Skip to content

Releases: openvm-org/openvm

v1.7.0

Choose a tag to compare

@shuklaayush shuklaayush released this 26 Jun 23:26
Immutable release. Only release title and notes can be modified.

This release is a security release. All users on v1.6.0 or earlier are recommended to upgrade.

Security Fixes

This release addresses the following security advisories:

Changed

  • (Circuits/Memory) Fix a soundness issue in MemoryMerkleAir by rejecting Merkle expansion rows below the leaf layer, preventing malformed traces from changing the committed memory root without a corresponding memory operation.
  • (Verifier) Fix a selector-clash issue in the Solidity verifier wrapper to ensure proof verification runs through the generated Halo2 fallback.
  • (Verifier) Reject non-canonical BN254 scalar encodings for appExeCommit and appVmCommit in the Solidity verifier wrapper.

Full Changelog: v1.6.0...v1.7.0

v1.6.0

Choose a tag to compare

@shuklaayush shuklaayush released this 15 May 18:42
Immutable release. Only release title and notes can be modified.

This release is a security release. All users on v1.5.0 or earlier are recommended to upgrade.

Security Fixes

This release addresses the following security advisories:

This release also incorporates the upstream Plonky3 fix for GHSA-vj64-rjf3-w3v7 (MultiField32Challenger transcript binding) via the update to Plonky3 v0.4.3.

Changed

  • (Transpiler) Reject non-contiguous executable segments in ELF decoder.
  • (Circuits/VM) Add boolean constraints to PhantomAir (is_valid) and VmConnectorAir (is_terminate) bus interaction multiplicities.
  • (Circuits/SHA-256) Enforce that the Sha256Air trace ends on a padding row.
  • (Circuits/SHA-256) Add range checks on byte limbs in Sha256VmAir message length comparison to prevent field-modulus wraparound.
  • (Circuits/SHA-256) Enforce is_last_block is constant across all rows within a block in Sha256VmAir.
  • (Circuits/SHA-256) Constrain padding block count after the terminal marker in Sha256VmAir to prevent extra padding blocks.
  • (Circuits/Keccak) Add terminal finalization constraint to KeccakVmAir to ensure partial tail rows (since 24 never divides a power of two) cannot contain enabled instructions.
  • (Circuits/Keccak) Add explicit boolean assertion on is_enabled in KeccakVmAir.
  • (Circuits/Memory) Anchor the root node's as_label and address_label to zero in MemoryMerkleAir.
  • (Recursion) Constrain air_perm_by_height in the recursive STARK verifier to be a valid permutation of AIR indices.
  • (Recursion) Add bounds checks for unchecked builder.get on dynamic arrays in the recursive STARK verifier and continuations verifier to prevent out-of-bounds reads from malicious proof data.
  • (Recursion) Zero-fill the mask array in verify_raps to prevent reads of uninitialized memory in the permutation check.
  • (Recursion) Validate that each AIR proof's exposed_values_after_challenge length matches verifier key advice, preventing injection of extra post-challenge exposed-value vectors.
  • (Recursion) Fix add_felt_exti ASM lowering to correctly compute lhs + rhs[0] for the base coefficient instead of silently dropping rhs[0].
  • (Recursion) Constrain VERIFY_BATCH inside-row hashing to start at the correct opened_values index and prevent opened_index from advancing across row boundaries.
  • (Recursion) Update Plonky3 to v0.4.3. The static verifier challenger now mirrors MultiField32Challenger from that release: each absorb packs the pending F scalars and tags the block with the number of F elements consumed, and each squeeze splits the PF rate cells into canonical base-|F| limbs. Also adds a DSL primitive (CircuitVarToFieldOrderLimbsF) that constrains the in-circuit base-|F| decomposition to be canonical.
  • (Guest Library/IO) Add checked arithmetic to hint stream read and deserialization buffer allocation to prevent integer overflow from untrusted hint lengths.
  • (Guest Library/Algebra) Ensure zero is always reported as a perfect square in modular arithmetic.
  • (Guest Library/Pairing) Add Fp6 subfield checks for the hinted scalar factor in openvm-pairing BN254/BLS12-381 pairing check optimization.
  • (Guest Library/ECC) Make all from_xy_* point constructors unsafe since they do not perform subgroup membership checks.
  • (Guest Library/ECC) Reject the identity point (point at infinity) as a valid public key in ECDSA verification.
  • (Guest Library/ruint) Restrict zkVM-accelerated bitwise intrinsics (and, or, xor) to 256-bit Uint types only. Fix cmp fallback to avoid infinite recursion on non-256-bit types.
  • (Guest Library/ruint) Fix OOB read in ruint shift intrinsics by passing correctly sized buffer.

Removed

  • (Recursion) Delete dead and buggy ConstraintCompiler code.

