tiny-secp256k1
Advanced tools
The tiny-secp256k1 npm package is a small, fast, and reliable library for elliptic curve cryptography using the secp256k1 curve. It is commonly used in blockchain and cryptocurrency applications, particularly for Bitcoin, to perform cryptographic operations such as key generation, signing, and verification.
Key Generation
This feature allows you to generate a private key and derive the corresponding public key using the secp256k1 curve.
const secp256k1 = require('tiny-secp256k1');
const randomBytes = require('crypto').randomBytes;
const privateKey = randomBytes(32);
const publicKey = secp256k1.pointFromScalar(privateKey);
console.log('Private Key:', privateKey.toString('hex'));
console.log('Public Key:', publicKey.toString('hex'));Signing a Message
This feature allows you to sign a message using a private key. The message is hashed using SHA-256 before signing.
const secp256k1 = require('tiny-secp256k1');
const randomBytes = require('crypto').randomBytes;
const createHash = require('crypto').createHash;
const privateKey = randomBytes(32);
const message = 'Hello, world!';
const messageHash = createHash('sha256').update(message).digest();
const signature = secp256k1.sign(messageHash, privateKey);
console.log('Signature:', signature.toString('hex'));Verifying a Signature
This feature allows you to verify a signature using a public key. The message is hashed using SHA-256 before verification.
const secp256k1 = require('tiny-secp256k1');
const createHash = require('crypto').createHash;
const publicKey = Buffer.from('your-public-key-hex', 'hex');
const message = 'Hello, world!';
const messageHash = createHash('sha256').update(message).digest();
const signature = Buffer.from('your-signature-hex', 'hex');
const isValid = secp256k1.verify(messageHash, publicKey, signature);
console.log('Is the signature valid?', isValid);The elliptic package is a comprehensive library for elliptic curve cryptography that supports multiple curves, including secp256k1. It is more feature-rich and flexible compared to tiny-secp256k1, but it is also larger in size.
The secp256k1 package is a native binding to the secp256k1 library used in Bitcoin Core. It offers high performance and is specifically optimized for the secp256k1 curve, similar to tiny-secp256k1, but it requires native compilation.
The bitcoinjs-lib package is a full-featured library for Bitcoin-related operations, including key generation, signing, and verification using the secp256k1 curve. It provides a higher-level API compared to tiny-secp256k1.
This library is under development, and, like the secp256k1 C library it depends on, this is a research effort to determine an optimal API for end-users of the bitcoinjs ecosystem.
npm install tiny-secp256k1
yarn add tiny-secp256k1
If you are having problems, please read the guide at secp256k1-node, as the build instructions should be exactly the same (and this module is a direct derivation).
isPoint :: Buffer -> Bool
Returns false if
A is not encoded with a sequence tag of 0x02, 0x03 or 0x04A.x is not in [1...p - 1]A.y is not in [1...p - 1]isPointCompressed :: Buffer -> Bool
Returns false if the signature is not compressed.
isPrivate :: Buffer -> Bool
Returns false if
d is not 256-bit, ord is not in [1..order - 1]pointAdd :: Buffer -> Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Point if !isPoint(A)Expected Point if !isPoint(B)pointAddScalar :: Buffer -> Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Point if !isPoint(A)Expected Tweak if tweak is not in [0...order - 1]pointCompress :: Buffer -> Bool -> Buffer
Expected Point if !isPoint(A)pointFromScalar :: Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Private if !isPrivate(d)pointMultiply :: Buffer -> Buffer [-> Bool] -> Maybe Buffer
Returns null if result is at infinity.
Expected Point if !isPoint(A)Expected Tweak if tweak is not in [0...order - 1]privateAdd :: Buffer -> Buffer -> Maybe Buffer
Returns null if result is equal to 0.
Expected Private if !isPrivate(d)Expected Tweak if tweak is not in [0...order - 1]privateSub :: Buffer -> Buffer -> Maybe Buffer
Returns null if result is equal to 0.
Expected Private if !isPrivate(d)Expected Tweak if tweak is not in [0...order - 1]sign :: Buffer -> Buffer -> Buffer
Returns normalized signatures, each of (r, s) values are guaranteed to less than order / 2.
Uses RFC6979.
Expected Private if !isPrivate(d)Expected Scalar if h is not 256-bitsign :: Buffer -> Buffer -> Buffer -> Buffer
Returns normalized signatures, each of (r, s) values are guaranteed to less than order / 2.
Uses RFC6979.
Adds e as Added Entropy to the deterministic k generation.
Expected Private if !isPrivate(d)Expected Scalar if h is not 256-bitExpected Extra Data (32 bytes) if e is not 256-bitverify :: Buffer -> Buffer -> Buffer -> Bool
Returns false if any of (r, s) values are equal to 0, or if the signature is rejected.
If strict is true, valid signatures with any of (r, s) values greater than order / 2 are rejected.
Expected Point if !isPoint(Q)Expected Signature if signature has any (r, s) values not in range [0...order - 1]Expected Scalar if h is not 256-bitThis is a partially derived work of https://github.com/cryptocoinjs/secp256k1-node, specifically this commit.
This library uses the native library secp256k1 by the bitcoin-core developers, including derivatives of its tests and test vectors.
FAQs
A tiny secp256k1 JS
The npm package tiny-secp256k1 receives a total of 143,697 weekly downloads. As such, tiny-secp256k1 popularity was classified as popular.
We found that tiny-secp256k1 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
Security News
NIST's new password guidelines remove periodic changes and special character requirements, focusing on longer, more secure passwords for better authentication practices.