Till now, each Bitcoin Enchancment Proposal (BIP) that wanted cryptographic primitives needed to reinvent the wheel. Every one got here bundled with its personal customized Python implementation of the secp256k1 elliptic curve and associated algorithms, every subtly totally different from each other. These inconsistencies launched quiet liabilities and made reviewing BIPs unnecessarily difficult. This drawback was lately highlighted in Bitcoin Optech E-newsletter #348, and it’s one thing at the very least a handful of builders within the Bitcoin improvement group have lengthy felt: there needs to be a unified, reusable customary for cryptographic BIP reference secp256k1 code.
Final week, Jonas Nick and Tim Ruffing of Blockstream analysis and Sebastian Falbesoner made massive progress in the direction of this. As a part of their current ChillDKG proposal, the workforce launched secp256k1lab. A brand new, deliberately INSECURE Python library for prototyping, experimenting, and BIP specs. It’s not for manufacturing use (as a result of it’s not constant-time and due to this fact weak to side-channel assaults), however it fills a crucial hole: it gives a clear, constant reference for secp256k1 performance, together with BIP-340-style Schnorr signatures, ECDH, and low-level discipline/group arithmetic. The aim is straightforward: make it simpler and safer to put in writing future BIPs by avoiding redundant, one-off implementations. For BIP authors, this implies: much less customized code, fewer spec points, and a clearer path from prototype to proposal.
> Why Not Simply Use the Actual secp256k1 Library?
Bitcoin Core already features a quick, constant-time C library for secp256k1 cryptography. So why don’t BIP authors simply use that?
When a BIP creator submits a proposal, they’re anticipated to incorporate a reference implementation to elucidate how the thought works. These implementations don’t have to be written in Python, however C is usually too low-level for prototyping. Python is simpler to learn, simpler to switch, and makes it clearer what the creator is attempting to specific. These qualities make it particularly well-suited for writing specs.
When introducing a brand new cryptographic concept, it helps to have one thing clear, concise, and protected to experiment with. In precept, instruments like hacspec are an excellent possibility for formal specs, since hacspec code can be legitimate Rust. However in follow, hacspec might be tough to work with and browse, particularly for BIP readers who should not conversant in Rust.
Python’s readability continues to make it the language many authors return to when they should clarify how one thing works.
Why BIP Authors Maintain re-Rolling secp256k1 Once more and Once more
This began again with BIP 340 Schnorr Signatures, when the BIP authors wrote the unique reference code in Python so it will be simple to comply with the mathematics. They outlined precisely how you can do Schnorr-style signing and verification utilizing secp256k1’s curve parameters. They needed to construct all the pieces from scratch: discipline arithmetic, group operations, deterministic nonce technology, and the encoding guidelines. The Python code was clear and academic. But it surely was tailor-made particularly to this single BIP, and never designed to be reused by future ones.
Equally, BIP 324 Encrypted P2P Transport, added encryption to how Bitcoin nodes ought to discuss to one another, and used a protocol referred to as Noise that depends on key exchanges, shared secrets and techniques, and symmetric encryption. Whereas it builds on the identical secp256k1 curve utilized in BIP 340, it didn’t reuse any of the particular implementation code. The entire cryptographic logic corresponding to ECDH, serialization, and handshake patterns was re-implemented from scratch in Python. Despite the fact that the underlying math is similar, every BIP finally ends up writing its personal model of the logic. This results in duplicated effort and introduces the potential for refined inconsistencies.
What secp256k1lab Truly Is
secp256k1lab is a Python library constructed for one function: making it simpler to put in writing and take a look at cryptographic specs for Bitcoin. Python is already the preferred and extensively used language for reference implementations and take a look at vectors in BIPs, so having a shared, reusable library simply is smart. It’s not designed for manufacturing use. It’s constructed for prototyping, not efficiency. It gives a clear, unified interface to core secp256k1 performance, with readable code and minimal setup. No extra rolling your individual each time you wish to take a look at an concept or reveal how one thing ought to work.
Actual-World Use Case: ChillDKG
secp256k1lab was first developed as a part of the work on ChillDKG, a brand new BIP proposal for distributed key technology. As an alternative of writing yet one more customized Python implementation of secp256k1 only for this one spec, the authors used secp256k1lab to deal with all of the cryptographic constructing blocks in a means that it may very well be leveraged by others. By reusing a shared, readable codebase, their hope is that future cryptographic BIPs received’t have to start out from scratch. With secp256k1lab, there’s lastly a basis that new proposals can construct on and enhance collectively.
The place It Might Go
There’s nonetheless an open query: ought to secp256k1lab reside within the BIPs repository? It’s already proving helpful as a shared reference for cryptographic proposals, however there’s ongoing dialogue about the place it really belongs throughout the broader Bitcoin improvement course of. Whether or not it stays as a standalone library or turns into extra tightly built-in with the BIP workflow, one factor is evident—it fills a spot that’s been round for years. Should you’re a BIP creator, spec reviewer, or simply interested in enhancing the cryptographic tooling round Bitcoin, we’d love your enter. You’ll be able to be a part of the dialogue on the Bitcoin-Dev mailing checklist or contribute on to the secp256k1lab GitHub repo.
It is a visitor put up by Kiara Bickers. Opinions expressed are totally their very own and don’t essentially replicate these of BTC Inc or Bitcoin Journal.