v0.15.0

What's Changed

• fix: KZG proof verification for edge cases by @ivokub in #1567
• fix: add G1 membership for ML and FE in bls precompile by @ivokub in #1591
• feat: correct curve names in error messages and vector type by @Vap0RSh4wN in #1587
• fix: bit/byte shift in random bound by @radik878 in #1590
• Fix logic mismatch in newR1C for better Groth16 optimization by @tomasandroil in #1482
• perf(bls12-381/map-to-g1): use triple in mul by seed by @yelhousni in #1604
• feat: pointeval precompile circuit for failing inputs by @ivokub in #1572
• feat: implement BLS signature verification (minimal public key) by @ivokub in #1473
• chore: collect small contributions for next release v0.15 by @ivokub in #1606
• fix: use the little-endian representation for serialized values in KZG Pointeval precompile by @ivokub in #1614
• chore: use standard lib testing environment detection by @ivokub in #1631
• feat: allow taking benchmarking instance in NewAssert by @ivokub in #1607
• feat: add Grumpkin elliptic curve (native 2-cycle with BN254) by @yelhousni in #1409
• chore: small cleanup in pairings by @ivokub in #1621
• feat: add BLS12-377, BLS12-381 and BW6-761 GPU acceleration support for Groth16 by @ivokub in #1625
• build(deps): bump github.com/consensys/gnark-crypto from 0.19.0 to 0.19.1 in the go_modules group across 1 directory by @dependabot[bot] in #1636
• refactor: PLONK commitment input and output registration by @ivokub in #1642
• Feat/recursive groth16 conditional check by @ivokub in #1647
• test: refactor crumb test to standard path by @ivokub in #1648
• fix: handle OR call for constant inputs by @ivokub in #1592
• fix: avoid MulAcc overwriting constants by @ivokub in #1632
• chore: use self hosted runners by @waskow-consensys in #1633
• chore: regenerate tinyfield by @ivokub in #1602
• test: handle gnark-crypto not returning malleable signatures anymore by @ivokub in #1601
• build(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 in the go_modules group across 1 directory by @dependabot[bot] in #1652
• feat: EIP-7951 for ECDSA on P-256 curve by @yelhousni in #1649
• perf: use generic hint mechanism for bls12-381 map to G1/G2 hints by @ivokub in #1653
• feat: add example for printing constraints by @hawkadrian in #1643
• perf(sw/emulated): use fakeGLV and remove scalarMulGeneric by @yelhousni in #1654
• perf: save 1 inverse in P256Verify circuit by @yelhousni in #1656
• doc: added zkBTC to gnark known users by @weijiguo in #1658
• ci: enable security code scanner by @witmicko in #1655
• refactor: support dynamic emulation parameters for ecrec by @ivokub in #1660
• build: updated to latest gnark crypto api change (code gen) by @gbotrel in #1668
• feat: Enable multiple GKR sub-circuits by @Tabaie in #1661
• perf: deduplicate commitment copy constraints in PLONK by @ivokub in #1670
• test: add small field test in checkcircuit by @ivokub in #1671
• feat: add internal Koalabear E4 extension for field emulation and logderivative argument by @ivokub in #1672
• feat: implement log-derivative argument over small fields by @ivokub in #1673
• Feat: GKR-Hashers by @Tabaie in #1512
• [Feat] - Add dynamic chain config to template by @thedarkjester in #1663
• ICICLE: MSM chunking, safety on proof generation and GPU memory reduction by @p4u in #1665
• fix: handle uints8 Long addition even in small field by @ivokub in #1674
• feat: better emulation for small fields in large fields by @gbotrel in #1682
• perf: optimize rangecheck recomposition for PlonK backend by @gbotrel in #1683
• Ignore Claude Code settings by @Tabaie in #1675
• fix: EdDSA strict equality check for s by @ivokub in #1684
• feat: clean up interface assertions in circuits by @ivokub in #1685
• feat: Compiled Gates for GKR by @Tabaie in #1676
• perf: improve compile time by 20% by @gbotrel in #1686
• feat: emulated arithmetic bound optimization by @ivokub in #1688
• feat: add PointEval precompiles for 16-bit limbs by @ivokub in #1689
• small fixes v15 by @ivokub in #1646
• perf: optimize scs constraints for bls12377 poseidon2 permutation by @gbotrel in #1690
• feat: add new api to profile package to capture virtual constraints by @gbotrel in #1696
• feat: Test engine to store elements in Montgomery format by @Tabaie in #1695
• perf: use known base length for small field emulation by @ivokub in #1693
• perf: optimize smallmul zero check by @ivokub in #1694
• perf: optimize range checks for small number of small field ops by @ivokub in #1699
• perf: windowed-4 ModExp precompile by @yelhousni in #1700
• refactor: remove bls24-315, bls24-317, and bw6-633 by @gbotrel in #1708
• chore: update CI workflows to go 1.25 by @gbotrel in #1710
• Perf(native/BLS12-377): Torus optimal ate pairing check by @yelhousni in #1702
• docs: update README.md by @gbotrel in #1712
• fix: fix cursor bot comments by @gbotrel in #1713
• chore: add dependabot configuration for GitHub Actions updates by @eloi010 in #1714
• Refactor/gkr/blueprints by @Tabaie in #1691
• Feat/solidity verifier bls12381 by @ThomasPiellard in #1554
• perf: optimize emulated multi-miller loops via sparse×sparse line multiplications for 0-bits by @yelhousni in #1701
• perf(plonk): reduce LRO commitment MSM size via s0-padding identity by @gbotrel in #1716
• perf(Mux): shared selector decomposition and ±Y symmetry optimization in emulated MSM by @yelhousni in #1704
• fix: register gates in GKR Poseidon by @ivokub in #1719
• perf: optimize LogUp for constant single-column tables (range checks) by @yelhousni in #1717
• perf: optimize emulated ToBits and ToBitsCanonical by @yelhousni in #1707
• Eliminate the Gate Registry by @Tabaie in #1718
• perf: emulated Eval support negative coefficients by @ivokub in #1727
• chore: golangcilint update by @ivokub in #1726
• fix: non-native constant ops fast paths by @ivokub in #1730
• perf: solver optimizations by @ivokub in #1728
• feat: add grumpkin curve support by @yelhousni in #1729
• fix: DivUnchecked consistency by @ivokub in #1734
• fix: BLS12-381 Solidity contract init and proof marshaling by @ivokub in #1732
• fix: emulated package tests failing with 1 constraint with PLONK backend by @ivokub in #1733
• perf: GKR Levels by @Tabaie in #1735
• fix: initialize in-circuit KZG SRS at compile time by @ivokub in #1738
• feat: allow replacing hints in test engine by @ivokub in #1737
• fix: add proof commitment length check for better error messages by @ivokub in #1739
• feat(poseidon2): support BN254 widths t=4,8,12,16; fix matMulExternal indexi...

