Secp256k1 curve package¶

Pure python implementation for scp256k1 curve algebra and associated ECDSA - SCHNORR signatures.

>>> from dposlib.ark import secp256k1
>>> G = secp256k1.Point(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
>>> G.y
32670510020758816978083085130507043184471273380659243275938904335757337482424
>>> G
<secp256k1 point:
  x:79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
  y:483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
>
>>> G+G == 2*G
True

>>> secp256k1.PublicKey.from_int(secp256k1.int_from_bytes(secp256k1.hash_sha256("secret")))
<secp256k1 public key:
  x:a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933
  y:924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921
>
>>> secp256k1.PublicKey.from_seed(secp256k1.hash_sha256("secret"))
<secp256k1 public key:
  x:a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933
  y:924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921
>
>>> secp256k1.PublicKey.from_secret("secret")
<secp256k1 public key:
  x:a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933
  y:924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921
>

Sources:

Variables:

secret (str): passphrase
secret0 (bytes): private key
P (list): public key as secp256k1 curve point
pubkey (bytes): compressed - encoded public key
pubkeyB (bytes): compressed - encoded public key according to bip schnorr spec
msg (bytes): sha256 hash of message to sign
Uppercase variables refer to points on the curve with equation y²=x³+7 over the integers modulo p

class dposlib.ark.secp256k1.Point(*xy)[source]¶

secp256k1 point . Initialization can be done with sole x value. Point overrides * and + operators which accepts list as argument and returns Point.

static decode(pubkey)[source]¶: See point_from_encoded().

encode()[source]¶: See encoded_from_point().

x¶: Return list item #0

y¶: Return list item #1

class dposlib.ark.secp256k1.PublicKey(*xy)[source]¶

Point extension providing specific initialization methods.

static from_int(value)[source]¶

Compute a public key from int value.

Parameters:	value (`int`) – scalar to use
Returns:	the public key
Return type:	`PublicKey`

static from_secret(secret)[source]¶

Compute a public key from secret passphrase.

Parameters:	value (`str`) – secret passphrase to use
Returns:	the public key
Return type:	`PublicKey`

static from_seed(seed)[source]¶

Compute a public key from bytes value.

Parameters:	value (`bytes`) – bytes sequence to use
Returns:	the public key
Return type:	`PublicKey`

dposlib.ark.secp256k1.der_from_sig(r, s)[source]¶

Encode a signature according DER spec.

Parameters:	r (`int`) – signature part #1 s (`int`) – signature part #2
Returns:	encoded signature
Return type:	`bytes`

dposlib.ark.secp256k1.encoded_from_point(P)[source]¶

Encode and compress a secp256k1 point:

bytes(2) || bytes(x) if y is even
bytes(3) || bytes(x) if y is odd

Parameters:	P (`list`) – `secp256k1` point
Returns:	compressed and encoded point
Return type:	`bytes`

dposlib.ark.secp256k1.hash_sha256(b)[source]¶

Parameters:	b (`bytes` or `str`) – sequence to be hashed
Returns:	sha256 hash
Return type:	`bytes`

dposlib.ark.secp256k1.point_add(P1, P2)[source]¶

Add secp256k1 points.

Parameters:	P1 (`list`) – first `secp256k1` point P2 (`list`) – second `secp256k1` point
Returns:	`secp256k1` point
Return type:	`list`

dposlib.ark.secp256k1.point_from_encoded(pubkey)[source]¶

Decode and decompress a secp256k1 point.

Parameters:	pubkey (`bytes`) – compressed and encoded point
Returns:	`secp256k1` point
Return type:	`list`

dposlib.ark.secp256k1.point_mul(P, n)[source]¶

Multiply secp256k1 point with scalar.

Parameters:	P (`list`) – `secp256k1` point n (`int`) – scalar
Returns:	`secp256k1` point
Return type:	`list`

dposlib.ark.secp256k1.rand_k()[source]¶: Generate a random nonce.

dposlib.ark.secp256k1.rfc6979_k(msg, secret0, V=None)[source]¶

Generate a deterministic nonce according to rfc6979 spec.

Parameters:	msg (`bytes`) – 32-bytes sequence secret0 (`bytes`) – private key V (`bytes`) –
Returns:	deterministic nonce
Return type:	`int`

dposlib.ark.secp256k1.sig_from_der(der)[source]¶

Decode a DER signature.

