csecp256k1

Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).
git clone git://git.ppad.tech/csecp256k1.git
Log | Files | Refs | README | LICENSE
commit a0d6dd2198395fd8ef78cb120f7d36c33b596379
parent 8a319e392574efd217faf929059d2707e8876a07
Author: Jared Tobin <jared@jtobin.io>
Date:   Thu,  7 Nov 2024 16:42:29 +0400

meta: readme

Diffstat:

MREADME.md | 65++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------


1 file changed, 56 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
@@ -12,6 +12,60 @@ as utilities for public key manipulation.
 API documentation and examples are hosted at
 [docs.ppad.tech/csecp256k1][hadoc].
 
+## Performance
+
+As we bind to libsecp256k1, the resulting functions are very fast:
+
+```
+  benchmarking csecp256k1/ecdsa/sign
+  time                 33.67 μs   (33.43 μs .. 34.00 μs)
+                       1.000 R²   (0.999 R² .. 1.000 R²)
+  mean                 33.74 μs   (33.64 μs .. 33.87 μs)
+  std dev              378.5 ns   (259.2 ns .. 606.8 ns)
+
+  benchmarking csecp256k1/ecdsa/verify
+  time                 38.01 μs   (37.44 μs .. 38.65 μs)
+                       0.999 R²   (0.998 R² .. 1.000 R²)
+  mean                 37.82 μs   (37.56 μs .. 38.16 μs)
+  std dev              912.8 ns   (657.5 ns .. 1.263 μs)
+  variance introduced by outliers: 22% (moderately inflated)
+
+  benchmarking csecp256k1/schnorr/sign
+  time                 49.97 μs   (49.60 μs .. 50.41 μs)
+                       0.999 R²   (0.999 R² .. 1.000 R²)
+  mean                 49.95 μs   (49.54 μs .. 50.54 μs)
+  std dev              1.618 μs   (1.200 μs .. 2.399 μs)
+  variance introduced by outliers: 34% (moderately inflated)
+
+  benchmarking csecp256k1/schnorr/verify
+  time                 41.84 μs   (41.32 μs .. 42.26 μs)
+                       0.999 R²   (0.998 R² .. 0.999 R²)
+  mean                 41.50 μs   (41.06 μs .. 41.94 μs)
+  std dev              1.432 μs   (1.167 μs .. 1.715 μs)
+  variance introduced by outliers: 37% (moderately inflated)
+
+  benchmarking csecp256k1/ecdh/ecdh
+  time                 47.43 μs   (46.78 μs .. 48.19 μs)
+                       0.998 R²   (0.997 R² .. 0.999 R²)
+  mean                 46.86 μs   (46.33 μs .. 47.58 μs)
+  std dev              2.075 μs   (1.609 μs .. 2.747 μs)
+  variance introduced by outliers: 49% (moderately inflated)
+```
+
+## Security
+
+These bindings aim at the maximum security achievable in a
+garbage-collected language under an optimizing compiler such as GHC, in
+which strict constant-timeness can be challenging to achieve.
+
+The Schnorr implementation within has been tested against the [official
+BIP0340 vectors][ut340] (sans those using arbitrary-size messages, which
+we're not at present supporting), and ECDSA has been tested against the
+relevant [Wycheproof vectors][wyche].
+
+If you discover any vulnerabilities, please disclose them via
+security@ppad.tech.
+
 ## Development
 
 You'll require [Nix][nixos] with [flake][flake] support enabled. Enter a
@@ -45,15 +99,6 @@ and the benchmarks via:
 $ cabal bench
 ```
 
-## Security
-
-These bindings aim at the maximum security achievable in a
-garbage-collected language under an optimizing compiler such as GHC, in
-which strict constant-timeness can be challenging to achieve.
-
-If you discover any vulnerabilities, please disclose them via
-security@ppad.tech.
-
 ## Attribution
 
 This implementation has benefited greatly and uses modified versions of
@@ -65,3 +110,5 @@ manipulation) and [rust-secp256k1][rsecp] (dependency vendoring).
 [hadoc]: https://docs.ppad.tech/csecp256k1
 [hsecp]: https://github.com/haskoin/secp256k1-haskell
 [rsecp]: https://github.com/rust-bitcoin/rust-secp256k1
+[ut340]: https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
+[wyche]: https://github.com/C2SP/wycheproof