v0.14.0

What's Changed

• release: v0.13.0 by @ivokub in #1516
• fix: enable fuzzing for multi-output-hint test by improving dvHint validation by @ruslan0012 in #1517
• fix: update broken Ethereum precompile contract links by @sewqasreedas in #1532
• ECDSA Signature: Add New Method IsVerified by @ltp456 in #1454
• optimize paddingFixedWidth of sha3 using divmod hint by @ggq89 in #1450
• Update KNOWN_USERS.md by @p4u in #1534
• fix: update Zcash protocol specification link by @lolkdsanyaw in #1535
• Update KNOWN_USERS.md by @hussein-aitlahcen in #1536
• docs: add reclaim protocol by @gap-editor in #1537
• refactor: crossfield hints in non-native by @ivokub in #1539
• fix: optimize zero constant detection and assignment by @ivokub in #1545
• fix: single constraint unsafe KZG SRS in tests by @ivokub in #1544
• feat: add separate Bytes API in std/math/uints package for handling bytes (U8) directly by @ivokub in #1541
• feat: add conversion utility to convert between bytes and elements by @ivokub in #1542
• Feat/eip4844 precompile by @ThomasPiellard in #1489
• refactor: BLS EVM precompile integration by @ivokub in #1515
• fix: scalarmul by 0 on twisted edwards curves by @ivokub in #1551
• fix: prevent early return in RegisterHint causing missing registrations by @avorylli in #1552
• fix: bls12-381 edge cases by @ivokub in #1559
• docs (KNOWN_USERS): add Celer Network by @lechpzn in #1564
• docs: add doctest examples by @ivokub in #1569
• Improve Registry Locking with Read Locks by @dinitheth in #1571
• feat: addition of Trace constructor of plonk on koalabear by @ThomasPiellard in #1514
• Migrate the golangci-lint config to v2 by @Tabaie in #1583
• chore: update to latest gnark-crypto by @gbotrel in #1586

New Contributors

• @ruslan0012 made their first contribution in #1517
• @sewqasreedas made their first contribution in #1532
• @ltp456 made their first contribution in #1454
• @p4u made their first contribution in #1534
• @lolkdsanyaw made their first contribution in #1535
• @hussein-aitlahcen made their first contribution in #1536
• @gap-editor made their first contribution in #1537
• @avorylli made their first contribution in #1552
• @lechpzn made their first contribution in #1564
• @dinitheth made their first contribution in #1571

