diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6cfa40333a..50700990dc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,576 @@
+
+## [v0.14.0] - 2024-09-03
+### Build
+- update runner and go version ([#531](https://github.com/ConsenSys/gnark-crypto/issues/531))
+- generify g2.go changes
+- generify pedersen_test.go changes
+- generify pedersen.go changes
+
+### Chore
+- fix some function names ([#526](https://github.com/ConsenSys/gnark-crypto/issues/526))
+- go generate
+- go generate
+- go generate
+
+### Doc
+- describe the prover can provide folded proof
+
+### Docs
+- add documentation examples
+- more explanations
+- add package documentation
+- remove TODO
+- expand method documentation
+- correct BW6 tower comment
+- up E3 mul comment
+- **ecc:** refactor comments in g*.go
+
+### Feat
+- use curve fold
+- define fold method for curve
+- use foldable Pedersen commitment verification
+- pedersen batch verify bn254
+
+### Fix
+- fixes [#522](https://github.com/ConsenSys/gnark-crypto/issues/522) with bound check before computing twiddles when domain has no precompute set ([#523](https://github.com/ConsenSys/gnark-crypto/issues/523))
+- resolve conflict around kzg
+
+### Perf
+- remove uneeded bucket init in affine coordinates fixes [#529](https://github.com/ConsenSys/gnark-crypto/issues/529) ([#530](https://github.com/ConsenSys/gnark-crypto/issues/530))
+
+### Refactor
+- variable name
+- option outputs option
+- typos in comments
+- correct IsZero comments
+
+### Test
+- add test for prefolded pok
+- fix example test
+
+### Pull Requests
+- Merge pull request [#524](https://github.com/ConsenSys/gnark-crypto/issues/524) from Consensys/refactor/bls12-MillerLoopFixed
+- Merge pull request [#527](https://github.com/ConsenSys/gnark-crypto/issues/527) from Consensys/feat/pedersen-batchmultivk
+- Merge pull request [#517](https://github.com/ConsenSys/gnark-crypto/issues/517) from Consensys/feat/pedersen-batch-verify
+- Merge pull request [#511](https://github.com/ConsenSys/gnark-crypto/issues/511) from Consensys/docs/up-comments
+
+
+
+## [v0.13.0] - 2024-07-19
+### Chore
+- generate
+- go generate
+- make recoverP internal
+- go generate
+- **deps:** bump golang.org/x/crypto from 0.10.0 to 0.17.0 ([#473](https://github.com/ConsenSys/gnark-crypto/issues/473))
+
+### Ci
+- new attempt to fix push to master workflow
+- grmpppf
+- add missing message field
+- use runner.os
+- update ci workflows ([#460](https://github.com/ConsenSys/gnark-crypto/issues/460))
+
+### Doc
+- update hash to curve rfc ref and impl comment ([#478](https://github.com/ConsenSys/gnark-crypto/issues/478))
+
+### Docs
+- describe length extension attack for MiMC hash function. ([#520](https://github.com/ConsenSys/gnark-crypto/issues/520))
+- fix misspelled comment
+- skipping inf points in PairFixedQ is implicit
+- **ecc:** add comment in IsOnCurve()
+
+### Feat
+- return constant error for quadratic non residues
+- mathfmt doc
+- added some docs
+- fixed comment, GenFrStar -> GeneratorFullMultiplicativeGroup
+- adds byteorder option in mimc `New` ([#480](https://github.com/ConsenSys/gnark-crypto/issues/480))
+- allow hashing Fiat-Shamir transcript challenge without hashing to field first ([#474](https://github.com/ConsenSys/gnark-crypto/issues/474))
+- kzg.SRS implements UnsafeReadFrom
+- added missing WriteRawTo method for kzg.SRS
+- added ecc.IDFromString() method
+- wrap existing hash-to-field for implementing hash.Hash interface ([#464](https://github.com/ConsenSys/gnark-crypto/issues/464))
+- quick SRS is now balanced
+- code gen for quick srs
+- avoid batch scalar mul when alpha=1 bn254
+
+### Fix
+- m range from 1 in test
+- sis limb-decomposition works with log-two_bound > 8
+- fixed typo
+- template fix
+- fixes [#491](https://github.com/ConsenSys/gnark-crypto/issues/491)
+- gkr add gate evaluate ([#490](https://github.com/ConsenSys/gnark-crypto/issues/490))
+- handle edge case where provided domain cardinality is 1 ([#454](https://github.com/ConsenSys/gnark-crypto/issues/454))
+- kzg template for bn254
+- remove duplicate gkr template generation
+- **bandersnatch:** GLV bounds + test ([#516](https://github.com/ConsenSys/gnark-crypto/issues/516))
+- **kzg:** bw6-633 vk marshal
+
+### Perf
+- batchInvert 1/P.Y in fixed-arg pairing
+- unsafe.WriteSlice ([#501](https://github.com/ConsenSys/gnark-crypto/issues/501)) ([#503](https://github.com/ConsenSys/gnark-crypto/issues/503))
