Up until now, each Bitcoin Improvement Proposal requiring cryptographic primitives required a new implementation. The secp256k1 curve, as well as related algorithms were all implemented in a custom Python. However, they differed slightly from each other. The inconsistencies created quiet liabilities, and the review of BIPs became unnecessarily complex. The problem was highlighted recently in Bitcoin Optech Newsletter #348At least a small group of Bitcoin developers have been clamoring for years to create a standard that is reusable and unified.
The progress made by Blockstream researchers Tim Ruffing, Jonas Nick of Blockstream and Sebastian Falbesoner last week was significant. They are already working on this. ChillDKG proposalThe team has released secp256k1lab. New, Intentionally insecure Python library to prototype, experiment, and BIP specification. This is not intended for production (because the code is not constant time and thus vulnerable to side channel attacks), but fills a crucial gap. It offers a consistent, clean reference for secp256k1 functions, such as Schnorr Signatures in BIP-340 style, ECDH and low-level group/field arithmetic. It’s simple, the goal is to make future BIPs easier and more secure by eliminating redundant one-off implementations. This means less code customisation, less spec issues and a more clear path between prototypes and proposals for BIP authors.
> Why not just use the real secp256k1 library?
Bitcoin Core comes with a C library that is fast and constant time for secp256k1 encryption. So why do BIP authors not use it?
BIP authors are required to submit a proposal that includes a reference implementation. This is to demonstrate how an idea functions. The implementations don’t have to be in Python. C, however, is too low level for prototyping. Python makes the writer’s message more clear, is simpler to read and modify, as well as easier to understand. It is especially suitable for creating specifications because of these qualities.
To experiment with a new idea in cryptography, you need something simple, clear and secure. In principle, tools like hacspec They are also valid for Rust. In practice, however, hacspec is difficult to read and work with, particularly for BIP users who do not know Rust.
Python’s ease of reading continues to be the reason many authors choose it to describe how things work.
Why BIP Authors Re-Roll secp256k1 Over and Over Again
The story began back in BIP 340 Schnorr SignaturesThe BIP authors created the reference code originally in Python to make it easier for people to understand the math. They specified exactly how Schnorr’s style of signing and validation could be achieved using secp256k1 curve parameters. The team had to create everything themselves: group operations, field arithmetic and deterministic nonce generators, as well as the encoding rule. Python was a clear, educational language. The Python code was clear and educational.
Similarly, BIP 324 Encrypted Transport P2PThis protocol relies on shared secrets, key exchanges and symmetric encryption. It uses the secp256k1 algorithm used by BIP 340 but does not use any implementation code. The Python implementation of all cryptographic logic, including ECDH serialization and handshake patterns, was rewritten from scratch. Although the underlying mathematics are the same, every BIP has its own unique version of logic. The result is a duplication of work and the introduction of subtle inconsistencies.
Secp256k1lab: What is it?
secp256k1lab This Python library was built with one goal in mind: to make it easier for Bitcoin developers and testers to create cryptographic specifications. Python is currently the most widely-used language to create reference implementations for BIPs. A shared library that can be reused makes sense. The library was not built for production. It is designed for prototyping and not for performance. This interface offers a unified, clean and readable interface for core secp256k1 functions, as well as minimal setup. It’s no longer necessary to create your own code every time you wish to experiment with an idea, or show how something works.
ChillDKG
secp256k1lab The first prototype was developed in the context of ChillDKGThe new BIP is a proposal to generate distributed keys. The authors did not write a custom Python implementation for secp256k1, just to meet this particular spec. Instead, they used secp256k1lab which handled all of the cryptographic blocks so that anyone could leverage it. They hope that by reusing an open, shared codebase future BIPs will not have to be written from scratch. The secp256k1lab project provides an open-source foundation for new proposals to build upon and enhance together.
What Could It Go?
It’s an open question. Should secp256k1lab be in the BIPs repository or not? The library is already useful for sharing cryptographic proposals. However, there are ongoing discussions about its true place in the Bitcoin development process. Whether it stays as a standalone library or becomes more tightly integrated with the BIP workflow, one thing is clear—it fills a gap that’s been around for years. You can give us your feedback if you’re an author of BIPs, spec reviews, or are just interested in the development of cryptographic tools for Bitcoin. The Bitcoin-Dev mailinglist is a great place to join in the conversation or you can contribute directly. secp256k1lab GitHub repo.
Kiara Bickers has written a guest blog. The opinions are the author’s and may not reflect BTC Inc.
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: bitcoinmagazine.com