Full Changelog: v0.13.0...v0.14.0

v0.13.0

What's Changed

• fix: non-native zero IsZero edge case by @ivokub in #1413
• feat: merkle damgard and poseidon2 by @Tabaie in #1407
• Refac/groth16 mpc by @Tabaie in #1372
• Feat: implement FixedLengthSum function for sha3 by @liyue201 in #1379
• Perf: Poseidon2 GKR circuit by @Tabaie in #1410
• Perf: optimize selector.Mux with recursive BinaryMux for various sizes by @weijiguo in #1420
• optimize FixedLengthSum of hash with minLen by @ggq89 in #1445
• Feat/switch groth16 key by @lucasmenendez in #1357
• GKR Gate Registry by @Tabaie in #1442
• fix: Ratio Verification on Groth16 MPC - Phase 1 by @Tabaie in #1465
• feat: use OSS ICICLE for GPU acceleration (version v3.2.2) by @ivokub in #1451
• feat(wires): implements GetWiresConstraintExact as a draft proposal by @AlexandreBelling in #1462
• Migrate GKR from gnark-crypto by @Tabaie in #1467
• feat: make constraint.Element generic interface by @ivokub in #1463
• feat: add Pectra BLS12-381 elliptic curve precompiles by @yelhousni in #1447
• build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 by @dependabot in #1478
• feat: map to g2 on BLS12-381 by @ivokub in #1477
• feat: emulated AssertIsDifferent by @ivokub in #1479
• Fix: make GetWiresConstraint(Exact) deterministic by @AlexandreBelling in #1485
• fix: fake glv neg scalars by @ivokub in #1487
• Style: goimports by @Tabaie in #1491
• Docs/gkr example by @Tabaie in #1458
• docs: notify undefined result by @ivokub in #1488
• feat: make automatic element initialization aware of the current field by @ivokub in #1492
• feat: add field extension support over native fields by @ivokub in #1493
• feat: add WideCommitter for obtaining commitment in the field extension by @ivokub in #1494
• feat: implement field emulation over small fields by @ivokub in #1495
• Refactor/gkr/unigate by @Tabaie in #1490
• docs: up comments by @yelhousni in #1503
• fix hacky registration of MiMC by @Tabaie in #1502
• fix: range over all limbs in normalized form for lookup by @ivokub in #1505
• fix: don't use assignment to compile by @ivokub in #1508
• feat: constant value binary decomposition by @ivokub in #1510

New Contributors

• @weijiguo made their first contribution in #1420
• @ggq89 made their first contribution in #1445
• @lucasmenendez made their first contribution in #1357

Full Changelog: v0.12.0...v0.13.0

v0.12.0

NB! This release fixes security advisory GHSA-cph5-3pgr-c82g (OOM on specially crafted inputs).

What's Changed

• chore: up gnark-crypto by @yelhousni in #1274
• test: add scalar mul to stats by @yelhousni in #1275
• feat: replace stats gob format with csv for easier diffs by @gbotrel in #1276
• build: modify workflows for new CI slack bot by @gbotrel in #1277
• docs: final audit report from LA by @ivokub in #1283
• added sudoku example for prover and verifier by @2pir2 in #1282
• feat constant 'randomness' - domain-size-independent vk by @Tabaie in #1269
• chore: lint generated files by @ivokub in #1289
• docs: update api doc following audit suggestions by @gbotrel in #1291
• fix: fix slice init length by @cuishuang in #1288
• fix: allow only v=0 or v=1 by @ivokub in #1293
• chore: Pedersen verification key reference field by @ivokub in #1295
• feat: update to latest gnark-crypto by @gbotrel in #1298
• fix: expmod precompile if modulus is 1 by @ivokub in #1294
• Feat: 4-dimensional fake GLV by @yelhousni in #1296
• fix: sanitize groth16 verification key reading by @ivokub in #1307
• docs: add input packing example by @ivokub in #1311
• chore: Replace fmt.Printf calls with warning logs by @wwared in #1305
• chore: fix some function names in comment by @wangjingcun in #1304
• fix: initialize public committed by @ivokub in #1317
• feat: direct multivariate polynomial evaluation in non-native by @ivokub in #1299
• Feat/poseidon2 by @ThomasPiellard in #1300
• final exponentiation: select optimisation by @shramee in #1328
• perf: fast path operations for small non-native values by @ivokub in #1326
• perf: BW6 pairing computation using non-native Eval by @ivokub in #1312
• fix bn254 solidity template by @simplexity-ckcclc in #1324
• perf: normalize the random linear combination in logderivarg by @kustosz in #1333
• perf: using non-native Eval for curve arithmetic by @yelhousni in #1331
• Pairing check optimisation by @shramee in #1335
• feat: add ripemd160 hash function with permutation by @ivokub in #1120
• doc: add audit report by @ivokub in #1342
• docs: less verbose Apache 2 header, latest bavard by @gbotrel in #1344
• fix: NNA quotient length computation edge cases by @ivokub in #1340
• build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #1346
• Perf: Pairing on BN254 using direct Fp12 extension and non-native Eval() by @yelhousni in #1339
• feat(bls12-381): pairing using direct Fp12 + non-native Eval() by @yelhousni in #1349
• Update ICICLE integration to use v3 ICICLE by @jeremyfelder in #1318
• chore: remove duplicate nil-check by @ivokub in #1355
• fix: avoid linking icicle dependent files when tag not provided by @ivokub in #1352
• perf: G1/2 membership using Eval by @yelhousni in #1356
• refactor: move poseidon2 to permutation package by @ivokub in #1353
• fix: tinyfield generation with updated gnark-crypto by @ivokub in #1358
• Feat: settable hasher for MiMC by @AlexandreBelling in #1345
• optim: avoid div in millerLoopAndFinalExpResult by @shramee in #1363
• fix: typos fixes by @ivokub in #1325
• Change copyright year to 2025 by @Tabaie in #1383
• Faster ecdsa across all curves by @shramee in #1384
• fix: do not return unused sign by @ivokub in #1385
• perf(emulated): small perf on doubleAndAdd by @yelhousni in #1386
• docs: Change copyright year to 2025 (not autogenerated) by @yelhousni in #1388
• perf(bn254): include G2 membership check in ML by @yelhousni in #1387
• Feat/plonk memory optim by @ThomasPiellard in #1395
• perf: PairingCheck for BN254, BLS12-381, BLS12-377 and BW6-761 by @yelhousni in #1365
• fix: add G2 membership check for constant points by @ivokub in #1397
• fix: stashed typo fixes for v0.12 by @ivokub in #1398
• release: v0.12.0 by @ivokub in #1399