+- add kzg.UnsafeToBytes and kzg.UnsafeFromBytes methods ([#499](https://github.com/ConsenSys/gnark-crypto/issues/499))
+- specialize mul by affine lines
+- **bls12-377:** precomuting lines in pairing in affine
+- **bls12-377:** use precomputed affine lines in kzg
+- **bls12-378:** use precomputed affine lines in kzg
+- **bls12-378:** precomuting lines in pairing in affine
+- **bls12-381:** use precomputed affine lines in kzg
+- **bls12-381:** precomuting lines in pairing in affine
+- **bls24-315:** precomuting lines in pairing in affine
+- **bls24-315:** use precomputed affine lines in kzg
+- **bls24-317:** precomuting lines in pairing in affine
+- **bls24-317:** use precomputed affine lines in kzg
+- **bn254:** precomuting lines in pairing in affine
+- **bn254:** use precomputed affine lines in kzg
+- **bn254:** optimize affine pairing with doubleAndAdd
+- **bw6:** precomuting lines in pairing
+- **bw6:** precomuting lines in pairing in affine
+- **bw6:** use precomputed affine lines in kzg
+- **bw6-633:** remove unnecessary computations in MillerLoop
+- **bw6-633:** precomuting lines in pairing in affine
+- **bw6-633:** implement faster final exp hard part
+- **bw6-756:** implement faster final exp hard part
+- **bw6-756:** precomuting lines in pairing in affine + kzg
+- **bw6-756:** remove unnecessary computations in MillerLoop
+- **bw6-761:** optimize affine pairing with doubleAndAdd
+- **bw6-761:** remove unnecessary computations in MillerLoop
+- **bw6-761:** implement faster final exp hard part
+- **ecc:** faster affine Add
+- **ecc:** use DoubleMixed in AddMixed when points are equal
+- **ecc:** optimize affine Add, Sub and Double
+- **ecc:** scpecialize mul by B in IsOnCurve
+- **ecc:** save 1 mul in IsOnCurve
+- **kzg:** replace 2 scalarMuls with a JointScalarMul
+
+### Refactor
+- remove G1 from KZG verifiying key
+- move test util package into isolated one ([#500](https://github.com/ConsenSys/gnark-crypto/issues/500))
+- remove dead ScalarMultiplicationAffine
+- make pedersen vk fields public ([#488](https://github.com/ConsenSys/gnark-crypto/issues/488))
+- kzg srs template ([#475](https://github.com/ConsenSys/gnark-crypto/issues/475))
+- re-introduce points in KZG verification key
+- apply code review suggestions
+- consolidate fixed-argument pairing across curves
+- remove E3 Conjugate from BW6
+- generify and consolidate new kzg and fixed-arg pairing
+- **bw6:** simplify PrecomputeLines
+- **bw6-633:** use revisited Ate pairing instead of Tate
+- **bw6-633:** clean pairing
+- **bw6-756:** use revisited Ate pairing instead of Tate
+- **bw6-761:** clean and optimize new pairing
+- **bw6-761:** use revisited Ate pairing instead of Tate
+
+### Test
+- update the tests
+- **ecc:** affine Add involving (0,0)
+- **ecc:** benchmark affine ops
+
+### Pull Requests
+- Merge pull request [#518](https://github.com/ConsenSys/gnark-crypto/issues/518) from Consensys/fix/flaky-fri-test
+- Merge pull request [#506](https://github.com/ConsenSys/gnark-crypto/issues/506) from Consensys/perf/affine-pairing
+- Merge pull request [#514](https://github.com/ConsenSys/gnark-crypto/issues/514) from Consensys/refactor/bw6-conj
+- Merge pull request [#512](https://github.com/ConsenSys/gnark-crypto/issues/512) from Consensys/fix/sis-issue-when-logTwoBound-larger-than-8
+- Merge pull request [#493](https://github.com/ConsenSys/gnark-crypto/issues/493) from Consensys/perf/kzg-verify
+- Merge pull request [#510](https://github.com/ConsenSys/gnark-crypto/issues/510) from Consensys/perf/faster-affine-arithmetic
+- Merge pull request [#509](https://github.com/ConsenSys/gnark-crypto/issues/509) from Consensys/perf/affine-arithmetic
+- Merge pull request [#497](https://github.com/ConsenSys/gnark-crypto/issues/497) from Consensys/feat/ecdsa-errors
+- Merge pull request [#496](https://github.com/ConsenSys/gnark-crypto/issues/496) from Consensys/sis/export-fft64
+- Merge pull request [#492](https://github.com/ConsenSys/gnark-crypto/issues/492) from Consensys/feat/gen_fr_star
+- Merge pull request [#487](https://github.com/ConsenSys/gnark-crypto/issues/487) from Consensys/perf/IsOnCurve
+- Merge pull request [#469](https://github.com/ConsenSys/gnark-crypto/issues/469) from Consensys/kzg/srs-vk
+- Merge pull request [#466](https://github.com/ConsenSys/gnark-crypto/issues/466) from Consensys/kzg/srs
+- Merge pull request [#439](https://github.com/ConsenSys/gnark-crypto/issues/439) from Consensys/fix/duplicate-gkr-gen
