2.5 years of upstream improvements now available for Liquid's advanced cryptography
Blockstream Research has completed a significant maintenance milestone: bringing libsecp256k1-zkp fully up to date with 2.5 years of improvements from upstream libsecp256k1. This library underpins the cryptographic foundation of Liquid Network, Elements, and Blockstream's functionary infrastructure.
Maintaining Bitcoin's Cryptographic Core
libsecp256k1 is Bitcoin's cryptographic foundation. Every Bitcoin transaction you've ever made relies on this library for signature verification. When Bitcoin Core integrated libsecp256k1 in 2016 (replacing OpenSSL), it delivered 2.5x to 5.5x performance improvements for signature verification, making Bitcoin nodes faster and more secure at validating the blockchain.
Members of Blockstream Research co-maintain libsecp256k1. Jonas Nick (Director of Research) and Tim Ruffing (Cryptographic Engineer) are maintainers of the library that secures the Bitcoin mainnet. Every Bitcoin Core node runs code they maintain to verify ECDSA signatures and, since the Taproot upgrade, Schnorr signatures. This is critical infrastructure work for Bitcoin itself.
However, Bitcoin mainnet is conservative by design. Advanced cryptographic features like Confidential Transactions, multisignature schemes with adaptor signature support, and zero-knowledge proofs don't exist in Bitcoin's consensus rules. That's where libsecp256k1-zkp comes in.
What Is libsecp256k1-zkp?
libsecp256k1-zkp is Blockstream's fork of libsecp256k1 that extends the base library with advanced cryptographic primitives. The "zkp" suffix refers to zero-knowledge proofs and related techniques - cryptographic methods that let you prove statements about data without revealing the data itself.
Think of it this way: Bitcoin Core uses libsecp256k1 for cryptographic operations required in the Bitcoin network. Liquid Network uses libsecp256k1-zkp for those same operations plus advanced features that enable privacy and efficiency beyond what the Bitcoin mainnet supports.
The library includes:
Confidential Transactions and Zero-Knowledge Proofs
- Pedersen commitments: Hide transaction amounts while allowing verification
- Range proofs: Prove a value is positive without revealing it
- Surjection proofs: Prove asset type relationships privately
- Address whitelisting
Advanced Signature Schemes
- ECDSA adaptor signatures: For payment channels and atomic swaps
- Schnorr signature half-aggregation
This is what powers Liquid Network's Confidential Transactions, enables the federated peg mechanism, and provides cryptographic primitives for Blockstream's enterprise products.
Where It's Used
libsecp256k1-zkp is deployed across Blockstream's stack and the broader Liquid ecosystem:
- Elements Core: Foundation of Liquid Network
- Functionary infrastructure: Securing Liquid's federated peg (host and HSM components)
- Wally/libwally: Used by Core Lightning, Jade hardware wallets, AMP, Blockstream App
- LWK (Liquid Wallet Kit): Powers the Blockstream app, Blockstream Enterprise, AMP2, and Liquid ecosystem applications
- Blockstream Explorer API: Powers block exploration and transaction unblinding for Liquid
- Simplicity: Smart contract language on Liquid uses libsecp256k1-zkp for cryptographic operations
Every wallet, exchange, and application building on Liquid depends on this library for advanced cryptographic features.
What Changed: 2.5 Years of Improvements
Blockstream Research has merged 2.5 years of upstream improvements from libsecp256k1:
Security Enhancements:
- API functions now use a significantly more robust method to clear secrets from the stack before returning, improving protection against potential memory attacks.
Performance Improvements:
- SDMC (Signed-Digit Multi-Comb) algorithm: 15-20% faster signing and public key generation
- Strauss algorithm optimization: 30% reduction in memory usage for multi-point elliptic curve multiplication operations (authored by Jonas Nick)
- Batch point conversion optimization: New secp256k1_ge_set_all_gej function improves MuSig2 and ECDSA Adaptor module performance (authored by Tim Ruffing)
Testing Infrastructure:
- New unit test framework with parallel test execution, selective test running, and named command-line arguments — dramatically improving developer experience and test coverage
Performance Benchmarks
Blockstream Research ran comprehensive benchmarks comparing libsecp256k1-zkp performance before and after the upstream merge. Benchmarks were conducted on a MacBook Air (M1, 2020) with 8 GB RAM running macOS 14.1.2. The results demonstrate measurable improvements across core cryptographic operations, MuSig2 workflows, and zero-knowledge proofs.