New Contributors

• @2pir2 made their first contribution in #1282
• @cuishuang made their first contribution in #1288
• @wwared made their first contribution in #1305
• @simplexity-ckcclc made their first contribution in #1324
• @kustosz made their first contribution in #1333

Full Changelog: v0.11.0...v0.12.0

v0.11.0

NB! This releases fixes GHSA-9xcg-3q8v-7fq6 and GHSA-q3hw-3gm4-w5cr. Additionally, gnark has undergone several audits. We have implemented many performance improvements. See the full list of changes below!

Thanks for all the external and core contributors!

What's Changed

• style: remove old todos by @gbotrel in #1106
• docs: update TODOs by @ivokub in #1109
• feat: handle invalid signature failures in ECRecover precompile by @ivokub in #1101
• docs: update documentation for ecdsa and eddsa by @yelhousni in #1113
• Update README.md by @miles-six in #1118
• perf/feature: new serialization format for constraint systems by @gbotrel in #1119
• refactor: remove todos by @yelhousni in #1111
• test: add PLONK test for public input mapping by @ivokub in #1123
• perf,feat: groth16.ProvingKey implements BinaryDumper using gnark-crypto unsafe by @gbotrel in #1124
• Perf: revisiting field extensions in std/ by @yelhousni in #1110
• perf: direct Fp6 extension for BW6-761 by @yelhousni in #1126
• Feat: implement FixedLengthSum of sha2 by @liyue201 in #821
• fix: shift constraint indices by nb of public vars by @ivokub in #1128
• fix: non-native arithmetic with variable modulus various fixes by @ivokub in #1104
• Perf: Toom-3 for Fp6 in R1CS by @yelhousni in #1131
• test: check KZG batch verify returned error in test circuit by @ivokub in #1140
• Feat/option solidity by @ThomasPiellard in #1138
• Fix/neg factorial by @Tabaie in #1158
• fix: fixes #1157 ensures calls to AttachDebugInfo are surrounded with… by @gbotrel in #1160
• chore: make function comments match function names by @threehonor in #1163
• fix(uints): constrain valueOf by @bernard-wagner in #1139
• fix: fix #1149 by removing unused code by @gbotrel in #1164
• Make ExpMod work with parametric fields parameters by @AlexandreBelling in #1182
• fix(math/bitslice): fix partition upper part range check width by @ivokub in #1165
• perf(bls12-381): eliminate finalexp ~naively by @yelhousni in #1173
• perf: replace BW6-761 final exp by a class equivalence check by @yelhousni in #1155
• fix: groth16 solidity templates by @ivokub in #1187
• perf: replace BN254 final exp by a class equivalence check by @yelhousni in #1143
• Fix: Build on 32-bit arch would raise int overflow by @doutv in #1195
• Optimize AssertIsLessOrEqual api by @lightning-li in #1194
• fix: fix OR computation in case one input is constant and other variable by @ivokub in #1181
• Audit/final commit fixes by @ThomasPiellard in #1196
• Audit/final commit by @ThomasPiellard in #1191
• feat: use blake2 for variable hashcode by @ivokub in #1197
• docs: describe potential length extension attack when using MiMC in-circuit by @ivokub in #1198
• feat: add IsOnG2 for BN254 by @ivokub in #1204
• feat: capture O variable in gate for external range checker by @ivokub in #1211
• fix: use emulated arithmetic for GLV decomp by @ivokub in #1167
• fix: use consecutive powers instead of squaring by @ivokub in #1212
• fix: conditional check in non-native IsZero for applying optimization by @ivokub in #1145
• fix: avoid malicious hint in BN254 final exp check by @yelhousni in #1214
• feat: add BN254 final exponentiation check with output by @ivokub in #1209
• fix: remove unconstrained and unused variables by @ivokub in #1218
• refactor: separate the fixed circuits for ECPairing used in zkevm by @ivokub in #1217
• fix: variable modulus subtraction padding by @ivokub in #1200
• fix: strict ModReduce in emulated fields by @ivokub in #1224
• fix: edge case with PLONK backend when 1 constraint by @ivokub in #1226
• fixes #1227: api.AssertIsLessOrEqual incorrect behavior on R1CS with constant variable by @gbotrel in #1228
• perf: optimize class equivalence check for BLS12 final exp by @yelhousni in #1207
• fix: minimum 1 bit for constant binary decomposition by @gbotrel in #1229
• fix: branch with unchecked cast could panic at compile time by @gbotrel in #1234
• fix: fixes #1246 ensure cond is boolean in api.Select by @gbotrel in #1247
• bump gnark-crypto version and match interface changes by @Tabaie in #1251
• feat test engine friendly GKR by @Tabaie in #1253
• feat add random mask to groth16 commitment by @Tabaie in #1245
• refactor: utility methods into separate internal package for reuse in std library by @ivokub in #1258
• build: update runner and go version by @gbotrel in #1260
• fix: several external typo fixes by @ivokub in #1261
• perf(bn254): optimize Miller loop by @yelhousni in #1254
• chore: explicit IO methods in interfaces by @ivokub in #1266
• docs: update README by @ivokub in #1255
• feat: allow configurable hash-to-field function for Groth16 Solidity verifier by @ivokub in #1102
• release: v0.11.0 by @ivokub in #1272