+- Merge pull request [#465](https://github.com/ConsenSys/gnark-crypto/issues/465) from Consensys/refactor/bw6761-pairing
+- Merge pull request [#459](https://github.com/ConsenSys/gnark-crypto/issues/459) from Consensys/perf/bw6-finalExp
+- Merge pull request [#458](https://github.com/ConsenSys/gnark-crypto/issues/458) from Consensys/feat/kzg_dummy_srs
+
+
+
+## [v0.12.1] - 2023-10-05
+### Clean
+- remove useless snippet in mulWindowed ([#453](https://github.com/ConsenSys/gnark-crypto/issues/453))
+
+### Ecc
+- fix neutral elements cases
+- add bench for Jac equality check
+- avoid inverses in Jac equality check
+
+### Edwards
+- add bench for Projective equality check
+- avoid inverses in Projective equality check
+
+### Feat
+- discared useless files
+- added test for [-s]G=-[s]G
+
+### Fix
+- add GT ExpGLV fix to BLS24 + BW6
+- merge and fix tests for expGLV
+- use max(size(s1), size(s2)) for ExpGLV
+- fixed mulWindowed for negative exponents
+- fixed ExpGLV in GT
+
+### Perf
+- **fft:** introduce cache efficient bit reverse shuffling ([#446](https://github.com/ConsenSys/gnark-crypto/issues/446))
+
+### Pull Requests
+- Merge pull request [#451](https://github.com/ConsenSys/gnark-crypto/issues/451) from Consensys/fix/glv
+- Merge pull request [#450](https://github.com/ConsenSys/gnark-crypto/issues/450) from jsign/jsign-eq-improv
+
+
+
+## [v0.12.0] - 2023-09-27
+### Chore
+- generate
+- generate
+- generate
+- use *big.Int (convention)
+- generate
+- generate ecdsa
+- generate tests
+- remove extra method description
+- remove extra file
+
+### Ci
+- update ci workflows ([#447](https://github.com/ConsenSys/gnark-crypto/issues/447))
+
+### Edwards
+- improve the performance of Add, MixedAdd and IsOnCurve ([#441](https://github.com/ConsenSys/gnark-crypto/issues/441))
+
+### Feat
+- delete playground
+- added tests for non malleability of ecdsa
+- added tests for non malleability (eddsa)
+- ErrShortBuffer -> ErrWrongSizeBuffer
+
+### Fix
+- remove test that signature value R.X == 0
+- check EdDSA signature values not zero
+- compare ecdsa signature values against zero
+- removed const error ecdsa
+- remove swifft files, removed const error
+- fixed malleability issue ecdsa/eddsa
+- fixed ambiguous unmarshalling eddsa
+
+### Multiexp
+- avoid direct coordinate access to check for zero points ([#414](https://github.com/ConsenSys/gnark-crypto/issues/414))
+
+### Refactor
+- make marshal errors private
+
+### Test
+- ensure the test path is taken
+- add tests for zero values
+- implement malleability tests as subtests
+
+### Pull Requests
+- Merge pull request [#449](https://github.com/ConsenSys/gnark-crypto/issues/449) from Consensys/fix/malleability_sig
+- Merge pull request [#442](https://github.com/ConsenSys/gnark-crypto/issues/442) from jsign/jsign-edwards-extended
+
+
+
+## [v0.11.2] - 2023-08-18
+### Build
+- update go mod deps
+- generify gates var
+- generify unsafeReadFrom
+- generify enc.WriteUint64SliceSlice
+- generify marshal changes
+- generify
+- generify bn254 changes
+- go generate
+- generify bn254 changes
+- generify bn254 kzg changes
+- generify marshal changes
+- generify bn254 kzg changes
+- bump go1.20
+- update ci github action dependencies
+- ran go generate
+
+### Chore
+- update CHANGELOG
+- PR feedback
+
+### Docs
+- ConsenSys -> Consensys ([#406](https://github.com/ConsenSys/gnark-crypto/issues/406))
+- explain FoldCommitments
+- make comments more godoc friendly
+- remove comment
+- remove DO NOT EDIT from non-autogenerated files
+- added Generator docs
+- add TODO with small domain warning
+- **pairing:** add comments
+
+### Edwards
+- optimize point negation ([#413](https://github.com/ConsenSys/gnark-crypto/issues/413))
+
+### Feat
+- add Double in affine coordinates
+- experiment parallel sis
+- add AsyncReadFrom to fr.Vector and fft.Domain ([#424](https://github.com/ConsenSys/gnark-crypto/issues/424))
+- added WriteRawTo to kzg.ProvingKey ([#422](https://github.com/ConsenSys/gnark-crypto/issues/422))
+- more gkr gates
+- Gates var for bn254
+- added size accessor on poly
+- pedersen.Vk[Bn254].UnsafeReadFrom
+- write [][]uint64
+- marshal [][]uint64 for bn254
+- pedersen(bn254).WriteRawTo
+- fold 0 proofs edge case
+- pedersen folding proofs
+- Marshal [][]fr.Element ([#400](https://github.com/ConsenSys/gnark-crypto/issues/400))
+- restored fp, fr, etc
