secp256k1

Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).
git clone git://git.ppad.tech/secp256k1.git
Log | Files | Refs | README | LICENSE
commit fb2f9db3671f511e3f903b444b99969f34be6747
parent 81897d9b54b49e9dc0f042420f8aa4971376281f
Author: Jared Tobin <jared@jtobin.io>
Date:   Wed,  4 Feb 2026 17:42:37 +0400

release: v0.5.4

Diffstat:

MCHANGELOG | 9+++++++++


MREADME.md | 30+++++++++++++++---------------


Mppad-secp256k1.cabal | 6+++---


3 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,14 @@
 # Changelog
 
+- 0.5.4 (2026-02-04)
+  * Nonce generation for ECDSA is now more secure due to recent
+    improvements in ppad-hmac-drbg. The DRBG state is now guaranteed
+    to live in only one location on the heap, and it is now wiped
+    explicitly after use.
+
+  * ECDSA signing now allocates about 1.5 orders of magnitude less than
+    it did previously.
+
 - 0.5.3 (2026-01-10)
   * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.
 
diff --git a/README.md b/README.md
@@ -148,17 +148,16 @@ differing inputs is attributable to noise:
   std dev              84.10 ns   (67.03 ns .. 112.7 ns)
 
   benchmarking ecdsa/sign_ecdsa' (small)
-  time                 52.34 μs   (52.22 μs .. 52.49 μs)
+  time                 45.37 μs   (45.30 μs .. 45.45 μs)
                        1.000 R²   (1.000 R² .. 1.000 R²)
-  mean                 52.35 μs   (52.30 μs .. 52.42 μs)
-  std dev              205.9 ns   (159.2 ns .. 281.1 ns)
+  mean                 45.31 μs   (45.25 μs .. 45.38 μs)
+  std dev              231.6 ns   (165.5 ns .. 349.8 ns)
 
   benchmarking ecdsa/sign_ecdsa' (large)
-  time                 52.40 μs   (52.31 μs .. 52.55 μs)
+  time                 45.76 μs   (45.61 μs .. 45.86 μs)
                        1.000 R²   (1.000 R² .. 1.000 R²)
-  mean                 52.66 μs   (52.47 μs .. 52.99 μs)
-  std dev              813.7 ns   (427.9 ns .. 1.244 μs)
-  variance introduced by outliers: 10% (moderately inflated)
+  mean                 45.51 μs   (45.42 μs .. 45.60 μs)
+  std dev              285.5 ns   (235.0 ns .. 356.6 ns)
 
   benchmarking ecdh/ecdh (small)
   time                 143.6 μs   (143.4 μs .. 143.7 μs)
@@ -180,26 +179,27 @@ constant across input sizes for all sensitive operations:
   derive_pub
 
     Case                     Allocated  GCs
-    wnaf, sk = 2                   304    0
-    wnaf, sk = 2 ^ 255 - 19        304    0
+    wnaf, sk = 2                   312    0
+    wnaf, sk = 2 ^ 255 - 19        312    0
 
   schnorr
 
     Case                   Allocated  GCs
-    sign_schnorr' (small)     27,104    0
-    sign_schnorr' (large)     27,104    0
+    sign_schnorr' (small)     14,416    0
+    sign_schnorr' (large)     14,416    0
 
   ecdsa
 
     Case                   Allocated  GCs
-    sign_ecdsa' (small)     61,592    0
-    sign_ecdsa' (large)     61,592    0
+    sign_ecdsa' (small)      1,560    0
+    sign_ecdsa' (large)      1,560    0
 
   ecdh
 
     Case          Allocated  GCs
-    ecdh (small)      1,880    0
-    ecdh (large)      1,880    0
+    ecdh (small)        616    0
+    ecdh (large)        616    0
+
 ```
 
 Though constant-resource execution is enforced rigorously, take
diff --git a/ppad-secp256k1.cabal b/ppad-secp256k1.cabal
@@ -1,6 +1,6 @@
 cabal-version:      3.0
 name:               ppad-secp256k1
-version:            0.5.3
+version:            0.5.4
 synopsis:           Schnorr signatures, ECDSA, and ECDH on the elliptic curve
                     secp256k1
 license:            MIT
@@ -36,8 +36,8 @@ library
   build-depends:
       base >= 4.9 && < 5
     , bytestring >= 0.9 && < 0.13
-    , ppad-hmac-drbg >= 0.2.1 && < 0.3
-    , ppad-sha256 >= 0.3 && < 0.4
+    , ppad-hmac-drbg >= 0.3.1 && < 0.4
+    , ppad-sha256 >= 0.3.2 && < 0.4
     , ppad-fixed >= 0.1.3 && < 0.2
     , primitive >= 0.8 && < 0.10