New Contributors

• @miles-six made their first contribution in #1118
• @threehonor made their first contribution in #1163
• @doutv made their first contribution in #1195

Full Changelog: v0.10.0...v0.11.0

v0.10.0

What's Changed

TLDR;

Breaking changes

• PlonK was updated to latest paper version and is incompatible with previous gnark version
• gnark now supports efficient PlonK recursion with 2-chains (bls12-377 / bw6-761)
• Groth16 solidity verifier now supports commitments
• Addition of a "decompression" component in gnark/std
• Experimental GPU support
• Many performance improvements

---

• feat: BW6-761 emulated pairing by @yelhousni in #846
• Feat: BW6-761 KZG gadget by @yelhousni in #866
• Fix: edge cases in the Karabina cyclotomic square decompression by @yelhousni in #868
• chore: avoid nonnative dereferences by @ivokub in #861
• feat: allow custom hash function in backends by @ivokub in #873
• chore: cleanup documentation examples by @ivokub in #878
• Refactor(BW6-761): use revisited Ate pairing instead of Tate by @yelhousni in #876
• Fix sw_emulated test by @secure12 in #889
• feat: add short-hash wrappers for recursion by @ivokub in #884
• Feat/marshal g1 scalar by @ThomasPiellard in #891
• perf: lookup blueprint compile time improvement by @gbotrel in #899
• FEAT: Add experimental support for Icicle GPU acceleration behind build tag by @jeremyfelder in #844
• feat: Fiat-Shamir transcript using a short hash by @ivokub in #900
• refactor: use emulated.FieldParams as type parameter to generic Curve and Pairing by @ivokub in #901
• fix: non-native arithmetic autoreduction for division, inversion and sqrt by @ivokub in #870
• feat: batched KZG by @ivokub in #908
• fix: use platform independent method for counting new multiplication overflow from result limb count by @ivokub in #916
• feat: cache lookup blueprint entries in solving phase by @gbotrel in #915
• feat: make gkr hash registries private and threadsafe by @gbotrel in #920
• refactor: simplify hint overloading for api.Commit by @gbotrel in #919
• Perf/multisymbol 4bw by @Tabaie in #912
• fix: missing wait on channel in plonk prover by @gbotrel in #926
• Feat/bypass compression by @Tabaie in #924
• perf: if we don't compress, no need to index dict. by @gbotrel in #929
• Perf: optimize addition chains in BW6-761 final exponentiation by @yelhousni in #931
• Perf: variant of the Karabina cyclotomic squaring by @yelhousni in #933
• feat: add PLONK in-circuit verifier by @ivokub in #880
• perf: use G2 precomputed lines for Miller loop by @ivokub in #930
• perf: bounded scalar multiplication by @ivokub in #934
• Chore/compression v1 by @Tabaie in #940
• perf: non-native modular multiplication by @ivokub in #749
• fix: several typos in the documentation by @tudorpintea999 in #943
• feat: exit when condition is not filled by @ThomasPiellard in #928
• refactor: use external compressor repo by @Tabaie in #942
• fix: #951 plonk verifier checks witness length by @gbotrel in #952
• refactor: plonk.Setup takes kzg srs in canonical and lagrange form by @gbotrel in #953
• Perf: plonk verifier gadget by @yelhousni in #949
• Perf: KZG verify gadget by @yelhousni in #874
• Feat/plonk verifier batching by @ThomasPiellard in #960
• chore(deps): bump golang.org/x/crypto from 0.12.0 to 0.17.0 by @dependabot in #973
• perf(ecdsa): use GLV in JointScalarMulBase by @yelhousni in #975
• chore: adapt changes from native Fiat-Shamir transcript by @ivokub in #974
• perf,memory: lighter plonk ProvingKey (no trace) by @gbotrel in #957
