boxtec
/
bitcoin
mirror of https://github.com/bitcoin/bitcoin
4
1
Fork 0
Code Issues Projects Releases Wiki Activity
Bitcoin Core integration/staging tree
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
209 Commits
6 Branches
318 Tags
2.7 GiB
 
 
 
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bae6a42be4'
${ noResults }
Go to file
Pieter Wuille bae6a42be4
Make bench use external interface 		10 years ago
include Split up signing and verification initialization 10 years ago
m4 autotools: autotools'ify libsecp256k1 11 years ago
obj Add obj/ directory 12 years ago
src Make bench use external interface 10 years ago
.gitignore build: add autogen. How was this missing? 11 years ago
.travis.yml travis: minimize the dependencies available for each build config 10 years ago
COPYING MIT License 12 years ago
Makefile.am Make bench use external interface 10 years ago
README.md Nothing-up-my-sleeving blinding for a*G 10 years ago
TODO updates 12 years ago
autogen.sh build: add autogen. How was this missing? 11 years ago
configure.ac Only use the libcrypto part of OpenSSL 10 years ago
libsecp256k1.pc.in packaging: fixup pkg-config 11 years ago
nasm_lt.sh autotools: autotools'ify libsecp256k1 11 years ago

README.md

libsecp256k1

Build Status

Optimized C library for EC operations on curve secp256k1.

This library is experimental, so use at your own risk.

Features:

  • Low-level field and group operations on secp256k1.
  • ECDSA signing/verification and key generation.
  • Adding/multiplying private/public keys.
  • Serialization/parsing of private keys, public keys, signatures.
  • Very efficient implementation.

Implementation details

  • General
    • Avoid dynamic memory usage almost everywhere.
  • Field operations
    • Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1).
      • Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys).
      • Using 10 26-bit limbs.
      • Using GMP.
    • Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman).
  • Group operations
    • Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7).
    • Use addition between points in Jacobian and affine coordinates where possible.
  • Point multiplication for verification (aP + bG).
    • Use wNAF notation for point multiplicands.
    • Use a much larger window for multiples of G, using precomputed multiples.
    • Use Shamir's trick to do the multiplication with the public key and the generator simultaneously.
    • Optionally use secp256k1's efficiently-computable endomorphism to split the multiplicands into 4 half-sized ones first.
  • Point multiplication for signing
    • Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions.
    • Slice the precomputed table in memory per byte, so memory access to the table becomes uniform.
    • Not fully constant-time, but the precomputed tables add and eventually subtract points for which no known scalar (private key) is known, blinding non-constant time effects even from an attacker with control over the private key used.

Build steps

libsecp256k1 is built using autotools:

$ ./autogen.sh
$ ./configure
$ make
$ sudo make install  # optional