sparrowwallet/UltrafastSecp256k1
sparrowwallet/UltrafastSecp256k1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
UltrafastSecp256k1/bindings/python
History
shrec 3a86fcef1e
Harden ABI and finish bindings validation
2026-03-23 02:30:44 +00:00
..
tests audit: add AUDIT_COVERAGE.md + ASCII cleanup + CT fixes 2026-02-25 19:14:21 +04:00
ufsecp Harden ABI and finish bindings validation 2026-03-23 02:30:44 +00:00
ultrafast_secp256k1 Harden ABI and finish bindings validation 2026-03-23 02:30:44 +00:00
pyproject.toml feat(bindings): add 12-language binding suite + CI workflow 2026-02-18 13:55:27 +04:00
pyproject.ufsecp.toml fix: schnorr parity, CFL hardening, MIT license (#48) 2026-02-27 19:45:10 +04:00
README.md Harden ABI and finish bindings validation 2026-03-23 02:30:44 +00:00

README.md

ufsecp -- Python

Python ctypes binding for UltrafastSecp256k1 -- high-performance secp256k1 elliptic curve cryptography.

Features

  • ECDSA -- sign, verify, recover, DER serialization (RFC 6979)
  • Schnorr -- BIP-340 sign/verify
  • ECDH -- compressed, x-only, raw shared secret
  • BIP-32 -- HD key derivation (master/derive/path/privkey/pubkey)
  • Taproot -- output key tweaking, verification (BIP-341)
  • Addresses -- P2PKH, P2WPKH, P2TR
  • WIF -- encode/decode
  • Hashing -- SHA-256 (hardware-accelerated), HASH160, tagged hash
  • Key tweaking -- negate, add, multiply
  • Ethereum -- Keccak-256, EIP-55 addresses, EIP-155 sign, ecrecover
  • BIP-39 -- mnemonic generation, validation, seed derivation
  • Multi-coin wallet -- 7-coin address dispatch (BTC/LTC/DOGE/DASH/ETH/BCH/TRX)
  • Batch verification -- ECDSA + Schnorr batch verify with invalid identification
  • MuSig2 -- BIP-327 multi-signatures (key agg, nonce gen, partial sign, aggregate)
  • FROST -- threshold signatures (keygen, sign, aggregate, verify)
  • Adaptor signatures -- Schnorr + ECDSA adaptor pre-sign, adapt, extract
  • Pedersen commitments -- commit, verify, sum balance, switch commitments
  • ZK proofs -- knowledge proof, DLEQ proof, Bulletproof range proof
  • Multi-scalar multiplication -- Shamir's trick, MSM
  • Pubkey arithmetic -- add, negate, combine N keys
  • SHA-512 -- full SHA-512 hash
  • Message signing -- BIP-137 Bitcoin message sign/verify

Install

pip install ufsecp

Requires the native libufsecp.so / ufsecp.dll / libufsecp.dylib alongside the package or set UFSECP_LIB env var.

Quick Start

from ufsecp import Ufsecp

with Ufsecp() as ctx:
    privkey = bytes(31) + b'\x01'
    pubkey = ctx.pubkey_create(privkey)
    msg_hash = ctx.sha256(b'hello')
    sig = ctx.ecdsa_sign(msg_hash, privkey)
    valid = ctx.ecdsa_verify(msg_hash, sig, pubkey)

ECDSA Recovery

rs = ctx.ecdsa_sign_recoverable(msg_hash, privkey)
recovered = ctx.ecdsa_recover(msg_hash, rs.signature, rs.recovery_id)

BIP-32 HD Derivation

master = ctx.bip32_master(seed)
child = ctx.bip32_derive_path(master, "m/44'/0'/0'/0/0")
child_priv = ctx.bip32_privkey(child)
child_pub = ctx.bip32_pubkey(child)

Taproot (BIP-341)

tok = ctx.taproot_output_key(xonly_pub)
tweaked = ctx.taproot_tweak_seckey(privkey)
valid = ctx.taproot_verify(tok.output_key_x, tok.parity, xonly_pub)

Architecture Note

The C ABI layer uses the fast (variable-time) implementation for maximum throughput. A constant-time (CT) layer with identical mathematical operations is available via the C++ headers for applications requiring timing-attack resistance.

Performance Tuning

When building the native library from source, you can tune scalar multiplication (k*P) performance via the GLV window width:

cmake -S . -B build -DSECP256K1_GLV_WINDOW_WIDTH=6
Window Default On Tradeoff
w=4 ESP32, WASM Smaller tables, more point additions
w=5 x86-64, ARM64, RISC-V Balanced (default)
w=6 -- Larger tables, fewer additions

See docs/PERFORMANCE_GUIDE.md for detailed benchmarks and per-platform tuning advice.

Smoke Validation

bash libs/UltrafastSecp256k1/scripts/validate_bindings.sh

License

MIT