• perf: mark the result of builder.IsZero as boolean to save constraints when used in future by @winderica in #977
• feat: update compress version; failing test by @gbotrel in #979
• fix: typos by @GoodDaisy in #992
• Feat/variable dict by @Tabaie in #989
• Fix std/recursion/plonk native and emulated examples by @wzmuda in #968
• feat: some todos and dead code by @yelhousni in #993
• fix IsZero bug in std/math/emulated/field_assert.go by @readygo67 in #1002
• perf(ecmul): use GLV with safe handling of edge cases in EVM ecmul by @yelhousni in #976
• fix: remove shorthash override for same field by @ivokub in #1008
• Refac/compress packing by @Tabaie in #1007
• feat: different PLONK circuit verification by @ivokub in #1010
• feat: adds plonk.SRSSize helper method by @gbotrel in #1012
• perf: groth16 verifier circuit uses precomputed lines for all curves by @yelhousni in #1016
• docs: describe that hint inputs and outputs are init-ed by @ivokub in #1003
• fix: assign baseChallenge correctly while verifying gkr solution by @ahmetyalp in #1020
• feat: use n-bit mux for switching PLONK verification keys by @ivokub in #1017
• fix: Decompressor to return -1 when output doesn't fit by @Tabaie in #1022
• Fix: edge cases in std/algebra elliptic curve arithmetic circuit (emulated and 2-chains) by @yelhousni in #1023
• fix: use subtraction with reduce in AssertIsEqual by @ivokub in #1026
• feat: plonk verifier options by @ivokub in #1028
• build: update compress to latest version by @gbotrel in #1032
• test: add emulated pairing circuits to stats by @yelhousni in #1031
• fix: use G1 generator from SRS by @ivokub in #1035
• fix: another occurence of G1 in SRS by @ivokub in #1036
• fix: organize std packages hints registrations by @ivokub in #1043
• perf(sw_emulated): optimize jointScalarMulGeneric by @yelhousni in #1049
• feat: subgroup G1/G2 membership BW6-761 and BLS12-377 by @yelhousni in #1030
• Refac/blob decompressor mirror by @Tabaie in #1047
• chore: remove committed profiles by @ivokub in #1053
• feat: stabilize anonymous hint function names by @ivokub in #1054
• feat: add option for enforcing number of goroutines for the solver by @ivokub in #1052
• feat: verify commitments in groth16 recursion verifier by @ahmetyalp in #1057
• feat: non-native sumcheck verifier by @ivokub in #1042
• fix: scs add/mul when recorded constraint is 0 by @yelhousni in #1068
• perf: emulated equality assertion by @ivokub in #1064
• refactor: kill backend.PLONK_FRI by @gbotrel in #1075
• Faster cubic 01 01 mul by @shramee in #1076
• Faster cubic 012 mul 01 by @shramee in #1077
• feat: add hint calling with either native inputs or outputs by @ivokub in #1080
• fix: emulated hint tests by @ivokub in #1083
• Perf: optimize EC arithmetic by @yelhousni in #1061
• feat: add MulNoReduce and Sum methods in field emulation by @ivokub in #1072
• Perf: optimize scalar multiplication for 2-chains by @yelhousni in #1085
• perf/fix: assume variable as zero constant when subtracting from itself by @ivokub in #1089
• feat: add range check selector retrieval by @ivokub in https://github.com/Consensys...

v0.9.1

What's Changed

Fixes

• fix plonk proof forgeability issue
• fix: fixed fold_state by @ThomasPiellard in #820
• perf, refactor: plonk prover by @gbotrel in #855
• fix typos by @xiaolou86 in #857
• perf: a special case for mulacc by @Tabaie in #859
• fix binary decomposition of 0 by @lightning-li in #853
• refactor: generic KZG and Groth16 verifier by @ivokub in #840

