https://github.com/ppad-tech/csecp256k1
Haskell FFI bindings to bitcoin-core/secp256k1
https://github.com/ppad-tech/csecp256k1
bindings elliptic-curve-cryptography ffi haskell libsecp256k1 secp256k1
Last synced: about 1 month ago
JSON representation
Haskell FFI bindings to bitcoin-core/secp256k1
- Host: GitHub
- URL: https://github.com/ppad-tech/csecp256k1
- Owner: ppad-tech
- License: mit
- Created: 2024-11-06T11:29:14.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2025-06-22T09:26:54.000Z (12 months ago)
- Last Synced: 2025-07-04T19:41:19.419Z (12 months ago)
- Topics: bindings, elliptic-curve-cryptography, ffi, haskell, libsecp256k1, secp256k1
- Language: C
- Homepage:
- Size: 2.57 MB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE
Awesome Lists containing this project
README
# ppad-csecp256k1
[](https://docs.ppad.tech/csecp256k1)
Bindings to bitcoin-core/secp256k1, which provides digital signatures
and other cryptographic primitives on the secp256k1 elliptic curve.
This library exposes a minimal subset of the underlying library, mainly
supporting ECDSA/Schnorr signatures and ECDH secret computation, as well
as utilities for public key manipulation.
For a pure Haskell secp256k1 implementation, see [ppad-secp256k1][ppads].
## Documentation
API documentation and examples are hosted at
[docs.ppad.tech/csecp256k1][hadoc].
## Performance
As we bind to libsecp256k1, the resulting functions are very fast:
```
benchmarking csecp256k1/ecdsa/sign
time 13.31 μs (13.30 μs .. 13.31 μs)
1.000 R² (1.000 R² .. 1.000 R²)
mean 13.33 μs (13.32 μs .. 13.33 μs)
std dev 11.15 ns (8.932 ns .. 15.01 ns)
benchmarking csecp256k1/ecdsa/verify
time 12.35 μs (12.34 μs .. 12.38 μs)
1.000 R² (1.000 R² .. 1.000 R²)
mean 12.35 μs (12.35 μs .. 12.36 μs)
std dev 21.83 ns (9.273 ns .. 47.76 ns)
benchmarking csecp256k1/schnorr/sign
time 18.35 μs (18.35 μs .. 18.36 μs)
1.000 R² (1.000 R² .. 1.000 R²)
mean 18.35 μs (18.35 μs .. 18.35 μs)
std dev 5.990 ns (4.283 ns .. 9.131 ns)
benchmarking csecp256k1/schnorr/verify
time 14.15 μs (14.14 μs .. 14.15 μs)
1.000 R² (1.000 R² .. 1.000 R²)
mean 14.14 μs (14.13 μs .. 14.15 μs)
std dev 30.51 ns (14.54 ns .. 57.66 ns)
benchmarking csecp256k1/ecdh/ecdh
time 15.02 μs (15.02 μs .. 15.03 μs)
1.000 R² (1.000 R² .. 1.000 R²)
mean 15.02 μs (15.00 μs .. 15.03 μs)
std dev 34.78 ns (10.81 ns .. 71.53 ns)
```
## Security
These bindings aim at the maximum security achievable in a
garbage-collected language under an optimizing compiler such as GHC, in
which strict constant-timeness can be challenging to achieve.
The Schnorr implementation within has been tested against the [official
BIP0340 vectors][ut340] (sans those using arbitrary-size messages, which
we're not at present supporting), and ECDSA has been tested against the
relevant [Wycheproof vectors][wyche].
If you discover any vulnerabilities, please disclose them via
security@ppad.tech.
## Development
You'll require [Nix][nixos] with [flake][flake] support enabled. Enter a
development shell with:
```
$ nix develop
```
Then do e.g.:
```
$ cabal repl ppad-csecp256k1
```
to get a REPL for the main library, or:
```
$ cabal repl secp256k1-sys-tests
```
to get one for the internal test suite. You can run all tests via:
```
$ cabal test
```
and the benchmarks via:
```
$ cabal bench
```
## Attribution
This implementation has benefited greatly and uses modified versions of
code from both [secp256k1-haskell][hsecp] (test cases, FFI/bytestring
manipulation) and [rust-secp256k1][rsecp] (dependency vendoring).
[ppads]: https://github.com/ppad-tech/secp256k1
[nixos]: https://nixos.org/
[flake]: https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html
[hadoc]: https://docs.ppad.tech/csecp256k1
[hsecp]: https://github.com/haskoin/secp256k1-haskell
[rsecp]: https://github.com/rust-bitcoin/rust-secp256k1
[ut340]: https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
[wyche]: https://github.com/C2SP/wycheproof