Skip to content

unify secp256k1 api to use just pure-rust libsecp256k1 #7296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
rob-stacks wants to merge 6 commits into from
Closed

unify secp256k1 api to use just pure-rust libsecp256k1 #7296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7d5b0e6
unify secp256k1 api to use just pure-rust libsecp256k1
rob-stacks Jun 10, 2026
72cb3c7
fmt-stacks
rob-stacks Jun 10, 2026
9b3c50d
fixed wasm-non-deterministic
rob-stacks Jun 10, 2026
49448dd
added changelog
rob-stacks Jun 10, 2026
6e5b03a
fmt-stacks
rob-stacks Jun 10, 2026
b411eff
more clippy checks
rob-stacks Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions changelog.d/unified_secp256k1.added
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Unified the secp256k1 api to use pure-rust libsecp256k1
22 changes: 22 additions & 0 deletions clarity/src/vm/tests/crypto.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,28 @@ fn test_secp256k1_verify_valid_signature_returns_true() {
);
}

#[test]
fn test_secp256k1_recover_high_s_signature_succeeds() {
// secp256k1-recover? must succeed (return ok) for high-S signatures even though
// secp256k1-verify rejects the same signature.
let message = "0x89171d7815da4bc1f644665a3234bc99d1680afa0b3285eff4878f4275fbfa89";
let signature = "0x54cd3f378a424a3e50ff1c911b7d80cf424e1b86dddecadbcf39077e62fa1e54ee6514347c1608df2c3995e7356f2d60a1fab60878214642134d78cd923ce27a01";

let program = format!("(is-ok (secp256k1-recover? {message} {signature}))");

assert_eq!(
Value::Bool(true),
execute_with_parameters(
program.as_str(),
ClarityVersion::latest(),
StacksEpochId::latest(),
false
)
.expect("execution should succeed")
.expect("should return a value")
);
}

#[test]
fn test_secp256k1_verify_valid_high_s_signature_returns_false() {
let message = "0x89171d7815da4bc1f644665a3234bc99d1680afa0b3285eff4878f4275fbfa89";
Expand Down
5 changes: 1 addition & 4 deletions stacks-common/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ curve25519-dalek = { version = "4.1.3", default-features = false, features = ["s
ed25519-dalek = { workspace = true }
hashbrown = { workspace = true }
lazy_static = { workspace = true }
libsecp256k1 = { version = "0.7.2", default-features = false, features = ["hmac", "lazy-static-context"] }

@brice-stacks brice-stacks Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we should use this one instead: k256. It is more widely accepted and audited.

ripemd = { version = "0.1.1", default-features = false }
serde = { workspace = true , features = ["derive"] }
serde_derive = { workspace = true }
Expand Down Expand Up @@ -62,12 +63,8 @@ winapi = { version = "0.3", features = [
], optional = true }

[target.'cfg(not(target_family = "wasm"))'.dependencies]
secp256k1 = { version = "0.24.3", default-features = false, features = ["std","serde", "recovery"] }
rusqlite = { workspace = true, optional = true }

[target.'cfg(target_family = "wasm")'.dependencies]
libsecp256k1 = { version = "0.7.2", default-features = false, features = ["hmac", "lazy-static-context"] }

[target.'cfg(all(any(target_arch = "x86_64", target_arch = "x86", target_arch = "aarch64"), not(any(target_os="windows"))))'.dependencies]
sha2 = { version = "0.10", features = ["asm"] }

Expand Down
9 changes: 0 additions & 9 deletions stacks-common/src/util/secp256k1/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
#[cfg(not(target_family = "wasm"))]
mod native;

#[cfg(not(target_family = "wasm"))]
pub use self::native::*;

#[cfg(target_family = "wasm")]
mod wasm;

#[cfg(target_family = "wasm")]
pub use self::wasm::*;

pub const MESSAGE_SIGNATURE_ENCODED_SIZE: u32 = 65;

pub struct MessageSignature(pub [u8; 65]);
Expand Down
Loading
Loading