New Contributors

• @xiaolou86 made their first contribution in #857

Full Changelog: v0.9.0...v0.9.1

v0.9.0

What's Changed

Features

Core

• feat: Groth16 MPC setup by @HSG88 in #515
• feat: BSB22 commitments PlonK by @Tabaie in #586
• feat: add simple key-value store to the builders by @ivokub in #480
• refactor: define Committer interface for builders by @ivokub in #481
• feat: add defer to the Compiler interface by @ivokub in #483
• feat: PlonK frontend filter common cases of duplicate constraints by @gbotrel in #539
• perf: various performance improvements for PlonK prover by @gbotrel in #593
• feat, perf: introduce constraint blueprints. improve memory usage for constraint systems by @gbotrel in #641
• perf: reduce mem allocs in scs frontend by @gbotrel in #654
• feat: PlonK multicommit by @Tabaie in #668
• feat: Groth16 Multicommits by @Tabaie in #702
• feat: change opening order kzg by @ThomasPiellard in #694
• feat: adds GKR api by @Tabaie in #443
• feat: optimized PlonK solidity verifier for BN254 by @ThomasPiellard
• perf, feat: assert.CheckCircuit(...) by @gbotrel in #825
• Optimized BN254 Groth16 Solidity template with compressed proof support by @recmo in #810

Circuit

• feat: add a partition selector by @aybehrouz in #486
• feat: range checks using log derivative, fixes #581 by @ThomasPiellard in #583
• Add an n to 1 MUX and MAP by @aybehrouz in #475
• perf: in-circuit ECDSA on secp256k1 by @yelhousni in #497
• perf: KZG in circuit by @yelhousni in #506
• feat: BN254 pairing by @ivokub in #411
• feat: range check gadget by @ivokub in #472
• perf: emulated BN254 pairing by @yelhousni in #566
• feat: emulated BLS12-381 pairing by @yelhousni in #591
• feat: add gadget for enabling multiple commitments in-circuit by @ivokub in #562
• feat: add EVM precompiles by @ivokub in #488
• perf: use api.Select for 2 to 1 mux by @aybehrouz in #625
• feat: unified ECADD by @yelhousni in #631
• feat: log-derivative vector lookups by @ivokub in #620
• perf: KZG verification circuit in a single point by @yelhousni in #658
• feat: emulated subgroup check by @yelhousni in #629
• perf(ecdsa): JoinScalarMulBase avoids 0 edge-cases by @yelhousni in #661
• feat: differentiate ecrecover with strict and lax check for s by @ivokub in #656
• feat: implement NIST P-256 and P-384 curves by @ivokub in #697
• perf(2-chain/varScalarMul): use DoubleAndAdd to reduce #constraints by @yelhousni in #706
• perf(2-chain/varScalarMul): DoubleAndAdd to reduce #constraints BLS24 by @yelhousni in #707
• feat: add sha2 primitive by @ivokub in #689
• perf: add a generalized version of binary selection by @aybehrouz in #636
• feat: fixed-argument emulated pairing by @yelhousni in #708
• perf: Add-only emulated scalar multiplication by @yelhousni in #726
• feat: emulated pairing 2-by-2 fixed circuit for EVM by @yelhousni in #698
• perf: emulated pairing BN254 by @yelhousni in #714
• perf: ELM03+Joye07 for emulated scalarMul by @yelhousni in #760
• perf: special squaring for sparse elements in the pairing algorithm by @yelhousni in #772
• perf: Improve MultiLin.Eval number of constraints by @Tabaie in #788
• feat: add sha3 primitive by @nikitamasych in #817
• feat: add bounded comparator functions by @aybehrouz in #530

Fixes

• fix: scs.MarkBoolean missing return w/ constant by @gbotrel in #491
• fix: closes #509 api did not handle AssertIsLessOrEqual with constant as first param by @gbotrel in #511
• fix: restrict constants in field emulation to width by @ivokub in #518
• fix: subtraction overflow computation bug by @ivokub in #579
• fix(emulated pairing): edge cases in torus-based final exp by @yelhousni in #613
• fix: serializeCommitment by @SherLzp in #651
• fix race condition when compiling circuits in parallel by @gbotrel in #676
• fix: emulated ToBits by @ivokub in #731
• fix: do not accumulate terms with zero coefficient for addition by @ivokub in #763
• fix: assert that the binary decomposition of a variable is less than the modulus by @ivokub in #835

Refactor

• refactor: PlonK uses constraint/ and couple of fixes closes #467 by @gbotrel in #493
• refactor: std/algebra by @yelhousni in #526
• refactor: expose all typed backends in gnark/backend (moved from internal/) by @gbotrel in #561
• refactor: based on #515 generify groth16 MPC setup for all curves, flatten packages+ refactor by @gbotrel in #563
• refactor: Minimize Commitment info in PlonK vk by @Tabaie in #633
• refactor: hint name options by @Tabaie in #666
• refactor, perf: 2-chains pairing + groth16 API by @yelhousni in #664

New Contributors

• @HSG88 made their first contribution in #515
• @nikitamasych made their first contribution in #817
• @recmo made their first contribution in #810

