Skip to content

Latest commit



152 lines (127 loc) · 5.61 KB

File metadata and controls

152 lines (127 loc) · 5.61 KB


All notable changes to this library will be documented in this file.

The format is based on Keep a Changelog, and this library adheres to Rust's notion of Semantic Versioning.


[0.13.1] - 2025-03-09


  • ff_derive now works with all odd primes, not just primes that are either 3 (mod 4) or 1 (mod 16).


  • A type inference problem when ff_derive and hybrid-array are in the same dependency tree has been fixed.

[0.13.0] - 2022-12-06


  • ff::Field::{ZERO, ONE}
  • ff::Field::pow
  • ff::Field::{sqrt_ratio, sqrt_alt}
  • core::iter::{Sum, Product} bounds on ff::Field
  • ff::PrimeField::from_u128
  • ff::PrimeField::{MODULUS, TWO_INV}
  • Constants related to multiplicative generators:
    • ff::PrimeField::{ROOT_OF_UNITY, ROOT_OF_UNITY_INV}
    • ff::PrimeField::DELTA
  • ff::WithSmallOrderMulGroup
  • ff::FromUniformBytes
  • ff::helpers:
    • sqrt_tonelli_shanks
    • sqrt_ratio_generic


  • ff::Field::sqrt is now a provided method that uses the Field::sqrt_ratio method. Implementors of the Field trait can choose to implement Field::sqrt_ratio and use the provided ff::Field::sqrt method, especially if it is more efficient in practice, or they can keep their own implementation of Field::sqrt and implement Field::sqrt_ratio in terms of that implementation using the ff::helpers::sqrt_ratio_generic helper function.
  • ff::PrimeField is now documented as representing a non-binary field (i.e. its prime is not 2). This was always the intention, but is now a concrete requirement in order for PrimeField::TWO_INV to exist.


  • ff::Field::{zero, one} (use ff::Field::{ZERO, ONE} instead).
  • ff::PrimeField::{multiplicative_generator, root_of_unity} (use ff::PrimeField::{MULTIPLICATIVE_GENERATOR, ROOT_OF_UNITY} instead).

[0.12.1] - 2022-10-28


  • ff_derive previously generated a Field::random implementation that would overflow for fields that needed a full 64-bit spare limb.

[0.12.0] - 2022-05-04


  • MSRV is now 1.56.0.
  • Bumped bitvec to 1.0.

[0.11.1] - 2022-05-04


  • ff_derive procedural macro can now be invoked within regular macros.
  • Previously, ff_derive's procedural macro would generate implementations of PrimeFieldBits even when the bits crate feature was disabled. ff_derive can now be used without a dependency on bitvec by disabling feature features. The new crate feature derive_bits can be used to force the generation of PrimeFieldBits implementations. This new crate feature will be removed once our MSRV is at least 1.60 and we have access to weak dependency features.

[0.11.0] - 2021-09-02


  • subtle::ConstantTimeEq bound on ff::Field
  • Copy + Send + Sync + 'static bounds on ff::PrimeField::Repr
  • ff::derive module behind the derive feature flag, containing dependencies for the PrimeField derive macro:
    • Re-exports of required crates.
    • adc, mac, sbb constant-time const helper functions.
  • ff::Field::is_zero_vartime
  • ff::PrimeField::from_repr_vartime


  • ff::Field::is_zero now returns subtle::Choice.
  • ff::PrimeField::{is_odd, is_even} now return subtle::Choice.
  • ff::PrimeField::from_repr now return subtle::CtOption<Self>.
  • ff::PrimeField::from_str has been renamed to PrimeField::from_str_vartime.


  • ff::{adc, mac_with_carry, sbb} (replaced by ff::derive::{adc, mac, sbb}).

[0.10.1] - 2021-08-11


  • ff::BatchInvert extension trait, implemented for iterators over mutable field elements which allows those field elements to be inverted in a batch. This trait is behind the new alloc feature flag.
  • ff::BatchInverter struct, which provides methods for non-allocating batch inversion of field elements contained within slices.

[0.10.0] - 2021-06-01


  • ff::PrimeFieldBits: PrimeField trait, behind a bits feature flag.


  • MSRV is now 1.51.0.
  • Bumped bitvec to 0.22 to enable fixing a performance regression in ff 0.9. The bitvec::view::BitView re-export has been replaced by bitvec::view::BitViewSized.
  • The bitvec dependency and its re-exports have been gated behind the bits feature flag.


  • ff::PrimeField::{ReprBits, char_le_bits, to_le_bits} (replaced by ff::PrimeFieldBits trait).


  • #[derive(PrimeField)] now works on small moduli (that fit in a single u64 limb).

[0.9.0] - 2021-01-05


  • Re-export of bitvec::view::BitView.
  • ff::FieldBits<V> type alias for the return type of ff::PrimeField::{char_le_bits, to_le_bits}.


  • Bumped bitvec to 0.20, rand_core to 0.6.


  • From<Self> and From<&Self> bounds on ff::PrimeField::Repr.

[0.8.0] - 2020-09-08


  • ff::PrimeField::{ReprBits, char_le_bits, to_le_bits}, and a public dependency on bitvec 0.18.
  • ff::Field::cube method with provided implementation.
  • Send + Sync bounds on ff::PrimeField::ReprBits


  • MSRV is now 1.44.0.
  • ff::Field::random<R: RngCore + ?Sized>(rng: &mut R) -> Self has been changed to Field::random(rng: impl RngCore) -> Self, to align with group::Group::random.


  • fmt::Display bound on ff::Field.
  • ff::PrimeField::char (replaced by ff::PrimeField::char_le_bits).
  • ff::{BitIterator, Endianness, PrimeField::ReprEndianness (replaced by ff::PrimeField::to_le_bits).