CHANGELOG (3304B)
1 # Changelog 2 3 - 0.5.7 (2026-06-07) 4 * Improves the performance of all wNAF-based signing & verification 5 functions by about 1.5-2x, due to optimizations in 1) the 6 constant-time wNAF scalar multiplication function, and 2) upstream 7 modular field inversion (in ppad-fixed). 8 9 - 0.5.6 (2026-06-07) 10 * Improves the wall-clock performance of the constant-time, non-wNAF 11 scalar multiplication function by about 35%. ECDH also speeds up 12 proportionally as a direct result. 13 14 - 0.5.5 (2026-05-22) 15 * Adds no-hash ECDSA signature verification utilities that skip the 16 internal SHA256 step. 17 18 - 0.5.4 (2026-02-04) 19 * Nonce generation for ECDSA is now more secure due to recent 20 improvements in ppad-hmac-drbg. The DRBG state is now guaranteed 21 to live in only one location on the heap, and it is now wiped 22 explicitly after use. 23 24 * ECDSA signing now allocates about 1.5 orders of magnitude less than 25 it did previously. 26 27 - 0.5.3 (2026-01-10) 28 * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies. 29 30 - 0.5.2 (2025-12-28) 31 * Adds an explicit 64-bit architecture constraint. 32 * Tests on GHC.10.3. 33 34 - 0.5.1 (2025-12-27) 35 * Improves the constant-time semantics in wNAF scalar multiplication, 36 replacing "indexing via a constant-time selected value" by performing 37 a full window scan and selecting via mask. 38 39 - 0.5.0 (2025-12-21) 40 * We get a significant upgrade to all functionality by pulling in the 41 ppad-fixed library for large unsigned and Montgomery-form integers. 42 Constant-time and allocation properties are made much more rigorous 43 across the board, as we no longer depend on 'Integer' whatsoever. 44 45 This version also improves performance radically throughout. A 46 summary of the speedups achieved: 47 48 sign_schnorr: ~7.1x speedup 49 verify_schnorr: ~4.5x speedup 50 sign_ecdsa: ~1.5x speedup 51 verify_ecdsa: ~4.5x speedup 52 53 - 0.4.0 (2025-06-21) 54 * Scalar multiplication, signing, verifying, and ECHD functions are now 55 all total, returning 'Nothing' when supplied with invalid inputs. 56 * Adds a group element check to 'mul_wnaf'. 57 58 - 0.3.0 (2025-03-14) 59 * Adds 'ecdh' for computing ECDH secrets, any given secret being the 60 SHA256 hash of the x-coordinate of the appropriate secp256k1 point. 61 62 - 0.2.2 (2025-02-16) 63 * Exports the secp256k1 "point at infinity" as _CURVE_ZERO. 64 65 - 0.2.1 (2024-12-18) 66 * Adds 'serialize_point' for compressed-format serialization of 67 secp256k1 points. 68 69 - 0.2.0 (2024-11-08) 70 * Adds wNAF ("w-ary non-adjacent form") scalar multiplication, as 71 well as fast 'sign' and 'verify' variants for Schnorr and ECDSA 72 (disambiguated by a trailing apostrophe) that make use of it. 73 74 Each wNAF-powered function requires a 'Context' consisting of 75 precomputed secp256k1 generator multiples; one can be gotten via 76 'precompute'. 77 78 Note that the non-wNAF-powered sign and verify functions have 79 incurred a slight performance decrease (on the order of tens to 80 hundreds of microseconds) as a result. 81 82 * Adds 'parse_sig' for parsing compact signatures. 83 84 * Adds a dependency on the 'primitive' library (already transitively required 85 via 'ppad-hmac-drbg'). 86 87 - 0.1.0 (2024-10-19) 88 * Initial release, supporting public key derivation and Schnorr & 89 ECDSA signatures on secp256k1. 90