v2.0.0

v2.0.0

Major release featuring X25519 Diffie-Hellman key exchange, a comprehensive generated test suite, security hardening, a simplified initialization API, and extensive build system improvements for downstream consumption.

New Features

X25519 Diffie-Hellman Key Exchange

• Constant-time Montgomery ladder implementation of X25519 (RFC 7748)
• New fe_mul121666 field operation (multiply by Montgomery curve constant (A+2)/4 = 121666) with x64 and portable implementations
• Platform-agnostic implementation composed of existing fe_* ops with automatic dispatch
• Scalar clamped per RFC 7748; all intermediates securely erased
• 11 RFC 7748 test vectors (§5.2 single, §5.2 iterated 1/1000, §6.1 DH key exchange)
• Fuzz tests: fuzz_fe_mul121666 (cross-validated against fe_mul), fuzz_x25519 (commutativity + basepoint consistency)

Comprehensive Generated Test Suite

• Three-layer test suite with 17,618 tests validated across all backends (portable, x64, AVX2, IFMA) and all compilers (MSVC, MinGW GCC, Clang)
• C++ test vector generator (tools/gen_test_vectors.cpp) built with the portable backend produces deterministic vectors independently validated by PyNaCl/libsodium (tools/validate_test_vectors.py)
• Vectors converted to a constexpr C++ header (include/ed25519_test_vectors.h) covering scalar, field element, group element, DSM, MSM, Wei25519, and ristretto255 operations
• 25 property-based fuzz tests (fixed-seed PRNG, 256 iterations each) exercising algebraic invariants: commutativity, associativity, identity, inverse, linearity, roundtrip, and cross-backend consistency
• CLI dispatch selection via --init and --autotune flags with CPU feature reporting

API Changes

Unified Initialization API (Breaking)

• ed25519_init() and ed25519_autotune() merged into a single ed25519_init(bool autotune = false)
• Heuristic and benchmark paths now share a single call_once gate with a 3-state atomic (pending/running/done)
• Concurrent callers spin-wait instead of silently no-op-ing
• Subsequently replaced call_once pattern with a simpler approach to avoid issues with Clang downstream consumers

Symbol Rename

• ct_barrier renamed to avoid symbol collisions with downstream projects

Security Hardening

• Stack protector: compiler-ID check replaced with try_compile probe for portability
• CET control-flow integrity (-fcf-protection=full) enabled on x86_64
• MinGW PE linker hardening: DEP + ASLR (--nxcompat, --dynamicbase, --high-entropy-va)
• MSVC: /Qspectre mitigation, PE linker hardening, /guard:ehcont + /CETCOMPAT probes
• GCC: _GLIBCXX_ASSERTIONS enabled in Debug builds
• _FORTIFY_SOURCE correctly skipped on Windows (MinGW lacks glibc fortification)
• Improved constant-time discipline in ristretto255_decode (single rejection branch)

Build System Improvements

Subdirectory & Shared Build Support

• All compiler/linker flags scoped to targets instead of global CMAKE_CXX_FLAGS
• IDE ergonomics (ccache, USE_FOLDERS) guarded behind top-level-project check
• C++17 standard and PIC moved to target properties on the library
• Executable linker hardening extracted into ed25519_apply_exe_flags() helper
• New ed25519_export.h with ED25519_EXPORT macro for future DLL builds
• New scripts/add_export.py to mechanically annotate public headers
• Fixed MinGW+GCC Debug SIMD alignment crash (force -O1 for AVX/IFMA TUs)

Warning Fixes

• Fixed -Wundef warnings for ED25519_FORCE_PORTABLE, ED25519_PLATFORM_X64, ED25519_PLATFORM_ARM64, ED25519_PLATFORM_64BIT, and ED25519_SIMD
• Resolved Clang-specific warnings across the codebase
• CMake configuration cleanup and improvements

Documentation

• README updated with X25519 Diffie-Hellman documentation (feature section, API reference, code example)
• Documented missing APIs: fe_mul121666, ge_p2_to_p3, point conversions, ge_dsm_precomp, subgroup checking functions, ed25519_cpu_features, ed25519_has_avx512f
• Fixed dispatch function count from 8 to 10 (MSM is now dispatched)
• Removed phantom ARCH CMake option from documentation