Full Changelog: v0.8.1...v0.9.0

What's Changed

• fix: Plonk Fiat-Shamir Challenges with BSB22 by @Tabaie in #812
• Perf: save some negations in emulated pairings by @yelhousni in #816

v0.9.0-alpha

What's Changed

Features

Core

• feat: Groth16 MPC setup by @HSG88 in #515
• feat: BSB22 commitments PlonK by @Tabaie in #586
• feat: add simple key-value store to the builders by @ivokub in #480
• refactor: define Committer interface for builders by @ivokub in #481
• feat: add defer to the Compiler interface by @ivokub in #483
• feat: PlonK frontend filter common cases of duplicate constraints by @gbotrel in #539
• perf: various performance improvements for PlonK prover by @gbotrel in #593
• feat, perf: introduce constraint blueprints. improve memory usage for constraint systems by @gbotrel in #641
• perf: reduce mem allocs in scs frontend by @gbotrel in #654
• feat: PlonK multicommit by @Tabaie in #668
• feat: Groth16 Multicommits by @Tabaie in #702
• feat: change opening order kzg by @ThomasPiellard in #694
• feat: adds GKR api by @Tabaie in #443
• feat: optimized PlonK solidity verifier for BN254 by @ThomasPiellard

Circuit

• feat: add a partition selector by @aybehrouz in #486
• feat: range checks using log derivative, fixes #581 by @ThomasPiellard in #583
• Add an n to 1 MUX and MAP by @aybehrouz in #475
• perf: in-circuit ECDSA on secp256k1 by @yelhousni in #497
• perf: KZG in circuit by @yelhousni in #506
• feat: BN254 pairing by @ivokub in #411
• feat: range check gadget by @ivokub in #472
• perf: emulated BN254 pairing by @yelhousni in #566
• feat: emulated BLS12-381 pairing by @yelhousni in #591
• feat: add gadget for enabling multiple commitments in-circuit by @ivokub in #562
• feat: add EVM precompiles by @ivokub in #488
• perf: use api.Select for 2 to 1 mux by @aybehrouz in #625
• feat: unified ECADD by @yelhousni in #631
• feat: log-derivative vector lookups by @ivokub in #620
• perf: KZG verification circuit in a single point by @yelhousni in #658
• feat: emulated subgroup check by @yelhousni in #629
• perf(ecdsa): JoinScalarMulBase avoids 0 edge-cases by @yelhousni in #661
• feat: differentiate ecrecover with strict and lax check for s by @ivokub in #656
• feat: implement NIST P-256 and P-384 curves by @ivokub in #697
• perf(2-chain/varScalarMul): use DoubleAndAdd to reduce #constraints by @yelhousni in #706
• perf(2-chain/varScalarMul): DoubleAndAdd to reduce #constraints BLS24 by @yelhousni in #707
• feat: add sha2 primitive by @ivokub in #689
• perf: add a generalized version of binary selection by @aybehrouz in #636
• feat: fixed-argument emulated pairing by @yelhousni in #708
• perf: Add-only emulated scalar multiplication by @yelhousni in #726
• feat: emulated pairing 2-by-2 fixed circuit for EVM by @yelhousni in #698
• perf: emulated pairing BN254 by @yelhousni in #714
• perf: ELM03+Joye07 for emulated scalarMul by @yelhousni in #760
• perf: special squaring for sparse elements in the pairing algorithm by @yelhousni in #772
• perf: Improve MultiLin.Eval number of constraints by @Tabaie in #788

Fixes

• fix: scs.MarkBoolean missing return w/ constant by @gbotrel in #491
• fix: closes #509 api did not handle AssertIsLessOrEqual with constant as first param by @gbotrel in #511
• fix: restrict constants in field emulation to width by @ivokub in #518
• fix: subtraction overflow computation bug by @ivokub in #579
• fix(emulated pairing): edge cases in torus-based final exp by @yelhousni in #613
• fix: serializeCommitment by @SherLzp in #651
• fix race condition when compiling circuits in parallel by @gbotrel in #676
• fix: emulated ToBits by @ivokub in #731
• fix: do not accumulate terms with zero coefficient for addition by @ivokub in #763

Refactor

• refactor: PlonK uses constraint/ and couple of fixes closes #467 by @gbotrel in #493
• refactor: std/algebra by @yelhousni in #526
• refactor: expose all typed backends in gnark/backend (moved from internal/) by @gbotrel in #561
• refactor: based on #515 generify groth16 MPC setup for all curves, flatten packages+ refactor by @gbotrel in #563
• refactor: Minimize Commitment info in PlonK vk by @Tabaie in #633
• refactor: hint name options by @Tabaie in #666
• refactor, perf: 2-chains pairing + groth16 API by @yelhousni in #664

New Contributors

• @HSG88 made their first contribution in #515

Full Changelog: v0.8.1...v0.9.0-alpha

v0.8.1

Security

Update gnark-crypto dependency to include security fix.

What's Changed

• Fix the example in README.md by @aybehrouz in #478

Full Changelog: v0.8.0...v0.8.1