Full Changelog: v1.5.0...v1.6.0

v2.0.0-beta.2

v2.0.0-beta.2 Pre-release
Pre-release

Choose a tag to compare

@shuklaayush shuklaayush released this 10 Apr 23:24
Immutable release. Only release title and notes can be modified.
30a13e2
chore: use stark-backend tag v2.0.0-beta.2

v2.0.0-alpha

v2.0.0-alpha Pre-release
Pre-release

Choose a tag to compare

@jonathanpwang jonathanpwang released this 17 Feb 07:10
Immutable release. Only release title and notes can be modified.

Preview of v2.0.0-alpha: https://blog.openvm.dev/2.0

v1.5.0

Choose a tag to compare

@jonathanpwang jonathanpwang released this 08 Feb 01:31
Immutable release. Only release title and notes can be modified.
2ce7329

Added

  • Formal verification of the RV32IM VM extension in Lean.

Changed

  • Updated Plonky3 to crates.io v0.4.1.
  • Updated STARK protocol to 100 bits of provable security with FRI.
  • (Verifier/CLI) The Halo2ProvingKey and Halo2Verifier.sol verifier contract generated by the CLI now requires wrapper_k = 24.

All users are recommended to upgrade to the new v1.5.0 release such that the STARK backend targets 100 bits of provable security.

What's Changed

New Contributors

Full Changelog: v1.4.3...v1.5.0

v1.4.3

Choose a tag to compare

@jonathanpwang jonathanpwang released this 12 Jan 04:42
e8feb93

What's Changed

New Contributors

Full Changelog: v1.4.2...v1.4.3

v1.4.2

Choose a tag to compare

@jonathanpwang jonathanpwang released this 08 Dec 19:58
e30b114

v1.4.2

Added

  • (Executor) Added ahead of time (AOT) compilation of OpenVM executables to host x86 binaries using x86 assembly and dynamic linking.

Changed

  • Workspace MSRV has been updated to Rust 1.90.0.
  • (Verifier) The formatting of the Solidity code generated for the EVM SNARK verifier has changed due to an update to forge-fmt v1.5.0. No other change to the smart contract besides formatting.
  • (Prover) Fix metered execution trace height estimations to account for uninitialized memory.
  • (Prover) More robust CUDA stream synchronization for memory merkle tree trace generation.
  • (Prover) Updated cuda-backend with fixes to virtual memory management for long running processes.
  • (Executor) Performance optimizations to elliptic curve host execution.

What's Changed

New Contributors

Full Changelog: v1.4.1...v1.4.2

v1.4.1

Choose a tag to compare

@jonathanpwang jonathanpwang released this 27 Oct 04:37
05cb6a1

This release updates to stark-backend v1.2.1 for CUDA performance gains in the backend. Other changes include:

Added

  • (CLI) Add configurable segmentation arguments to cargo openvm prove commands.

Changed

  • (Toolchain) Update cargo openvm build to use Rust nightly version nightly-2025-08-02.
  • (Primitives Library) Fix in openvm-algebra-complex-macros to ensure const byte arrays have proper memory alignment.
  • (Executor) Modified VirtualMachine::build_metered_ctx to take the program (&VmExe<Val<E::SC>>) as an argument.
  • (Prover/Executor) Changed default segmentation limits and updated segmentation logic.

What's Changed

New Contributors

Full Changelog: v1.4.0...v1.4.1

v1.4.0

Choose a tag to compare

@jonathanpwang jonathanpwang released this 01 Sep 08:22
39ee587

This release focuses on performance:

  • Execution was rewritten for much better performance and to support our distributed proving architecture.
  • All proving after execution, including trace generation, is now supported on Nvidia GPUs through new CUDA kernels and Rust bindings.

Users are recommended to upgrade all guest and host crates to openvm v1.4.0.

See CHANGELOG.md for more details.

What's Changed

Read more

v1.3.0

Choose a tag to compare

@jonathanpwang jonathanpwang released this 15 Jul 16:50
5368d47

No circuit constraints or verifying keys were changed in this release.

A substantial refactor has been done to the guest libraries to separate the low level Rust bindings for OpenVM intrinsic instructions from the higher level user interface. For each VM extension, the openvm-$name-guest crate is now a primitives library containing only the Rust bindings for the intrinsic instructions and essential logic related to the extension (e.g., ECDSA signature verification). We introduce new guest libraries as standalone Rust crates which provide the high-level interfaces guest programs should use to interact with the associated VM extensions.

We also add a new guest library openvm-verify-stark which provides functionality to verify OpenVM STARK proofs from Rust programs using acceleration from the native field arithmetic VM extension.

Users are advised to switch to using the new guest libraries.

