csecp256k1

Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).
git clone git://git.ppad.tech/csecp256k1.git
Log | Files | Refs | README | LICENSE

CHANGELOG.md (8837B)

      1 # Changelog
      2 
      3 All notable changes to this project will be documented in this file.
      4 
      5 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
      6 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
      7 
      8 ## [Unreleased]
      9 
     10 ## [0.4.1] - 2023-12-21
     11 
     12 #### Changed
     13  - The point multiplication algorithm used for ECDH operations (module `ecdh`) was replaced with a slightly faster one.
     14  - Optional handwritten x86_64 assembly for field operations was removed because modern C compilers are able to output more efficient assembly. This change results in a significant speedup of some library functions when handwritten x86_64 assembly is enabled (`--with-asm=x86_64` in GNU Autotools, `-DSECP256K1_ASM=x86_64` in CMake), which is the default on x86_64. Benchmarks with GCC 10.5.0 show a 10% speedup for `secp256k1_ecdsa_verify` and `secp256k1_schnorrsig_verify`.
     15 
     16 #### ABI Compatibility
     17 The ABI is backward compatible with versions 0.4.0 and 0.3.x.
     18 
     19 ## [0.4.0] - 2023-09-04
     20 
     21 #### Added
     22  - New module `ellswift` implements ElligatorSwift encoding for public keys and x-only Diffie-Hellman key exchange for them.
     23    ElligatorSwift permits representing secp256k1 public keys as 64-byte arrays which cannot be distinguished from uniformly random. See:
     24    - Header file `include/secp256k1_ellswift.h` which defines the new API.
     25    - Document `doc/ellswift.md` which explains the mathematical background of the scheme.
     26    - The [paper](https://eprint.iacr.org/2022/759) on which the scheme is based.
     27  - We now test the library with unreleased development snapshots of GCC and Clang. This gives us an early chance to catch miscompilations and constant-time issues introduced by the compiler (such as those that led to the previous two releases).
     28 
     29 #### Fixed
     30  - Fixed symbol visibility in Windows DLL builds, where three internal library symbols were wrongly exported.
     31 
     32 #### Changed
     33  - When consuming libsecp256k1 as a static library on Windows, the user must now define the `SECP256K1_STATIC` macro before including `secp256k1.h`.
     34 
     35 #### ABI Compatibility
     36 This release is backward compatible with the ABI of 0.3.0, 0.3.1, and 0.3.2. Symbol visibility is now believed to be handled properly on supported platforms and is now considered to be part of the ABI. Please report any improperly exported symbols as a bug.
     37 
     38 ## [0.3.2] - 2023-05-13
     39 We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using `gcc -v`.
     40 
     41 #### Security
     42  - Module `ecdh`: Fix "constant-timeness" issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1's ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.
     43 
     44 #### Fixed
     45  - Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.
     46 
     47 #### Changed
     48  - Various improvements and changes to CMake builds. CMake builds remain experimental.
     49    - Made API versioning consistent with GNU Autotools builds.
     50    - Switched to `BUILD_SHARED_LIBS` variable for controlling whether to build a static or a shared library.
     51    - Added `SECP256K1_INSTALL` variable for the controlling whether to install the build artefacts.
     52  - Renamed asm build option `arm` to `arm32`. Use `--with-asm=arm32` instead of `--with-asm=arm` (GNU Autotools), and `-DSECP256K1_ASM=arm32` instead of `-DSECP256K1_ASM=arm` (CMake).
     53 
     54 #### ABI Compatibility
     55 The ABI is compatible with versions 0.3.0 and 0.3.1.
     56 
     57 ## [0.3.1] - 2023-04-10
     58 We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to compile libsecp256k1, e.g., Xcode >=14 on macOS has Clang >=14. When in doubt, check the Clang version using `clang -v`.
     59 
     60 #### Security
     61  - Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14.
     62 
     63 #### Added
     64   - Added tests against [Project Wycheproof's](https://github.com/google/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases.
     65 
     66 #### Changed
     67  - Increased minimum required CMake version to 3.13. CMake builds remain experimental.
