BIP-352: vendor secp256k1lab and use it for reference implementation #2087

pull theStack wants to merge 4 commits into bitcoin:master from theStack:bip352-vendor-secp256k1lab changing 17 files +789 −802
  1. theStack commented at 4:18 pm on January 16, 2026: contributor

    This PR adds secp256k1lab version 1.0.0 as subtree within the bip-0352 folder [1] and takes use of it in the reference implementation. In particular, the file secp256k1.py is removed and the GE and Scalar classes are used from the secp256k1lab.secp256k1, replacing ECPubKey and ECKey, respectively. See the main commit message for a detailed table of replacement patterns for easier review. Usage of the library is mentioned in the BIP text to be license compliant (see #2004 (comment)).

    Can be tested via:

    0$ ./bip-0352/reference.py ./bip-0352/send_and_receive_test_vectors.json
1[ ..... ]
2All tests passed

    [1] added via the command $ git subtree add --prefix=bip-0352/secp256k1lab --squash https://github.com/secp256k1lab/secp256k1lab v1.0.0

  2. murchandamus added the label Proposed BIP modification on Jan 16, 2026
  3. murchandamus added the label Pending acceptance on Jan 16, 2026
  4. murchandamus commented at 10:10 pm on January 16, 2026: member
    cc: @josibake, @RubenSomsen
  5. murchandamus removed the label Proposed BIP modification on Feb 27, 2026
  6. murchandamus removed the label Pending acceptance on Feb 27, 2026
  7. murchandamus added the label BIP update by author on Feb 27, 2026
  8. murchandamus commented at 10:36 pm on February 27, 2026: member
    @theStack: Since you are an author of BIP 352, if this is ready to go, please let me know, so I can just merge it.
  9. theStack commented at 4:40 pm on March 2, 2026: contributor

    @theStack: Since you are an author of BIP 352, if this is ready to go, please let me know, so I can just merge it.

    Okay, I will give this another self-review within the next few days and then let you know. Also pinging some contributors who have previously reviewed a similar secp256k1lab vendoring PR for BIP-374, in case anyone wants to take a look: @nymius, @macgyver13, @stratospher, @real-or-random. This PR is not a requirement for #2106, I see it more as long-term ’nice to have'.

  10. murchandamus commented at 4:43 pm on March 2, 2026: member
    Okay, marking it as in your court, please let me know when it’s back in mine. :)
  11. murchandamus added the label PR Author action required on Mar 2, 2026
  12. macgyver13 commented at 5:55 pm on March 2, 2026: contributor

    ACK 345f762

    Tested:

    0python reference.py send_and_receive_test_vectors.json
1...
2All tests passed
  13. Squashed 'bip-0352/secp256k1lab/' content from commit 44dc4bd 
    git-subtree-dir: bip-0352/secp256k1lab
git-subtree-split: 44dc4bd893b8f03e621585e3bf255253e0e0fbfb
    53b590e190
  14. Merge commit '53b590e190f798131a10a16194261243abdf6b4d' as 'bip-0352/secp256k1lab' 511bb99dc4
  15. BIP-352: take use of vendored secp256k1lab for reference implementation 
    This allows to remove secp256k1.py and replace the secp256k1-specific
parts in the reference implementation. Replacement guide:

    * ECKey -> Scalar
    * ECKey.set(seckey_bytes) -> Scalar.from_bytes_checked(seckey_bytes)
    * seckey.get_pubkey() -> seckey * G
    * seckey.get_bytes() -> seckey.to_bytes()
    * seckey.add(tweak_bytes) -> seckey + Scalar.from_bytes_checked(tweak_bytes)
    * seckey.negate() -> seckey = -seckey
    * seckey.sign_schnorr -> schnorr_sign(..., seckey.to_bytes(), ...)

    * ECPubKey -> GE
    * ECPubKey.set(pubkey_bytes) -> GE.from_bytes_{xonly,compressed}(pubkey_bytes)
    * pubkey.get_y() % 2 == 0 -> pubkey.has_even_y()
    * pubkey.get_bytes(False) -> pubkey.to_bytes_compressed()
    * pubkey.get_bytes() -> pubkey.to_bytes_xonly()
    * not pubkey.valid -> pubkey.infinity
    * pubkey.verify_schnorr -> schnorr_verify(..., pubkey.to_bytes_xonly(), ...)

    * TaggedHash -> tagged_hash
    * hashlib.sha256(preimage).digest() -> hash_sha256(preimage)
    f2ffa99a4a
  16. theStack force-pushed on Mar 5, 2026
  17. theStack commented at 1:31 am on March 5, 2026: contributor
    Rebased on master, due to a conflict after #2106 was merged.
  18. in bip-0352.mediawiki:381 in c27b0a3e12 
    377@@ -378,7 +378,10 @@ Silent payments introduces a new address format and protocol for sending and as
378 
379 == Test Vectors ==
380 
381-A [[bip-0352/send_and_receive_test_vectors.json|collection of test vectors in JSON format]] are provided, along with a [[bip-0352/reference.py|python reference implementation]]. Each test vector consists of a sending test case and corresponding receiving test case. This is to allow sending and receiving to be implemented separately. To ensure determinism while testing, sort the array of ''B<sub>m</sub>'' by amount (see the [[bip-0352/reference.py|reference implementation]]). Test cases use the following schema:
382+A [[bip-0352/send_and_receive_test_vectors.json|collection of test vectors in JSON format]] are provided, along with a [[bip-0352/reference.py|python reference implementation]]. It uses a vendored copy of the [https://github.com/secp256k1lab/secp256k1lab/ secp256k1lab] library at version 1.0.0
    nymius commented at 3:18 pm on March 5, 2026:

    nit:

    A collection of test vectors in JSON format are provided … —> A collection of test vectors in JSON format is provided …

    theStack commented at 2:22 pm on March 6, 2026:
    Thanks, included this fix in 249bdef156bc43073b0f184f4ad48a3a387a4c11
  19. nymius commented at 3:44 pm on March 5, 2026: contributor

    ACK c27b0a3e124e8dad78c401613624d2f7b5c0f6fe

    All tests passed.

  20. murchandamus commented at 6:27 pm on March 5, 2026: member

    Rebased on master, due to a conflict after #2106 was merged.

    Did you also finish your self-review, or was this prep for the self-review?

  21. BIP-352: mention secp256k1lab in BIP text 
    also fix a small grammar nit (s/are provided/is provided/)
    249bdef156
  22. theStack force-pushed on Mar 6, 2026
  23. theStack commented at 2:23 pm on March 6, 2026: contributor

    Rebased on master, due to a conflict after #2106 was merged.

    Did you also finish your self-review, or was this prep for the self-review?

    Took another look today, and I consider it ready for merge.

  24. murchandamus merged this on Mar 6, 2026
  25. murchandamus closed this on Mar 6, 2026
  26. theStack deleted the branch on Mar 7, 2026


theStack murchandamus macgyver13 nymius

Labels
PR Author action required BIP update by author

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-03-09 12:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me