mirage-crypto-ec: implementation of SECP256K1

This change implements the SECP256K1 curve (also known as the Bitcoin curve). - field primitives are generated by the fiat-crypto project[1] - point primitives are generated by the ECCKiila project[2] - Ocaml point operations are taken from NIST implementation, adapted to ECCKiila point primitives and optimized for a=0. - testvectors for ECDH and ECDSA verification from wycheproof[3] Closes: #187 [1] https://github.com/mit-plv/fiat-crypto [2] https://gitlab.com/nisec/ecckiila [3] https://github.com/C2SP/wycheproof
mirage · Mar 4, 2025 · 1a4e3f2 · 1a4e3f2
1 parent cadf0e1
commit 1a4e3f2
Show file tree

Hide file tree

Showing 11 changed files with 30,906 additions and 137 deletions.
diff --git a/bench/speed.ml b/bench/speed.ml
@@ -193,6 +193,13 @@ let ecdsa_p256 =
 
 let ecdsa_p256_sig () = Mirage_crypto_ec.P256.Dsa.sign ~key:ecdsa_p256 msg_str_32
 
+let ecdsa_p256k1 =
+  Result.get_ok
+    (Mirage_crypto_ec.P256k1.Dsa.priv_of_octets
+       "\x08\x9f\x4f\xfc\xcc\xf9\xba\x13\xfe\xdd\x09\x42\xef\x08\xcf\x2d\x90\x9f\x32\xe2\x93\x4a\xb5\xc9\x3b\x6c\x99\xbe\x5a\x9f\xf5\x27")
+
+let ecdsa_p256k1_sig () = Mirage_crypto_ec.P256k1.Dsa.sign ~key:ecdsa_p256k1 msg_str_32
+
 let ecdsa_p384 =
   Result.get_ok
     (Mirage_crypto_ec.P384.Dsa.priv_of_octets
@@ -215,6 +222,7 @@ let ed25519_sig () = Mirage_crypto_ec.Ed25519.sign ~key:ed25519 msg_str
 
 let ecdsas = [
   ("P256", `P256 (ecdsa_p256, ecdsa_p256_sig ()));
+  ("P256k1", `P256k1 (ecdsa_p256k1, ecdsa_p256k1_sig ()));
   ("P384", `P384 (ecdsa_p384, ecdsa_p384_sig ()));
   ("P521", `P521 (ecdsa_p521, ecdsa_p521_sig ()));
   ("Ed25519", `Ed25519 (ed25519, ed25519_sig ()));
@@ -303,6 +311,7 @@ let benchmarks = [
       count name
         (fun (_, x) -> match x with
            | `P256 _ -> P256.Dsa.generate () |> ignore
+           | `P256k1 _ -> P256k1.Dsa.generate () |> ignore
            | `P384 _ -> P384.Dsa.generate () |> ignore
            | `P521 _ -> P521.Dsa.generate () |> ignore
            | `Ed25519 _ -> Ed25519.generate () |> ignore
@@ -313,6 +322,7 @@ let benchmarks = [
       let open Mirage_crypto_ec in
       count name (fun (_, x) -> match x with
           | `P256 (key, _) -> P256.Dsa.sign ~key msg_str_32
+          | `P256k1 (key, _) -> P256k1.Dsa.sign ~key msg_str_32
           | `P384 (key, _) -> P384.Dsa.sign ~key msg_str_48
           | `P521 (key, _) -> P521.Dsa.sign ~key msg_str_65
           | `Ed25519 (key, _) -> Ed25519.sign ~key msg_str, ""
@@ -323,6 +333,7 @@ let benchmarks = [
       let open Mirage_crypto_ec in
       count name (fun (_, x) -> match x with
           | `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_32)
+          | `P256k1 (key, signature) -> P256k1.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_32)
           | `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_48)
           | `P521 (key, signature) -> P521.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_65)
           | `Ed25519 (key, signature) -> Ed25519.(verify ~key:(pub_of_priv key) signature ~msg:msg_str)

diff --git a/ec/dune b/ec/dune
@@ -5,7 +5,7 @@
  (foreign_stubs
   (language c)
   (names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs
-    curve25519_stubs)
+    curve25519_stubs p256k1_stubs)
   (include_dirs ../src/native)
   (flags
    (:standard -DNDEBUG)