Secp256k1 curve package

Pure python implementation for scp256k1 curve algebra and associated ECDSA - SCHNORR signatures.

>>> from dposlib.ark import secp256k1
>>> G = secp256k1.Point(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
>>> G.y
32670510020758816978083085130507043184471273380659243275938904335757337482424
>>> G
<secp256k1 point:
  x:79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
  y:483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
>
>>> G+G == 2*G
True
>>> secp256k1.PublicKey.from_int(secp256k1.int_from_bytes(secp256k1.hash_sha256("secret")))
<secp256k1 public key:
  x:a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933
  y:924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921
>
>>> secp256k1.PublicKey.from_seed(secp256k1.hash_sha256("secret"))
<secp256k1 public key:
  x:a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933
  y:924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921
>
>>> secp256k1.PublicKey.from_secret("secret")
<secp256k1 public key:
  x:a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933
  y:924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921
>
Sources:
Variables:
  • secret (str): passphrase
  • secret0 (bytes): private key
  • P (list): public key as secp256k1 curve point
  • pubkey (bytes): compressed - encoded public key
  • pubkeyB (bytes): compressed - encoded public key according to bip schnorr spec
  • msg (bytes): sha256 hash of message to sign
  • Uppercase variables refer to points on the curve with equation y²=x³+7 over the integers modulo p
class dposlib.ark.secp256k1.Point(*xy)[source]

secp256k1 point . Initialization can be done with sole x value. Point overrides * and + operators which accepts list as argument and returns Point.

static decode(pubkey)[source]

See point_from_encoded().

encode()[source]

See encoded_from_point().

x

Return list item #0

y

Return list item #1

class dposlib.ark.secp256k1.PublicKey(*xy)[source]

Point extension providing specific initialization methods.

static from_int(value)[source]

Compute a public key from int value.

Parameters:value (int) – scalar to use
Returns:the public key
Return type:PublicKey
static from_secret(secret)[source]

Compute a public key from secret passphrase.

Parameters:value (str) – secret passphrase to use
Returns:the public key
Return type:PublicKey
static from_seed(seed)[source]

Compute a public key from bytes value.

Parameters:value (bytes) – bytes sequence to use
Returns:the public key
Return type:PublicKey
dposlib.ark.secp256k1.der_from_sig(r, s)[source]

Encode a signature according DER spec.

Parameters:
  • r (int) – signature part #1
  • s (int) – signature part #2
Returns:

encoded signature

Return type:

bytes

dposlib.ark.secp256k1.encoded_from_point(P)[source]
Encode and compress a secp256k1 point:
  • bytes(2) || bytes(x) if y is even
  • bytes(3) || bytes(x) if y is odd
Parameters:P (list) – secp256k1 point
Returns:compressed and encoded point
Return type:bytes
dposlib.ark.secp256k1.hash_sha256(b)[source]
Parameters:b (bytes or str) – sequence to be hashed
Returns:sha256 hash
Return type:bytes
dposlib.ark.secp256k1.point_add(P1, P2)[source]

Add secp256k1 points.

Parameters:
  • P1 (list) – first secp256k1 point
  • P2 (list) – second secp256k1 point
Returns:

secp256k1 point

Return type:

list

dposlib.ark.secp256k1.point_from_encoded(pubkey)[source]

Decode and decompress a secp256k1 point.

Parameters:pubkey (bytes) – compressed and encoded point
Returns:secp256k1 point
Return type:list
dposlib.ark.secp256k1.point_mul(P, n)[source]

Multiply secp256k1 point with scalar.

Parameters:
  • P (list) – secp256k1 point
  • n (int) – scalar
Returns:

secp256k1 point

Return type:

list

dposlib.ark.secp256k1.rand_k()[source]

Generate a random nonce.

dposlib.ark.secp256k1.rfc6979_k(msg, secret0, V=None)[source]

Generate a deterministic nonce according to rfc6979 spec.

