_compressed
serialize_uncompressed
→serialize_uncompressed
- Every method has a default implementation that calls
serialize
with the appropriatecompress
value.
- New signature for
CanonicalDeserialize
:- All types implementing
- New signature for
deserialize
that takes in argumentscompress: Compress
andvalidate: Validate
. deserialize
→deserialize_compressed
deserialize_uncompressed
→deserialize_uncompressed
deserialize_unchecked
→deserialize_uncompressed_unchecked
- New method
deserialize_compressed_unchecked
that performs decompression but skips validation checks. - Every method has a default implementation that calls
deserialize
with the appropriatecompress
andvalidate
values.
- The
SWFlags
enum has been moved toark_ec::models::short_weierstrass
, and has had its variants renamed to be somewhat more descriptive. - The
EdwardsFlags
enum has been moved toark_ec::models::twisted_edwards
, has been renamed toTEFlags
, and has had its variants renamed to be somewhat more descriptive. - New serialization format for Short Weierstrass curves:
- Points with a "positive" y-coordinate are serialized with the sign bit set to zero (as opposed to the sign bit set to one in the old behavior).
- Points with a "negative" y-coordinate are serialized with the sign bit set to one (as opposed to the sign bit set to zero in the old behavior).
- The point at infinity is serialized with the infinity flag set to one.
- New serialization format for Twisted Edwards curves:
- Points with a "positive" x-coordinate are serialized with the sign bit set to zero.
- Points with a "negative" x-coordinate are serialized with the sign bit set to one.
- New
- #487 (
ark-poly
) RefactorEvaluationDomain
trait for cosets:- Remove method
generator_inv
. - Remove method
divide_by_vanishing_poly_on_coset_in_place
. - Remove coset fft methods:
coset_fft
,coset_fft_in_place
,coset_ifft
,coset_ifft_in_place
.
- Remove method
- #492 (
ark-ff
) Refactorark-ff
APIs:- Splits the contents of
ff/src/fields/mod.rs
into smaller files for easier management. - Moves
BitIterator
out ofark_ff::fields
and intoark_ff
directly. - Adds
impl<'a, 'b> Add/Sub/Mul/Div<&'a F> for &'b F
- Splits the contents of
- #517 (
ark-ec
) Move the definition of the isogeny map of WB hash-to-curve to a separate struct - #519 (
ark-ec
) Refactor variable-base MSM to be checked by default, returning aResult
if the lengths of the bases and scalars do not match. - #545 (
ark-ec
,ark-ff
) Rename all*Parameters
or*Params
to*Config
, including:SWUParams
→SWUConfig
WBParams
→WBConfig
Bls12Parameters
→Bls12Config
G1Parameters
→G1Config
G2Parameters
→G2Config
BnParameters
→BnConfig
BW6Parameters
→BW6Config
MNT4Parameters
→MNT4Config
MNT6Parameters
→MNT6Config
GLVParameters
→GLVConfig
- #557 (
ark-ff
) Changefrobenius_map
to return the result, instead of mutating the input. Addfrobenius_map_in_place
for the old behavior.
- #301 (
ark-ec
) AddGLVParameters
trait definition. - #312 (
ark-ec
) Addis_in_correct_subgroup_assuming_on_curve
for allParameters
. - #321 (
ark-ff
) Change bigint conversions to implFrom
instead ofInto
. - #343 (
ark-ec
) Add WB and SWU hash-to-curve maps. - #348 (
ark-ec
) Addmsm:{Fixed,Variable}Base:msm_checked_len
. - #364 (
ark-ec
) AddChunkedPippenger
to variable-base MSM. - #371 (
ark-serialize
) Add serialization impls for arrays - #386 (
ark-ff-macros
,ark-ff
) Add a macro to deriveMontConfig
. - #396 (
ark-ec
) Add a defaultmul
function to{TE,SW}CurveConfig
trait definition. - #397 (
ark-ec
) AddHashMapPippenger
to variable-base MSM. - #418 (
ark-ff
) Addsums_of_products
toField
andFp
- #420 (
ark-ec
) Add aclear_cofactor
method toAffineCurve
. - #430 (
ark-ec
) Add functionality for mapping a field element to a curve element for hash-to-curve. - #440 (
ark-ff
) Add a method to construct a field element from an element of the underlying base prime field. - #446 (
ark-ff
) AddCyclotomicMultSubgroup
trait and impl for extension fields - #467 (
ark-ec
)- Move implementation of
serialize_with_mode()
,deserialize_with_mode()
, andserialized_size()
into{SW,TE}CurveConfig
to allow customization.
