commit f179ea0c298a8d9d0bc20649003554e5d22939b7
parent 2e4fe1c16d971fb43e9efb70d01d4e2dfc5c4a56
Author: Jared Tobin <jared@jtobin.io>
Date: Fri, 14 Mar 2025 14:58:02 +0400
release: v0.3.0
Diffstat:
4 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,9 @@
# Changelog
+- 0.3.0 (2025-03-14)
+ * Adds 'ecdh' for computing ECDH secrets, any given secret being the
+ SHA256 hash of the x-coordinate of the appropriate secp256k1 point.
+
- 0.2.2 (2025-02-16)
* Exports the secp256k1 "point at infinity" as _CURVE_ZERO.
diff --git a/README.md b/README.md
@@ -118,13 +118,14 @@ garbage-collected language under an optimizing compiler such as GHC, in
which strict constant-timeness can be [challenging to achieve][const].
The Schnorr implementation within has been tested against the [official
-BIP0340 vectors][ut340], and ECDSA has been tested against the relevant
-[Wycheproof vectors][wyche], so their implementations are likely to be
-accurate and safe from attacks targeting e.g. faulty nonce generation or
-malicious inputs for signature parameters. Timing-sensitive operations,
-e.g. elliptic curve scalar multiplication, have been explicitly written
-so as to execute *algorithmically* in time constant with respect to
-secret data, and evidence from benchmarks supports this:
+BIP0340 vectors][ut340], and ECDSA and ECDH have been tested against
+the relevant [Wycheproof vectors][wyche], so their implementations
+are likely to be accurate and safe from attacks targeting e.g. faulty
+nonce generation or malicious inputs for signature or public key
+parameters. Timing-sensitive operations, e.g. elliptic curve scalar
+multiplication, have been explicitly written so as to execute
+*algorithmically* in time constant with respect to secret data, and
+evidence from benchmarks supports this:
```
benchmarking derive_pub/sk = 2
diff --git a/lib/Crypto/Curve/Secp256k1.hs b/lib/Crypto/Curve/Secp256k1.hs
@@ -15,10 +15,11 @@
-- Maintainer: Jared Tobin <jared@ppad.tech>
--
-- Pure [BIP0340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki)
--- Schnorr signatures and deterministic
+-- Schnorr signatures, deterministic
-- [RFC6979](https://www.rfc-editor.org/rfc/rfc6979) ECDSA (with
-- [BIP0146](https://github.com/bitcoin/bips/blob/master/bip-0146.mediawiki)-style
--- "low-S" signatures) on the elliptic curve secp256k1.
+-- "low-S" signatures), and ECDH shared secret computation
+-- on the elliptic curve secp256k1.
module Crypto.Curve.Secp256k1 (
-- * Field and group parameters
@@ -1241,7 +1242,7 @@ _verify_ecdsa_unrestricted _mul (SHA256.hash -> h) p (ECDSA r s)
-- ecdh -----------------------------------------------------------------------
--- SEC1-v2 3.3.1, plus hash
+-- SEC1-v2 3.3.1, plus SHA256 hash
-- | Compute a shared secret, given a secret key and public secp256k1 point,
-- via Elliptic Curve Diffie-Hellman (ECDH).
diff --git a/ppad-secp256k1.cabal b/ppad-secp256k1.cabal
@@ -1,7 +1,8 @@
cabal-version: 3.0
name: ppad-secp256k1
-version: 0.2.2
-synopsis: Schnorr signatures & ECDSA on the elliptic curve secp256k1
+version: 0.3.0
+synopsis: Schnorr signatures, ECDSA, and ECDH on the elliptic curve
+ secp256k1
license: MIT
license-file: LICENSE
author: Jared Tobin
@@ -11,8 +12,8 @@ build-type: Simple
tested-with: GHC == { 9.8.1, 9.6.4 }
extra-doc-files: CHANGELOG
description:
- Pure BIP0340-style Schnorr signatures and deterministic RFC6979 ECDSA on
- the elliptic curve secp256k1.
+ Pure BIP0340-style Schnorr signatures, deterministic RFC6979 ECDSA, and
+ ECDH shared secret computation on the elliptic curve secp256k1.
source-repository head
type: git