Entries are listed in reverse chronological order per undeprecated major series.
- Update
digest
dependency to0.11
. - Update
sha2
dependency to0.11
.
- Fix nightly SIMD build
- Mark
constants::BASEPOINT_ORDER
deprecated from pub API - Add implementation for
PrimeFieldBits
, behind thegroup-bits
feature flag.
- Add arbitrary integer multiplication with
MontgomeryPoint::mul_bits_be
- Add implementations of the
ff
andgroup
traits, behind thegroup
feature flag - Adapt to new types introduced in
fiat-crypto
0.2 infiat
backend - Fix
no_std
forfiat
backend - Mark
Scalar::clamp_integer
as#[must_use]
- Various documentation fixes
- Update the MSRV from 1.41 to 1.60
- Provide SemVer policy
- Make
digest
an optional feature - Make
rand_core
an optional feature - Remove
std
feature flag - Remove
nightly
feature flag - Automatic serial backend selection between
u32
andu64
over the defaultu32
- Backend
simd
is now automatically selected overserial
when a supported CPU is detected - Backend override is now via cfg(curve25519_dalek_backend) over additive features
- Provide override to select
u32
oru64
backend via cfg(curve25519_dalek_bits) - Replace methods
Scalar::{zero, one}
with constantsScalar::{ZERO, ONE}
- Deprecate
EdwardsPoint::hash_from_bytes
and rename itEdwardsPoint::nonspec_map_to_curve
- Require including a new trait,
use curve25519_dalek::traits::BasepointTable
whenever usingEdwardsBasepointTable
orRistrettoBasepointTable
Scalar::from_canonical_bytes
now returnsCtOption
Scalar::is_canonical
now returnsChoice
- Remove
Scalar::from_bytes_clamped
andScalar::reduce
- Deprecate and feature-gate
Scalar::from_bits
behindlegacy_compatibility
- Add
EdwardsPoint::{mul_base, mul_base_clamped}
,MontgomeryPoint::{mul_base, mul_base_clamped}
, andBasepointTable::mul_base_clamped
- Add
precomputed-tables
feature - Update Maintenance Policies for SemVer
- Migrate documentation to docs.rs hosted
- Fix backend documentation generation
- Fix panic when
Ristretto::double_and_compress_batch
receives the identity point - Remove
byteorder
dependency - Update the
criterion
dependency to 0.4.0 - Include README.md into crate Documentation
- Update the
rand_core
dependency version and therand
dev-dependency version. - Relax the
zeroize
dependency to^1
- Update the edition from 2015 to 2021
- Add support for getting the identity element for the Montgomery form of curve25519, which is useful in certain protocols for checking contributory behaviour in derivation of shared secrets.
- Revert a commit which mistakenly removed support for
zeroize
traits for some point types, as well as elligator2 support for Edwards points.
- Fix documentation builds on nightly due to syntax changes to
#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]
.
- Add support for the Elligator2 encoding for Edwards points.
- Add two optional formally-verified field arithmetic backends which use the Fiat Crypto project's Rust code, which is generated from proofs of functional correctness checked by the Coq theorem proving system.
- Add support for additional sizes of precomputed tables for basepoint scalar multiplication.
- Fix an unused import.
- Add support for using the
zeroize
traits with all point types. Note that points are not automatically zeroized on Drop, but that consumers ofcurve25519-dalek
should call these methods manually when needed.
- Fix documentation builds on nightly due to syntax changes to
#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]
.
- Multiple documentation typo fixes.
- Fixes to make using
alloc
+no_std
possible for stable Rust.
- Update the optional
packed-simd
dependency to rely on a newer, maintained version of thepacked-simd-2
crate.
- Update the
digest
dependency to0.9
. This requires a major version because thedigest
traits are part of the public API, but there are otherwise no changes to the API.
- Fix documentation builds on nightly due to syntax changes to
#![fg_attr(feature = "nightly", doc = include_str!("../README.md"))]
.
- Multiple documentation typo fixes.
- Fix
alloc
feature working with stable rust.
