Skip to content

Latest commit

 

History

History
1201 lines (835 loc) · 80.9 KB

CHANGELOG.md

File metadata and controls

1201 lines (835 loc) · 80.9 KB

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog. This project adheres to Semantic Versioning.

2.2.0 - 2024-12-10

Added

  • ZkProgram to support non-pure provable types as inputs and outputs #1828
  • API for recursively proving a ZkProgram method from within another #1931
    • let recursive = Experimental.Recursive(program);
    • recursive.<methodName>(...args): Promise<PublicOutput>
    • This also works within the same program, as long as the return value is type-annotated
  • Add enforceTransactionLimits parameter on Network #1910
  • Method for optional types to assert none #1922
  • Increased maximum supported amount of methods in a SmartContract or ZkProgram to 30. #1918
  • Expose low-level conversion methods Proof.{_proofToBase64,_proofFromBase64} #1928
  • Expore maxProofsVerified() and a Proof class directly on ZkPrograms #1933

Changed

  • Changed an internal type to improve IntelliSense on ZkProgram methods #1933

Fixed

  • Compiling stuck in the browser for recursive zkprograms #1906
  • Error message in rangeCheck16 gadget #1920

2.1.0 - 2024-11-13

Added

  • Support secp256r1 in elliptic curve and ECDSA gadgets #1885

Fixed

  • Witness generation error in Gadgets.arrayGet() when accessing out-of-bounds indices #1886

Breaking Changes

  • The divMod32() gadget was modified to accept nBits instead of quotientBits, and assert it is in the range [0, 2**255) to address an issue previously where the bound on quotientBits was too low #1763.
  • Provable.equal() now turns both types into canonical form before comparing them #1759
    • Removed implicit version Provable.equal(x, y) where you didn't have to pass in the type
  • The return signature of a zkProgram has changed. #1809
    • A zkProgram method must now explicitly define the return type of the method when the method has a public or auxiliary output defined.
    • The return type of a proven method has changed as a result of this.
  • Various breaking constraint changes in internal methods or circuits because of audit fix.
  • Removal of various deprecated methods and functions.
    • Promotion of various methods and functions to stable as part of change.
    • A slightly modified encryption and decryption algorithm. #1729
  • Promotion of TokenContractV2 to TokenContract with a correct amount of maximum account updates.

Added

  • ZkProgram methods now support auxiliaryOutput. #1809
    • Each program method now accepts an optional property auxiliaryOutput
    • Auxiliary output is additional output that the zkProgram method returns
  • New method toCanonical() in the Provable<T> interface to protect against incompleteness of certain operations on malicious witness inputs #1759
  • divMod64() division modulo 2^64 that returns the remainder and quotient of the operation
  • addMod64() addition modulo 2^64
  • Bitwise OR via {UInt32, UInt64}.or()
  • BLAKE2B hash function gadget. #1767

1.9.1 - 2024-10-15

Fixes

  • Performance regression when compiling recursive circuits is fixed #1874
  • Decouple offchain state instances from their definitions #1834

1.9.0 - 2024-10-15

Added

  • Added VerificationKey.dummy() method to get the dummy value of a verification key #1852 @rpanic

Changed

  • Make Proof a normal provable type, that can be witnessed and composed into Structs #1847, #1851
    • ZkProgram and SmartContract now also support private inputs that are not proofs themselves, but contain proofs nested within a Struct or array
    • Only SelfProof can still not be nested because it needs special treatment

Fixes

  • Fix verification of serialized proofs done before compiling any circuits #1857

1.8.0 - 2024-09-18

Added

  • Added verifyEthers method to verify Ethereum signatures using the EIP-191 message hashing standard. #1815
    • Added fromEthers method for parsing and converting Ethereum public keys into ForeignCurve points, supporting both compressed and uncompressed formats.
    • Added fromHex method for converting hexadecimal strings into ForeignCurve points.

Fixes

  • Fix incorrect behavior of optional proving for zkPrograms where myProgram.setProofsEnabled(false) wouldn't work when called before myProgram.compile(). #1827
  • Fix incorrect behavior of state.fetch() for custom token contracts. @rpanic #1853

1.7.0 - 2024-09-04

Added

  • Added Encryption.encryptV2() and Encryption.decryptV2() for an updated encryption algorithm that guarantees cipher text integrity.
    • Also added Encryption.encryptBytes() and Encryption.decryptBytes() using the same algorithm.
  • New option proofsEnabled for zkProgram (default value: true), to quickly test circuit logic with proofs disabled #1805
    • Additionally added MyProgram.proofsEnabled to get the internal value of proofsEnabled and MyProgram.setProofsEnabled(proofsEnabled) to set the value dynamically.

Deprecated

  • this.sender.getAndRequireSignature() / getUnconstrained() deprecated in favor of V2 versions due to a vulnerability #1799

Fixes

  • Fix behavior of Int64.modV2() when the input is negative and the remainder should be 0 #1797

1.6.0 - 2024-07-23

Added

  • SmartContract.emitEventIf() to conditionally emit an event #1746
  • Added Encryption.encryptV2() and Encryption.decryptV2() for an updated encryption algorithm that guarantees cipher text integrity.
    • Also added Encryption.encryptBytes() and Encryption.decryptBytes() using the same algorithm.

Changed

  • Reduced maximum bit length for xor, not, and and, operations from 254 to 240 bits to prevent overflow vulnerabilities. #1745
  • Allow using Type instead of Type.provable in APIs that expect a provable type #1751
    • Example: Provable.witness(Bytes32, () => bytes)
  • Automatically wrap and unwrap Unconstrained in fromValue and toValue, so that we don't need to deal with "unconstrained" values outside provable code #1751

1.5.0 - 2024-07-09

Breaking changes

  • Fixed a vulnerability in OffchainState where it didn't store the IndexedMerkleTree length onchain and left it unconstrained #1676

Added

  • A warning about the current reducer API limitations, as well as a mention of active work to mitigate them was added to doc comments and examples #1728
  • ForeignField-based representation of scalars via ScalarField #1705
  • Introduced new V2 methods for nullifier operations: isUnusedV2(), assertUnusedV2(), and setUsedV2() #1715
  • Int64.create() method for safe instance creation with canonical zero representation #1735
  • New V2 methods for Int64 operations: fromObjectV2, divV2() #1735
  • Experimental.BatchReducer to reduce actions in batches #1676
    • Avoids the account update limit
    • Handles arbitrary numbers of pending actions thanks to recursive validation of the next batch
  • Add conditional versions of all preconditions: .requireEqualsIf() #1676
  • AccountUpdate.createIf() to conditionally add an account update to the current transaction #1676
  • IndexedMerkleMap.setIf() to set a key-value pair conditionally #1676
  • Provable.assertEqualIf() to conditionally assert that two values are equal #1676
  • Add offchainState.setContractClass() which enables us to declare the connected contract at the top level, without creating a contract instance #1676
    • This is enough to call offchainState.compile()
  • More low-level methods to interact with MerkleList #1676
    • popIfUnsafe(), toArrayUnconstrained() and lengthUnconstrained()

