Make secp256k1 optional

[Kixunil]

There are some applications that need to parse the timechain but don't need to verify signatures (they get the blocks from bitcoind), nor do they need to sign (they are not wallets). For these applications transitively depending on secp256k1 needlessly increases compile times and, if LTO is not used, also binary sizes. Examples of such applications are electrs and a new version of btc-rpc-proxy, which can fetch missing blocks from the peers but needs to verify their hashes.

It'd be really nice if secp256k1 could be optional to solve these issues. Is this something you'd accept a PR for? It's a breaking change but it can be trivially improved by semver trick (just pub use secp256k1::*;).

[apoelstra]

If it's reasonable in scope I could get behind this. We'd lose the PrivateKey and PublicKey types as well as bip32 and bip143, at first blush.

We're gearing up for an pretty big break in a version or two so this would be fine. Good observation about the semver trick helping here.

[Kixunil]

OK, I gave it a try. It was a little bit more tricky than expected but not too bad.

[tcharding]

Do we still want to do this? I had a go at it just now, I did it on top of "add crytpo module".

What I did was:

• Add a feature "secp256k1"
• put four of the modules in crypto behind it (key, ecdsa, schnorr, tapoot)
• left hash and merkleblock not behind the feature
• heavily feature gated address methods, script methods, and sighash (all the taproot stuff).
• hackishly feature gated any test code that didn't build

Does this seem like we want it? I can tidy up and do a PR if so, or perhaps wait till we've done a bit for util flattening.

[Kixunil]

Recently I had an idea to make crypto a separate crate depending on libsecp256k1 and then make crypto optional but not sure if it makes things better.

I'd love to see your PR and later maybe re-enable key types to work as "lightly checked bags of bits".

[tcharding]

We may need to leave hash and merlkeblock out of crypto then - I'm done for today but I'll have another play with it.

[Kixunil]

Indeed.

[apoelstra]

We can easy make secp256k1 an optional feature of crypto, since it would cleanly enable/disable the key module and nothing else.

Whether we could usefully expose that option at the level of bitcoin without a ton of trouble ... we'll see :)

[Kixunil]

Well, after crate smashing it should be possible to depend on things that simply don't require it. E.g. in electrs we would probably only depend on blockdata and network.

[Kixunil]

Some updates to this:

Crate smashing should naturally lead to us removing unneeded parts, including crypto. I think the latest agreed-on approach will resolve this. But also, there's a PR to make the C part of secp256k1 optional while retaining the types: rust-bitcoin/rust-secp256k1#703 This will be useful for a bunch of applications too.