+- added polynomial.SetSize
+- added element.Unmarshal closes [#348](https://github.com/ConsenSys/gnark-crypto/issues/348)
+- kzg.Vk.WriteRawTo
+- bn254 encoder to support uint64 slices
+- fix v computation in ECDSA signature ([#385](https://github.com/ConsenSys/gnark-crypto/issues/385))
+- add ECDSA public key recover from message, signature and recovery info ([#347](https://github.com/ConsenSys/gnark-crypto/issues/347))
+- added comment for bitAt function
+- added sis.py
+- add reference test
+- merge fft branch and cosmetic edits
+- parallel.Execute with 1 task fast path
+- added fft.WithNbTasks
+- FFT signature now takes an option variadic
+- expose NaiveMulMod for gnark
+- make `mapToCurve` public to allow for custom cofactor clearing ([#372](https://github.com/ConsenSys/gnark-crypto/issues/372))
+- restored latest fft
+- **pairing:** return 1 after easy part if result is 1
+
+### Fix
+- littleEndian -> bigEndian
+- use of MulGate
+- add explicit operator priority
+- dont use internal package in vector.go
+- import utils
+- remove redundant mulGate
+- incorrect semaphore initialization ([#411](https://github.com/ConsenSys/gnark-crypto/issues/411))
+- don't ignore multiexp error
+- pedersen folding bug
+- more innef assign
+- innef assignment in test
+- handle all bitmask in point deserialization
+- ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428))
+- ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428))
+- do not read empty slices as nil
+- minor errors
+- generation mistake
+- bn254 incorporate evals into kzg batch challenge
+- SIS on 64bit only
+- invalid infinity point encoding
+- mods smaller than 5; overestimating nbword
+- code generation fp6
+- **MillerLoop:** return 1 when size(pairs)=0 after infinity filter
+- **kzg:** nb of digests in BatchVerifyMultiPoints should be nonzeo
+- **linter:** ineffassign in Fpk marshal
+
+### Msm
+- semaphore to limit CPUs + better split strategy (up to 25% perf boost on 96cores) ([#403](https://github.com/ConsenSys/gnark-crypto/issues/403))
+
+### Perf
+- experiment without memcopy not great
+- kzg BatchOpenSinglePoint more parallelization
+- iop ratio more parallelization. reuse cosets
+- kept the fastest method for sis
+- minor optim in iop package
+- 3 muls instead of 4 sis
+- small memory alloc optimization ([#435](https://github.com/ConsenSys/gnark-crypto/issues/435))
+- dont waste too much memory in fft domain ([#437](https://github.com/ConsenSys/gnark-crypto/issues/437))
+- fix todo with small domain path
+- use bitset in batch invert
+- fast path for SIS with logTwoBound: 8, logTwoDegree: 6 ([#416](https://github.com/ConsenSys/gnark-crypto/issues/416))
+- optimized sis
+- less memallocs, check for zeroes
+- faster init + simplify bit processing loop
+- **bls24-317:** optimize final exp
+- **bn254:** use Fuentes et al. instead of Duquesne-Ghammam hard part
+- **bw6-756:** optimize GT subgroup membership
+- **kzg:** remove G2 scalar mul in single verification
+- **pairings:** isolate last iteration to avoid a double/add
+- **pairings:** isolate first iteration to avoid a MulByLine
+- **stark-curve:** no subgroup check on prime-order curve
+
+### Refactor
+- export endomorphisms
+- reflect kzg changes in plookup
+- break pedersen key into proving (committing) and verifying
+- fft.WithCoset() -> fft.OnCoset()
+- kzg tests
+- kzg.NewSRS to return two structs
+- marshal pk, vk separately
+- break up kzg srs; NewSRS for bn254
+- sis.py -> sis.sage
+- move roundtrip func to utils
+- reflect kzg changes in permutation
+- move Hash in _test.go file
+- expose fft.Generator() method
+- export bls12-381 tower
+- expose bn254 tower to gnark
+- **BatchDecompressKarabina:** handle g2=g3=0 case "explicitly"
+- **DecompressKarabina:** handle g2=g3=0 case "explicitly"
+- **pairings:** make DoubleStep and AddMixedStep private
+
+### Revert
+- do not export endomorphisms
+- NewSRS to return a pointer again
+- revive whole SRS serialization
+- reflect kzg.srs revival in other packages
+- limited revival of kzg.Srs
+
+### Style
+- move aux func down
+- no loop when serializing one object only
+- remove dead comments
+- code cleaning
+- more code cleaning
+- code cleaning
+- cosmetic edits
+
+### Test
+- check error
+- minor fixes and skip 32bit
+- update test_cases.json
+- skip tensor commitment test on 32bit arch for now
+- added sis sage test case generation
+- still good
+
+### Pull Requests