     68 
     69 #### ABI Compatibility
     70 The ABI is compatible with version 0.3.0.
     71 
     72 ## [0.3.0] - 2023-03-08
     73 
     74 #### Added
     75  - Added experimental support for CMake builds. Traditional GNU Autotools builds (`./configure` and `make`) remain fully supported.
     76  - Usage examples: Added a recommended method for securely clearing sensitive data, e.g., secret keys, from memory.
     77  - Tests: Added a new test binary `noverify_tests`. This binary runs the tests without some additional checks present in the ordinary `tests` binary and is thereby closer to production binaries. The `noverify_tests` binary is automatically run as part of the `make check` target.
     78 
     79 #### Fixed
     80  - Fixed declarations of API variables for MSVC (`__declspec(dllimport)`). This fixes MSVC builds of programs which link against a libsecp256k1 DLL dynamically and use API variables (and not only API functions). Unfortunately, the MSVC linker now will emit warning `LNK4217` when trying to link against libsecp256k1 statically. Pass `/ignore:4217` to the linker to suppress this warning.
     81 
     82 #### Changed
     83  - Forbade cloning or destroying `secp256k1_context_static`. Create a new context instead of cloning the static context. (If this change breaks your code, your code is probably wrong.)
     84  - Forbade randomizing (copies of) `secp256k1_context_static`. Randomizing a copy of `secp256k1_context_static` did not have any effect and did not provide defense-in-depth protection against side-channel attacks. Create a new context if you want to benefit from randomization.
     85 
     86 #### Removed
     87  - Removed the configuration header `src/libsecp256k1-config.h`. We recommend passing flags to `./configure` or `cmake` to set configuration options (see `./configure --help` or `cmake -LH`). If you cannot or do not want to use one of the supported build systems, pass configuration flags such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG` manually to the compiler (see the file `configure.ac` for supported flags).
     88 
     89 #### ABI Compatibility
     90 Due to changes in the API regarding `secp256k1_context_static` described above, the ABI is *not* compatible with previous versions.
     91 
     92 ## [0.2.0] - 2022-12-12
     93 
     94 #### Added
     95  - Added usage examples for common use cases in a new `examples/` directory.
     96  - Added `secp256k1_selftest`, to be used in conjunction with `secp256k1_context_static`.
     97  - Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms.
     98 
     99 #### Changed
    100  - Enabled modules `schnorrsig`, `extrakeys` and `ecdh` by default in `./configure`.
    101  - The `secp256k1_nonce_function_rfc6979` nonce function, used by default by `secp256k1_ecdsa_sign`, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API.
    102 
    103 #### Deprecated
    104  - Deprecated context flags `SECP256K1_CONTEXT_VERIFY` and `SECP256K1_CONTEXT_SIGN`. Use `SECP256K1_CONTEXT_NONE` instead.
    105  - Renamed `secp256k1_context_no_precomp` to `secp256k1_context_static`.
    106  - Module `schnorrsig`: renamed `secp256k1_schnorrsig_sign` to `secp256k1_schnorrsig_sign32`.
    107 
    108 #### ABI Compatibility
    109 Since this is the first release, we do not compare application binary interfaces.
    110 However, there are earlier unreleased versions of libsecp256k1 that are *not* ABI compatible with this version.
    111 
    112 ## [0.1.0] - 2013-03-05 to 2021-12-25
    113 
    114 This version was in fact never released.
    115 The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6).
    116 Therefore, this version number does not uniquely identify a set of source files.
    117 
    118 [unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.4.1...HEAD
    119 [0.4.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.4.0...v0.4.1
    120 [0.4.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.3.2...v0.4.0
    121 [0.3.2]: https://github.com/bitcoin-core/secp256k1/compare/v0.3.1...v0.3.2
    122 [0.3.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.3.0...v0.3.1
    123 [0.3.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.2.0...v0.3.0
    124 [0.2.0]: https://github.com/bitcoin-core/secp256k1/compare/423b6d19d373f1224fd671a982584d7e7900bc93..v0.2.0
    125 [0.1.0]: https://github.com/bitcoin-core/secp256k1/commit/423b6d19d373f1224fd671a982584d7e7900bc93