Parameters:
  • msg (bytes) – 32-bytes sequence
  • secret0 (bytes) – private key
  • V (bytes) –
Returns:

deterministic nonce

Return type:

int

dposlib.ark.secp256k1.sig_from_der(der)[source]

Decode a DER signature.

Parameters:der (bytes) – encoded signature
Returns:signature (r, s)
Return type:(int, int)
dposlib.ark.secp256k1.tagged_hash(tag, msg)[source]

Return sha256(sha256(tag) || sha256(tag) || msg). Tagged hash are registered to speed up code execution.

Parameters:
  • tag (str) – tag to use
  • msg (bytes) – sha256 hash of message to sign
Returns:

tagged hash

Return type:

bytes

dposlib.ark.secp256k1.x(P)[source]

Return P.x or P[0].

Parameters:P (list) – secp256k1 point
Returns:x
Return type:int
dposlib.ark.secp256k1.y(P)[source]

Return P.y or P[1].

Parameters:P (list) – secp256k1 point
Returns:y
Return type:int
dposlib.ark.secp256k1.y_from_x(x)[source]

Compute P.y from P.x according to y²=x³+7.

ECDSA signatures

dposlib.ark.secp256k1.ecdsa.rfc6979_sign(msg, secret0, canonical=True)[source]

Generate signature according to ECDSA scheme using a RFC-6979 nonce

Parameters:
  • msg (bytes) – sha256 message-hash
  • secret0 (bytes) – private key
  • canonical (bool) – canonalize signature
Returns:

DER signature

Return type:

bytes

dposlib.ark.secp256k1.ecdsa.sign(msg, secret0, k=None, canonical=True)[source]

Generate signature according to ECDSA scheme.

Parameters:
  • msg (bytes) – sha256 message-hash
  • secret0 (bytes) – private key
  • k (int) – nonce (random nonce used if k=None)
  • canonical (bool) – canonalize signature
Returns:

DER signature

Return type:

bytes

dposlib.ark.secp256k1.ecdsa.verify(msg, pubkey, sig)[source]

Check signature according to ECDSA scheme.

Parameters:
  • msg (bytes) – sha256 message-hash
  • pubkey (bytes) – encoded public key
  • sig (bytes) – signature
Returns:

True if match

Return type:

bool

Schnorr signatures

dposlib.ark.secp256k1.schnorr.bcrypto410_sign(msg, seckey0)[source]

Generate message signature according to Bcrypto 4.10 schnorr spec.

Parameters:
  • msg (bytes) – sha256 message-hash
  • secret0 (bytes) – private key
Returns:

RAW signature

Return type:

bytes

dposlib.ark.secp256k1.schnorr.bcrypto410_verify(msg, pubkey, sig)[source]

Check if public key match message signature according to Bcrypto 4.10 schnorr spec.

Parameters:
  • msg (bytes) – sha256 message-hash
  • pubkey (bytes) – encoded public key
  • sig (bytes) – signature
Returns:

True if match

Return type:

bool

dposlib.ark.secp256k1.schnorr.bytes_from_point(P)[source]

Encode a public key as defined in BIP schnorr spec.

Parameters:P (Point) – secp256k1 curve point
Returns:encoded public key
Return type:bytes
dposlib.ark.secp256k1.schnorr.point_from_bytes(pubkeyB)[source]

Decode a public key as defined in BIP schnorr spec.

Parameters:pubkeyB (bytes) – encoded public key
Returns:secp256k1 curve point
Return type:Point
dposlib.ark.secp256k1.schnorr.sign(msg, seckey0)[source]

Generate message signature according to BIP schnorr spec.

Parameters:
  • msg (bytes) – sha256 message-hash
  • secret0 (bytes) – private key
Returns:

RAW signature

Return type:

bytes

dposlib.ark.secp256k1.schnorr.verify(msg, pubkey, sig)[source]

Check if public key match message signature according to BIP schnorr spec.

Parameters:
  • msg (bytes) – sha256 message-hash
  • pubkey (bytes) – encoded public key
  • sig (bytes) – signature
Returns:

True if match

Return type:

bool