Changed

  • Improve error message when o1js global state is accessed in an invalid way #1676
  • Start developing an internal framework for local zkapp testing #1676
  • Internally upgrade o1js to TypeScript 5.4 #1676

Deprecated

  • Deprecated Nullifier.isUnused(), Nullifier.assertUnused(), and Nullifier.setUsed() methods #1715
  • createEcdsa, createForeignCurve, ForeignCurve and EcdsaSignature deprecated in favor of V2 versions due to a security vulnerability found in the current implementation #1703
  • Int64 constructor, recommending Int64.create() instead #1735
  • Original div() and fromObject, methods in favor of V2 versions #1735
  • Deprecate AccountUpdate.defaultAccountUpdate() in favor of AccountUpdate.default() #1676

Fixed

  • Fix reversed order of account updates when using TokenContract.approveAccountUpdates() #1722
  • Fixed the static check() method in Struct classes to properly handle inheritance, preventing issues with under-constrained circuits. Added error handling to avoid using Struct directly as a field type. #1707
  • Fixed that Option could not be used as @state or event #1736

1.4.0 - 2024-06-25

Added

  • SHA256 low-level API exposed via Gadgets.SHA256. #1689 @Shigoto-dev19
  • Added the option to specify custom feature flags for sided loaded proofs in the DynamicProof class. #1688
    • Feature flags are required to tell Pickles what proof structure it should expect when side loading dynamic proofs and verification keys.
    • FeatureFlags is now exported and provides a set of helper functions to compute feature flags correctly.

Deprecated

  • MerkleMap.computeRootAndKey() deprecated in favor of MerkleMap.computeRootAndKeyV2() due to a potential issue of computing hash collisions in key indicies #1694

1.3.1 - 2024-06-11

Breaking Changes

  • Improve efficiency of Experimental.OffchainState implementation #1672
    • Comes with breaking changes to the internal circuits of OffchainState
    • Also, introduce offchainState.commitments() to initialize the state commitments onchain. Using OffchainStateCommitments.empty() no longer works.

Added

  • Experimental.IndexedMerkleMap, a better primitive for Merkleized storage #1666 #1671
    • Uses 4-8x fewer constraints than MerkleMap
    • In contrast to MerkleTree and MerkleMap, IndexedMerkleMap has a high-level API that can be used in provable code
  • Added Ecdsa.verifyV2() and Ecdsa.verifySignedHashV2 methods to the Ecdsa class. #1669

Deprecated

  • Int64.isPositive() and Int64.mod() deprecated because they behave incorrectly on -0 #1660
    • This can pose an attack surface, since it is easy to maliciously pick either the +0 or the -0 representation
    • Use Int64.isPositiveV2() and Int64.modV2() instead
    • Also deprecated Int64.neg() in favor of Int64.negV2(), for compatibility with v2 version of Int64 that will use Int64.checkV2()
  • Ecdsa.verify() and Ecdsa.verifySignedHash() deprecated in favor of Ecdsa.verifyV2() and Ecdsa.verifySignedHashV2() due to a security vulnerability found in the current implementation #1669

Fixed

  • Fix handling of fetch response for non-existing accounts #1679

1.3.0 - 2024-05-23

Added

  • Added base64Encode() and base64Decode(byteLength) methods to the Bytes class. #1659

Fixes

  • Fix type inference for method.returns(Type), to require a matching return signature #1653
  • Fix Struct.empty() returning a garbage object when one of the base types doesn't support empty() #1657
  • Fix Option.value_exn None error when using certain custom gates in combination with recursion #1336 MinaProtocol/mina#15588

1.2.0 - 2024-05-14

Added

  • Offchain state MVP exported under Experimental.OffchainState #1630 #1652
    • allows you to store any number of fields and key-value maps on your zkApp
    • implemented using actions which define an offchain Merkle tree
  • Option for defining an optional version of any provable type #1630
  • MerkleTree.clone() and MerkleTree.getLeaf(), new convenience methods for merkle trees #1630
  • MerkleList.forEach(), a simple and safe way for iterating over a MerkleList
  • Unconstrained.provableWithEmpty() to create an unconstrained provable type with a known empty() value #1630
  • Permissions.VerificationKey, a namespace for verification key permissions #1639
    • Includes more accurate names for the impossible and proof permissions for verification keys, which are now called impossibleDuringCurrentVersion and proofDuringCurrentVersion respectively.

Changed

  • State() now optionally accepts an initial value as input parameter #1630
    • Example: @state(Field) x = State(Field(1));
    • Initial values will be set in the default init() method
    • You no longer need a custom init() method to set initial values

Fixes

  • Fix absolute imports which prevented compilation in some TS projects that used o1js #1628

1.1.0 - 2024-04-30

Added

Changed

  • Gadgets.rangeCheck64() now returns individual range-checked limbs for advanced use cases #1229

Fixed

  • Fixed issue in UInt64.rightShift() where it incorrectly performed a left shift instead of a right shift. #1617
  • Fixed issue in ForeignField.toBits() where high limbs were under-constrained for input length less than 176. #1617
  • Make dummyBase64Proof() lazy. Significant speed up when generating many account updates with authorization Proof while proofs turned off. #1624

1.0.1 - 2024-04-22

Breaking changes

  • Native curve improvements #1530
    • Change the internal representation of Scalar from 255 Bools to 1 Bool and 1 Field (low bit and high 254 bits)
    • Make Group.scale() support all scalars (previously did not support 0, 1 and -1)
    • Make Group.scale() directly accept Field elements, and much more efficient than previous methods of scaling by Fields
      • As a result, Signature.verify() and Nullifier.verify() use much fewer constraints
    • Fix Scalar.fromBits() to not produce a shifted scalar; shifting is no longer exposed to users of Scalar.
  • Add assertion to the foreign EC addition gadget that prevents degenerate cases #1545
    • Fixes soundness of ECDSA; slightly increases its constraints from ~28k to 29k
    • Breaks circuits that used EC addition, like ECDSA
  • Mina.LocalBlockchain() and Proof.fromJSON() are made async #1583
    • These were the last remaining sync APIs that depended on an async setup task; making them async enables removing top-level await
  • Mina.LocalBlockchain no longer supports the network kind configuration #1581
  • Poseidon.hashToGroup() now returns a Group directly, and constrains it to be deterministic #1546
    • Added Poseidon.Unsafe.hashToGroup() as a more efficient, non-deterministic version for advanced use cases
  • A Transaction's prove method no longer returns the proofs promise directly, but rather returns a Transaction promise, the resolved value of which contains a proofs prop. #1567
  • The Transaction type now has two type params Proven extends boolean and Signed extends boolean, which are used to conditionally show/hide relevant state. #1567
  • Improved functionality of MerkleList and MerkleListIterator for easier traversal of MerkleLists. #1562
  • Simplified internal logic of reducer. #1577
    • contract.getActions() now returns a MerkleList
  • Add toValue() and fromValue() interface to Provable<T> to encode how provable types map to plain JS values #1271
    • You can now return the plain value from a Provable.witness() callback, and it will be transformed into the provable type
  • Remove Account() constructor which was no different from AccountUpdate.create().account, and export Account type instead. #1598