+- Merge pull request [#438](https://github.com/ConsenSys/gnark-crypto/issues/438) from Consensys/develop
+- Merge pull request [#429](https://github.com/ConsenSys/gnark-crypto/issues/429) from Consensys/release/v0.11.1
+- Merge pull request [#419](https://github.com/ConsenSys/gnark-crypto/issues/419) from Consensys/feat/gkr-custom-gates
+- Merge pull request [#410](https://github.com/ConsenSys/gnark-crypto/issues/410) from ConsenSys/fix/decode-empty-slice
+- Merge pull request [#407](https://github.com/ConsenSys/gnark-crypto/issues/407) from ConsenSys/feat/fold-pedersen
+- Merge pull request [#391](https://github.com/ConsenSys/gnark-crypto/issues/391) from ConsenSys/develop
+- Merge pull request [#386](https://github.com/ConsenSys/gnark-crypto/issues/386) from ConsenSys/perf/kzg-verify
+- Merge pull request [#384](https://github.com/ConsenSys/gnark-crypto/issues/384) from ConsenSys/refactor/break-pedersen-notowermod
+- Merge pull request [#379](https://github.com/ConsenSys/gnark-crypto/issues/379) from ConsenSys/feat/encode-uint64-slices
+- Merge pull request [#378](https://github.com/ConsenSys/gnark-crypto/issues/378) from ConsenSys/refactor/break-kzg-srs
+- Merge pull request [#382](https://github.com/ConsenSys/gnark-crypto/issues/382) from ConsenSys/refactor/not-export-endo
+- Merge pull request [#380](https://github.com/ConsenSys/gnark-crypto/issues/380) from omerfirmak/elim-pedersen-alloc
+- Merge pull request [#374](https://github.com/ConsenSys/gnark-crypto/issues/374) from ConsenSys/fix/BatchVerifyMultiPoints-0
+- Merge pull request [#376](https://github.com/ConsenSys/gnark-crypto/issues/376) from ConsenSys/refactor/export-endo
+- Merge pull request [#375](https://github.com/ConsenSys/gnark-crypto/issues/375) from ConsenSys/refactor/FinalExp
+- Merge pull request [#377](https://github.com/ConsenSys/gnark-crypto/issues/377) from ConsenSys/fix/fold-kzg-fs
+- Merge pull request [#371](https://github.com/ConsenSys/gnark-crypto/issues/371) from omerfirmak/elim-pedersen-alloc
+- Merge pull request [#369](https://github.com/ConsenSys/gnark-crypto/issues/369) from ConsenSys/build/updateci
+- Merge pull request [#368](https://github.com/ConsenSys/gnark-crypto/issues/368) from ConsenSys/develop
+- Merge pull request [#366](https://github.com/ConsenSys/gnark-crypto/issues/366) from ConsenSys/refactor/pairings
+- Merge pull request [#365](https://github.com/ConsenSys/gnark-crypto/issues/365) from ConsenSys/fix/gentime-field-bugs
+- Merge pull request [#364](https://github.com/ConsenSys/gnark-crypto/issues/364) from jtraglia/update-tested-go-versions
+- Merge pull request [#363](https://github.com/ConsenSys/gnark-crypto/issues/363) from ConsenSys/fix/infencoding
+- Merge pull request [#361](https://github.com/ConsenSys/gnark-crypto/issues/361) from ConsenSys/perf/plonk
+- Merge pull request [#360](https://github.com/ConsenSys/gnark-crypto/issues/360) from ConsenSys/bls12381-tower-gnark
+- Merge pull request [#359](https://github.com/ConsenSys/gnark-crypto/issues/359) from SherLzp/develop
+- Merge pull request [#356](https://github.com/ConsenSys/gnark-crypto/issues/356) from ConsenSys/perf/bn24317-FinalExp
+- Merge pull request [#354](https://github.com/ConsenSys/gnark-crypto/issues/354) from ConsenSys/bn254-tower-gnark
+- Merge pull request [#351](https://github.com/ConsenSys/gnark-crypto/issues/351) from ConsenSys/perf/bw6-756/GT-subgroup-check
+- Merge pull request [#349](https://github.com/ConsenSys/gnark-crypto/issues/349) from ConsenSys/perf/subgroup-check-stark
+- Merge pull request [#344](https://github.com/ConsenSys/gnark-crypto/issues/344) from ConsenSys/perf/tensor-commitment
+- Merge pull request [#345](https://github.com/ConsenSys/gnark-crypto/issues/345) from ConsenSys/feat/fftopt
+- Merge pull request [#263](https://github.com/ConsenSys/gnark-crypto/issues/263) from AlexandreBelling/perf/tensor-commitment
+- Merge pull request [#260](https://github.com/ConsenSys/gnark-crypto/issues/260) from AlexandreBelling/experimental/tensor-commitment
+
+
+
+## [v0.9.2] - 2023-07-11
+### Chore
+- update CHANGELOG
+
+### Fix
+- ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428))
+
+
## [v0.11.1] - 2023-07-11
+### Build
+- go generate
+- generify bn254 changes
+- generify bn254 kzg changes
+- generify marshal changes
+- generify bn254 kzg changes
+- bump go1.20
+- update ci github action dependencies
+
+### Chore
+- update CHANGELOG
+- PR feedback
+
+### Docs
