# Changelog

- 0.5.3 (2026-01-10)
  * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.

- 0.5.2 (2025-12-28)
  * Adds an explicit 64-bit architecture constraint.
  * Tests on GHC.10.3.

- 0.5.1 (2025-12-27)
  * Improves the constant-time semantics in wNAF scalar multiplication,
    replacing "indexing via a constant-time selected value" by performing
    a full window scan and selecting via mask.

- 0.5.0 (2025-12-21)
  * We get a significant upgrade to all functionality by pulling in the
    ppad-fixed library for large unsigned and Montgomery-form integers.
    Constant-time and allocation properties are made much more rigorous
    across the board, as we no longer depend on 'Integer' whatsoever.

    This version also improves performance radically throughout. A
    summary of the speedups achieved:

    sign_schnorr:   ~7.1x speedup
    verify_schnorr: ~4.5x speedup
    sign_ecdsa:     ~1.5x speedup
    verify_ecdsa:   ~4.5x speedup

- 0.4.0 (2025-06-21)
  * Scalar multiplication, signing, verifying, and ECHD functions are now
    all total, returning 'Nothing' when supplied with invalid inputs.
  * Adds a group element check to 'mul_wnaf'.

- 0.3.0 (2025-03-14)
  * Adds 'ecdh' for computing ECDH secrets, any given secret being the
    SHA256 hash of the x-coordinate of the appropriate secp256k1 point.

- 0.2.2 (2025-02-16)
  * Exports the secp256k1 "point at infinity" as _CURVE_ZERO.

- 0.2.1 (2024-12-18)
  * Adds 'serialize_point' for compressed-format serialization of
    secp256k1 points.

- 0.2.0 (2024-11-08)
  * Adds wNAF ("w-ary non-adjacent form") scalar multiplication, as
    well as fast 'sign' and 'verify' variants for Schnorr and ECDSA
    (disambiguated by a trailing apostrophe) that make use of it.

    Each wNAF-powered function requires a 'Context' consisting of
    precomputed secp256k1 generator multiples; one can be gotten via
    'precompute'.

    Note that the non-wNAF-powered sign and verify functions have
    incurred a slight performance decrease (on the order of tens to
    hundreds of microseconds) as a result.

  * Adds 'parse_sig' for parsing compact signatures.

  * Adds a dependency on the 'primitive' library (already transitively required
    via 'ppad-hmac-drbg').

- 0.1.0 (2024-10-19)
  * Initial release, supporting public key derivation and Schnorr &
    ECDSA signatures on secp256k1.

