v0.9.0

• Fixed a carry propagation bug in ModInt256
• Fixed some typos

v0.8.0

• Added BLAKE2s implementation (with SSE2 and AVX2 optimizations).
• Added GLS254 support (including optimized code for x86+pclmulqdq and for ARMv8+NEON).

v0.7.0

• Improved implementation of Lagrange's algorithm for lattice basis reduction (in the 64-bit ModInt class, for 256-bit scalars); this speeds up Ed25519 signature verification by about 5000 cycles on x86.

v0.6.0

• Added "m51" code which uses 51-bit limbs for GF255 (in particular the fields used for Ed25519, jq255e and jq255s).
• Added primitive-selecting features to speed up compilations while developing/testing.

v0.5.0

• Updated FROST implementation to draft 14.
• Added FROST(Ed448, SHAKE256) support (now all draft spec ciphersuites are supported).

v0.4.0

Added GF448 (specialized field for edwards448).
Added generic code for modulus of any size (through the define_gfgen macro).
Added edwards448 (with Ed448 signatures) and decaf448 support.
Added LMS implementation (hash-based signatures).

v0.3.0

• Added FROST implementation.

v0.2.0

• Added double-odd curves jq255e and jq255s.
• Added secp256k1 support.

First release

v0.1.0 includes curves Ed25519 + Ristretto255, P-256, jq255e and jq255s.