Core Cryptographic Operations:
| Operation | Before | After | Improvement |
| ECDSA Signing | 22.9 μs | 19.9 μs | 13% faster |
| Key Generation | 15.1 μs | 12.7 μs | 16% faster |
| Schnorr Signing | 16.1 μs | 13.6 μs | 16% faster |
The SDMC (Signed-Digit Multi-Comb) algorithm delivers 15-20% performance gains for signing and key generation operations that happen millions of times across the Bitcoin and Liquid ecosystems.
MuSig2 Multisignature Operations:
| Operation | Before | After | Improvement |
| Nonce Generation | 94.5 μs | 69.3 μs | 27% faster |
| Nonce Aggregation | 5.84 μs | 1.85 μs | 68% faster |
| Nonce Processing | 29.1 μs | 23.6 μs | 19% faster |
| Partial Signing | 220 μs | 178 μs | 19% faster |
| Complete Signing | 175 μs | 141 μs | 19% faster |
Zero-Knowledge Proof Primitives:
| Operation | Before | After | Improvement |
| ECDSA S2C Signing | 38.8 μs | 33.6 μs | 13% faster |
| ECDSA Adaptor Encryption | 89.9 μs | 80.3 μs | 11% faster |
| Surjection Proof Generation | 69.5 μs | 65.0 μs | 7% faster |
Even privacy-preserving operations like adaptor signatures and surjection proofs (used in Confidential Assets) see measurable improvements.
These benchmarks represent real-world performance gains for every wallet, exchange, and application building on Liquid. Faster signing means faster transaction construction. Faster MuSig2 means more efficient Lightning channels.
The Maintenance Work
For 2.5 years, libsecp256k1-zkp had fallen behind upstream libsecp256k1's continuous improvements. Blockstream Research engineers Mariia Zhvanko and Illia Melnyk completed the comprehensive sync work, integrating those upstream changes and bringing the fork back to parity.
This maintenance work required resolving conflicts between upstream improvements and zkp-specific modules, updating tests to ensure compatibility with experimental features, and verifying nothing breaks for downstream projects. The sync included updating libsecp256k1-zkp's MuSig2 implementation to match the upstream version (which was originally developed in zkp by Jonas Nick before being ported to Bitcoin Core in October 2024), then re-adding adaptor signature support that exists only in the zkp fork.
This illustrates an important point: Blockstream Research isn’t just passively merging upstream changes into libsecp256k1-zkp. As Jonas Nick and Tim Ruffing are maintainers of upstream libsecp256k1, they author many of the improvements themselves. When they optimize the Strauss algorithm or implement batch point conversion for Bitcoin Core, those same improvements immediately benefit Liquid and the entire ecosystem building on libsecp256k1-zkp. Mariia and Illia's sync work ensures these improvements flow to zkp while preserving the advanced cryptographic modules that make Liquid's privacy and functionality possible. This is what it means for Blockstream Research to maintain critical infrastructure at both layers.
Post-Quantum Cryptography Research
While libsecp256k1-zkp focuses on elliptic curve cryptography for production use today, Blockstream Research is also preparing for a post-quantum future. The team recently deployed post-quantum signature verification on Liquid using Simplicity, allowing users to protect their Liquid Bitcoin against future quantum computer attacks.
This demonstrates Blockstream Research's approach: maintain production cryptography for Bitcoin and Liquid today while developing the cryptographic schemes that will secure Bitcoin tomorrow.
Why Maintenance Matters
Cryptographic libraries don't get points for flashy features. They succeed by being correct, fast, and maintainable. libsecp256k1 became Bitcoin's standard because it prioritizes security and performance. It's written in C with no external dependencies, uses constant-time algorithms to resist timing attacks, and has been battle-tested protecting billions of dollars on the Bitcoin mainnet.
libsecp256k1-zkp inherits that rigor while adding support for confidential transactions and advanced signatures that make Liquid's privacy and efficiency possible. Keeping current with upstream means every project building on Liquid benefits from the same security standards that protect Bitcoin Core.
Open Source for the Ecosystem
libsecp256k1-zkp is open source and freely available on Github.
Blockstream Research maintains it not just for our own products but for the entire Liquid ecosystem and anyone building advanced Bitcoin applications. This update ensures developers working with Confidential Transactions, MuSig2, or other advanced cryptographic primitives have access to current, fast, and secure foundations.
Active work on both libsecp256k1 for Bitcoin Core and libsecp256k1-zkp for Liquid is part of Blockstream Research's commitment to Bitcoin infrastructure. It’s the unglamorous, essential work that keeps the ecosystem running.
For more on Blockstream Research, visit blog.blockstream.com/research
To learn about libsecp256k1's role in Bitcoin, read Bitcoin Magazine's "The Core Issue: libsecp256k1, Bitcoin's Cryptographic Heart"