Added

  • Export Events under AccountUpdate.Events. #1563
  • Mina.transaction has been reworked such that one can call methods directly on the returned promise (now a TransactionPromise). This enables a fluent / method-chaining API. #1567
  • TransactionPendingPromise enables calling wait directly on the promise returned by calling send on a Transaction. #1567
  • initializeBindings() to explicitly trigger setup work that is needed when running provable code #1583
    • calling this function is optional

Changed

  • Remove top-level await #1583
    • To simplify integration with bundlers like webpack
  • Make MerkleTree.{nodes,zeroes} public properties #1555
    • This makes it possible to clone merkle trees, which is often needed

Fixed

  • Fix error when computing Merkle map witnesses, introduced in the last version due to the toBits() change #1559
  • Improved error message when compiling a program that has no methods. #1563

0.18.0 - 2024-04-09

Breaking changes

  • Async circuits. Require all smart contract and zkprogram methods to be async #1477
    • This change allows you to use await inside your methods. Change the method signature by adding the async keyword.
    • Don't forget to add await to all contract calls! await MyContract.myMethod();
    • To declare a return value from a method, use the new @method.returns() decorator
  • Require the callback to Mina.transaction() to be async #1468
  • Change {SmartContract,ZkProgram}.analyzeMethods() to be async #1450
    • Provable.runAndCheck(), Provable.constraintSystem() and {SmartContract,ZkProgram}.digest() are also async now
  • Remove deprecated APIs
    • Remove CircuitValue, prop, arrayProp and matrixProp #1507
    • Remove Mina.accountCreationFee(), Mina.BerkeleyQANet, all APIs which accept private keys for feepayers, Token, AccountUpdate.tokenSymbol, SmartContract.{token, setValue, setPermissions}, "assert" methods for preconditions, MerkleTee.calculateRootSlow(), Scalar.fromBigInt(), UInt64.lt() and friends, deprecated static methods on Group, utility methods on Circuit like Circuit.if(), Field.isZero(), isReady and shutdown() #1515
  • Remove privateKey from the accepted arguments of SmartContract.deploy() #1515
  • Efficient comparisons. Support arbitrary bit lengths for Field comparisons and massively reduce their constraints #1523
    • Field.assertLessThan() goes from 510 to 24 constraints, Field.lessThan() from 509 to 38
    • Moderately improve other comparisons: UInt64.assertLessThan() from 27 to 14, UInt64.lessThan() from 27 to 15, UInt32 similar.
    • Massively improve Field.isEven(), add Field.isOdd()
    • PrivateKey.toPublicKey() from 358 to 119 constraints thanks to isOdd()
    • Add Gadgets.ForeignField.assertLessThanOrEqual() and support two variables as input to ForeignField.assertLessThan()
  • Remove this.sender which unintuitively did not prove that its value was the actual sender of the transaction #1464 @julio4 Replaced by more explicit APIs:
    • this.sender.getUnconstrained() which has the old behavior of this.sender, and returns an unconstrained value (which means that the prover can set it to any value they want)
    • this.sender.getAndRequireSignature() which requires a signature from the sender's public key and therefore proves that whoever created the transaction really owns the sender account
  • Reducer.reduce() requires the maximum number of actions per method as an explicit (optional) argument #1450
    • The default value is 1 and should work for most existing contracts
  • new UInt64() and UInt64.from() no longer unsafely accept a field element as input. #1438 @julio4
    As a replacement, UInt64.Unsafe.fromField() was introduced
    • This prevents you from accidentally creating a UInt64 without proving that it fits in 64 bits
    • Equivalent changes were made to UInt32
  • Fixed vulnerability in Field.to/fromBits() outlined in #1023 by imposing a limit of 254 bits #1461
  • Remove Field.rangeCheckHelper() which was too low-level and easy to misuse #1485
    • Also, rename the misleadingly named Gadgets.isInRangeN() to Gadgets.isDefinitelyInRangeN()
  • Rename Bool.Unsafe.ofField() to Bool.Unsafe.fromField() #1485
  • Replace the namespaced type exports Gadgets.Field3 and Gadgets.ForeignField.Sum with Field3 and ForeignFieldSum
    • Unfortunately, the namespace didn't play well with auto-imports in TypeScript
  • Add Gadgets.rangeCheck3x12() and fix proof system bug that prevented it from working #1534
  • Update transaction version and other bindings changes to ensure berkeley compatibility #1542

Added

  • Provable.witnessAsync() to introduce provable values from an async callback #1468
  • Internal benchmarking tooling to keep track of performance #1481
  • Add toInput method for Group instance #1483

Changed

  • field.assertBool() now also returns the Field as a Bool for ergonomics #1523

0.17.0 - 2024-03-06

Breaking changes

  • Fixed parity between Mina.LocalBlockchain and Mina.Network to have the same behaviors #1422 #1480
    • Changed the TransactionId type to Transaction. Additionally added PendingTransaction and RejectedTransaction types to better represent the state of a transaction.
    • Transaction.safeSend() and PendingTransaction.safeWait() are introduced to return a IncludedTransaction or RejectedTransaction object without throwing errors.
    • transaction.send() throws an error if the transaction was not successful for both Mina.LocalBlockchain and Mina.Network and returns a PendingTransaction object if it was successful. Use transaction.safeSend to send a transaction that will not throw an error and either return a PendingTransaction or RejectedTransaction.
    • transaction.wait() throws an error if the transaction was not successful for both Mina.LocalBlockchain and Mina.Network and returns a IncludedTransaction object if it was successful. Use transaction.safeWait to send a transaction that will not throw an error and either return a IncludedTransaction or RejectedTransaction.
    • transaction.hash() is no longer a function, it is now a property that returns the hash of the transaction.
    • Changed Transaction.isSuccess to Transaction.status to better represent the state of a transaction.
  • Improved efficiency of computing AccountUpdate.callData by packing field elements into as few field elements as possible #1458
    • This leads to a large reduction in the number of constraints used when inputs to a zkApp method are many field elements (e.g. a long list of Bools)
  • Return events in the LocalBlockchain in reverse chronological order (latest events at the beginning) to match the behavior of the Network #1460