+- make comments more godoc friendly
+- remove comment
+- remove DO NOT EDIT from non-autogenerated files
+
+### Feat
+- fix v computation in ECDSA signature ([#385](https://github.com/ConsenSys/gnark-crypto/issues/385))
+- make `mapToCurve` public to allow for custom cofactor clearing ([#372](https://github.com/ConsenSys/gnark-crypto/issues/372))
+- add Double in affine coordinates
+- kzg.Vk.WriteRawTo
+- bn254 encoder to support uint64 slices
+- **pairing:** return 1 after easy part if result is 1
+
+### Fix
+- ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428))
+- handle all bitmask in point deserialization
+- littleEndian -> bigEndian
+- import utils
+- don't ignore multiexp error
+- minor errors
+- generation mistake
+- bn254 incorporate evals into kzg batch challenge
+- **kzg:** nb of digests in BatchVerifyMultiPoints should be nonzeo
+- **linter:** ineffassign in Fpk marshal
+
+### Perf
+- **kzg:** remove G2 scalar mul in single verification
+
+### Refactor
+- break pedersen key into proving (committing) and verifying
+- move roundtrip func to utils
+- reflect kzg changes in plookup
+- reflect kzg changes in permutation
+- kzg tests
+- kzg.NewSRS to return two structs
+- marshal pk, vk separately
+- break up kzg srs; NewSRS for bn254
+- export endomorphisms
+- **BatchDecompressKarabina:** handle g2=g3=0 case "explicitly"
+- **DecompressKarabina:** handle g2=g3=0 case "explicitly"
+
+### Revert
+- do not export endomorphisms
+- NewSRS to return a pointer again
+- revive whole SRS serialization
+- reflect kzg.srs revival in other packages
+- limited revival of kzg.Srs
+
+### Style
+- no loop when serializing one object only
+
+### Pull Requests
+- Merge pull request [#429](https://github.com/ConsenSys/gnark-crypto/issues/429) from Consensys/release/v0.11.1
+- Merge pull request [#391](https://github.com/ConsenSys/gnark-crypto/issues/391) from ConsenSys/develop
+- Merge pull request [#386](https://github.com/ConsenSys/gnark-crypto/issues/386) from ConsenSys/perf/kzg-verify
+- Merge pull request [#384](https://github.com/ConsenSys/gnark-crypto/issues/384) from ConsenSys/refactor/break-pedersen-notowermod
+- Merge pull request [#379](https://github.com/ConsenSys/gnark-crypto/issues/379) from ConsenSys/feat/encode-uint64-slices
+- Merge pull request [#378](https://github.com/ConsenSys/gnark-crypto/issues/378) from ConsenSys/refactor/break-kzg-srs
+- Merge pull request [#382](https://github.com/ConsenSys/gnark-crypto/issues/382) from ConsenSys/refactor/not-export-endo
+- Merge pull request [#380](https://github.com/ConsenSys/gnark-crypto/issues/380) from omerfirmak/elim-pedersen-alloc
+- Merge pull request [#374](https://github.com/ConsenSys/gnark-crypto/issues/374) from ConsenSys/fix/BatchVerifyMultiPoints-0
+- Merge pull request [#376](https://github.com/ConsenSys/gnark-crypto/issues/376) from ConsenSys/refactor/export-endo
+- Merge pull request [#375](https://github.com/ConsenSys/gnark-crypto/issues/375) from ConsenSys/refactor/FinalExp
+- Merge pull request [#377](https://github.com/ConsenSys/gnark-crypto/issues/377) from ConsenSys/fix/fold-kzg-fs
+- Merge pull request [#371](https://github.com/ConsenSys/gnark-crypto/issues/371) from omerfirmak/elim-pedersen-alloc
+- Merge pull request [#369](https://github.com/ConsenSys/gnark-crypto/issues/369) from ConsenSys/build/updateci
+
+
+
+## [v0.10.1] - 2023-07-11
+### Chore
+- update CHANGELOG
### Fix
- ECDSA HashToInt bytes-bits mismatch ([#428](https://github.com/ConsenSys/gnark-crypto/issues/428))
@@ -657,7 +1228,6 @@
- remove unecessary inverse in KZG-verify
- faster GLV scalar decompostion
-
### Refactor
- fft is done in the main loop
- kzg uses DivideByXminusA from polynomial module
@@ -684,13 +1254,10 @@
- remove dead code ([#230](https://github.com/ConsenSys/gnark-crypto/issues/230))
- inneficient -> inefficient
- cosmetic changes ([#197](https://github.com/ConsenSys/gnark-crypto/issues/197))
-- replace modulus generated by constants, add zero-alloc SetRandom ([#194](https://github.com/ConsenSys/gnark-crypto/issues/194))
-- remove unneeded x86 asm and files ([#192](https://github.com/ConsenSys/gnark-crypto/issues/192))
-- polish readme.md with updated godoc subpackage links ([#235](https://github.com/ConsenSys/gnark-crypto/issues/235))
-- acknowledge that inv(0)==0 in comments as a convention ([#233](https://github.com/ConsenSys/gnark-crypto/issues/233))
