secp256k1

Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).
git clone git://git.ppad.tech/secp256k1.git
Log | Files | Refs | README | LICENSE

CHANGELOG (2833B)

      1 # Changelog
      2 
      3 - 0.5.5 (2026-05-22)
      4   * Adds no-hash ECDSA signature verification utilities that skip the
      5     internal SHA256 step.
      6 
      7 - 0.5.4 (2026-02-04)
      8   * Nonce generation for ECDSA is now more secure due to recent
      9     improvements in ppad-hmac-drbg. The DRBG state is now guaranteed
     10     to live in only one location on the heap, and it is now wiped
     11     explicitly after use.
     12 
     13   * ECDSA signing now allocates about 1.5 orders of magnitude less than
     14     it did previously.
     15 
     16 - 0.5.3 (2026-01-10)
     17   * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.
     18 
     19 - 0.5.2 (2025-12-28)
     20   * Adds an explicit 64-bit architecture constraint.
     21   * Tests on GHC.10.3.
     22 
     23 - 0.5.1 (2025-12-27)
     24   * Improves the constant-time semantics in wNAF scalar multiplication,
     25     replacing "indexing via a constant-time selected value" by performing
     26     a full window scan and selecting via mask.
     27 
     28 - 0.5.0 (2025-12-21)
     29   * We get a significant upgrade to all functionality by pulling in the
     30     ppad-fixed library for large unsigned and Montgomery-form integers.
     31     Constant-time and allocation properties are made much more rigorous
     32     across the board, as we no longer depend on 'Integer' whatsoever.
     33 
     34     This version also improves performance radically throughout. A
     35     summary of the speedups achieved:
     36 
     37     sign_schnorr:   ~7.1x speedup
     38     verify_schnorr: ~4.5x speedup
     39     sign_ecdsa:     ~1.5x speedup
     40     verify_ecdsa:   ~4.5x speedup
     41 
     42 - 0.4.0 (2025-06-21)
     43   * Scalar multiplication, signing, verifying, and ECHD functions are now
     44     all total, returning 'Nothing' when supplied with invalid inputs.
     45   * Adds a group element check to 'mul_wnaf'.
     46 
     47 - 0.3.0 (2025-03-14)
     48   * Adds 'ecdh' for computing ECDH secrets, any given secret being the
     49     SHA256 hash of the x-coordinate of the appropriate secp256k1 point.
     50 
     51 - 0.2.2 (2025-02-16)
     52   * Exports the secp256k1 "point at infinity" as _CURVE_ZERO.
     53 
     54 - 0.2.1 (2024-12-18)
     55   * Adds 'serialize_point' for compressed-format serialization of
     56     secp256k1 points.
     57 
     58 - 0.2.0 (2024-11-08)
     59   * Adds wNAF ("w-ary non-adjacent form") scalar multiplication, as
     60     well as fast 'sign' and 'verify' variants for Schnorr and ECDSA
     61     (disambiguated by a trailing apostrophe) that make use of it.
     62 
     63     Each wNAF-powered function requires a 'Context' consisting of
     64     precomputed secp256k1 generator multiples; one can be gotten via
     65     'precompute'.
     66 
     67     Note that the non-wNAF-powered sign and verify functions have
     68     incurred a slight performance decrease (on the order of tens to
     69     hundreds of microseconds) as a result.
     70 
     71   * Adds 'parse_sig' for parsing compact signatures.
     72 
     73   * Adds a dependency on the 'primitive' library (already transitively required
     74     via 'ppad-hmac-drbg').
     75 
     76 - 0.1.0 (2024-10-19)
     77   * Initial release, supporting public key derivation and Schnorr &
     78     ECDSA signatures on secp256k1.
     79