Added

  • Support for custom network identifiers other than mainnet or testnet #1444
  • PrivateKey.randomKeypair() to generate private and public key in one command #1446
  • setNumberOfWorkers() to allow developer to override the number of workers used during compilation and proof generation/verification #1456

Changed

  • Improve all-around performance by reverting the Apple silicon workaround (#683) as the root problem is now fixed upstream #1456
  • Improved error message when trying to use fetchActions/fetchEvents with a missing Archive Node endpoint #1459

Deprecated

  • SmartContract.token is deprecated in favor of new methods on TokenContract #1446
    • TokenContract.deriveTokenId() to get the ID of the managed token
    • TokenContract.internal.{send, mint, burn} to perform token operations from within the contract

Fixed

  • Mitigate security hazard of deploying token contracts #1439
  • Make Circuit handle types with a .provable property (like those used in ECDSA) #1471
    • To support offchain, non-Pickles proofs of ECDSA signatures

Breaking changes

  • Remove AccountUpdate.children and AccountUpdate.parent properties #1402
    • Also removes the optional AccountUpdatesLayout argument to approve()
    • Adds AccountUpdateTree and AccountUpdateForest, new classes that represent a layout of account updates explicitly
    • Both of the new types are now accepted as inputs to approve()
    • accountUpdate.extractTree() to obtain the tree associated with an account update in the current transaction context.
  • Remove Experimental.Callback API #1430

Added

  • MerkleList<T> to enable provable operations on a dynamically-sized list #1398
    • including MerkleListIterator<T> to iterate over a merkle list
  • TokenContract, a new base smart contract class for token contracts #1384
    • Usage example: https://github.com/o1-labs/o1js/blob/main/src/lib/mina/token/token-contract.unit-test.ts
  • TokenAccountUpdateIterator, a primitive to iterate over all token account updates in a transaction #1398
    • this is used to implement TokenContract under the hood

Fixed

Breaking changes

  • Protocol change that adds a "transaction version" to the permission to set verification keys MinaProtocol/mina#14407
    • See the relevant RFC for the motivation behind this change
    • Breaks all deployed contracts, as it changes the account update layout

Added

  • Provable type Packed<T> to pack small field elements into fewer field elements #1376
  • Provable type Hashed<T> to represent provable types by their hash #1377
    • This also exposes Poseidon.hashPacked() to efficiently hash an arbitrary type

Changed

  • Reduce number of constraints of ECDSA verification by 5% #1376

Changed

  • Improve performance of Wasm Poseidon hashing by a factor of 13x #1378
    • Speeds up local blockchain tests without proving by ~40%
  • Improve performance of Field inverse #1373
    • Speeds up proving by ~2-4%

Added

  • Configurable networkId when declaring a Mina instance. #1387
    • Defaults to "testnet", the other option is "mainnet"
    • The networkId parameter influences the algorithm used for signatures, and ensures that testnet transactions can't be replayed on mainnet

Added

  • SHA256 hash function exposed via Hash.SHA2_256 or Gadgets.SHA256. #1285

Changed

  • Mina.accountCreationFee() is deprecated in favor of Mina.getNetworkConstants().accountCreationFee. #1367
    • Mina.getNetworkConstants() returns:
      • default network constants if used outside of the transaction scope.
      • actual network constants if used within the transaction scope.

Fixed

  • Fix approving of complex account update layouts #1364

Fixed

  • Fix bug in Hash.hash() which always resulted in an error #1346

Breaking changes

  • Rename Gadgets.rotate() to Gadgets.rotate64() to better reflect the amount of bits the gadget operates on. #1259
  • Rename Gadgets.{leftShift(), rightShift()} to Gadgets.{leftShift64(), rightShift64()} to better reflect the amount of bits the gadget operates on. #1259

Added

  • Non-native elliptic curve operations exposed through createForeignCurve() class factory #1007
  • ECDSA signature verification exposed through createEcdsa() class factory #1240 #1007 #1307
    • For an example, see ./src/examples/crypto/ecdsa
  • Keccak/SHA3 hash function exposed on Keccak namespace #1291
  • Hash namespace which holds all hash functions #999
    • Bytes, provable type to hold a byte array, which serves as input and output for Keccak variants
    • UInt8, provable type to hold a single byte, which is constrained to be in the 0 to 255 range
  • Gadgets.rotate32() for rotation over 32 bit values #1259
  • Gadgets.leftShift32() for left shift over 32 bit values #1259
  • Gadgets.divMod32() division modulo 2^32 that returns the remainder and quotient of the operation #1259
  • Gadgets.rangeCheck32() range check for 32 bit values #1259
  • Gadgets.addMod32() addition modulo 2^32 #1259
  • Expose new bitwise gadgets on UInt32 and UInt64 #1259
    • bitwise XOR via {UInt32, UInt64}.xor()
    • bitwise NOT via {UInt32, UInt64}.not()
    • bitwise ROTATE via {UInt32, UInt64}.rotate()
    • bitwise LEFTSHIFT via {UInt32, UInt64}.leftShift()
    • bitwise RIGHTSHIFT via {UInt32, UInt64}.rightShift()
    • bitwise AND via {UInt32, UInt64}.and()
  • Example for using actions to store a map data structure #1300
  • Provable.constraintSystem() and {ZkProgram,SmartContract}.analyzeMethods() return a summary() method to return a summary of the constraints used by a method #1007
  • assert() asserts that a given statement is true #1285

Fixed

  • Fix stack overflows when calling provable methods with large inputs #1334
  • Fix Local.setProofsEnabled() which would not get picked up by deploy() #1330
  • Remove usage of private class fields in core types like Field, for better type compatibility between different o1js versions #1319

Breaking changes

  • ZkProgram.compile() now returns the verification key and its hash, to be consistent with SmartContract.compile() #1292 @rpanic

Added

  • Foreign field arithmetic exposed through the createForeignField() class factory #985
  • Crypto namespace which exposes elliptic curve and finite field arithmetic on bigints, as well as example curve parameters #1240
  • Gadgets.ForeignField.assertMul() for efficiently constraining products of sums in non-native arithmetic #1262
  • Unconstrained for safely maintaining unconstrained values in provable code #1262
  • Gadgets.rangeCheck8() to assert that a value fits in 8 bits #1288

Changed

  • Change precondition APIs to use "require" instead of "assert" as the verb, to distinguish them from provable assertions. @LuffySama-Dev
    • this.x.getAndAssertEquals() is now this.x.getAndRequireEquals() #1263
    • this.x.assertEquals(x) is now this.x.requireEquals(x) #1263
    • this.account.x.getAndAssertEquals(x) is now this.account.x.requireEquals(x) #1265
    • this.account.x.assertBetween() is now this.account.x.requireBetween() #1265
    • this.network.x.getAndAssertEquals() is now this.network.x.getAndRequireEquals() #1265
  • Provable.constraintSystem() and {ZkProgram,SmartContract}.analyzeMethods() return a print() method for pretty-printing the constraint system #1240