-- added note in pairing godoc - doesn't check inputs are in correct subgroup ([#231](https://github.com/ConsenSys/gnark-crypto/issues/231))
-- add security estimates of implemented curves in comments
-
+- use bytes package
+- removed dead code
+- fixed comment
+- cleaned comments, removed dead code
### Test
- cleanup
@@ -991,16 +1558,37 @@
- update field IsUIint64 doc
### Feat
-
-- **plookup:** added plookup lookup proof
-- **field:** generate optimized addition chains for Sqrt & Legendre exp functions
-- **field:** added field.SetInt64, support for intX and uintX [#109](https://github.com/ConsenSys/gnark-crypto/issues/109)
-- **field:** added UnmarshalJSON and MarshalJSON on fields
-- **field:** added field.Text(base) to return field element string in a given base, like big.Int
-- **field:** field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16)
-- **kzg:** test tampered proofs with quotient set to zero
-- **bls24:** Fp-Fp2-Fp4-Fp12-Fp24 tower
-
+- addition of test with a tampered proof
+- addition of permutation proof in lookup proof (table version)
+- addition of proof of permutation
+- added UnmarshalJSON and MarshalJSON on fields
+- added field.Text(base) to return field element string in a given base, like big.Int
+- field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16)
+- Autogen P20
+- ScalarMul-->mulWindowed, modified blinding of scalar in tests
+- Three ways of dealing with signed numbers in montgomery reduction
+- Signed mont-reduce
+- code gen for integrating permutation proof
+- Test for corrective factor consistency
+- Naive GCD works
+- addition of benchmark
+- added field.SetInt64
+- added quick and dirty benchmarking script
+- added support for intX and uintX fixes [#109](https://github.com/ConsenSys/gnark-crypto/issues/109)
+- pre-compute addition chains for Sqrt and Legendre exp functions
+- added addchain for all sqrt
+- Naive GCD improved
+- Full paper implemented, unknown bug
+- Full paper implemented, tests passing
+- **bls24:** experiment with Fp-Fp2-Fp4-Fp12-Fp24 tower
+- **kzg:** test tampered proofs whith quotient set to zero
+- **plookup:** challenges are derived using Fiat Shamir
+- **plookup:** addition of prover and verifier for tables
+- **plookup:** proof generation
+- **plookup:** addition of templates
+- **plookup:** adding missing files in templates
+- **plookup:** generated plookup for all curves
+- **plookup:** addition of benchmark
### Fix
- Optimization 3 works, but with many watches
@@ -1295,10 +1883,38 @@
- save allocation when possible when adding 2 polynomials
- ecc encoder now handles []Element so gnark don't have to
- ecc encoders uses binary.Write and binary.Read to support basic types
-- added ecc.Implemented() that returns list of curve fully implemented
-- added Reference benchmarks for continuous benchmarking. fixes [#54](https://github.com/ConsenSys/gnark-crypto/issues/54)
-- added curve level go-fuzz fuzz functions
-- **all curves:** faster GT membership
+- addition of methods GetClaimedValue(s) on opening proofs
+- Add,Sub,ScalarMul ops added to Digest
+- add new curve bls24-315
+- code gen corresponding to previous commit
+- added mul_by_13 asm impl in field arithmetic
+- Element.SetInterface returns an error instead of panicking if unsupported type
+- added Fuzz pairing billinearity
+- added kzg Fuzz test
+- added Fuzz for fft with cosets
+- added Fuzz() for fft pacakge
+- addition of method Marshal for Kzg proofs
+- addition of BatchVerifyMultiPoints in kzg
+- added element_fuzz.go with build tag gofuzz to expose non-asm (generic) impl for fuzz testing
+- kzg scheme serialization (bn254)
+- code gen for kzg scheme serialization + tests
+- helper to build a new kzg scheme for testing purpose
+- tests for mock commitment (if claimed values are correct, etc)
+- addition of test for claimed values (polynomial commitments)
+- added subgroup check for proof and digests in kzg
+- fixes [#38](https://github.com/ConsenSys/gnark-crypto/issues/38)
+- **all curves:** faster GT memebership
+- **bw6:** GT membership
+- **bw6-633:** add bw6-633 to hash and fiat-shamir
+- **bw6-633:** add twisted edwards companion to bw6-633
+- **bw6-633:** optimized frobenius
+- **ecc:** multiexp takes nbTasks as parameter instead of semaphore
+- **fft:** addition of param to set precomputations in domain struct
+- **kzg:** test polynomials of different sizes
+- **kzg:** added /kzg with NewSRS(curveID) API for serialization purposes
