Skip to content

feat: add support for secp256r1 and replace libsecp256k1 #6581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Oct 23, 2025
Merged

feat: add support for secp256r1 and replace libsecp256k1 #6581

merged 33 commits into from
Oct 23, 2025
+2,910 −1,488

Conversation

@obycode
Copy link
Contributor

@obycode obycode commented Oct 9, 2025

Implementing #6554.

@jcnelson
Copy link
Member

jcnelson commented Oct 10, 2025

Why are we dropping libsecp256k1 in favor of the one from RustCrypto? The former has been extensively audited and is used by Bitcoin.

@obycode
feat: implement secp256r1-verify
7d688dd 
Add tests for `secp256k1-verify` and `secp256k1-recover?` while adding
tests for this new function.
@obycode obycode marked this pull request as ready for review October 10, 2025 21:41
@obycode obycode requested review from a team as code owners October 10, 2025 21:41
@obycode
Copy link
Contributor Author

obycode commented Oct 10, 2025

Why are we dropping libsecp256k1 in favor of the one from RustCrypto? The former has been extensively audited and is used by Bitcoin.

The thought was that since we're pulling in the RustCrypto crate for secp256r1, we may as well also replace the k256 crate as well with this Rust-native solution that seems to be well-vetted and audited as well. libsecp256k1 is a wrapped C library.

@obycode obycode linked an issue Oct 10, 2025 that may be closed by this pull request
[Clarity-4] secp256r1 #6554
Open
@obycode obycode requested review from jcnelson and kantai October 10, 2025 21:55
@obycode
fix: missing case in test
b3e53c5
@obycode
Merge branch 'develop' into feat/secp256r1
0439c6e
@obycode
test: update test to allow high-s signatures for secp256r1
99e8c54
@obycode
chore: fix typo
64b7ceb
@obycode
feat: use sign_prehash_recoverable
3127583 
This removes the need for trying the recovery bytes to find the right
one.
@obycode
fix: delete unnecessary check in `StacksMicroblockHeader::consensus_d…
a63baea 
…eserialize`

The signature will be checked after deserialization. Checking it here
will cause a deserialization failure when what we actually want is a
signature validation failure.
obycode
obycode commented Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 14, 2025
View reviewed changes
@brice-stacks brice-stacks requested a review from a team October 22, 2025 14:23
jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson requested changes Oct 22, 2025
View reviewed changes
Copy link
Member

@jcnelson jcnelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you have a few codec bugs that need to be fixed before merging.

jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson reviewed Oct 22, 2025
View reviewed changes
jcnelson
jcnelson previously approved these changes Oct 23, 2025
View reviewed changes
@brice-stacks brice-stacks requested a review from jcnelson October 23, 2025 14:37
@brice-stacks brice-stacks added this pull request to the merge queue Oct 23, 2025
Merged via the queue into stacks-network:develop with commit d622c3d Oct 23, 2025
301 of 307 checks passed
@codecov
Copy link

codecov bot commented Oct 23, 2025

Codecov Report

❌ Patch coverage is 49.05923% with 731 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.59%. Comparing base (9dfb1d1) to head (f9a3f69).
⚠️ Report is 54 commits behind head on develop.

Files with missing lines Patch % Lines
stacks-common/src/util/secp256k1.rs 57.56% 261 Missing ⚠️
...ity/src/vm/analysis/type_checker/v2_1/tests/mod.rs 0.62% 159 Missing ⚠️
stacks-common/src/util/secp256r1.rs 54.34% 142 Missing ⚠️
clarity/src/vm/tests/crypto.rs 46.50% 130 Missing ⚠️
clarity/src/vm/functions/crypto.rs 63.38% 26 Missing ⚠️
stacks-signer/src/signerdb.rs 0.00% 4 Missing ⚠️
clarity/src/vm/costs/costs_2.rs 0.00% 3 Missing ⚠️
clarity/src/vm/costs/costs_2_testnet.rs 0.00% 3 Missing ⚠️
clarity/src/vm/costs/costs_3.rs 0.00% 3 Missing ⚠️

❌ Your project status has failed because the head coverage (52.59%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

❗ There is a different number of reports uploaded between BASE (9dfb1d1) and HEAD (f9a3f69). Click for more details.

HEAD has 57 uploads less than BASE
Flag BASE (9dfb1d1) HEAD (f9a3f69)
133 76
Additional details and impacted files 
@@             Coverage Diff              @@
##           develop    #6581       +/-   ##
============================================
- Coverage    79.82%   52.59%   -27.23%     
============================================
  Files          571      573        +2     
  Lines       351696   352704     +1008     
============================================
- Hits        280724   185497    -95227     
- Misses       70972   167207    +96235
Files with missing lines Coverage Δ
clarity/src/vm/analysis/arithmetic_checker/mod.rs 92.48% <100.00%> (ø)
clarity/src/vm/analysis/read_only_checker/mod.rs 88.28% <ø> (-0.40%) ⬇️
.../src/vm/analysis/type_checker/v2_05/natives/mod.rs 80.30% <ø> (-9.17%) ⬇️
...y/src/vm/analysis/type_checker/v2_1/natives/mod.rs 88.09% <100.00%> (-0.12%) ⬇️
clarity/src/vm/costs/cost_functions.rs 100.00% <100.00%> (ø)
clarity/src/vm/costs/costs_1.rs 100.00% <100.00%> (ø)
clarity/src/vm/costs/costs_4.rs 92.46% <100.00%> (-7.54%) ⬇️
clarity/src/vm/docs/mod.rs 70.76% <100.00%> (-19.97%) ⬇️
clarity/src/vm/functions/mod.rs 96.33% <100.00%> (-0.87%) ⬇️
clarity/src/vm/tests/mod.rs 52.80% <ø> (-5.62%) ⬇️
... and 13 more

... and 414 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9dfb1d1...f9a3f69. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link

github-actions bot commented Oct 31, 2025

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 31, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@brice-stacks brice-stacks brice-stacks left review comments

@jcnelson jcnelson jcnelson approved these changes

@hstove-stacks hstove-stacks hstove-stacks approved these changes

+1 more reviewer

@hstove hstove hstove approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

locked

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Clarity-4] secp256r1

5 participants

@obycode @jcnelson @hstove @brice-stacks @hstove-stacks