P256K

Framework

P256K

P256K is a Swift library for elliptic curve cryptography on the secp256k1 curve, providing ECDSA signing, Schnorr signatures, MuSig2 multi-signatures, ECDH key agreement, and key recovery.

Overview

The P256K module wraps the libsecp256k1 C library with a type-safe Swift API designed to match the style of Apple’s swift-crypto framework. It provides cryptographic primitives for the secp256k1 elliptic curve, which is widely used in Bitcoin, Lightning Network, Nostr, and other open protocols.

All operations require a secp256k1 context. The library provides a shared P256K.Context that is created and randomized once at process startup, protecting ECDSA signing, Schnorr signing, and public key generation against timing and power analysis attacks via base point blinding.

Topics

Essentials

ECDSA Signatures

enum Signing
secp256k1 ECDSA signing namespace providing P256K.Signing.PrivateKey for RFC 6979 deterministic signing and P256K.Signing.PublicKey for signature verification; all produced signatures are lower-S normalized.
struct PrivateKey
secp256k1 ECDSA private key for deterministically signing messages and producing P256K.Signing.ECDSASignature values using the secp256k1 curve.
struct PublicKey
secp256k1 ECDSA public key for verifying P256K.Signing.ECDSASignature values, available in compressed (33-byte) or uncompressed (65-byte) serialized form.
struct ECDSASignature
64-byte secp256k1 ECDSA signature in libsecp256k1 internal format, convertible to and from DER (variable-length, up to 72 bytes) and compact (exactly 64 bytes) representations.

Schnorr Signatures

enum Schnorr
BIP-340 Schnorr signatures over secp256k1: sign with P256K.Schnorr.PrivateKey, verify against P256K.Schnorr.XonlyKey, using a fixed 64-byte P256K.Schnorr.SchnorrSignature encoding.
struct PrivateKey
secp256k1 BIP-340 Schnorr private key for signing messages with P256K.Schnorr.SchnorrSignature and for deriving the x-only public key used in verification.
struct PublicKey
secp256k1 BIP-340 Schnorr public key in compressed or uncompressed form, from which the x-only key used for signature verification is derived via the xonly property.
struct SchnorrSignature
64-byte BIP-340 Schnorr signature over the secp256k1 elliptic curve, produced by secp256k1_schnorrsig_sign_custom and verified by secp256k1_schnorrsig_verify.
struct Nonce
Represents a public nonce used for MuSig operations.

MuSig2 Multi-Signatures

enum MuSig
BIP-327 MuSig2 multi-signature namespace for secp256k1: aggregate signer public keys with aggregate(_:), coordinate nonce generation, collect partial signatures, and aggregate into a final 64-byte P256K.MuSig.AggregateSignature.
struct PublicKey
secp256k1 MuSig2 aggregate public key produced by aggregate(_:) via secp256k1_musig_pubkey_agg, used for partial signature verification and Taproot tweaking.
struct AggregateSignature
64-byte BIP-340 Schnorr signature produced by aggregateSignatures(_:) from all signers’ P256K.Schnorr.PartialSignature values; verifiable against the MuSig2 aggregate public key.
struct Nonce
66-byte aggregated MuSig2 public nonce produced by secp256k1_musig_nonce_agg from all signers’ individual public nonces, required before any partial signing can occur.

Key Agreement (ECDH)

enum KeyAgreement
secp256k1 ECDH key agreement namespace providing P256K.KeyAgreement.PrivateKey and P256K.KeyAgreement.PublicKey for computing a SharedSecret via secp256k1_ecdh.
struct PrivateKey
secp256k1 ECDH private key for deriving a SharedSecret with a peer’s P256K.KeyAgreement.PublicKey via secp256k1_ecdh.
struct PublicKey
secp256k1 ECDH public key, accepted by sharedSecretFromKeyAgreement(with:format:) to compute a SharedSecret.
struct SharedSecret
A key agreement result from which you can derive a symmetric cryptographic key.

Key Recovery

enum Recovery
secp256k1 ECDSA recoverable signature namespace: sign with P256K.Recovery.PrivateKey to produce an P256K.Recovery.ECDSASignature that allows any verifier to recover the signer’s P256K.Recovery.PublicKey without prior knowledge.
struct PrivateKey
secp256k1 ECDSA private key for producing recoverable signatures via secp256k1_ecdsa_sign_recoverable with RFC 6979 deterministic nonce generation.
struct PublicKey
secp256k1 public key recovered from an P256K.Recovery.ECDSASignature via secp256k1_ecdsa_recover, identifying the signer without prior knowledge of their public key.
struct ECDSASignature
65-byte secp256k1 ECDSA recoverable signature (64-byte compact form + 1-byte recovery ID) produced by secp256k1_ecdsa_sign_recoverable using RFC 6979 deterministic nonces.

Hashing

enum SHA256
SHA-256 hash function backed by secp256k1_swift_sha256, producing 32-byte SHA256Digest values; also provides BIP-340 tagged hash support via taggedHash(tag:data:) using secp256k1_tagged_sha256.
struct HashDigest
32-byte SHA-256 digest conforming to Digest so it can be passed directly to secp256k1 signing and verification APIs such as signature(for:) and signature(for:).

Supporting Types

Protocols

protocol Digest
A type that represents the output of a hash.

Structures

struct Int256
A 256-bit signed integer backed by a UInt128 low limb and an Int128 high limb, conforming to FixedWidthInteger, BinaryInteger, and SignedInteger; the signed counterpart to UInt256.

Type Aliases

typealias CryptoKitMetaError
typealias SHA256Digest
A type alias for HashDigest used as the concrete return type of hash(data:) and taggedHash(tag:data:).

Enumerations

enum CryptoKitASN1Error
Errors from decoding ASN.1 content.

Extended Modules