1# Changelog
2
3Entries are listed in reverse chronological order per undeprecated
4major series.
5
6## 3.x series
7
8### 3.2.0
9
10* Add support for getting the identity element for the Montgomery
11  form of curve25519, which is useful in certain protocols for
12  checking contributory behaviour in derivation of shared secrets.
13
14### 3.1.2
15
16* Revert a commit which mistakenly removed support for `zeroize` traits
17  for some point types, as well as elligator2 support for Edwards points.
18
19### 3.1.1
20
21* Fix documentation builds on nightly due to syntax changes to
22  `#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`.
23
24### 3.1.0
25
26* Add support for the Elligator2 encoding for Edwards points.
27* Add two optional formally-verified field arithmetic backends which
28  use the Fiat Crypto project's Rust code, which is generated from
29  proofs of functional correctness checked by the Coq theorem proving
30  system.
31* Add support for additional sizes of precomputed tables for basepoint
32  scalar multiplication.
33* Fix an unused import.
34* Add support for using the `zeroize` traits with all point types.
35  Note that points are not automatically zeroized on Drop, but that
36  consumers of `curve25519-dalek` should call these methods manually
37  when needed.
38
39### 3.0.3
40
41* Fix documentation builds on nightly due to syntax changes to
42  `#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))]`.
43
44### 3.0.2
45
46* Multiple documentation typo fixes.
47* Fixes to make using `alloc`+`no_std` possible for stable Rust.
48
49### 3.0.1
50
51* Update the optional `packed-simd` dependency to rely on a newer,
52  maintained version of the `packed-simd-2` crate.
53
54### 3.0.0
55
56* Update the `digest` dependency to `0.9`.  This requires a major version
57  because the `digest` traits are part of the public API, but there are
58  otherwise no changes to the API.
59
60## 2.x series
61
62### 2.1.3
63
64* Fix documentation builds on nightly due to syntax changes to
65  `#![fg_attr(feature = "nightly", doc = include_str!("../README.md"))]`.
66
67### 2.1.2
68
69* Multiple documenation typo fixes.
70* Fix `alloc` feature working with stable rust.
71
72### 2.1.1
73
74* Update the optional `packed-simd` dependency to rely on a newer,
75  maintained version of the `packed-simd-2` crate.
76
77### 2.1.0
78
79* Make `Scalar::from_bits` a `const fn`, allowing its use in `const` contexts.
80
81### 2.0.0
82
83* Fix a data modeling error in the `serde` feature pointed out by Trevor Perrin
84  which caused points and scalars to be serialized with length fields rather
85  than as fixed-size 32-byte arrays.  This is a breaking change, but it fixes
86  compatibility with `serde-json` and ensures that the `serde-bincode` encoding
87  matches the conventional encoding for X/Ed25519.
88* Update `rand_core` to `0.5`, allowing use with new `rand` versions.
89* Switch from `clear_on_drop` to `zeroize` (by Tony Arcieri).
90* Require `subtle = ^2.2.1` and remove the note advising nightly Rust, which is
91  no longer required as of that version of `subtle`.  See the `subtle`
92  changelog for more details.
93* Update `README.md` for `2.x` series.
94* Remove the `build.rs` hack which loaded the entire crate into its own
95  `build.rs` to generate constants, and keep the constants in the source code.
96
97The only significant change is the data model change to the `serde` feature;
98besides the `rand_core` version bump, there are no other user-visible changes.
99
100## 1.x series
101
102### 1.2.6
103
104* Fixes to make using alloc+no_std possible for stable Rust.
105
106### 1.2.5
107
108* Update the optional `packed-simd` dependency to rely on a newer,
109  maintained version of the `packed-simd-2` crate.
110
111### 1.2.4
112
113* Specify a semver bound for `clear_on_drop` rather than an exact version,
114  addressing an issue where changes to inline assembly in rustc prevented
115  `clear_on_drop` from working without an update.
116
117### 1.2.3
118
119* Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually
120  constructing unreduced `Scalar` values, as needed for X/Ed25519, and then
121  performing scalar/scalar arithmetic could compute incorrect results.
122* Switch to upstream Rust intrinsics for the IFMA backend now that they exist in
123  Rust and don't need to be defined locally.
124* Ensure that the NAF computation works correctly, even for parameters never
125  used elsewhere in the codebase.
126* Minor refactoring to EdwardsPoint decompression.
127* Fix broken links in documentation.
128* Fix compilation on nightly broken due to changes to the `#[doc(include)]` path
129  root (not quite correctly done in 1.2.2).
130
131### 1.2.2
132
133* Fix a typo in an internal doc-comment.
134* Add the "crypto" tag to crate metadata.
135* Fix compilation on nightly broken due to changes to the `#[doc(include)]` path
136  root.
137
138### 1.2.1
139
140* Fix a bug in bucket index calculations in the Pippenger multiscalar algorithm
141  for very large input sizes.
142* Add a more extensive randomized multiscalar multiplication consistency check
143  to the test suite to prevent regressions.
144* Ensure that that multiscalar and NAF computations work correctly on extremal
145  `Scalar` values constructed via `from_bits`.
146
147### 1.2.0
148
149* New multiscalar multiplication algorithm with better performance for
150  large problem sizes.  The backend algorithm is selected
151  transparently using the size hints of the input iterators, so no
152  changes are required for client crates to start using it.
153* Equality of Edwards points is now checked in projective coordinates.
154* Serde can now be used with `no_std`.
155
156### 1.1.4
157
158* Fix typos in documentation comments.
159* Remove unnecessary `Default` bound on `Scalar::from_hash`.
160
161### 1.1.3
162
163* Reverts the change in 1.1.0 to allow owned and borrowed RNGs, which caused a breakage due to a subtle interaction with ownership rules.  (The `RngCore` change is retained).
164
165### 1.1.2
166
167* Disabled KaTeX on `docs.rs` pending proper [support upstream](https://github.com/rust-lang/docs.rs/issues/302).
168
169## 1.1.1
170
171* Fixed an issue related to `#[cfg(rustdoc)]` which prevented documenting multiple backends.
172
173### 1.1.0
174
175* Adds support for precomputation for multiscalar multiplication.
176* Restructures the internal source tree into `serial` and `vector` backends (no change to external API).
177* Adds a new IFMA backend which sets speed records.
178* The `avx2_backend` feature is now an alias for the `simd_backend` feature, which autoselects an appropriate vector backend (currently AVX2 or IFMA).
179* Replaces the `rand` dependency with `rand_core`.
180* Generalizes trait bounds on `RistrettoPoint::random()` and `Scalar::random()` to allow owned and borrowed RNGs and to allow `RngCore` instead of `Rng`.
181
182### 1.0.3
183
184* Adds `ConstantTimeEq` implementation for compressed points.
185
186### 1.0.2
187
188* Fixes a typo in the naming of variables in Ristretto formulas (no change to functionality).
189
190### 1.0.1
191
192* Depends on the stable `2.0` version of `subtle` instead of `2.0.0-pre.0`.
193
194### 1.0.0
195
196Initial stable release.  Yanked due to a dependency mistake (see above).
197
198