secp256k1

Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).
git clone git://git.ppad.tech/secp256k1.git
Log | Files | Refs | README | LICENSE

CHANGELOG (2715B)

      1 # Changelog
      2 
      3 - 0.5.4 (2026-02-04)
      4   * Nonce generation for ECDSA is now more secure due to recent
      5     improvements in ppad-hmac-drbg. The DRBG state is now guaranteed
      6     to live in only one location on the heap, and it is now wiped
      7     explicitly after use.
      8 
      9   * ECDSA signing now allocates about 1.5 orders of magnitude less than
     10     it did previously.
     11 
     12 - 0.5.3 (2026-01-10)
     13   * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.
     14 
     15 - 0.5.2 (2025-12-28)
     16   * Adds an explicit 64-bit architecture constraint.
     17   * Tests on GHC.10.3.
     18 
     19 - 0.5.1 (2025-12-27)
     20   * Improves the constant-time semantics in wNAF scalar multiplication,
     21     replacing "indexing via a constant-time selected value" by performing
     22     a full window scan and selecting via mask.
     23 
     24 - 0.5.0 (2025-12-21)
     25   * We get a significant upgrade to all functionality by pulling in the
     26     ppad-fixed library for large unsigned and Montgomery-form integers.
     27     Constant-time and allocation properties are made much more rigorous
     28     across the board, as we no longer depend on 'Integer' whatsoever.
     29 
     30     This version also improves performance radically throughout. A
     31     summary of the speedups achieved:
     32 
     33     sign_schnorr:   ~7.1x speedup
     34     verify_schnorr: ~4.5x speedup
     35     sign_ecdsa:     ~1.5x speedup
     36     verify_ecdsa:   ~4.5x speedup
     37 
     38 - 0.4.0 (2025-06-21)
     39   * Scalar multiplication, signing, verifying, and ECHD functions are now
     40     all total, returning 'Nothing' when supplied with invalid inputs.
     41   * Adds a group element check to 'mul_wnaf'.
     42 
     43 - 0.3.0 (2025-03-14)
     44   * Adds 'ecdh' for computing ECDH secrets, any given secret being the
     45     SHA256 hash of the x-coordinate of the appropriate secp256k1 point.
     46 
     47 - 0.2.2 (2025-02-16)
     48   * Exports the secp256k1 "point at infinity" as _CURVE_ZERO.
     49 
     50 - 0.2.1 (2024-12-18)
     51   * Adds 'serialize_point' for compressed-format serialization of
     52     secp256k1 points.
     53 
     54 - 0.2.0 (2024-11-08)
     55   * Adds wNAF ("w-ary non-adjacent form") scalar multiplication, as
     56     well as fast 'sign' and 'verify' variants for Schnorr and ECDSA
     57     (disambiguated by a trailing apostrophe) that make use of it.
     58 
     59     Each wNAF-powered function requires a 'Context' consisting of
     60     precomputed secp256k1 generator multiples; one can be gotten via
     61     'precompute'.
     62 
     63     Note that the non-wNAF-powered sign and verify functions have
     64     incurred a slight performance decrease (on the order of tens to
     65     hundreds of microseconds) as a result.
     66 
     67   * Adds 'parse_sig' for parsing compact signatures.
     68 
     69   * Adds a dependency on the 'primitive' library (already transitively required
     70     via 'ppad-hmac-drbg').
     71 
     72 - 0.1.0 (2024-10-19)
     73   * Initial release, supporting public key derivation and Schnorr &
     74     ECDSA signatures on secp256k1.
     75