Parameters:	der (`bytes`) – encoded signature
Returns:	signature (r, s)
Return type:	(`int`, `int`)

dposlib.ark.secp256k1.tagged_hash(tag, msg)[source]¶

Return sha256(sha256(tag) || sha256(tag) || msg). Tagged hash are registered to speed up code execution.

Parameters:	tag (`str`) – tag to use msg (`bytes`) – sha256 hash of message to sign
Returns:	tagged hash
Return type:	`bytes`

dposlib.ark.secp256k1.x(P)[source]¶

Return P.x or P[0].

Parameters:	P (`list`) – `secp256k1` point
Returns:	x
Return type:	`int`

dposlib.ark.secp256k1.y(P)[source]¶

Return P.y or P[1].

Parameters:	P (`list`) – `secp256k1` point
Returns:	y
Return type:	`int`

dposlib.ark.secp256k1.y_from_x(x)[source]¶: Compute P.y from P.x according to y²=x³+7.

ECDSA signatures¶

dposlib.ark.secp256k1.ecdsa.rfc6979_sign(msg, secret0, canonical=True)[source]¶

Generate signature according to ECDSA scheme using a RFC-6979 nonce

Parameters:	msg (`bytes`) – sha256 message-hash secret0 (`bytes`) – private key canonical (`bool`) – canonalize signature
Returns:	DER signature
Return type:	`bytes`

dposlib.ark.secp256k1.ecdsa.sign(msg, secret0, k=None, canonical=True)[source]¶

Generate signature according to ECDSA scheme.

Parameters:	msg (`bytes`) – sha256 message-hash secret0 (`bytes`) – private key k (`int`) – nonce (random nonce used if k=None) canonical (`bool`) – canonalize signature
Returns:	DER signature
Return type:	`bytes`

dposlib.ark.secp256k1.ecdsa.verify(msg, pubkey, sig)[source]¶

Check signature according to ECDSA scheme.

Parameters:	msg (`bytes`) – sha256 message-hash pubkey (`bytes`) – encoded public key sig (`bytes`) – signature
Returns:	True if match
Return type:	`bool`

Schnorr signatures¶

dposlib.ark.secp256k1.schnorr.bcrypto410_sign(msg, seckey0)[source]¶

Generate message signature according to Bcrypto 4.10 schnorr spec.

Parameters:	msg (`bytes`) – sha256 message-hash secret0 (`bytes`) – private key
Returns:	RAW signature
Return type:	`bytes`

dposlib.ark.secp256k1.schnorr.bcrypto410_verify(msg, pubkey, sig)[source]¶

Check if public key match message signature according to Bcrypto 4.10 schnorr spec.

Parameters:	msg (`bytes`) – sha256 message-hash pubkey (`bytes`) – encoded public key sig (`bytes`) – signature
Returns:	True if match
Return type:	`bool`

dposlib.ark.secp256k1.schnorr.bytes_from_point(P)[source]¶

Encode a public key as defined in BIP schnorr spec.

Parameters:	P (`Point`) – secp256k1 curve point
Returns:	encoded public key
Return type:	`bytes`

dposlib.ark.secp256k1.schnorr.point_from_bytes(pubkeyB)[source]¶

Decode a public key as defined in BIP schnorr spec.

Parameters:	pubkeyB (`bytes`) – encoded public key
Returns:	secp256k1 curve point
Return type:	`Point`

dposlib.ark.secp256k1.schnorr.sign(msg, seckey0)[source]¶

Generate message signature according to BIP schnorr spec.

Parameters:	msg (`bytes`) – sha256 message-hash secret0 (`bytes`) – private key
Returns:	RAW signature
Return type:	`bytes`

dposlib.ark.secp256k1.schnorr.verify(msg, pubkey, sig)[source]¶

Check if public key match message signature according to BIP schnorr spec.

Parameters:	msg (`bytes`) – sha256 message-hash pubkey (`bytes`) – encoded public key sig (`bytes`) – signature
Returns:	True if match
Return type:	`bool`

Navigation

Related Topics

Secp256k1 curve package¶

ECDSA signatures¶

Schnorr signatures¶