- Move implementation of
- #487 (
ark-poly
) RefactorEvaluationDomain
trait for cosets:- Add constructor
new_coset
. - Add convenience method
get_coset
. - Add methods
coset_offset
,coset_offset_inv
andcoset_offset_pow_size
.
- Add constructor
- #539 (
ark-ec
) Implement wNAF-based MSM, resulting in 5-10% speedups. - #528 (
ark-ec
) Allow to overwrite the default implementation of themsm
function provided by theVariableBaseMSM
trait by a specialized version inSWCurveConfig
.
- #302 (
ark-ff
) Add the relaxed NAF computation. - #306 (
ark-ff
,ark-ff-asm
) Make the assembly backend available onstable
. - #339 (
ark-ff
) Remove duplicated code fromtest_field
module and replace its usage withark-test-curves
crate. - #352 (
ark-ff
) UpdateQuadExtField::sqrt
for better performance. - #357 (
ark-poly
) Speedup division by vanishing polynomials for dense polynomials. - #445 (
ark-ec
) Use 2-NAF for ate pairing in MNT4/6 curves. - #509 (
ark-ff
,ark-ff-macros
) Support prime fields with (64 * k)-bit modulus. - #567 (
ark-ec
) Allow to overwrite the default implementation of themsm
function for TwistedEdwards form provided by theVariableBaseMSM
trait by a specialized version inTECurveConfig
.
- #350 (
ark-serialize
) Fix issues with hygiene whenever a non-standardResult
type is in scope. - #358 (
ark-ff
) Fix the bug forQuadExtField::sqrt
whenc1 = 0 && c0.legendre.is_qnr()
- #366 (
ark-ff
) Fixnorm()
for cubic extension field towers. - #394 (
ark-ff
,ark-serialize
) RemoveEmptyFlags
construction checks. - #442 (
ark-ff
) Fix deserialization for modulo with 64 shaving bits. - #460 (
ark-ec
) Fix a corner case for ate pairing in BLS12 and BW6 models. - #521 (
ark-poly
) ChangeDensePolynomial::evaluate_over_domain
to not truncate terms higher than the size of the domain. - #526 (
ark-ff
) Fix squaring forFp128
.
- #285 (
ark-ec
) RemoveATE_LOOP_COUNT_IS_NEGATIVE
from BN curve parameter trait. - #292 (
ark-ec
) RemoveCycleEngine
. - #293 (
ark-ff
) Removeark_ff::test_rng
.
- #230 (
ark-ec
) Addwnaf_mul
implementation forProjectiveCurve
. - #245 (
ark-poly
) Speedup the sequential and parallel radix-2 FFT and IFFT significantly by making the method in which it accesses roots more cache-friendly. - #258 (
ark-poly
) AddMul<F>
implementation forDensePolynomial
. - #259 (
ark-poly
) AddMul<F>
implementation forSparsePolynomial
andAdd<SparsePolynomial<F>>/Sub<SparsePolynomial<F>>
forDensePolynomial
. - #261 (
ark-ff
) Add support for 448-bit integers and fields. - #263 (
ark-ff
) AddFrom<iXXX>
implementations to fields. - #265 (ark-serialize) Add hashing as an extension trait of
CanonicalSerialize
. - #280 (
ark-ff
) AddInto<BigUint>
andFrom<BigUint>
implementations toBigInteger
andPrimeField
. - #289 (
ark-ec
) AddSum
implementation for allAffineCurve
.
- #279 (
ark-ec
) Parallelize miller loop operations for BLS12.
- #252 (
ark-ff
) Fix prime field sampling whenREPR_SHIFT_BITS
is 64. - #284 (
ark-poly-benches
) Fix the panicsubgroup_fft_in_place
benchmark for MNT6-753's Fr.
