2.1.0

This release comes one year after v2.0.0, following rare update schedule for easy auditability.

• Point.fromAffine: convert ZERO points properly
• au8: improve Uint8Array check to work in extension context
• Signature: add normalizeS method
• Signature: addRecoveryBit should return more precise type, SignatureWithRecovery
• randomPrivateKey: fetch 48 bytes from CSPRNG instead of 40, to reduce bias

New Contributors

• @thejoelw made their first contribution in #100
• @MicahZoltu made their first contribution in #102
• @legobeat made their first contribution in #108
• @Elli610 made their first contribution in #121

Full Changelog: 2.0.0...2.1.0

2.0.0

noble-secp256k1 v2 features improved security and smaller attack surface.
The goal of v2 is to provide minimum possible JS library which is safe and fast.

That means the library was reduced 4x, to just over 400 lines. Library size is now just 4KB gzipped.
In order to achieve the goal, some features were moved to noble-curves, which is
even safer and faster drop-in replacement library with same API.
Switch to curves if you intend to keep using these features:

• DER encoding: toDERHex, toDERRawBytes, signing / verification of DER sigs
• Schnorr signatures
• Using utils.precompute() for non-base point
• Support for environments which don't support bigint literals
• Common.js support
• Support for node.js 18 and older without shim

Other changes for upgrading from @noble/secp256k1 1.7 to 2.0:

• getPublicKey
  • now produce 33-byte compressed signatures by default
  • to use old behavior, which produced 65-byte uncompressed keys, set
    argument isCompressed to false: getPublicKey(priv, false)
• sign
  • is now sync; use signAsync for async version
  • now returns Signature instance with { r, s, recovery } properties
  • canonical option was renamed to lowS
  • recovered option has been removed because recovery bit is always returned now
  • der option has been removed. There are 2 options:
    1. Use compact encoding: fromCompact, toCompactRawBytes, toCompactHex.
       Compact encoding is simply a concatenation of 32-byte r and 32-byte s.
    2. If you must use DER encoding, switch to noble-curves (see above).
• verify
  • strict option was renamed to lowS
• getSharedSecret
  • now produce 33-byte compressed signatures by default
  • to use old behavior, which produced 65-byte uncompressed keys, set
    argument isCompressed to false: getSharedSecret(a, b, false)
• recoverPublicKey(msg, sig, rec) was changed to sig.recoverPublicKey(msg)
• number type for private keys have been removed: use bigint instead
• Point (2d xy) has been changed to ProjectivePoint (3d xyz)
• utils were split into utils (same api as in noble-curves) and
  etc (hmacSha256Sync and others)

Pull request: #92

Full Changelog: 1.7.1...2.0.0

1.7.1

• Add support for recovery_bit=2, 3
• JacobianPoint#fromAffine bugfix
• P.subtract(P) and JacobianPoint.ZERO.toAffine() no longer throw errors
• Refactoring backported from noble-curves

Full Changelog: 1.7.0...1.7.1

1.7.0

The library now works with React Native 0.70. Remove all bigint ** pow operators to improve compact w bad parsers.

• Expose Point#hasEvenY()
• Utils sha256Sync and hmacSha256Sync redefinitions cannot be re-defined after the first time
• Add experimental utils._normalizePrivateKey()
• Remove experimental utils: privateAdd, privateNegate, pointAddScalar, pointMultiply. We consider their API not optimal. If you want to keep using them, copy-paste their definition from test directory.
• Refactor schnorr

Full Changelog: 1.6.3...1.7.0

1.6.3

Allow 0000... hash in recoverPublicKey

1.6.2

Fixes tests for 0000... hash in verify()

1.6.1

• Make verification of 0000... msgHash a valid behavior; due to consensus failures
• Add TS types field to exports map by @jacogr in #66

Full Changelog: 1.6.0...1.6.1

1.6.0

• Expose utils: invert, hexToBytes, concatBytes
• Refactor Schnorr/BIP340 functionality by @brandonblack in #50
• Speedup non-BASE multiplyAndAddUnsafe by @brandonblack in #54
• Remove viral esModuleInterop option from tsconfig.
• Change utils.hashToPrivateKey algorithm

New Contributors

• @brandonblack made their first contribution in #50

Full Changelog: 1.5.5...1.6.0

1.5.5

• Fixed a bug in schnorr.verify when infinity point result was not checked properly
• schnorr.verify now throws less errors, instead, it returns false
• Made schnorr.sign 60% faster, schnorr.verify 90% faster

1.5.4

• recoverPublicKey improvements:
  • Fixed an issue where it recovered invalid points
  • Added isCompressed optional argument
  • Made it ~2x faster