<!--
{
  "availability" : [

  ],
  "documentType" : "symbol",
  "framework" : "P256K",
  "identifier" : "/documentation/P256K",
  "metadataVersion" : "0.1.0",
  "role" : "Framework",
  "symbol" : {
    "kind" : "Framework",
    "modules" : [
      "P256K"
    ],
    "preciseIdentifier" : "P256K"
  },
  "title" : "P256K"
}
-->

# P256K

P256K is a Swift library for elliptic curve cryptography on the secp256k1 curve, providing ECDSA signing, Schnorr signatures, MuSig2 multi-signatures, ECDH key agreement, and key recovery.

## Overview

The P256K module wraps the `libsecp256k1` C library with a type-safe Swift API designed to match the style of Apple’s `swift-crypto` framework. It provides cryptographic primitives for the secp256k1 elliptic curve, which is widely used in Bitcoin, Lightning Network, Nostr, and other open protocols.

All operations require a secp256k1 context. The library provides a shared [`P256K.Context`](/documentation/P256K/P256K/Context) that is created and randomized once at process startup, protecting ECDSA signing, Schnorr signing, and public key generation against timing and power analysis attacks via base point blinding.

## Topics

### Essentials

[`P256K`](/documentation/P256K/P256K)

secp256k1 elliptic curve namespace providing ECDSA signing, Schnorr signatures (BIP-340), MuSig2 multi-signatures, ECDH key agreement, and key recovery.

[`P256K.Context`](/documentation/P256K/P256K/Context)

The secp256k1 context manages cryptographic state for ECDSA and Schnorr operations with automatic side-channel protection via base point blinding.

[`P256K.Format`](/documentation/P256K/P256K/Format)

Compressed (33-byte) and uncompressed (65-byte) serialization formats for secp256k1 public keys, passed as flags to `secp256k1_ec_pubkey_serialize`.

### ECDSA Signatures

[`P256K.Signing`](/documentation/P256K/P256K/Signing)

secp256k1 ECDSA signing namespace providing [`P256K.Signing.PrivateKey`](/documentation/P256K/P256K/Signing/PrivateKey) for RFC 6979 deterministic signing and [`P256K.Signing.PublicKey`](/documentation/P256K/P256K/Signing/PublicKey) for signature verification; all produced signatures are lower-S normalized.

[`P256K.Signing.PrivateKey`](/documentation/P256K/P256K/Signing/PrivateKey)

secp256k1 ECDSA private key for deterministically signing messages and producing [`P256K.Signing.ECDSASignature`](/documentation/P256K/P256K/Signing/ECDSASignature) values using the secp256k1 curve.

[`P256K.Signing.PublicKey`](/documentation/P256K/P256K/Signing/PublicKey)

secp256k1 ECDSA public key for verifying [`P256K.Signing.ECDSASignature`](/documentation/P256K/P256K/Signing/ECDSASignature) values, available in compressed (33-byte) or uncompressed (65-byte) serialized form.

[`P256K.Signing.ECDSASignature`](/documentation/P256K/P256K/Signing/ECDSASignature)

64-byte secp256k1 ECDSA signature in libsecp256k1 internal format, convertible to and from DER (variable-length, up to 72 bytes) and compact (exactly 64 bytes) representations.

### Schnorr Signatures

[`P256K.Schnorr`](/documentation/P256K/P256K/Schnorr)

BIP-340 Schnorr signatures over secp256k1: sign with [`P256K.Schnorr.PrivateKey`](/documentation/P256K/P256K/Schnorr/PrivateKey), verify against [`P256K.Schnorr.XonlyKey`](/documentation/P256K/P256K/Schnorr/XonlyKey), using a fixed 64-byte [`P256K.Schnorr.SchnorrSignature`](/documentation/P256K/P256K/Schnorr/SchnorrSignature) encoding.

[`P256K.Schnorr.PrivateKey`](/documentation/P256K/P256K/Schnorr/PrivateKey)

secp256k1 BIP-340 Schnorr private key for signing messages with [`P256K.Schnorr.SchnorrSignature`](/documentation/P256K/P256K/Schnorr/SchnorrSignature) and for deriving the x-only public key used in verification.

[`P256K.Schnorr.PublicKey`](/documentation/P256K/P256K/Schnorr/PublicKey)

secp256k1 BIP-340 Schnorr public key in compressed or uncompressed form, from which the x-only key used for signature verification is derived via the [`xonly`](/documentation/P256K/P256K/Schnorr/PublicKey/xonly) property.

[`P256K.Schnorr.SchnorrSignature`](/documentation/P256K/P256K/Schnorr/SchnorrSignature)

64-byte BIP-340 Schnorr signature over the secp256k1 elliptic curve, produced by `secp256k1_schnorrsig_sign_custom` and verified by `secp256k1_schnorrsig_verify`.

[`P256K.Schnorr.Nonce`](/documentation/P256K/P256K/Schnorr/Nonce)

Represents a public nonce used for MuSig operations.

### MuSig2 Multi-Signatures

[`P256K.MuSig`](/documentation/P256K/P256K/MuSig)

BIP-327 MuSig2 multi-signature namespace for secp256k1: aggregate signer public keys with [`aggregate(_:)`](/documentation/P256K/P256K/MuSig/aggregate(_:)), coordinate nonce generation, collect partial signatures, and aggregate into a final 64-byte [`P256K.MuSig.AggregateSignature`](/documentation/P256K/P256K/MuSig/AggregateSignature).