The main features of this release are:
- Adding the ability to define fields with integer parameters
- Multi-variate polynomial support
- Multilinear polynomial support
- Many speedups to operations involving polynomials
- Some speedups to
sqrt
- Small speedups to MSMs
- Big speedups to radix-2 FFTs
- Fix in the assembly arithmetic backend
- Adding new traits for basic curve cycles and pairing based curve cycles
- #20 (
ark-poly
) Move univariate DensePolynomial and SparsePolynomial into a univariate sub-crate. Make this change by: find w/ regular expressionark_poly::(Dense|Sparse)Polynomial
, and replace withark_poly::univariate::$1Polynomial
. - #36 (
ark-ec
) In Short-Weierstrass curves, include an infinity bit inToConstraintField
. - #37 (
ark-poly
) In thePolynomial
trait, addHash
trait bound toPoint
. - #38 (
ark-poly
) AddAdd
andNeg
trait bounds toPolynomial
. - #51 (
ark-ff
) Removedunitary_inverse
fromQuadExtField
. Make this change by replacingx.unitary_inverse()
withlet mut tmp = x.clone(); tmp.conjugate()
. - #53 (
ark-poly
) AddZero
trait bound toPolynomial
. - #96 (
ark-ff
) Make thefield_new
macro accept values in integer form, without requiring decomposition into limbs, and without requiring encoding in Montgomery form. - #106 (
ark-ff
,ark-ec
) AddZeroize
trait bound toField, ProjectiveGroup, AffineGroup
traits. - #108 (
ark-ff
) Addextension_degree()
method toField
. - #110 (
ark-ec
) Change the trait bound on the scalar formul
, from (essentially)Into<BigInt>
toAsRef<[u64]>
. - #117 (
ark-poly
) Make the univariateSparsePolynomial
implementPolynomial
. Make this change by replacingsparse_poly.evaluate(pt)
tosparse_poly.evaluate(&pt)
. - #129 (
ark-ff
) Moveark_ff::{UniformRand, test_rng}
toark_std::{UniformRand, test_rng}
. Importing these fromark-ff
is still possible, but is deprecated and will be removed in the following release. - #144 (
ark-poly
) AddCanonicalSerialize
andCanonicalDeserialize
trait bounds forPolynomial
. - #160 (
ark-serialize
,ark-ff
,ark-ec
)- Remove
ConstantSerializedSize
; users should useserialized_size*
(see next). - Add
serialized_size_with_flags
method toCanonicalSerializeWithFlags
. - Change
from_random_bytes_with_flags
to outputark_serialize::Flags
. - Change signatures of
Flags::from_u8*
to outputOption
. - Change
Flags::from_u8*
to be more strict about the inputs it accepts: if the top bits of theu8
value do not correspond to one of the possible outputs ofFlags::u8_bitmask
, then these methods outputNone
, whereas before they output a default value. Downstream users other thanark-curves
should not see breakage unless they rely on these methods/traits explicitly.
- Remove
- #165 (
ark-ff
) Addfrom_base_field_elements
as a method to theField
trait. - #166 (
ark-ff
) ChangeBigInt::{from_bytes, to_bits}
tofrom_bytes_le, from_bytes_be, to_bits_le, to_bits_be
.
- #20 (
ark-poly
) Add structs/traits for multivariate polynomials. - #96 (
ark-ff
) Make thefield_new
macro accept values in integer form, without requiring decomposition into limbs, and without requiring encoding in Montgomery form. - #106 (
ark-ff
,ark-ec
) AddZeroize
trait bound toField, ProjectiveGroup, AffineGroup
traits. - #117 (
ark-poly
) Add operations toSparsePolynomial
, so it implementsPolynomial
. - #140 (
ark-poly
) Add support for multilinear extensions in dense and sparse evaluation form. - #164 (
ark-ff
) Add methodsfrom_{be, le}_bytes_mod_order
to thePrimeField
trait. - #197 (
ark-test-curves
) Add a BN384 curve with low two-adicity for mixed-radix testing.