Fixed

  • Fix missing recursive verification of proofs in smart contracts #1302

Breaking changes

  • Change return signature of ZkProgram.analyzeMethods() to be a keyed object #1223

Added

  • Provable non-native field arithmetic:
    • Gadgets.ForeignField.{add, sub, sumchain}() for addition and subtraction #1220
    • Gadgets.ForeignField.{mul, inv, div}() for multiplication and division #1223
  • Comprehensive internal testing of constraint system layouts generated by new gadgets #1241 #1220

Changed

  • Lightnet namespace API updates with added listAcquiredKeyPairs() method #1256
  • Expose raw provable methods of a ZkProgram on zkProgram.rawMethods #1241
  • Reduce number of constraints needed by rotate(), leftShift() and, rightShift() gadgets #1201

Fixed

  • Add a parameter to checkZkappTransaction for block length to check for transaction inclusion. This fixes a case where Transaction.wait() only checked the latest block, which led to an error once the transaction was included in a block that was not the latest. #1239

Added

  • Gadgets.not(), new provable method to support bitwise not. #1198
  • Gadgets.leftShift() / Gadgets.rightShift(), new provable methods to support bitwise shifting. #1194
  • Gadgets.and(), new provable method to support bitwise and. #1193
  • Gadgets.multiRangeCheck() and Gadgets.compactMultiRangeCheck(), two building blocks for non-native arithmetic with bigints of size up to 264 bits. #1216

Fixed

  • Removed array reversal of fetched actions, since they are returned in the correct order. #1258

Breaking changes

  • Constraint optimizations in Field methods and core crypto changes break all verification keys #1171 #1178

Changed

  • ZkProgram has moved out of the Experimental namespace and is now available as a top-level import directly. Experimental.ZkProgram has been deprecated.
  • ZkProgram gets a new input argument name: string which is required in the non-experimental API. The name is used to identify a ZkProgram when caching prover keys. #1200

Added

  • Lightnet namespace to interact with the account manager provided by the lightnet Mina network #1167
  • Internal support for several custom gates (range check, bitwise operations, foreign field operations) and lookup tables #1176
  • Gadgets.rangeCheck64(), new provable method to do efficient 64-bit range checks using lookup tables #1181
  • Gadgets.rotate(), new provable method to support bitwise rotation for native field elements. #1182
  • Gadgets.xor(), new provable method to support bitwise xor for native field elements. #1177
  • Proof.dummy() to create dummy proofs #1188
    • You can use this to write ZkPrograms that handle the base case and the inductive case in the same method.

Changed

  • Use cached prover keys in compile() when running in Node.js #1187
    • Caching is configurable by passing a custom Cache (new export) to compile()
    • By default, prover keys are stored in an OS-dependent cache directory; ~/.cache/pickles on Mac and Linux
  • Use cached setup points (SRS and Lagrange bases) when running in Node.js #1197
    • Also, speed up SRS generation by using multiple threads
    • Together with caching of prover keys, this speeds up compilation time by roughly
      • 86% when everything is cached
      • 34% when nothing is cached

Breaking changes

  • Changes to some verification keys caused by changing the way Struct orders object properties. #1124 @Comdex
    • To recover existing verification keys and behavior, change the order of properties in your Struct definitions to be alphabetical
    • The customObjectKeys option is removed from Struct

Changed

  • Improve prover performance by ~25% #1092
    • Change internal representation of field elements to be JS bigint instead of Uint8Array
  • Consolidate internal framework for testing equivalence of two implementations

Breaking changes

  • Changes to verification keys caused by updates to the proof system. This breaks all deployed contracts #1016

Changed

  • Renamed SnarkyJS to o1js #1104
  • Reduce loading time of the library by 3-4x #1073
  • Improve error when forgetting transaction.prove() #1095

Added

  • Added a method createTestNullifier to the Nullifier class for testing purposes. It is recommended to use mina-signer to create Nullifiers in production, since it does not leak the private key of the user. The Nullifier.createTestNullifier method requires the private key as an input outside of the users wallet. #1026
  • Added field.isEven to check if a Field element is odd or even. #1026

Fixed

  • Revert verification key hash change from previous release to stay compatible with the current testnet #1032

Breaking Changes

  • Fix the default verification key hash that was generated for AccountUpdates. This change adopts the default mechanism provided by Mina Protocol #1021
    • Please be aware that this alteration results in a breaking change affecting the verification key of already deployed contracts.

Fixed

  • NodeJS error caused by invalid import #1012

Fixed

  • Fix commonJS version of o1js, again #1006

Fixed

  • Fix commonJS version of o1js #1005

Breaking changes

  • Group operations now generate a different set of constraints. This breaks deployed contracts, because the circuit changed. #967

Added

  • Implemented Nullifier as a new primitive #882
    • mina-signer can now be used to generate a Nullifier, which can be consumed by zkApps using the newly added Nullifier Struct

Changed

  • Improve error message Can't evaluate prover code outside an as_prover block #998

Fixed

  • Fix unsupported use of window when running o1js in workers #1002

Breaking changes

  • Rewrite of Provable.if() causes breaking changes to all deployed contracts #889
  • Remove all deprecated methods and properties on Field #902
  • The Field(x) constructor and other Field methods no longer accept a boolean as input. Instead, you can now pass in a bigint to all Field methods. #902
  • Remove redundant signFeePayer() method #935

Added

  • Add field.assertNotEquals() to assert that a field element does not equal some value #902
    • More efficient than field.equals(x).assertFalse()
  • Add scalar.toConstant(), scalar.toBigInt(), Scalar.from(), privateKey.toBigInt(), PrivateKey.fromBigInt() #935
  • Poseidon.hashToGroup enables hashing to a group #887

Changed

  • Make stack traces more readable #890
    • Stack traces thrown from o1js are cleaned up by filtering out unnecessary lines and other noisy details
  • Remove optional zkappKey argument in smartContract.init(), and instead assert that provedState is false when init() is called #908
  • Improve assertion error messages on Field methods #743 #902
  • Publicly expose the internal details of the Field type #902

Deprecated

  • Utility methods on Circuit are deprecated in favor of the same methods on Provable #889
    • Circuit.if(), Circuit.witness(), Circuit.log() and others replaced by Provable.if(), Provable.witness(), Provable.log()
    • Under the hood, some of these methods were rewritten in TypeScript
  • Deprecate field.isZero() #902

