foster/bitcoin-bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-08 10:31:50 -05:00
Code Issues Activity
bitcoin-bitcoin-core/CHANGELOG.md
fanquake ca3d945dc6 Squashed 'src/secp256k1/' changes from d8311688bd..06bff6dec8 
06bff6dec8 Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
4155e62fcc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b15 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd730 cmake: Fix `check_arm32_assembly` when using as subproject
7712a53061 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870f Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74bb changelog: Correct 0.5.0 release date
d7f6613dbb Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4b release cleanup: bump version after 0.5.0
e3a885d42a Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e6 check-abi: explicitly provide public headers
c0e4ec3fee release: prepare for 0.5.0
bb528cfb08 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce12 Add secp256k1_pubkey_sort
da515074e3 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm
4c341f89ab Add changelog entry for SDMC
a043940253 Permit COMB_BITS < 256 for exhaustive tests
39b2f2a321 Add test case for ecmult_gen recoded = {-1,0,1}
644e86de9a Reintroduce projective blinding
07810d9abb Reduce side channels from single-bit reads
a0d32b597d Optimization: use Nx32 representation for recoded bits
e03dcc44b5 Make secp256k1_scalar_get_bits support 32-bit reads
5005abee60 Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t
6247f485b6 Optimization: avoid unnecessary doublings in precomputation
15d0cca2a6 Optimization: first table lookup needs no point addition
7a33db35cd Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset
ed2a056f3d Provide 3 configurations accessible through ./configure
5f7be9f6a5 Always generate tables for current (blocks,teeth) config
fde1dfcd8d Signed-digit multi-comb ecmult_gen algorithm
486518b350 Make exhaustive tests's scalar_inverse(&x,&x) work
ab45c3e089 Initial gej blinding -> final ge blinding
aa00a6b892 Introduce CEIL_DIV macro and use it

git-subtree-dir: src/secp256k1
git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178
2024-05-16 10:35:52 +08:00

9.4 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

0.5.0 - 2024-05-06

Added

  • New function secp256k1_ec_pubkey_sort that sorts public keys using lexicographic (of compressed serialization) order.

Changed

  • The implementation of the point multiplication algorithm used for signing and public key generation was changed, resulting in improved performance for those operations.
    • The related configure option --ecmult-gen-precision was replaced with --ecmult-gen-kb (ECMULT_GEN_KB for CMake).
    • This changes the supported precomputed table sizes for these operations. The new supported sizes are 2 KiB, 22 KiB, or 86 KiB (while the old supported sizes were 32 KiB, 64 KiB, or 512 KiB).

ABI Compatibility

The ABI is backward compatible with versions 0.4.x and 0.3.x.

0.4.1 - 2023-12-21

Changed

  • The point multiplication algorithm used for ECDH operations (module ecdh) was replaced with a slightly faster one.
  • Optional handwritten x86_64 assembly for field operations was removed because modern C compilers are able to output more efficient assembly. This change results in a significant speedup of some library functions when handwritten x86_64 assembly is enabled (--with-asm=x86_64 in GNU Autotools, -DSECP256K1_ASM=x86_64 in CMake), which is the default on x86_64. Benchmarks with GCC 10.5.0 show a 10% speedup for secp256k1_ecdsa_verify and secp256k1_schnorrsig_verify.

ABI Compatibility

The ABI is backward compatible with versions 0.4.0 and 0.3.x.

0.4.0 - 2023-09-04

Added

  • New module ellswift implements ElligatorSwift encoding for public keys and x-only Diffie-Hellman key exchange for them. ElligatorSwift permits representing secp256k1 public keys as 64-byte arrays which cannot be distinguished from uniformly random. See:
    • Header file include/secp256k1_ellswift.h which defines the new API.
    • Document doc/ellswift.md which explains the mathematical background of the scheme.
    • The paper on which the scheme is based.
  • We now test the library with unreleased development snapshots of GCC and Clang. This gives us an early chance to catch miscompilations and constant-time issues introduced by the compiler (such as those that led to the previous two releases).

Fixed

  • Fixed symbol visibility in Windows DLL builds, where three internal library symbols were wrongly exported.

Changed

  • When consuming libsecp256k1 as a static library on Windows, the user must now define the SECP256K1_STATIC macro before including secp256k1.h.

