Feature proposal: Moving EC crypto operation to secp256k1

[NicolasDorier]

This mean shipping the binaries of secp256k1 for multiple plateform along with the NBitcoin package. The hard part is building the secp256k1 on every plateform.

[dangershony]

Why the reason of moving to secp256k1?

[NicolasDorier]

I have been playing with Elements recently which give a taste of what is to come in Bitcoin. Some of the features rely on math already implemented into secp256k1, and which I think I would not be able to implement myself. (Like confidential values)

However, I am not convinced yet that having secp256k1 is easier to get right than developping the same crypto with Bouncy Castle. (because of need to build and test on all architecture)

[NicolasDorier]

@dangershony any try of integrating ledger into Breeze ? you will have exactly the same issue.

[dangershony]

Porting it will benefit our node and net core we should consider it.

[NicolasDorier]

@dangershony I searched briefly, this is a well supported Nuget scenario. The hard thing is to cross compile the binaries.

[dangershony]

What you mean is creating a C# wrapper on top of secp256k1 and publish it as nuget?

Sounds good.

[NicolasDorier]

yes, and make NBitcoin depends on it.

[knocte]

I agree with @dangershony that porting it would be more interesting than providing a binding (but of course I understand if there's no manpower to do it...).

[lontivero]

There is a managed wrapper for the secp256k1 curve library: https://github.com/joshlang/Secp256k1.NET It could be a good starting point. The only thing that doesn't look very well is that the repo doesn't have any activity in two years and the sipa's secp256k1 library is active, in fact it had a schnorr signature implementation months ago that was removed, an other changes.

[dangershony]

@knocte we might be able to find funding at stratis I will bring it up, porting will mean we have to maintain the port.

@lontivero looks like a good starting point I noticed this comment "Sipa's secp256k1 is 100-1000x faster" (then Bouncy Castle)

secp256k1 has a java wrapper it seems, maybe doing something similar with with C# will be accepted.

[NicolasDorier]

I have preference as well for having it ported. That said, it is crazy shit crypto and I feel completely helpless to do that https://github.com/ElementsProject/secp256k1-zkp/tree/secp256k1-zkp .