[`P256K.MuSig.PublicKey`](/documentation/P256K/P256K/MuSig/PublicKey)

secp256k1 MuSig2 aggregate public key produced by [`aggregate(_:)`](/documentation/P256K/P256K/MuSig/aggregate(_:)) via `secp256k1_musig_pubkey_agg`, used for partial signature verification and Taproot tweaking.

[`P256K.MuSig.AggregateSignature`](/documentation/P256K/P256K/MuSig/AggregateSignature)

64-byte BIP-340 Schnorr signature produced by [`aggregateSignatures(_:)`](/documentation/P256K/P256K/MuSig/aggregateSignatures(_:)) from all signers’ [`P256K.Schnorr.PartialSignature`](/documentation/P256K/P256K/Schnorr/PartialSignature) values; verifiable against the MuSig2 aggregate public key.

[`P256K.MuSig.Nonce`](/documentation/P256K/P256K/MuSig/Nonce)

66-byte aggregated MuSig2 public nonce produced by `secp256k1_musig_nonce_agg` from all signers’ individual public nonces, required before any partial signing can occur.

### Key Agreement (ECDH)

[`P256K.KeyAgreement`](/documentation/P256K/P256K/KeyAgreement)

secp256k1 ECDH key agreement namespace providing [`P256K.KeyAgreement.PrivateKey`](/documentation/P256K/P256K/KeyAgreement/PrivateKey) and [`P256K.KeyAgreement.PublicKey`](/documentation/P256K/P256K/KeyAgreement/PublicKey) for computing a [`SharedSecret`](/documentation/P256K/SharedSecret) via `secp256k1_ecdh`.

[`P256K.KeyAgreement.PrivateKey`](/documentation/P256K/P256K/KeyAgreement/PrivateKey)

secp256k1 ECDH private key for deriving a [`SharedSecret`](/documentation/P256K/SharedSecret) with a peer’s [`P256K.KeyAgreement.PublicKey`](/documentation/P256K/P256K/KeyAgreement/PublicKey) via `secp256k1_ecdh`.

[`P256K.KeyAgreement.PublicKey`](/documentation/P256K/P256K/KeyAgreement/PublicKey)

secp256k1 ECDH public key, accepted by [`sharedSecretFromKeyAgreement(with:format:)`](/documentation/P256K/P256K/KeyAgreement/PrivateKey/sharedSecretFromKeyAgreement(with:format:)) to compute a [`SharedSecret`](/documentation/P256K/SharedSecret).

[`SharedSecret`](/documentation/P256K/SharedSecret)

A key agreement result from which you can derive a symmetric cryptographic
key.

### Key Recovery

[`P256K.Recovery`](/documentation/P256K/P256K/Recovery)

secp256k1 ECDSA recoverable signature namespace: sign with [`P256K.Recovery.PrivateKey`](/documentation/P256K/P256K/Recovery/PrivateKey) to produce an [`P256K.Recovery.ECDSASignature`](/documentation/P256K/P256K/Recovery/ECDSASignature) that allows any verifier to recover the signer’s [`P256K.Recovery.PublicKey`](/documentation/P256K/P256K/Recovery/PublicKey) without prior knowledge.

[`P256K.Recovery.PrivateKey`](/documentation/P256K/P256K/Recovery/PrivateKey)

secp256k1 ECDSA private key for producing recoverable signatures via `secp256k1_ecdsa_sign_recoverable` with RFC 6979 deterministic nonce generation.

[`P256K.Recovery.PublicKey`](/documentation/P256K/P256K/Recovery/PublicKey)

secp256k1 public key recovered from an [`P256K.Recovery.ECDSASignature`](/documentation/P256K/P256K/Recovery/ECDSASignature) via `secp256k1_ecdsa_recover`, identifying the signer without prior knowledge of their public key.

[`P256K.Recovery.ECDSASignature`](/documentation/P256K/P256K/Recovery/ECDSASignature)

65-byte secp256k1 ECDSA recoverable signature (64-byte compact form + 1-byte recovery ID) produced by `secp256k1_ecdsa_sign_recoverable` using RFC 6979 deterministic nonces.

### Hashing

[`SHA256`](/documentation/P256K/SHA256)

SHA-256 hash function backed by `secp256k1_swift_sha256`, producing 32-byte [`SHA256Digest`](/documentation/P256K/SHA256Digest) values; also provides BIP-340 tagged hash support via [`taggedHash(tag:data:)`](/documentation/P256K/SHA256/taggedHash(tag:data:)) using `secp256k1_tagged_sha256`.

[`HashDigest`](/documentation/P256K/HashDigest)

32-byte SHA-256 digest conforming to `Digest` so it can be passed directly to secp256k1 signing and verification APIs such as `P256K/Signing/PrivateKey/signature(for:)-2rpq9` and [`signature(for:)`](/documentation/P256K/P256K/Schnorr/PrivateKey/signature(for:)).

### Supporting Types

[`UInt256`](/documentation/P256K/UInt256)

A 256-bit unsigned integer backed by two `UInt128` limbs, conforming to `FixedWidthInteger`, `BinaryInteger`, and `UnsignedInteger`; used for 256-bit field arithmetic on the secp256k1 curve.

[`secp256k1Error`](/documentation/P256K/secp256k1Error)

Errors thrown by swift-secp256k1 operations: covers key-size mismatches, byte-count errors for individual parameters, and failures propagated from the libsecp256k1 C library.

[`CryptoKitError`](/documentation/P256K/CryptoKitError)

General cryptography errors used by CryptoKit.