v0.10.0

What's Changed

TLDR;

Breaking changes

• PlonK was updated to latest paper version and is incompatible with previous gnark version
• gnark now supports efficient PlonK recursion with 2-chains (bls12-377 / bw6-761)
• Groth16 solidity verifier now supports commitments
• Addition of a "decompression" component in gnark/std
• Experimental GPU support
• Many performance improvements

---

• feat: BW6-761 emulated pairing by @yelhousni in #846
• Feat: BW6-761 KZG gadget by @yelhousni in #866
• Fix: edge cases in the Karabina cyclotomic square decompression by @yelhousni in #868
• chore: avoid nonnative dereferences by @ivokub in #861
• feat: allow custom hash function in backends by @ivokub in #873
• chore: cleanup documentation examples by @ivokub in #878
• Refactor(BW6-761): use revisited Ate pairing instead of Tate by @yelhousni in #876
• Fix sw_emulated test by @secure12 in #889
• feat: add short-hash wrappers for recursion by @ivokub in #884
• Feat/marshal g1 scalar by @ThomasPiellard in #891
• perf: lookup blueprint compile time improvement by @gbotrel in #899
• FEAT: Add experimental support for Icicle GPU acceleration behind build tag by @jeremyfelder in #844
• feat: Fiat-Shamir transcript using a short hash by @ivokub in #900
• refactor: use emulated.FieldParams as type parameter to generic Curve and Pairing by @ivokub in #901
• fix: non-native arithmetic autoreduction for division, inversion and sqrt by @ivokub in #870
• feat: batched KZG by @ivokub in #908
• fix: use platform independent method for counting new multiplication overflow from result limb count by @ivokub in #916
• feat: cache lookup blueprint entries in solving phase by @gbotrel in #915
• feat: make gkr hash registries private and threadsafe by @gbotrel in #920
• refactor: simplify hint overloading for api.Commit by @gbotrel in #919
• Perf/multisymbol 4bw by @Tabaie in #912
• fix: missing wait on channel in plonk prover by @gbotrel in #926
• Feat/bypass compression by @Tabaie in #924
• perf: if we don't compress, no need to index dict. by @gbotrel in #929
• Perf: optimize addition chains in BW6-761 final exponentiation by @yelhousni in #931
• Perf: variant of the Karabina cyclotomic squaring by @yelhousni in #933
• feat: add PLONK in-circuit verifier by @ivokub in #880
• perf: use G2 precomputed lines for Miller loop by @ivokub in #930
• perf: bounded scalar multiplication by @ivokub in #934
• Chore/compression v1 by @Tabaie in #940
• perf: non-native modular multiplication by @ivokub in #749
• fix: several typos in the documentation by @tudorpintea999 in #943
• feat: exit when condition is not filled by @ThomasPiellard in #928
• refactor: use external compressor repo by @Tabaie in #942
• fix: #951 plonk verifier checks witness length by @gbotrel in #952
• refactor: plonk.Setup takes kzg srs in canonical and lagrange form by @gbotrel in #953
• Perf: plonk verifier gadget by @yelhousni in #949
• Perf: KZG verify gadget by @yelhousni in #874
• Feat/plonk verifier batching by @ThomasPiellard in #960
• chore(deps): bump golang.org/x/crypto from 0.12.0 to 0.17.0 by @dependabot in #973
• perf(ecdsa): use GLV in JointScalarMulBase by @yelhousni in #975
• chore: adapt changes from native Fiat-Shamir transcript by @ivokub in #974
• perf,memory: lighter plonk ProvingKey (no trace) by @gbotrel in #957
• perf: mark the result of builder.IsZero as boolean to save constraints when used in future by @winderica in #977
• feat: update compress version; failing test by @gbotrel in #979
• fix: typos by @GoodDaisy in #992
• Feat/variable dict by @Tabaie in #989
• Fix std/recursion/plonk native and emulated examples by @wzmuda in #968
• feat: some todos and dead code by @yelhousni in #993
• fix IsZero bug in std/math/emulated/field_assert.go by @readygo67 in #1002
