51 releases
0.13.3  Jan 8, 2024 

0.13.2  Nov 15, 2023 
0.13.1  Apr 10, 2023 
0.13.0  Mar 3, 2023 
0.0.0 

#6 in Cryptography
834,280 downloads per month
Used in 2,000 crates
(158 directly)
320KB
6.5K
SLoC
RustCrypto: secp256k1 (K256) elliptic curve
secp256k1 (a.k.a. K256) elliptic curve library written in pure Rust with support for ECDSA signing/verification/publickey recovery, Taproot Schnorr signatures as defined in BIP340, Elliptic Curve DiffieHellman (ECDH), and generalpurpose secp256k1 elliptic curve group operations which can be used to implement arbitrary groupbased protocols.
Uses traits and base types from the ellipticcurve
crate.
Optionally includes a secp256k1 arithmetic
feature providing scalar and
point types (projective/affine) with support for constanttime scalar
multiplication. Additionally, implements traits from the group
crate
which can be used to generically construct groupbased protocols.
Security Notes
This crate has been audited by NCC Group, which found a high severity issue in the ECDSA/secp256k1 implementation and another high severity issue in the Schnorr/secp256k1 signature implementation, both of which have since been corrected. We would like to thank Entropy for funding the audit.
This crate has been designed with the goal of ensuring that secretdependent
secp256k1 operations are performed in constant time (using the subtle
crate
and constanttime formulas). However, it is not suitable for use on processors
with a variabletime multiplication operation (e.g. short circuit on
multiplybyzero / multiplybyone, such as certain 32bit PowerPC CPUs and
some nonARM microcontrollers).
USE AT YOUR OWN RISK!
Supported Algorithms
 Elliptic Curve DiffieHellman (ECDH): gated under the
ecdh
feature. Note that this is technically ephemeral secp256k1 DiffieHellman (a.k.a. ECDHE)  Elliptic Curve Digital Signature Algorithm (ECDSA): gated under the
ecdsa
feature. Support for ECDSA/secp256k1 signing and verification, applying lowS normalization (BIP 0062) as used in consensuscritical applications, and additionally supports secp256k1 publickey recovery from ECDSA signatures (as used by e.g. Ethereum)  Taproot Schnorr signatures (as defined in BIP0340): nextgeneration signature algorithm based on group operations enabling elegant higherlevel constructions like multisignatures.
About secp256k1 (K256)
secp256k1 is a Koblitz curve commonly used in cryptocurrency applications. The "K256" name follows NIST notation where P = prime fields, B = binary fields, and K = Koblitz curves.
The curve is specified as secp256k1
by Certicom's SECG in
"SEC 2: Recommended Elliptic Curve Domain Parameters":
https://www.secg.org/sec2v2.pdf
secp256k1 is primarily notable for usage in Bitcoin and other cryptocurrencies, particularly in conjunction with the Elliptic Curve Digital Signature Algorithm (ECDSA). Owing to its wide deployment in these applications, secp256k1 is one of the most popular and commonly used elliptic curves.
Minimum Supported Rust Version
Rust 1.65 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
SemVer Policy
 All onbydefault features of this library are covered by SemVer
 MSRV is considered exempt from SemVer as noted above
License
All crates licensed under either of
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~1.7–2.6MB
~55K SLoC