- #22 (
ark-ec
) Speedup fixed-base MSMs. - #28 (
ark-poly
) Adddomain()
method on theevaluations
struct. - #31 (
ark-ec
) Speedup point doubling on twisted edwards curves. - #35 (
ark-ff
) ImplementToConstraintField
forbool
. - #48 (
ark-ff
) Speedupsqrt
onQuadExtField
. - #94 (
ark-ff
) ImplementToBytes
andFromBytes
foru128
. - #99 (
ark-poly
) Speedupevaluate_all_lagrange_coefficients
. - #100 (
ark-ff
) Implementbatch_inverse_and_mul
. - #101 (
ark-ff
) Addelement(i: usize)
on theDomain
trait. - #107 (
ark-serialize
) Add an impl ofCanonicalSerialize/Deserialize
forBTreeSet
. - #114 (
ark-poly
) Significantly speedup and reduce memory usage ofDensePolynomial.evaluate
. - #114, #119 (
ark-poly
) Add infrastructure for benchmarkingDensePolynomial
operations. - #115 (
ark-poly
) Add parallel implementation to operations onEvaluations
. - #115 (
ark-ff
) Add parallel implementation ofbatch_inversion
. - #122 (
ark-poly
) Add infrastructure for benchmarkingFFT
s. - #125 (
ark-poly
) Add parallelization to applying coset shifts withincoset_fft
. - #126 (
ark-ec
) Useark_ff::batch_inversion
for point normalization. - #131, #137 (
ark-ff
) Speedupsqrt
on fields when a square root exists. (And slows it down when doesn't exist.) - #141 (
ark-ff
) AddFp64
. - #144 (
ark-poly
) Add serialization for polynomials and evaluations. - #149 (
ark-serialize
) Add an impl ofCanonicalSerialize/Deserialize
forString
. - #153 (
ark-serialize
) Add an impl ofCanonicalSerialize/Deserialize
forRc<T>
. - #157 (
ark-ec
) Speed upvariable_base_msm
by not relying on unnecessary normalization. - #158 (
ark-serialize
) Add an impl ofCanonicalSerialize/Deserialize
for()
. - #166 (
ark-ff
) Add ato_bytes_be()
andto_bytes_le
methods toBigInt
. - #169 (
ark-poly
) Improve radix-2 FFTs by moving to a faster algorithm by Riad S. Wahby. - #171, #173, #176 (
ark-poly
) Apply significant further speedups to the new radix-2 FFT. - #188 (
ark-ec
) Make Short Weierstrass random sampling result in an element with unknown discrete log. - #190 (
ark-ec
) Add curve cycle trait and extended pairing cycle trait for all types of ec cycles. - #201 (
ark-ec
,ark-ff
,ark-test-curves
,ark-test-templates
) Remove the dependency onrand_xorshift
. - #205 (
ark-ec
,ark-ff
) Unroll loops and conditionally use intrinsics inbiginteger
arithmetic, and reduce copies inff
andec
arithmetic. - #207 (
ark-ff
) Improve performance of extension fields when the non-residue is negative. (Improves fq2, fq12, and g2 speed on bls12 and bn curves.) - #211 (
ark-ec
) Improve performance of BLS12 final exponentiation. - #214 (
ark-poly
) Utilise a more efficient way of evaluating a polynomial at a single point. - #242, #244 (
ark-poly
) Speedup the sequential radix-2 FFT significantly by making the method in which it accesses roots more cache-friendly.
- #36 (
ark-ec
) In Short-Weierstrass curves, include an infinity bit inToConstraintField
. - #107 (
ark-serialize
) Fix handling of(de)serialize_uncompressed/unchecked
in various impls ofCanonicalSerialize/Deserialize
. - #112 (
ark-serialize
) Makebool
s checked serialization methods non-malleable. - #119 (
ark-poly
) Fix bugs in degree calculation if adding/subtracting same degree polynomials whose leading coefficients cancel. - #160 (
ark-serialize
,ark-ff
,ark-ec
) Support serializing whenMODULUS_BITS + FLAG_BITS
is greater than the multiple of 8 just greater thanMODULUS_BITS
, which is the case for the Pasta curves (fixes #47). - #165 (
ark-ff
) Enforce in the type system that an extension fieldsBaseField
extends from the correctBasePrimeField
. - #184 Compile with
panic='abort'
in release mode, for safety of the library across FFI boundaries. - #192 Fix a bug in the assembly backend for finite field arithmetic.
- #217 (
ark-ec
) Fix the definition ofPairingFriendlyCycle
introduced in #190.