mleku/p256k1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc968a9380e06e08bb8c4121eb8db2fead395a01
p256k1/README.md

156 lines
5.0 KiB
Markdown
Raw Blame History

# secp256k1 Go Implementation
This package provides a pure Go implementation of the secp256k1 elliptic curve cryptographic primitives, ported from the libsecp256k1 C library.
## Features Implemented
### ✅ Core Components
- **Field Arithmetic** (`field.go`, `field_mul.go`): Complete implementation of field operations modulo the secp256k1 field prime (2^256 - 2^32 - 977)
- 5x52-bit limb representation for efficient arithmetic
- Addition, multiplication, squaring, inversion operations
- Constant-time normalization and magnitude management
- **Scalar Arithmetic** (`scalar.go`): Complete implementation of scalar operations modulo the group order
- 4x64-bit limb representation
- Addition, multiplication, inversion, negation operations
- Proper overflow handling and reduction
- **Group Operations** (`group.go`): Elliptic curve point operations
- Affine and Jacobian coordinate representations
- Point addition, doubling, negation
- Coordinate conversion between representations
- **Context Management** (`context.go`): Context objects for enhanced security
- Context creation, cloning, destruction
- Randomization for side-channel protection
- Callback management for error handling
- **Main API** (`secp256k1.go`): Core secp256k1 API functions
- Public key parsing, serialization, and comparison
- ECDSA signature parsing and serialization
- Key generation and verification
- Basic ECDSA signing and verification (simplified implementation)
- **Utilities** (`util.go`): Helper functions and constants
- Memory management utilities
- Endianness conversion functions
- Bit manipulation utilities
- Error handling and callbacks
### ✅ Testing
- Comprehensive test suite (`secp256k1_test.go`) covering:
- Basic functionality and self-tests
- Field element operations
- Scalar operations
- Key generation
- Signature operations
- Public key operations
- Performance benchmarks
## Usage
```go
package main
import (
"fmt"
"crypto/rand"
p256k1 "p256k1.mleku.dev/pkg"
)
func main() {
// Create context
ctx, err := p256k1.ContextCreate(p256k1.ContextNone)
if err != nil {
panic(err)
}
defer p256k1.ContextDestroy(ctx)
// Generate secret key
var seckey [32]byte
rand.Read(seckey[:])
// Verify secret key
if !p256k1.ECSecKeyVerify(ctx, seckey[:]) {
panic("Invalid secret key")
}
// Create public key
var pubkey p256k1.PublicKey
if !p256k1.ECPubkeyCreate(ctx, &pubkey, seckey[:]) {
panic("Failed to create public key")
}
fmt.Println("Successfully created secp256k1 key pair!")
}
```
## Architecture
The implementation follows the same architectural patterns as libsecp256k1:
1. **Layered Design**: Low-level field/scalar arithmetic → Group operations → High-level API
2. **Constant-Time Operations**: Designed to prevent timing side-channel attacks
3. **Magnitude Tracking**: Field elements track their "magnitude" to optimize operations
4. **Context Objects**: Encapsulate state and provide enhanced security features
## Performance
Benchmark results on AMD Ryzen 5 PRO 4650G:
- Field Addition: ~2.4 ns/op
- Scalar Multiplication: ~9.9 ns/op
## Implementation Status
### ✅ Completed
- Core field and scalar arithmetic
- Basic group operations
- Context management
- Main API structure
- Key generation and verification
- Basic signature operations
- Comprehensive test suite
### 🚧 Simplified/Placeholder
- **ECDSA Implementation**: Basic structure in place, but signing/verification uses simplified algorithms
- **Field Multiplication**: Uses simplified approach instead of optimized assembly
- **Point Validation**: Curve equation checking is simplified
- **Nonce Generation**: Uses crypto/rand instead of RFC 6979
### ❌ Not Yet Implemented
- **Hash Functions**: SHA-256 and tagged hash implementations
- **Optimized Multiplication**: Full constant-time field multiplication
- **Precomputed Tables**: Optimized scalar multiplication with precomputed points
- **Optional Modules**: Schnorr signatures, ECDH, extra keys
- **Recovery**: Public key recovery from signatures
- **Complete ECDSA**: Full constant-time ECDSA implementation
## Security Considerations
⚠️ **This implementation is for educational/development purposes and should not be used in production without further security review and completion of the cryptographic implementations.**
Key security features implemented:
- Constant-time field operations (basic level)
- Magnitude tracking to prevent overflows
- Memory clearing for sensitive data
- Context randomization support
Key security features still needed:
- Complete constant-time ECDSA implementation
- Proper nonce generation (RFC 6979)
- Side-channel resistance verification
- Comprehensive security testing
## Building and Testing
```bash
cd pkg/
go test -v # Run all tests
go test -bench=. # Run benchmarks
go build # Build the package
```
## License
This implementation is derived from libsecp256k1 and maintains the same MIT license.
Reference in New Issue View Git Blame Copy Permalink