ABI Compatibility

This release is backward compatible with the ABI of 0.3.0, 0.3.1, and 0.3.2. Symbol visibility is now believed to be handled properly on supported platforms and is now considered to be part of the ABI. Please report any improperly exported symbols as a bug.

0.3.2 - 2023-05-13

We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using gcc -v.

Security

  • Module ecdh: Fix "constant-timeness" issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1's ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.

Fixed

  • Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.

Changed

  • Various improvements and changes to CMake builds. CMake builds remain experimental.
    • Made API versioning consistent with GNU Autotools builds.
    • Switched to BUILD_SHARED_LIBS variable for controlling whether to build a static or a shared library.
    • Added SECP256K1_INSTALL variable for the controlling whether to install the build artefacts.
  • Renamed asm build option arm to arm32. Use --with-asm=arm32 instead of --with-asm=arm (GNU Autotools), and -DSECP256K1_ASM=arm32 instead of -DSECP256K1_ASM=arm (CMake).

ABI Compatibility

The ABI is compatible with versions 0.3.0 and 0.3.1.

0.3.1 - 2023-04-10

We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to compile libsecp256k1, e.g., Xcode >=14 on macOS has Clang >=14. When in doubt, check the Clang version using clang -v.

Security

  • Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14.

Added

  • Added tests against Project Wycheproof's set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases.

Changed

  • Increased minimum required CMake version to 3.13. CMake builds remain experimental.

ABI Compatibility

The ABI is compatible with version 0.3.0.

0.3.0 - 2023-03-08

Added

  • Added experimental support for CMake builds. Traditional GNU Autotools builds (./configure and make) remain fully supported.
  • Usage examples: Added a recommended method for securely clearing sensitive data, e.g., secret keys, from memory.
  • Tests: Added a new test binary noverify_tests. This binary runs the tests without some additional checks present in the ordinary tests binary and is thereby closer to production binaries. The noverify_tests binary is automatically run as part of the make check target.

Fixed

  • Fixed declarations of API variables for MSVC (__declspec(dllimport)). This fixes MSVC builds of programs which link against a libsecp256k1 DLL dynamically and use API variables (and not only API functions). Unfortunately, the MSVC linker now will emit warning LNK4217 when trying to link against libsecp256k1 statically. Pass /ignore:4217 to the linker to suppress this warning.

Changed

  • Forbade cloning or destroying secp256k1_context_static. Create a new context instead of cloning the static context. (If this change breaks your code, your code is probably wrong.)
  • Forbade randomizing (copies of) secp256k1_context_static. Randomizing a copy of secp256k1_context_static did not have any effect and did not provide defense-in-depth protection against side-channel attacks. Create a new context if you want to benefit from randomization.

Removed

  • Removed the configuration header src/libsecp256k1-config.h. We recommend passing flags to ./configure or cmake to set configuration options (see ./configure --help or cmake -LH). If you cannot or do not want to use one of the supported build systems, pass configuration flags such as -DSECP256K1_ENABLE_MODULE_SCHNORRSIG manually to the compiler (see the file configure.ac for supported flags).

ABI Compatibility

Due to changes in the API regarding secp256k1_context_static described above, the ABI is not compatible with previous versions.

0.2.0 - 2022-12-12

Added

  • Added usage examples for common use cases in a new examples/ directory.
  • Added secp256k1_selftest, to be used in conjunction with secp256k1_context_static.
  • Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms.

Changed

  • Enabled modules schnorrsig, extrakeys and ecdh by default in ./configure.
  • The secp256k1_nonce_function_rfc6979 nonce function, used by default by secp256k1_ecdsa_sign, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API.

Deprecated

  • Deprecated context flags SECP256K1_CONTEXT_VERIFY and SECP256K1_CONTEXT_SIGN. Use SECP256K1_CONTEXT_NONE instead.
  • Renamed secp256k1_context_no_precomp to secp256k1_context_static.
  • Module schnorrsig: renamed secp256k1_schnorrsig_sign to secp256k1_schnorrsig_sign32.

ABI Compatibility

Since this is the first release, we do not compare application binary interfaces. However, there are earlier unreleased versions of libsecp256k1 that are not ABI compatible with this version.

0.1.0 - 2013-03-05 to 2021-12-25

This version was in fact never released. The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf). Therefore, this version number does not uniquely identify a set of source files.