What's Changed

  • chore(ecc-guest): remove k256, p256 modules and fix guest-libs to allow patching (#1708) (Jonathan Wang)
  • feat: optimize Group::is_identity (#1709) (Avaneesh-axiom)
  • perf(ecc-guest): optimize setup handling in ecc guest bindings (#1706) (Jonathan Wang)
  • perf: update stark-backend commit (Jonathan Wang)
  • feat: Patch ecdsa VerifyingKey::recover_from_prehash to skip message verification (#1691) (Avaneesh-axiom)
  • refactor: guest bindings (#1613) (Jonathan Wang)
  • refactor: guest bindings (#1613) (Avaneesh-axiom)
  • feat: ensure all CLI commit outputs are in hex + fix verify STARK (#1697) (stephenh-axiom-xyz)
  • feat: CLI prove use bin name for output path + e2e stark verify (#1675) (stephenh-axiom-xyz)
  • feat: init command for cargo openvm (#1670) (stephenh-axiom-xyz)
  • feat: commit command for cargo openvm (#1667) (stephenh-axiom-xyz)
  • feat: cargo CLI update target directory (#1662) (stephenh-axiom-xyz)
  • chore: add entry point to book examples without openvm::init!() (#1663) (stephenh-axiom-xyz)
  • docs: add CHANGELOG.md (#1660) (HrikB)
  • fix: verifier read dir (#1658) (HrikB)
  • refactor: CLI Build & Setup (#1649) (Xinding Wei)
  • feat: helper functions for verify_openvm_stark (#1631) (Xinding Wei)
  • feat: Macro define_verify_openvm_stark (#1620) (Xinding Wei)
  • feat: Root Verifier ASM (#1615) (Xinding Wei)
  • feat: Add Rv32HintLoadByKey (#1606) (Xinding Wei)
  • feat: Add e2e stark proof support (#1597) (Xinding Wei)
  • feat: openvm build can build multiple targets + additional cargo options (#1647) (stephenh-axiom-xyz)
  • chore: update getrandom to v0.3 in openvm lib (#1635) (Jonathan Wang)
  • feat: Lazily call setup function for moduli and curves on first use (#1603) (Avaneesh-axiom)
  • feat: Build script for calling init macros (#1596) (Avaneesh-axiom)
  • refactor: ELF and Program (#1638) (Xinding Wei)
  • chore(ci): patch examples to use local crates by @jonathanpwang in #1712
  • chore: change to dual license by @yi-sun in #1713
  • fix(sw-macro): host set_up_once undefined by @jonathanpwang in #1717
  • docs: Add comment explaining the is_identity optimization by @Avaneesh-axiom in #1716
  • fix(cli): generate openvm_init.rs before building by @jonathanpwang in #1721
  • chore: macro crate should use workspace version by @jonathanpwang in #1723
  • docs: update division typo in ISA.md by @stephenh-axiom-xyz in #1726
  • chore(ecc-guest): placeholder trait and function implementations for patch compilation by @jonathanpwang in #1720
  • chore: fix typos and links by @jonathanpwang in #1730
  • feat: Add feature gating for halo2 imports in SDK and CLI crates by @devin-ai-integration[bot] in #1731
  • fix: use seed for deterministic re-execution by @jonathanpwang in #1741
  • docs: Add VERSIONING.md documentation by @devin-ai-integration[bot] in #1735
  • fix(ecdsa): match upstream behavior to error on overflowing add by @jonathanpwang in #1742
  • fix(ecdsa): validate public key is not identity by @jonathanpwang in #1743
  • fix(k256): ecdsa verify needs custom hook by @jonathanpwang in #1744
  • fix(ecc): checked from_be_bytes by @jonathanpwang in #1746
  • fix: from_sec1_bytes should reject identity by @jonathanpwang in #1747
  • fix: Elliptic curve point decompression doesn't check if y = 0 by @Avaneesh-axiom in #1768
  • fix: verify stark test by @HrikB in #1779
  • chore: update stark-backend to v1.1.1 tag by @jonathanpwang in #1784
  • docs: Add README.md for verify_stark by @nyunyunyunyu in #1774
  • chore: run verify-stark tests in ci by @HrikB in #1788
  • feat(toolchain): support getrandom v0.2 and v0.3 simultaneously by @jonathanpwang in #1795
  • ci: add versioning compatibility workflow for INT-4160 by @devin-ai-integration[bot] in #1753
  • fix: getrandom pulling in std by @jonathanpwang in #1804
  • feat(cli): update version command and add version tag to init by @jonathanpwang in #1820
  • docs: guest libs by @HrikB in #1805
  • docs(book): add docs on init! macro by @jonathanpwang in #1837
  • docs(book): clarify read-only reflection by @jonathanpwang in #1838
  • fix(test): use local openvm for testing cargo openvm init by @jonathanpwang in #1842
  • fix(test): CLI init test patching not triggered by @jonathanpwang in #1846
  • audit: add cantina report for v1.3.0 by @jonathanpwang in #1855
  • chore: bump workspace version to v1.3.0 by @jonathanpwang in #1854
  • docs: update CHANGELOG with breaking changes since v1.2.0 by @devin-ai-integration[bot] in #1732
  • fix(sdk): aggregate_leaf_proofs should always generate an internal proof by @jonathanpwang in #1866
  • chore: update book for v1.3.0 release by @jonathanpwang in #1865

Full Changelog: v1.2.0...v1.3.0