Crates.io | solana-secp256k1 |
lib.rs | solana-secp256k1 |
version | 0.1.5 |
source | src |
created_at | 2024-09-21 07:05:01.443151 |
updated_at | 2024-11-22 06:05:37.594258 |
description | Efficient, SVM-friendly implementations of common Secp256k1 functions |
homepage | |
repository | |
max_upload_size | |
id | 1381995 |
size | 55,502 |
This crate leverages secp256k1_recover
to create compute unit (CU)-efficient implementations of all the mathematical functions required to utilize the Secp256k1 curve for arbitrary on-chain cryptographic operations. Most notably, scalar tweaking and elliptic curve (EC) multiplication now cost just 25,000 CUs, a 200x reduction from their initial ~5,000,000 CU cost. This library supports highly performant versions of:
ECAdd(P, MulG(scalar))
)Unlike the Ethereum implementation that applies a Keccak-256 hash and truncates the recovered point into an address, Solana's implementation of ecrecover
returns an uncompressed public key point. Therefore, the mathematical formula for ecrecover
on Solana can be defined as:
$Q = r^{-1}(s \cdot R - z \cdot G)$
where:
Q
is the recovered point.r
is the nonce.R
is a point with the x-coordinate of r
and the y-coordinate defined by the recovery ID v
.z
is the hash scalar of the message we are "signing" 🙃️️️️️️.G
is the generator point.The input parameters we can control are ( z ), ( v ), ( r ), and ( s ).
By leveraging this, we can utilize ecrecover
to perform a variety of cryptographic functions. For example:
To perform ECMul, we zero out the right-hand side of the equation by setting the hash scalar ( z = 0 ). This simplifies the formula to:
$Q = r^{-1}(s \cdot R)$
If we set ( s = k \cdot r ), we can eliminate the modular inverse, reducing the formula to:
$Q = k \cdot R$
We can expand upon the ECMul example by utilizing the right-hand side of the equation, ( -zG ). This term represents a MulG
operation, generating a public key point from a scalar value. By negating the input scalar and multiplying by ( r ) to cancel out the modular inverse, we reduce the formula to:
$Q = s \cdot R + z \cdot G$
This enables an efficient implementation of tweaked public keys.
This crate primarily enables efficient on-chain verification of Schnorr signatures and facilitates TapTweaks for on-chain Taproot address generation. This allows Solana not only to verify Bitcoin transactions but also to act as an MPC provider for transaction creation and liquidity management via on-chain Bitcoin wallets. Additionally, this library opens up possibilities for:
While this library will be audited, remember to use it at your own risk.
no_std
variantssolana-program