Introducing UltrafastSecp256k1: A Multi-Architecture Exploration of Secp256k1 Optimizations

The recent updates from versions v3.14.0 to v3.21.0 encompass over 120 commits, ensuring ABI compatibility and introducing no breaking changes for a seamless upgrade from previous versions within the v3.14.x series. A significant enhancement is the implementation of the Bernstein-Yang SafeGCD method for constant-time scalar inversion, which has markedly improved performance, making the ct::scalar_inverse operation approximately 6.4 times faster. This update not only boosts efficiency but also enhances security measures, particularly in the context of ECDSA signing, which now operates around 43% faster under constant-time conditions.

Additionally, the updates have addressed specific vulnerabilities by fixing timing leaks associated with RISC-V architecture, thereby reinforcing the robustness of the system against potential side-channel attacks. The introduction of strict BIP-340 parsing further strengthens the security framework, ensuring stricter compliance and error handling during transaction verification processes.

The infrastructure supporting these updates has also seen significant improvements. The audit infrastructure has been expanded, allowing for more thorough code reviews and vulnerability assessments. Moreover, the adoption of reproducible Docker Continuous Integration (CI) environments ensures that builds are consistent and reliable across different platforms. To accommodate diverse hardware ecosystems, cross-platform benchmarks have now been extended to include x86-64, ARM64, RISC-V, and ESP32 platforms, ensuring wide applicability and performance optimization across various architectures.

These enhancements collectively contribute to a more secure, efficient, and versatile cryptographic library, emphasizing the commitment to ongoing improvement and adaptation to new challenges in the cybersecurity landscape.