tiny-secp256k1
Advanced tools
The tiny-secp256k1 npm package is a small, fast, and reliable library for elliptic curve cryptography using the secp256k1 curve. It is commonly used in blockchain and cryptocurrency applications, particularly for Bitcoin, to perform cryptographic operations such as key generation, signing, and verification.
Key Generation
This feature allows you to generate a private key and derive the corresponding public key using the secp256k1 curve.
const secp256k1 = require('tiny-secp256k1');
const randomBytes = require('crypto').randomBytes;
const privateKey = randomBytes(32);
const publicKey = secp256k1.pointFromScalar(privateKey);
console.log('Private Key:', privateKey.toString('hex'));
console.log('Public Key:', publicKey.toString('hex'));Signing a Message
This feature allows you to sign a message using a private key. The message is hashed using SHA-256 before signing.
const secp256k1 = require('tiny-secp256k1');
const randomBytes = require('crypto').randomBytes;
const createHash = require('crypto').createHash;
const privateKey = randomBytes(32);
const message = 'Hello, world!';
const messageHash = createHash('sha256').update(message).digest();
const signature = secp256k1.sign(messageHash, privateKey);
console.log('Signature:', signature.toString('hex'));Verifying a Signature
This feature allows you to verify a signature using a public key. The message is hashed using SHA-256 before verification.
const secp256k1 = require('tiny-secp256k1');
const createHash = require('crypto').createHash;
const publicKey = Buffer.from('your-public-key-hex', 'hex');
const message = 'Hello, world!';
const messageHash = createHash('sha256').update(message).digest();
const signature = Buffer.from('your-signature-hex', 'hex');
const isValid = secp256k1.verify(messageHash, publicKey, signature);
console.log('Is the signature valid?', isValid);The elliptic package is a comprehensive library for elliptic curve cryptography that supports multiple curves, including secp256k1. It is more feature-rich and flexible compared to tiny-secp256k1, but it is also larger in size.
The secp256k1 package is a native binding to the secp256k1 library used in Bitcoin Core. It offers high performance and is specifically optimized for the secp256k1 curve, similar to tiny-secp256k1, but it requires native compilation.
The bitcoinjs-lib package is a full-featured library for Bitcoin-related operations, including key generation, signing, and verification using the secp256k1 curve. It provides a higher-level API compared to tiny-secp256k1.
This library is under development, and, like the secp256k1 C library it depends on, this is a research effort to determine an optimal API for end-users of the bitcoinjs ecosystem.
npm install tiny-secp256k1
yarn add tiny-secp256k1
If you are having problems, please read the guide at secp256k1-node, as the build instructions should be exactly the same (and this module is a direct derivation).
isPoint :: Buffer -> Bool
Returns false if
A is not encoded with a sequence tag of 0x02, 0x03 or 0x04A.x is not in [1...p - 1]A.y is not in [1...p - 1]isPointCompressed :: Buffer -> Bool
Returns false if the signature is not compressed.
isPrivate :: Buffer -> Bool
Returns false if
d is not 256-bit, ord is not in [1..order - 1]pointAdd :: Buffer -> Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Point if !isPoint(A)Expected Point if !isPoint(B)pointAddScalar :: Buffer -> Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Point if !isPoint(A)Expected Tweak if tweak is not in [0...order - 1]pointCompress :: Buffer -> Bool -> Buffer
Expected Point if !isPoint(A)pointFromScalar :: Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Private if !isPrivate(d)pointMultiply :: Buffer -> Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Point if !isPoint(A)Expected Tweak if tweak is not in [0...order - 1]privateAdd :: Buffer -> Buffer -> Maybe Buffer
Returns null if result is equal to 0.
Expected Private if !isPrivate(d)Expected Tweak if tweak is not in [0...order - 1]privateSub :: Buffer -> Buffer -> Maybe Buffer
Returns null if result is equal to 0.
Expected Private if !isPrivate(d)Expected Tweak if tweak is not in [0...order - 1]sign :: Buffer -> Buffer -> Buffer
Returns normalized signatures, each of (r, s) values are guaranteed to less than order / 2.
Uses RFC6979.
Expected Private if !isPrivate(d)Expected Scalar if h is not 256-bitverify :: Buffer -> Buffer -> Buffer -> Bool
Returns false if any of (r, s) values are equal to 0, or if the signature is rejected.
If strict is true, valid signatures with any of (r, s) values greater than order / 2 are rejected.
Expected Point if !isPoint(Q)Expected Signature if signature has any (r, s) values not in range [0...order - 1]Expected Scalar if h is not 256-bitThis is a partially derived work of https://github.com/cryptocoinjs/secp256k1-node, specifically this commit.
https://github.com/bitcoin-core/secp256k1 - for the secp256k1 library
FAQs
A tiny secp256k1 JS
We found that tiny-secp256k1 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.