+- **kzg:** kzg objects implement io.ReaderFrom and io.WriterTo
+- **kzg:** hash function is passed as parameter
+- **kzg:** added optional nbTasks to pass through multiExp api
- **twisted Edwards:** tests use gopter, no more hardcoded values
### Fix
@@ -1363,7 +1979,18 @@
- **bw6:** new optimized final exp (hard part)
- **bw6-633:** divide G1 cofactor formula by 4
- **bw6-633:** optimized hard part in final exp
-- **fft:** introduced flatten kernel for n==8 and asm impl for butterfly to minimize memory writes
+- **fft:** introduced flatten kernel for n==8 and asm impl for butterfly to minimze memory writes
+- **kzg:** use syntetic division to divide by x-a
+- **kzg:** dividePolyByXminusA parallelism
+- **kzg:** dividePolyByXminusA uses precomputed domain twiddle
+- **kzg:** merge both loop in divideXpoly into 1
+- **kzg:** Open will split the msm in 2 if numCpus > 16
+- **kzg:** perform polynomial evaluations in parallel inside batchOpen
+- **kzg:** reuse memory for batchopen poly division
+- **kzg:** added batch inversion in dividePolyByXminusA
+- **kzg:** parallelize s = 1 / (x-a)
+- **kzg:** remove useless fft in dividebyxminusa
+- **kzg:** simplified dividePolyByXminusA, no need to shift
### Refactor
- removed deprecated MulAssign, AddAssign and SubAssign apis
@@ -1465,9 +2092,10 @@
### Fix
- handle case where numCPU < 4 in precomputeExpTable
- incorrect comment and size returned in twistededwards SetBytes fixes [#34](https://github.com/ConsenSys/gnark-crypto/issues/34)
+- add/dbl exJac
+- add/dbl exJac
- point.SetBytes can now be called concurently with same byte slice input
-
### Perf
- delay coordinates conversion
- delay coordinates conversion
@@ -1750,7 +2378,14 @@
## v0.0.1 - 2020-03-23
-[v0.11.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.11.0...v0.11.1
+[v0.14.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.13.0...v0.14.0
+[v0.13.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.12.1...v0.13.0
+[v0.12.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.12.0...v0.12.1
+[v0.12.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.11.2...v0.12.0
+[v0.11.2]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.2...v0.11.2
+[v0.9.2]: https://github.com/ConsenSys/gnark-crypto/compare/v0.11.1...v0.9.2
+[v0.11.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.10.1...v0.11.1
+[v0.10.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.11.0...v0.10.1
[v0.11.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.10.0...v0.11.0
[v0.10.0]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.1...v0.10.0
[v0.9.1]: https://github.com/ConsenSys/gnark-crypto/compare/v0.9.0...v0.9.1
diff --git a/README.md b/README.md
index 946c2678ba..17eb48c5e3 100644
--- a/README.md
+++ b/README.md
@@ -5,8 +5,8 @@
`gnark-crypto` provides efficient cryptographic primitives, in Go:
* Elliptic curve cryptography & **Pairing** on:
- * [`bn254`] ([audit report](audit_oct2022.pdf))
- * [`bls12-381`] ([audit report](audit_oct2022.pdf))
+ * [`bn254`] ([audit report](https://github.com/Consensys/gnark/blob/master/audits/2022-10%20-%20Kudelski%20-%20gnark-crypto.pdf))
+ * [`bls12-381`] ([audit report](https://github.com/Consensys/gnark/blob/master/audits/2022-10%20-%20Kudelski%20-%20gnark-crypto.pdf))
* [`bls24-317`]
* [`bls12-377`] / [`bw6-761`]
* [`bls24-315`] / [`bw6-633`]
@@ -34,6 +34,10 @@
`gnark-crypto` packages are optimized for 64bits architectures (x86 `amd64`) and tested on Unix (Linux / macOS).
+## Audits
+
+See [list of audits for `gnark` and `gnark-crypto`](https://github.com/consensys/gnark?tab=readme-ov-file#audits)
+
## Getting started
### Go version
@@ -75,18 +79,18 @@ If you use `gnark-crypto` in your research a citation would be appreciated.
Please use the following BibTeX to cite the most recent release.
```bib
-@software{gnark-crypto-v0.11.2,
+@software{gnark-crypto-v0.14.0,
author = {Gautam Botrel and
Thomas Piellard and
Youssef El Housni and
Arya Tabaie and
Gus Gutoski and
Ivo Kubjas},
- title = {ConsenSys/gnark-crypto: v0.11.2},
- month = jan,
- year = 2023,
+ title = {Consensys/gnark-crypto: v0.14.0},
+ month = sep,
+ year = 2024,
publisher = {Zenodo},
- version = {v0.11.2},
+ version = {v0.14.0},
doi = {10.5281/zenodo.5815453},
url = {https://doi.org/10.5281/zenodo.5815453}
}
diff --git a/audit_oct2022.pdf b/audit_oct2022.pdf
deleted file mode 100644
index c29c5ba46b..0000000000
Binary files a/audit_oct2022.pdf and /dev/null differ