Fixed

  • Fix running o1js in Node.js on Windows o1-labs/o1js-bindings#19 @wizicer
  • Fix error reporting from GraphQL requests #919
  • Resolved an Out of Memory error experienced on iOS devices (iPhones and iPads) during the initialization of the WASM memory o1-labs/o1js-bindings#26
  • Fix field.greaterThan() and other comparison methods outside provable code #858 #902
  • Fix field.assertBool() #469 #902
  • Fix Field(bigint) where bigint is larger than the field modulus #432 #902
    • The new behaviour is to use the modular residual of the input
  • No longer fail on missing signature in tx.send(). This fixes the flow of deploying a zkApp from a UI via a wallet #931 @marekyggdrasil

Changed

Breaking Changes

  • All references to actionsHash are renamed to actionState to better mirror what is used in Mina protocol APIs #833
    • This change affects function parameters and returned object keys throughout the API
  • No longer make MayUseToken.InheritFromParent the default mayUseToken value on the caller if one zkApp method calls another one; this removes the need to manually override mayUseToken in several known cases #863
    • Causes a breaking change to the verification key of deployed contracts that use zkApp composability

Added

  • this.state.getAndAssertEquals() as a shortcut for let x = this.state.get(); this.state.assertEquals(x); #863
    • also added .getAndAssertEquals() on this.account and this.network fields
  • Support for fallback endpoints when making network requests, allowing users to provide an array of endpoints for GraphQL network requests. #871
    • Endpoints are fetched two at a time, and the result returned from the faster response
  • reducer.forEach(actions, ...) as a shortcut for reducer.reduce() when you don't need a state #863
  • New export TokenId which supersedes Token.Id; TokenId.deriveId() replaces Token.Id.getId() #863
  • Add Permissions.allImpossible() for the set of permissions where nothing is allowed (more convenient than Permissions.default() when you want to make most actions impossible) #863

Changed

  • Massive improvement of memory consumption, thanks to a refactor of o1js' worker usage #872
    • Memory reduced by up to 10x; see the PR for details
    • Side effect: Circuit API becomes async, for example MyCircuit.prove(...) becomes await MyCircuit.prove(...)
  • Token APIs this.token.{send,burn,mint}() now accept an AccountUpdate or SmartContract as from / to input #863
  • Improve Transaction.toPretty() output by adding account update labels in most methods that create account updates #863
  • Raises the limit of actions/events per transaction from 16 to 100, providing users with the ability to submit a larger number of events/actions in a single transaction. #883.

Deprecated

  • Deprecate both shutdown() and await isReady, which are no longer needed #872

Fixed

  • SmartContract.deploy() now throws an error when no verification key is found #885
    • The old, confusing behaviour was to silently not update the verification key (but still update some permissions to "proof", breaking the zkApp)

Fixed

  • Fix fetching the access permission on accounts #851
  • Fix fetchActions #844 #854 @Comdex
  • Updated Mina.TransactionId.isSuccess to accurately verify zkApp transaction status after using Mina.TransactionId.wait(). #826
    • This change ensures that the function correctly checks for transaction completion and provides the expected result.

Added

  • smartContract.fetchActions() and Mina.fetchActions(), asynchronous methods to fetch actions directly from an archive node #843 @Comdex

Changed

  • Circuit.runAndCheck() now uses snarky to create a constraint system and witnesses, and check constraints. It closely matches behavior during proving and can be used to test provable code without having to create an expensive proof #840

Fixed

  • Fixes two issues that were temporarily reintroduced in the 0.9.6 release #799 #530

Breaking changes

  • Circuits changed due to an internal rename of "sequence events" to "actions" which included a change to some hash prefixes; this breaks all deployed contracts.
  • Temporarily reintroduces 2 known issues as a result of reverting a fix necessary for network redeployment:
    • #799
    • #530
    • Please note that we plan to address these issues in a future release. In the meantime, to work around this breaking change, you can try calling fetchAccount for each account involved in a transaction before executing the Mina.transaction block.
  • Improve number of constraints needed for Merkle tree hashing #820
    • This breaks deployed zkApps which use MerkleWitness.calculateRoot(), because the circuit is changed
    • You can make your existing contracts compatible again by switching to MerkleWitness.calculateRootSlow(), which has the old circuit
  • Renamed function parameters: The getAction function now accepts a new object structure for its parameters. #828
    • The previous object keys, fromActionHash and endActionHash, have been replaced by fromActionState and endActionState.

Added

  • zkProgram.analyzeMethods() to obtain metadata about a ZkProgram's methods #829 @maht0rz

Fixed

  • Improved Event Handling in o1js #825
    • Updated the internal event type to better handle events emitted in different zkApp transactions and when multiple zkApp transactions are present within a block.
    • The internal event type now includes event data and transaction information as separate objects, allowing for more accurate information about each event and its associated transaction.
  • Removed multiple best tip blocks when fetching action data #817
    • Implemented a temporary fix that filters out multiple best tip blocks, if they exist, while fetching actions. This fix will be removed once the related issue in the Archive-Node-API repository (o1-labs/Archive-Node-API#7) is resolved.
  • New fromActionState and endActionState parameters for fetchActions function in o1js #828
    • Allows fetching only necessary actions to compute the latest actions state
    • Eliminates the need to retrieve the entire actions history of a zkApp
    • Utilizes actionStateTwo field returned by Archive Node API as a safe starting point for deriving the most recent action hash
  • Update the zkApp verification key from within one of its own methods, via proof #812

Breaking changes

  • Change type of verification key returned by SmartContract.compile() to match VerificationKey #812

Fixed

  • Failing Mina.transaction on Berkeley because of unsatisfied constraints caused by dummy data before we fetched account state #807
    • Previously, you could work around this by calling fetchAccount() for every account invovled in a transaction. This is not necessary anymore.
  • Update the zkApp verification key from within one of its own methods, via proof #812

Fixed

  • getActions to handle multiple actions with multiple Account Updates #801

Added

  • Use fetchEvents() to fetch events for a specified zkApp from a GraphQL endpoint that implements this schema. Mina.Network accepts an additional endpoint which points to a GraphQL server. #749
    • Use the mina property for the Mina node.
    • Use archive for the archive node.
  • Use getActions to fetch actions for a specified zkApp from a GraphQL endpoint GraphQL endpoint that implements the same schema as fetchEvents. #788

Fixed

  • Added the missing export of Mina.TransactionId #785
  • Added an option to specify tokenId as Field in fetchAccount() #787 @rpanic

Added

  • this.network.timestamp is added back and is implemented on top of this.network.globalSlotSinceGenesis #755

Changed

  • On-chain value globalSlot is replaced by the clearer currentSlot #755
    • currentSlot refers to the slot at which the transaction will be included in a block.
    • the only supported method is currentSlot.assertBetween() because currentSlot.get() is impossible to implement since the value is determined in the future and currentSlot.assertEquals() is error-prone

Fixed

  • Incorrect counting of limit on events and actions #758
  • Type error when using Circuit.array in on-chain state or events #758
  • Bug when using Circuit.witness outside the prover #774

