UltrafastSecp256k1 3.50.0
Ultra high-performance secp256k1 elliptic curve cryptography library
Loading...
Searching...
No Matches
ecdh.hpp
Go to the documentation of this file.
1#ifndef SECP256K1_ECDH_HPP
2#define SECP256K1_ECDH_HPP
3
4// ============================================================================
5// ECDH (Elliptic Curve Diffie-Hellman) Key Exchange -- secp256k1
6// ============================================================================
7// Implements ECDH shared secret derivation per SEC 1 v2 S.3.3.1.
8//
9// Shared secret = SHA-256(x-coordinate of sk * PK)
10//
11// Usage:
12// Scalar sk = ...; // private key
13// Point pk = ...; // other party's public key
14// auto secret = ecdh_compute(sk, pk); // 32-byte shared secret
15//
16// Raw variant returns just the x-coordinate without hashing:
17// auto raw = ecdh_compute_raw(sk, pk); // 32-byte x-coordinate
18// ============================================================================
19
20#include <array>
21#include <cstdint>
22#include "secp256k1/point.hpp"
23#include "secp256k1/scalar.hpp"
24
25namespace secp256k1 {
26
27using fast::Scalar;
28using fast::Point;
29
30// -- ECDH Shared Secret (hashed) ----------------------------------------------
31// Computes shared_secret = SHA-256(compressed_point)
32// where compressed_point = serialize(sk * PK) as 33-byte compressed encoding.
33// Returns 32-byte hash. Returns all-zeros on failure (infinity point).
34std::array<std::uint8_t, 32> ecdh_compute(
35 const Scalar& private_key,
36 const Point& public_key);
37
38// -- ECDH Shared Secret (x-only) ---------------------------------------------
39// Returns SHA-256(x-coordinate of sk * PK) -- 32 bytes.
40// This is the most common variant (used by libsecp256k1 default).
41// Returns all-zeros on failure.
42std::array<std::uint8_t, 32> ecdh_compute_xonly(
43 const Scalar& private_key,
44 const Point& public_key);
45
46// -- ECDH Raw x-coordinate ---------------------------------------------------
47// Returns raw 32-byte x-coordinate of sk * PK (no hashing).
48// Useful when caller wants to apply their own KDF.
49// Returns all-zeros on failure.
50std::array<std::uint8_t, 32> ecdh_compute_raw(
51 const Scalar& private_key,
52 const Point& public_key);
53
54} // namespace secp256k1
55
56#endif // SECP256K1_ECDH_HPP
secp256k1::ecdh_compute_raw
std::array< std::uint8_t, 32 > ecdh_compute_raw(const Scalar &private_key, const Point &public_key)
secp256k1::ecdh_compute_xonly
std::array< std::uint8_t, 32 > ecdh_compute_xonly(const Scalar &private_key, const Point &public_key)
secp256k1::ecdh_compute
std::array< std::uint8_t, 32 > ecdh_compute(const Scalar &private_key, const Point &public_key)