mleku/p256k1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v1.0.2
p256k1/README.md

5.0 KiB
Raw Permalink Blame History

secp256k1 Go Implementation

This package provides a pure Go implementation of the secp256k1 elliptic curve cryptographic primitives, ported from the libsecp256k1 C library.

Features Implemented

Core Components

  • Field Arithmetic (field.go, field_mul.go): Complete implementation of field operations modulo the secp256k1 field prime (2^256 - 2^32 - 977)

    • 5x52-bit limb representation for efficient arithmetic
    • Addition, multiplication, squaring, inversion operations
    • Constant-time normalization and magnitude management

  • Scalar Arithmetic (scalar.go): Complete implementation of scalar operations modulo the group order

    • 4x64-bit limb representation
    • Addition, multiplication, inversion, negation operations
    • Proper overflow handling and reduction

  • Group Operations (group.go): Elliptic curve point operations

    • Affine and Jacobian coordinate representations
    • Point addition, doubling, negation
    • Coordinate conversion between representations

  • Context Management (context.go): Context objects for enhanced security

    • Context creation, cloning, destruction
    • Randomization for side-channel protection
    • Callback management for error handling

  • Main API (secp256k1.go): Core secp256k1 API functions

    • Public key parsing, serialization, and comparison
    • ECDSA signature parsing and serialization
    • Key generation and verification
    • Basic ECDSA signing and verification (simplified implementation)

  • Utilities (util.go): Helper functions and constants

    • Memory management utilities
    • Endianness conversion functions
    • Bit manipulation utilities
    • Error handling and callbacks

Testing

  • Comprehensive test suite (secp256k1_test.go) covering:
    • Basic functionality and self-tests
    • Field element operations
    • Scalar operations
    • Key generation
    • Signature operations
    • Public key operations
    • Performance benchmarks

Usage

package main

import (
    "fmt"
    "crypto/rand"
    p256k1 "p256k1.mleku.dev/pkg"
)

func main() {
    // Create context
    ctx, err := p256k1.ContextCreate(p256k1.ContextNone)
    if err != nil {
        panic(err)
    }
    defer p256k1.ContextDestroy(ctx)
    
    // Generate secret key
    var seckey [32]byte
    rand.Read(seckey[:])
    
    // Verify secret key
    if !p256k1.ECSecKeyVerify(ctx, seckey[:]) {
        panic("Invalid secret key")
    }
    
    // Create public key
    var pubkey p256k1.PublicKey
    if !p256k1.ECPubkeyCreate(ctx, &pubkey, seckey[:]) {
        panic("Failed to create public key")
    }
    
    fmt.Println("Successfully created secp256k1 key pair!")
}

Architecture

The implementation follows the same architectural patterns as libsecp256k1:

  1. Layered Design: Low-level field/scalar arithmetic → Group operations → High-level API
  2. Constant-Time Operations: Designed to prevent timing side-channel attacks
  3. Magnitude Tracking: Field elements track their "magnitude" to optimize operations
  4. Context Objects: Encapsulate state and provide enhanced security features

Performance

Benchmark results on AMD Ryzen 5 PRO 4650G:

  • Field Addition: ~2.4 ns/op
  • Scalar Multiplication: ~9.9 ns/op

Implementation Status

Completed

  • Core field and scalar arithmetic
  • Basic group operations
  • Context management
  • Main API structure
  • Key generation and verification
  • Basic signature operations
  • Comprehensive test suite

🚧 Simplified/Placeholder

  • ECDSA Implementation: Basic structure in place, but signing/verification uses simplified algorithms
  • Field Multiplication: Uses simplified approach instead of optimized assembly
  • Point Validation: Curve equation checking is simplified
  • Nonce Generation: Uses crypto/rand instead of RFC 6979

Not Yet Implemented

  • Hash Functions: SHA-256 and tagged hash implementations
  • Optimized Multiplication: Full constant-time field multiplication
  • Precomputed Tables: Optimized scalar multiplication with precomputed points
  • Optional Modules: Schnorr signatures, ECDH, extra keys
  • Recovery: Public key recovery from signatures
  • Complete ECDSA: Full constant-time ECDSA implementation

Security Considerations

⚠️ This implementation is for educational/development purposes and should not be used in production without further security review and completion of the cryptographic implementations.

Key security features implemented:

  • Constant-time field operations (basic level)
  • Magnitude tracking to prevent overflows
  • Memory clearing for sensitive data
  • Context randomization support

Key security features still needed:

  • Complete constant-time ECDSA implementation
  • Proper nonce generation (RFC 6979)
  • Side-channel resistance verification
  • Comprehensive security testing

Building and Testing

cd pkg/
go test -v          # Run all tests
go test -bench=.    # Run benchmarks
go build            # Build the package

License

This implementation is derived from libsecp256k1 and maintains the same MIT license.

Reference in New Issue View Git Blame Copy Permalink