Fixed

  • Bug when using this.<state>.get() outside a transaction #754

Added

  • Transaction.fromJSON to recover transaction object from JSON #705
  • New precondition: provedState, a boolean which is true if the entire on-chain state of this account was last modified by a proof #741
    • Same API as all preconditions: this.account.provedState.assertEquals(Bool(true))
    • Can be used to assert that the state wasn't tampered with by the zkApp developer using non-contract logic, for example, before deploying the zkApp
  • New on-chain value globalSlot, to make assertions about the current time #649
    • example: this.globalSlot.get(), this.globalSlot.assertBetween(lower, upper)
    • Replaces network.timestamp, network.globalSlotSinceGenesis and network.globalSlotSinceHardFork. #560
  • New permissions:
    • access to control whether account updates for this account can be used at all #500
    • setTiming to control who can update the account's timing field #685
    • Example: this.permissions.set({ ...Permissions.default(), access: Permissions.proofOrSignature() })
  • Expose low-level view into the PLONK gates created by a smart contract method #687
    • MyContract.analyzeMethods().<method name>.gates

Changed

  • BREAKING CHANGE: Modify signature algorithm used by Signature.{create,verify} to be compatible with mina-signer #710
    • Signatures created with mina-signer's client.signFields() can now be verified inside a SNARK!
    • Breaks existing deployed smart contracts which use Signature.verify()
  • BREAKING CHANGE: Circuits changed due to core protocol and cryptography changes; this breaks all deployed contracts.
  • BREAKING CHANGE: Change structure of Account type which is returned by Mina.getAccount() #741
  • Test accounts hard-coded in LocalBlockchain now have default permissions, not permissions allowing everything. Fixes some unintuitive behaviour in tests, like requiring no signature when using these accounts to send MINA #638

Removed

  • Preconditions timestamp and globalSlotSinceHardFork #560
    • timestamp is expected to come back as a wrapper for the new globalSlot

Added

  • this.account.<field>.set() as a unified API to update fields on the account #643
    • covers permissions, verificationKey, zkappUri, tokenSymbol, delegate, votingFor
    • exists on SmartContract.account and AccountUpdate.account
  • this.sender to get the public key of the transaction's sender #652
    • To get the sender outside a smart contract, there's now Mina.sender()
  • tx.wait() is now implemented. It waits for the transactions inclusion in a block #645
    • wait() also now takes an optional options parameter to specify the polling interval or maximum attempts. wait(options?: { maxAttempts?: number; interval?: number }): Promise<void>;
  • Circuit.constraintSystemFromKeypair(keypair) to inspect the circuit at a low level #529
    • Works with a keypair (prover + verifier key) generated with the Circuit API
  • Mina.faucet() can now be used to programmatically fund an address on the testnet, using the faucet provided by faucet.minaprotocol.com #693

Changed

  • BREAKING CHANGE: Constraint changes in sign(), requireSignature() and createSigned() on AccountUpdate / SmartContract. This means that smart contracts using these methods in their proofs won't be able to create valid proofs against old deployed verification keys. #637
  • Mina.transaction now takes a public key as the fee payer argument (passing in a private key is deprecated) #652
    • Before: Mina.transaction(privateKey, ...). Now: Mina.transaction(publicKey, ...)
    • AccountUpdate.fundNewAccount() now enables funding multiple accounts at once, and deprecates the initialBalance argument
  • New option enforceTransactionLimits for LocalBlockchain (default value: true), to disable the enforcement of protocol transaction limits (maximum events, maximum sequence events and enforcing certain layout of AccountUpdates depending on their authorization) #620
  • Change the default send permissions (for sending MINA or tokens) that get set when deploying a zkApp, from signature() to proof() #648
  • Functions for making assertions and comparisons have been renamed to their long form, instead of the initial abbreviation. Old function names have been deprecated #681
    • .lt -> .lessThan
    • .lte -> .lessThanOrEqual
    • .gt -> .greaterThan
    • .gte -> greaterThanOrEqual
    • .assertLt -> .assertLessThan
    • .assertLte -> .assertLessThanOrEqual
    • .assertGt -> .assertGreaterThan
    • .assertGte -> assertGreaterThanOrEqual
    • .assertBoolean -> .assertBool

Deprecated

  • this.setPermissions() in favor of this.account.permissions.set() #643
    • this.tokenSymbol.set() in favor of this.account.tokenSymbol.set()
    • this.setValue() in favor of this.account.<field>.set()
  • Mina.transaction(privateKey: PrivateKey, ...) in favor of new signature Mina.transaction(publicKey: PublicKey, ...)
  • AccountUpdate.createSigned(privateKey: PrivateKey) in favor of new signature AccountUpdate.createSigned(publicKey: PublicKey) #637
  • .lt, .lte, gt, gte, .assertLt, .assertLte, .assertGt, .assertGte have been deprecated. #681

Fixed

  • Fixed Apple silicon performance issue #491
  • Type inference for Structs with instance methods #567
    • also fixes Struct.fromJSON
  • SmartContract.fetchEvents fixed when multiple event types existed #627
  • Error when using reduce with a Struct as state type #689
  • Fix use of stale cached accounts in Mina.transaction #430

Fixed

  • Bug in deploy() when initializing a contract that already exists #588

Deprecated

  • Mina.BerkeleyQANet in favor of the clearer-named Mina.Network #588

Added

  • MerkleMap and MerkleMapWitness #546
  • Lots of doc comments! #580

Fixed

  • Bug in Circuit.log printing account updates #578

Fixed

  • Testnet-incompatible signatures in v0.7.0 #565

Added

  • Added an optional string parameter to certain assert methods #470
  • Struct, a new primitive for declaring composite, SNARK-compatible types #416
    • With this, we also added a way to include auxiliary, non-field element data in composite types
    • Added VerificationKey, which is a Struct with auxiliary data, to pass verification keys to a @method
    • BREAKING CHANGE: Change names related to circuit types: AsFieldsAndAux<T> -> Provable<T>, AsFieldElement<T> -> ProvablePure<T>, circuitValue -> provable
    • BREAKING CHANGE: Change all ofFields and ofBits methods on circuit types to fromFields and fromBits
  • New option proofsEnabled for LocalBlockchain (default value: true), to quickly test transaction logic with proofs disabled #462
    • with proofsEnabled: true, proofs now get verified locally #423
  • SmartContract.approve() to approve a tree of child account updates #428 #534
    • AccountUpdates are now valid @method arguments, and approve() is intended to be used on them when passed to a method
    • Also replaces Experimental.accountUpdateFromCallback()
  • Circuit.log() to easily log Fields and other provable types inside a method, with the same API as console.log() #484
  • SmartContract.init() is a new method on the base SmartContract that will be called only during the first deploy (not if you re-deploy later to upgrade the contract) #543
    • Overriding init() is the new recommended way to add custom state initialization logic.
  • transaction.toPretty() and accountUpdate.toPretty() for debugging transactions by printing only the pieces that differ from default account updates #428
  • AccountUpdate.attachToTransaction() for explicitly adding an account update to the current transaction. This replaces some previous behaviour where an account update got attached implicitly #484
  • SmartContract.requireSignature() and AccountUpdate.requireSignature() as a simpler, better-named replacement for .sign() #558