• perf(ecmul): use GLV with safe handling of edge cases in EVM ecmul by @yelhousni in #976
• fix: remove shorthash override for same field by @ivokub in #1008
• Refac/compress packing by @Tabaie in #1007
• feat: different PLONK circuit verification by @ivokub in #1010
• feat: adds plonk.SRSSize helper method by @gbotrel in #1012
• perf: groth16 verifier circuit uses precomputed lines for all curves by @yelhousni in #1016
• docs: describe that hint inputs and outputs are init-ed by @ivokub in #1003
• fix: assign baseChallenge correctly while verifying gkr solution by @ahmetyalp in #1020
• feat: use n-bit mux for switching PLONK verification keys by @ivokub in #1017
• fix: Decompressor to return -1 when output doesn't fit by @Tabaie in #1022
• Fix: edge cases in std/algebra elliptic curve arithmetic circuit (emulated and 2-chains) by @yelhousni in #1023
• fix: use subtraction with reduce in AssertIsEqual by @ivokub in #1026
• feat: plonk verifier options by @ivokub in #1028
• build: update compress to latest version by @gbotrel in #1032
• test: add emulated pairing circuits to stats by @yelhousni in #1031
• fix: use G1 generator from SRS by @ivokub in #1035
• fix: another occurence of G1 in SRS by @ivokub in #1036
• fix: organize std packages hints registrations by @ivokub in #1043
• perf(sw_emulated): optimize jointScalarMulGeneric by @yelhousni in #1049
• feat: subgroup G1/G2 membership BW6-761 and BLS12-377 by @yelhousni in #1030
• Refac/blob decompressor mirror by @Tabaie in #1047
• chore: remove committed profiles by @ivokub in #1053
• feat: stabilize anonymous hint function names by @ivokub in #1054
• feat: add option for enforcing number of goroutines for the solver by @ivokub in #1052
• feat: verify commitments in groth16 recursion verifier by @ahmetyalp in #1057
• feat: non-native sumcheck verifier by @ivokub in #1042
• fix: scs add/mul when recorded constraint is 0 by @yelhousni in #1068
• perf: emulated equality assertion by @ivokub in #1064
• refactor: kill backend.PLONK_FRI by @gbotrel in #1075
• Faster cubic 01 01 mul by @shramee in #1076
• Faster cubic 012 mul 01 by @shramee in #1077
• feat: add hint calling with either native inputs or outputs by @ivokub in #1080
• fix: emulated hint tests by @ivokub in #1083
• Perf: optimize EC arithmetic by @yelhousni in #1061
• feat: add MulNoReduce and Sum methods in field emulation by @ivokub in #1072
• Perf: optimize scalar multiplication for 2-chains by @yelhousni in #1085
• perf/fix: assume variable as zero constant when subtracting from itself by @ivokub in #1089
• feat: add range check selector retrieval by @ivokub in #1066
• Refac/compressor nodictref2 by @Tabaie in #1091
• Upgrade compress dependency to v0.2.5 by @Tabaie in #1093
• feat: add secp256k1 curve default initializer by @ivokub in #1086
• feat: Groth16 Solidity contract with commitments by @ahmetyalp in #1063
• perf: non-native multilinear polynomial evaluation by @ivokub in #1087
• perf allow for dirty padding of decompression output by @Tabaie in #1100
• feat: groth16 solidity use calldatacopy for commitments by @bernard-wagner in #1097
• feat: expmod with variable modulus by @ivokub in #1090
• Feat/plonk update by @ThomasPiellard in #1044

New Contributors

• @secure12 made their first contribution in #889
• @jeremyfelder made their first contribution in #844
• @tudorpintea999 made their first contribution in #943
• @dependabot made their first contribution in #973
• @winderica made their first contribution in #977
• @GoodDaisy made their first contribution in #992
• @wzmuda made their first contribution in #968
• @readygo67 made their first contribution in #1002
• @ahmetyalp made their first contribution in #1020
• @shramee made their first contribution in #1076
• @bernard-wagner made their first contribution in #1097

Full Changelog: v0.9.1...v0.10.0