p256k1

Pure Go implementation of secp256k1 elliptic curve cryptography.

Features

• ECDSA signatures - Sign, verify, and recover public keys
• Schnorr signatures - BIP-340 compliant with batch verification
• ECDH key exchange - Shared secret computation with HKDF support
• Key management - Generation, parsing, serialization, tweaking
• Zero dependencies - No cgo, pure Go
• Platform optimized - AMD64 assembly for critical paths

Installation

go get p256k1.mleku.dev@latest

Quick Start

Using Domain Packages (Recommended)

import (
    "p256k1.mleku.dev/keys"
    "p256k1.mleku.dev/schnorr"
    "p256k1.mleku.dev/ecdsa"
    "p256k1.mleku.dev/exchange"
)

// Generate a key pair
kp, _ := keys.Generate()

// Schnorr signing (BIP-340)
message := make([]byte, 32) // 32-byte message hash
sig, _ := schnorr.Sign(message, kp, nil)

// Verify
xonly, _, _ := keys.XOnlyFromPublic(kp.Pubkey())
valid := schnorr.Verify(sig, message, xonly)

// ECDSA signing
ecdsaSig, _ := ecdsa.Sign(message, kp.Seckey())
valid = ecdsa.Verify(ecdsaSig, message, kp.Pubkey())

// ECDH key exchange
kp2, _ := keys.Generate()
shared, _ := exchange.SharedSecret(kp2.Pubkey(), kp.Seckey())

Using Core Package

import "p256k1.mleku.dev"

// Generate key pair
kp, _ := p256k1.KeyPairGenerate()

// Sign with Schnorr
var sig [64]byte
p256k1.SchnorrSign(sig[:], messageHash, kp, nil)

// Verify
xonly, _, _ := p256k1.XOnlyPubkeyFromPubkey(kp.Pubkey())
valid := p256k1.SchnorrVerify(sig[:], messageHash, xonly)

Packages

Package	Description
p256k1.mleku.dev	Core implementation with all primitives
p256k1.mleku.dev/ecdsa	ECDSA signatures (sign, verify, recover)
p256k1.mleku.dev/schnorr	BIP-340 Schnorr signatures with batch verify
p256k1.mleku.dev/keys	Key generation, parsing, serialization
p256k1.mleku.dev/exchange	ECDH key exchange and HKDF derivation
p256k1.mleku.dev/signer	High-level signer abstraction

Performance

Benchmarks on AMD64 (Ryzen 5):

Operation	Time
Schnorr Sign	~45 µs
Schnorr Verify	~52 µs
ECDSA Sign	~42 µs
ECDSA Verify	~85 µs
ECDH	~45 µs

Batch Schnorr verification provides significant speedups for multiple signatures.

Architecture

The implementation is organized into layers following DDD principles:

1. Field Arithmetic - Operations in F_p (5x52-bit limbs)
2. Scalar Arithmetic - Operations mod group order (4x64-bit limbs)
3. Group Operations - Point arithmetic (affine/Jacobian)
4. Cryptographic Hashing - SHA-256, HMAC, tagged hashes
5. Signature Schemes - ECDSA and Schnorr
6. Key Management - KeyPair aggregate root
7. Key Exchange - ECDH with HKDF

Optimizations

• GLV endomorphism for faster scalar multiplication
• Strauss algorithm for combined multiplications
• wNAF representation for reduced point additions
• Precomputed generator tables
• AMD64 assembly for field/scalar operations
• Batch normalization and verification
• Zero-allocation hot paths

Platform Support

• AMD64 - Optimized assembly (AVX2/BMI2 when available)
• 32-bit - Pure Go fallback
• WASM - WebAssembly compatible
• Other - Generic pure Go implementation

Security

• Constant-time operations for secret-dependent code paths
• RFC 6979 deterministic nonce generation for ECDSA
• BIP-340 compliant Schnorr signatures
• Secure memory clearing for sensitive data

License

MIT License - derived from libsecp256k1.