Changed

  • BREAKING CHANGE: tx.send() is now asynchronous: old: send(): TransactionId new: send(): Promise<TransactionId> and tx.send() now directly waits for the network response, as opposed to tx.send().wait() #423
  • Sending transactions to LocalBlockchain now involves
  • Circuit.witness can now be called outside circuits, where it will just directly return the callback result #484
  • The FeePayerSpec, which is used to specify properties of the transaction via Mina.transaction(), now has another optional parameter to specify the nonce manually. Mina.transaction({ feePayerKey: feePayer, nonce: 1 }, () => {}) #497
  • BREAKING CHANGE: Static methods of type .fromString(), .fromNumber() and .fromBigInt() on Field, UInt64, UInt32 and Int64 are no longer supported #519
    • use Field(number | string | bigint) and UInt64.from(number | string | bigint)
  • Move several features out of 'experimental' #555
    • Reducer replaces Experimental.Reducer
    • MerkleTree and MerkleWitness replace Experimental.{MerkleTree,MerkleWitness}
    • In a SmartContract, this.token replaces this.experimental.token

Deprecated

  • CircuitValue deprecated in favor of Struct #416
  • Static props Field.zero, Field.one, Field.minusOne deprecated in favor of Field(number) #524
  • SmartContract.sign() and AccountUpdate.sign() in favor of .requireSignature() #558

Fixed

  • Uint comparisons and division fixed inside the prover #503
  • Callback arguments are properly passed into method invocations #516
  • Removed internal type JSONValue from public interfaces #536
  • Returning values from a zkApp #461

Fixed

  • Callback arguments are properly passed into method invocations #516

Fixed

  • Proof verification on the web version #476

Added

  • reducer.getActions partially implemented for local testing #327
  • gte and assertGte methods on UInt32, UInt64 #349
  • Return sent transaction hash for RemoteBlockchain #399

Changed

  • BREAKING CHANGE: Rename the Party class to AccountUpdate. Also, rename other occurrences of "party" to "account update". #393
  • BREAKING CHANGE: Don't require the account address as input to SmartContract.compile(), SmartContract.digest() and SmartContract.analyzeMethods() #406
    • This works because the address / public key is now a variable in the method circuit; it used to be a constant
  • BREAKING CHANGE: Move ZkProgram to Experimental.ZkProgram

Fixed

  • Running o1js inside a web worker #378

Fixed

  • Infinite loop when compiling in web version #379, by @maht0rz

Fixed

  • Crash of the web version introduced in 0.5.0
  • Issue with Experimental.MerkleWitness #368

Fixed

Added

  • Recursive proofs. RFC: #89, PRs: #245 #250 #261
    • Enable smart contract methods to take previous proofs as arguments, and verify them in the circuit
    • Add ZkProgram, a new primitive which represents a collection of circuits that produce instances of the same proof. So, it's a more general version of SmartContract, without any of the Mina-related API.
      ZkProgram is suitable for rollup-type systems and offchain usage of Pickles + Kimchi.
  • zkApp composability -- calling other zkApps from inside zkApps. RFC: #303, PRs: #285, #296, #294, #297
  • Events support via SmartContract.events, this.emitEvent. RFC: #248, PR: #272
    • fetchEvents partially implemented for local testing: #323
  • Payments: this.send({ to, amount }) as an easier API for sending Mina from smart contracts #325
    • Party.send() to transfer Mina between any accounts, for example, from users to smart contracts
  • SmartContract.digest() to quickly compute a hash of the contract's circuit. This is used by the zkApp CLI to figure out whether compile should be re-run or a cached verification key can be used. #268
  • Circuit.constraintSystem() for creating a circuit from a function, counting the number of constraints and computing a digest of the circuit #279
  • this.account.isNew to assert that an account did not (or did) exist before the transaction MinaProtocol/mina#11524
  • LocalBlockchain.setTimestamp and other setters for network state, to test network preconditions locally #329
  • Experimental APIs are now collected under the Experimental import, or on this.experimental in a smart contract.
  • Custom tokens (experimental), via this.token. RFC: #233, PR: #273,
  • Actions / sequence events support (experimental), via Experimental.Reducer. RFC: #265, PR: #274
  • Merkle tree implementation (experimental) via Experimental.MerkleTree #343

Changed

  • BREAKING CHANGE: Make on-chain state consistent with other preconditions - throw an error when state is not explicitly constrained #267
  • CircuitValue improvements #269, #306, #341
    • Added a base constructor, so overriding the constructor on classes that extend CircuitValue is now optional. When overriding, the base constructor can be called without arguments, as previously: super(). When not overriding, the expected arguments are all the @props on the class, in the order they were defined in: new MyCircuitValue(prop1, prop2).
    • CircuitValue.fromObject({ prop1, prop2 }) is a new, better-typed alternative for using the base constructor.
    • Fixed: the overridden constructor is now free to have any argument structure -- previously, arguments had to be the props in their declared order. I.e., the behaviour that's now used by the base constructor used to be forced on all constructors, which is no longer the case.
  • Mina.transaction improvements
    • Support zkApp proofs when there are other account updates in the same transaction block #280
    • Support multiple independent zkApp proofs in one transaction block #296
  • Add previously unimplemented preconditions, like this.network.timestamp #324 MinaProtocol/mina#11577
  • Improve error messages thrown from Wasm, by making Rust's panic log to the JS console MinaProtocol/mina#11644
  • Not user-facing, but essential: Smart contracts fully constrain the account updates they create, inside the circuit #278

Fixed

  • Fix comparisons on UInt32 and UInt64 (UInt32.lt, UInt32.gt, etc) #174, #101. PR: #307

Added

  • Implement the precondition RFC:
    • new fields this.account and this.network on both SmartContract and Party
    • this.<account|network>.<property>.get() to use on-chain values in a circuit, e.g. account balance or block height
    • this.<account|network>.<property>.{assertEqual, assertBetween, assertNothing}() to constrain what values to allow for these
  • CircuitString, a snark-compatible string type with methods like .append() #155
  • bool.assertTrue(), bool.assertFalse() as convenient aliases for existing functionality
  • Ledger.verifyPartyProof which can check if a proof on a transaction is valid #208
  • Memo field in APIs like Mina.transaction to attach arbitrary messages #244
  • This changelog

Changed

Removed

  • Unused functions call and callUnproved, which were embryonic versions of what is now the transaction API to call smart contract methods
  • Some unimplemented fields on SmartContract

Fixed

  • zkApp proving on web #226