Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for secp256k1 #187

Open
smondet opened this issue Nov 30, 2023 · 2 comments · May be fixed by #259
Open

Support for secp256k1 #187

smondet opened this issue Nov 30, 2023 · 2 comments · May be fixed by #259
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@smondet
Copy link

smondet commented Nov 30, 2023

#101 says it requires "more thorough investigation"

is it planned?
@hannesm
Copy link
Member

hannesm commented Nov 30, 2023

The good news is that the primitives (finite element operations) can be generated by fiat-crypto.

The missing bits are the group operations, and the DSA/DH (depending on what you need) on top of it -- this was easy (available) for the r1 curves (point_operations.h / inversion_template.h) -- if you find corresponding code somewhere in the public domain (under a permissive license), that should be straightforward. Maybe you want to follow up on mit-plv/fiat-crypto#1444? Or follow the discussion over there to find the right code?

I won't have much time to look into this, unfortunately.

@hannesm hannesm added enhancement New feature or request help wanted Extra attention is needed labels Feb 11, 2024
@ansiwen
Copy link

ansiwen commented Feb 16, 2025
edited
Loading

@hannesm: I looked into this and have the plan to implement it. Some questions, before I dive deeper into this: in mit-plv/fiat-crypto#1444 (comment) the ecckiila project is mentioned, which creates the group operations for a=0 from OP3 files of the algorithms from https://eprint.iacr.org/2015/1060. Have you looked at these at that time already and ruled them out for some reason? Or would it be ok to use these?

ansiwen added a commit to ansiwen/mirage-crypto that referenced this issue Mar 4, 2025
@ansiwen
mirage-crypto-ec: implementation of SECP256K1
1a4e3f2 
This change implements the SECP256K1 curve (also known as the Bitcoin
curve).
 - field primitives are generated by the fiat-crypto project[1]
 - point primitives are generated by the ECCKiila project[2]
 - Ocaml point operations are taken from NIST implementation, adapted to
   ECCKiila point primitives and optimized for a=0.
 - testvectors for ECDH and ECDSA verification from wycheproof[3]

Closes: mirage#187

[1] https://github.com/mit-plv/fiat-crypto
[2] https://gitlab.com/nisec/ecckiila
[3] https://github.com/C2SP/wycheproof
@ansiwen ansiwen linked a pull request Mar 4, 2025 that will close this issue
Open
ansiwen added a commit to ansiwen/mirage-crypto that referenced this issue Mar 5, 2025
@ansiwen
mirage-crypto-ec: implementation of SECP256K1
e969714 
This change implements the SECP256K1 curve (also known as the Bitcoin
curve).
 - field primitives are generated by the fiat-crypto project[1]
 - point primitives are generated by the ECCKiila project[2]
 - Ocaml point operations are taken from NIST implementation, adapted to
   ECCKiila point primitives and optimized for a=0.
 - testvectors for ECDH and ECDSA verification from wycheproof[3]

Closes: mirage#187

[1] https://github.com/mit-plv/fiat-crypto
[2] https://gitlab.com/nisec/ecckiila
[3] https://github.com/C2SP/wycheproof
ansiwen added a commit to ansiwen/mirage-crypto that referenced this issue Mar 5, 2025
@ansiwen
mirage-crypto-ec: implementation of SECP256K1
2ba6d43 
This change implements the SECP256K1 curve (also known as the Bitcoin
curve).
 - field primitives are generated by the fiat-crypto project[1]
 - point primitives are generated by the ECCKiila project[2]
 - Ocaml point operations are taken from NIST implementation, adapted to
   ECCKiila point primitives and optimized for a=0.
 - testvectors for ECDH and ECDSA verification from wycheproof[3]

Closes: mirage#187

[1] https://github.com/mit-plv/fiat-crypto
[2] https://gitlab.com/nisec/ecckiila
[3] https://github.com/C2SP/wycheproof
ansiwen added a commit to ansiwen/mirage-crypto that referenced this issue Mar 8, 2025
@ansiwen
mirage-crypto-ec: implementation of SECP256K1
4ad1c59 
This change implements the SECP256K1 curve (also known as the Bitcoin
curve).
 - field primitives are generated by the fiat-crypto project[1]
 - point primitives are generated by the ECCKiila project[2]
 - Ocaml point operations are taken from NIST implementation, adapted to
   ECCKiila point primitives and optimized for a=0.
 - testvectors for ECDH and ECDSA verification from wycheproof[3]

Closes: mirage#187

[1] https://github.com/mit-plv/fiat-crypto
[2] https://gitlab.com/nisec/ecckiila
[3] https://github.com/C2SP/wycheproof
ansiwen added a commit to ansiwen/mirage-crypto that referenced this issue Mar 9, 2025
@ansiwen
mirage-crypto-ec: implementation of SECP256K1
2a72233 
This change implements the SECP256K1 curve (also known as the Bitcoin
curve).
 - field primitives are generated by the fiat-crypto project[1]
 - point primitives are generated by the ECCKiila project[2]
 - Ocaml point operations are taken from NIST implementation, adapted to
   ECCKiila point primitives and optimized for a=0.
 - testvectors for ECDH and ECDSA verification from wycheproof[3]

Closes: mirage#187

[1] https://github.com/mit-plv/fiat-crypto
[2] https://gitlab.com/nisec/ecckiila
[3] https://github.com/C2SP/wycheproof
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

mirage-crypto-ec: implementation of SECP256K1 ansiwen/mirage-crypto
3 participants
@hannesm @smondet @ansiwen