- Update the optional
packed-simd
dependency to rely on a newer, maintained version of thepacked-simd-2
crate.
- Make
Scalar::from_bits
aconst fn
, allowing its use inconst
contexts.
The only significant change is the data model change to the serde
feature;
besides the rand_core
version bump, there are no other user-visible changes.
- Fix a data modeling error in the
serde
feature pointed out by Trevor Perrin which caused points and scalars to be serialized with length fields rather than as fixed-size 32-byte arrays. This is a breaking change, but it fixes compatibility withserde-json
and ensures that theserde-bincode
encoding matches the conventional encoding for X/Ed25519. - Update
rand_core
to0.5
, allowing use with newrand
versions.
- Switch from
clear_on_drop
tozeroize
(by Tony Arcieri). - Require
subtle = ^2.2.1
and remove the note advising nightly Rust, which is no longer required as of that version ofsubtle
. See thesubtle
changelog for more details. - Update
README.md
for2.x
series. - Remove the
build.rs
hack which loaded the entire crate into its ownbuild.rs
to generate constants, and keep the constants in the source code.
- Fixes to make using alloc+no_std possible for stable Rust.
- Update the optional
packed-simd
dependency to rely on a newer, maintained version of thepacked-simd-2
crate.
- Specify a semver bound for
clear_on_drop
rather than an exact version, addressing an issue where changes to inline assembly in rustc preventedclear_on_drop
from working without an update.
- Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually
constructing unreduced
Scalar
values, as needed for X/Ed25519, and then performing scalar/scalar arithmetic could compute incorrect results. - Switch to upstream Rust intrinsics for the IFMA backend now that they exist in Rust and don't need to be defined locally.
- Ensure that the NAF computation works correctly, even for parameters never used elsewhere in the codebase.
- Minor refactoring to EdwardsPoint decompression.
- Fix broken links in documentation.
- Fix compilation on nightly broken due to changes to the
#[doc(include)]
path root (not quite correctly done in 1.2.2).
- Fix a typo in an internal doc-comment.
- Add the "crypto" tag to crate metadata.
- Fix compilation on nightly broken due to changes to the
#[doc(include)]
path root.
- Fix a bug in bucket index calculations in the Pippenger multiscalar algorithm for very large input sizes.
- Add a more extensive randomized multiscalar multiplication consistency check to the test suite to prevent regressions.
- Ensure that that multiscalar and NAF computations work correctly on extremal
Scalar
values constructed viafrom_bits
.
- New multiscalar multiplication algorithm with better performance for large problem sizes. The backend algorithm is selected transparently using the size hints of the input iterators, so no changes are required for client crates to start using it.
- Equality of Edwards points is now checked in projective coordinates.
- Serde can now be used with
no_std
.
- Fix typos in documentation comments.
- Remove unnecessary
Default
bound onScalar::from_hash
.
- Reverts the change in 1.1.0 to allow owned and borrowed RNGs, which caused a breakage due to a subtle interaction with ownership rules. (The
RngCore
change is retained).
- Disabled KaTeX on
docs.rs
pending proper support upstream.
- Fixed an issue related to
#[cfg(rustdoc)]
which prevented documenting multiple backends.
- Adds support for precomputation for multiscalar multiplication.
- Restructures the internal source tree into
serial
andvector
backends (no change to external API). - Adds a new IFMA backend which sets speed records.
- The
avx2_backend
feature is now an alias for thesimd_backend
feature, which autoselects an appropriate vector backend (currently AVX2 or IFMA). - Replaces the
rand
dependency withrand_core
. - Generalizes trait bounds on
RistrettoPoint::random()
andScalar::random()
to allow owned and borrowed RNGs and to allowRngCore
instead ofRng
.
- Adds
ConstantTimeEq
implementation for compressed points.
- Fixes a typo in the naming of variables in Ristretto formulas (no change to functionality).
- Depends on the stable
2.0
version ofsubtle
instead of2.0.0-pre.0
.
Initial stable release. Yanked due to a dependency mistake (see above).