P256K

P256K is a Swift library for elliptic curve cryptography on the secp256k1 curve, providing ECDSA signing, Schnorr signatures, MuSig2 multi-signatures, ECDH key agreement, and key recovery.

Overview

The P256K module wraps the libsecp256k1 C library with a type-safe Swift API designed to match the style of Apple’s swift-crypto framework. It provides cryptographic primitives for the secp256k1 elliptic curve, which is widely used in Bitcoin, Lightning Network, Nostr, and other open protocols.

All operations require a secp256k1 context. The library provides a shared P256K.Context that is created and randomized once at process startup, protecting ECDSA signing, Schnorr signing, and public key generation against timing and power analysis attacks via base point blinding.

Where to start

New to P256K? Begin with Getting Started with secp256k1 in Swift for a task-oriented walkthrough of ECDSA signing, BIP-340 Schnorr signatures, and ECDH key agreement. Aggregating signatures across multiple signers? Read MuSig2 Multi-Signatures for the BIP-327 protocol. The Elliptic Curve Diffie-Hellman guide covers ECDH end-to-end — the building block behind Nostr NIP-04, Lightning’s Noise XK handshake, and BIP-352 Silent Payments. Sending Bitcoin to a reusable receiver address without on-chain linkability lives in Silent Payments. Working with tweaks (BIP-32 derivation, Taproot key paths) is covered in Tweaking Keys. Persisting keys? See Serializing Keys and the conceptual Key Formats. Recovering public keys from signatures (BIP-137 / BIP-322) lives in Recovering Public Keys. Production-readiness caveats — context randomization, nonce hygiene, comparison timing, secret zeroization, signature malleability — are in Security Considerations.

Topics

Guides

Concepts

Essentials

ECDSA Signatures

enum Signing
secp256k1 ECDSA signing namespace providing P256K.Signing.PrivateKey for RFC 6979 deterministic signing and P256K.Signing.PublicKey for signature verification; all produced signatures are lower-S normalized.
struct PrivateKey
secp256k1 ECDSA private key for deterministically signing messages and producing P256K.Signing.ECDSASignature values using the secp256k1 curve.
struct PublicKey
secp256k1 ECDSA public key for verifying P256K.Signing.ECDSASignature values, available in compressed (33-byte) or uncompressed (65-byte) serialized form.
struct ECDSASignature
64-byte secp256k1 ECDSA signature in libsecp256k1 internal format, convertible to and from DER (variable-length, up to 72 bytes) and compact (exactly 64 bytes) representations.

Schnorr Signatures

enum Schnorr
BIP-340 Schnorr signatures over secp256k1: sign with P256K.Schnorr.PrivateKey, verify against P256K.Schnorr.XonlyKey, using a fixed 64-byte P256K.Schnorr.SchnorrSignature encoding.
struct PrivateKey
secp256k1 BIP-340 Schnorr private key for signing messages with P256K.Schnorr.SchnorrSignature and for deriving the x-only public key used in verification.
struct PublicKey
secp256k1 BIP-340 Schnorr public key in compressed or uncompressed form, from which the x-only key used for signature verification is derived via the xonly property.
struct SchnorrSignature
64-byte BIP-340 Schnorr signature over the secp256k1 elliptic curve, produced by secp256k1_schnorrsig_sign_custom and verified by secp256k1_schnorrsig_verify (both declared in Vendor/secp256k1/include/secp256k1_schnorrsig.h).
struct Nonce
A signer’s public nonce for MuSig2 operations, exchanged between signers during the nonce-aggregation phase of BIP-327.

Supporting Types

Protocols

protocol Digest
A type that represents the output of a hash.

Structures

struct Int256
A 256-bit signed integer backed by a UInt128 low limb and an Int128 high limb, conforming to FixedWidthInteger, BinaryInteger, and SignedInteger; the signed counterpart to UInt256.

Type Aliases

typealias CryptoKitMetaError
typealias SHA256Digest
A type alias for HashDigest used as the concrete return type of hash(data:) and taggedHash(tag:data:).

Enumerations

enum CryptoKitASN1Error
Errors from decoding ASN.1 content.