secp256k1

Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).
git clone git://git.ppad.tech/secp256k1.git
Log | Files | Refs | README | LICENSE

CHANGELOG (2372B)

      1 # Changelog
      2 
      3 - 0.5.3 (2026-01-10)
      4   * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.
      5 
      6 - 0.5.2 (2025-12-28)
      7   * Adds an explicit 64-bit architecture constraint.
      8   * Tests on GHC.10.3.
      9 
     10 - 0.5.1 (2025-12-27)
     11   * Improves the constant-time semantics in wNAF scalar multiplication,
     12     replacing "indexing via a constant-time selected value" by performing
     13     a full window scan and selecting via mask.
     14 
     15 - 0.5.0 (2025-12-21)
     16   * We get a significant upgrade to all functionality by pulling in the
     17     ppad-fixed library for large unsigned and Montgomery-form integers.
     18     Constant-time and allocation properties are made much more rigorous
     19     across the board, as we no longer depend on 'Integer' whatsoever.
     20 
     21     This version also improves performance radically throughout. A
     22     summary of the speedups achieved:
     23 
     24     sign_schnorr:   ~7.1x speedup
     25     verify_schnorr: ~4.5x speedup
     26     sign_ecdsa:     ~1.5x speedup
     27     verify_ecdsa:   ~4.5x speedup
     28 
     29 - 0.4.0 (2025-06-21)
     30   * Scalar multiplication, signing, verifying, and ECHD functions are now
     31     all total, returning 'Nothing' when supplied with invalid inputs.
     32   * Adds a group element check to 'mul_wnaf'.
     33 
     34 - 0.3.0 (2025-03-14)
     35   * Adds 'ecdh' for computing ECDH secrets, any given secret being the
     36     SHA256 hash of the x-coordinate of the appropriate secp256k1 point.
     37 
     38 - 0.2.2 (2025-02-16)
     39   * Exports the secp256k1 "point at infinity" as _CURVE_ZERO.
     40 
     41 - 0.2.1 (2024-12-18)
     42   * Adds 'serialize_point' for compressed-format serialization of
     43     secp256k1 points.
     44 
     45 - 0.2.0 (2024-11-08)
     46   * Adds wNAF ("w-ary non-adjacent form") scalar multiplication, as
     47     well as fast 'sign' and 'verify' variants for Schnorr and ECDSA
     48     (disambiguated by a trailing apostrophe) that make use of it.
     49 
     50     Each wNAF-powered function requires a 'Context' consisting of
     51     precomputed secp256k1 generator multiples; one can be gotten via
     52     'precompute'.
     53 
     54     Note that the non-wNAF-powered sign and verify functions have
     55     incurred a slight performance decrease (on the order of tens to
     56     hundreds of microseconds) as a result.
     57 
     58   * Adds 'parse_sig' for parsing compact signatures.
     59 
     60   * Adds a dependency on the 'primitive' library (already transitively required
     61     via 'ppad-hmac-drbg').
     62 
     63 - 0.1.0 (2024-10-19)
     64   * Initial release, supporting public key derivation and Schnorr &
     65     ECDSA signatures on secp256k1.
     66