fix(root): replace elliptic with noble/curves/secp256k1

alebusse · alebusse · commit 50a208d68d8b · 2025-02-19T14:06:43.000-03:00
replace elliptic lib with noble/curves/secp256k1 WP-3704 TICKET: WP-3704
diff --git a/modules/bitgo/test/v2/unit/internal/tssUtils/ecdsa.ts b/modules/bitgo/test/v2/unit/internal/tssUtils/ecdsa.ts
@@ -1674,7 +1674,7 @@ describe('TSS Ecdsa Utils:', async function () {
         '!@#$^0c70545b519bb7bbc7195fd4b7d5bfc873bfd38b18596e4b47a05b6a88d552e2e8319cb31e279b99dbe54115a983d35e86679af96d81b7478d1df368f76a8'; // 129 chars
       should(() =>
         ECDSAUtils.EcdsaUtils.validateCommonKeychainPublicKey(commonKeychainWithInvalidCharacters)
-      ).throwError('Unknown point format');
+      ).throwError(/^Invalid commonKeychain, error:/);
     });
   });
 
diff --git a/modules/sdk-coin-avaxp/package.json b/modules/sdk-coin-avaxp/package.json
@@ -44,18 +44,17 @@
   },
   "devDependencies": {
     "@bitgo/sdk-api": "^1.58.8",
-    "@bitgo/sdk-test": "^8.0.71",
-    "@types/elliptic": "^6.4.18"
+    "@bitgo/sdk-test": "^8.0.71"
   },
   "dependencies": {
     "@bitgo-forks/avalanchejs": "4.1.0-alpha.1",
     "@bitgo/sdk-core": "^28.25.0",
     "@bitgo/statics": "^51.0.0",
     "@bitgo/utxo-lib": "^11.2.2",
+    "@noble/curves": "1.8.1",
     "avalanche": "3.15.3",
     "bignumber.js": "^9.0.0",
     "create-hash": "^1.2.0",
-    "elliptic": "^6.6.1",
     "ethereumjs-util": "7.1.5",
     "lodash": "^4.17.14",
     "safe-buffer": "^5.2.1"
diff --git a/modules/sdk-coin-avaxp/src/lib/utils.ts b/modules/sdk-coin-avaxp/src/lib/utils.ts
@@ -22,7 +22,7 @@ import { Signature } from 'avalanche/dist/common';
 import { Credential } from 'avalanche/dist/common/credentials';
 import { NodeIDStringToBuffer } from 'avalanche/dist/utils';
 import * as createHash from 'create-hash';
-import { ec } from 'elliptic';
+import { secp256k1 } from '@noble/curves/secp256k1';
 import { ADDRESS_SEPARATOR, DeprecatedOutput, DeprecatedTx, Output } from './iface';
 
 export class Utils implements BaseUtils {
@@ -101,15 +101,12 @@ export class Utils implements BaseUtils {
       if (pub.length === 66 && firstByte !== '02' && firstByte !== '03') return false;
 
       if (!this.allHexChars(pub)) return false;
-
       pubBuf = BufferAvax.from(pub, 'hex');
     }
     // validate the public key
-    const secp256k1 = new ec('secp256k1');
     try {
-      const keyPair = secp256k1.keyFromPublic(pubBuf);
-      const { result } = keyPair.validate();
-      return result;
+      secp256k1.ProjectivePoint.fromHex(pubBuf.toString('hex'));
+      return true;
     } catch (e) {
       return false;
     }
diff --git a/modules/sdk-coin-icp/package.json b/modules/sdk-coin-icp/package.json
@@ -46,8 +46,8 @@
     "@dfinity/agent": "^2.2.0",
     "@dfinity/candid": "^2.2.0",
     "@dfinity/principal": "^2.2.0",
-    "crc-32": "^1.2.2",
-    "elliptic": "^6.6.1"
+    "@noble/curves": "1.8.1",
+    "crc-32": "^1.2.2"
   },
   "devDependencies": {
     "@bitgo/sdk-api": "^1.58.8",
diff --git a/modules/sdk-coin-icp/src/lib/utils.ts b/modules/sdk-coin-icp/src/lib/utils.ts
@@ -1,13 +1,11 @@
 import { BaseUtils, KeyPair } from '@bitgo/sdk-core';
-import elliptic from 'elliptic';
+import { secp256k1 } from '@noble/curves/secp256k1';
 import { Principal as DfinityPrincipal } from '@dfinity/principal';
 import * as agent from '@dfinity/agent';
 import crypto from 'crypto';
 import crc32 from 'crc-32';
 import { KeyPair as IcpKeyPair } from './keyPair';
 
-const Secp256k1Curve = new elliptic.ec('secp256k1');
-
 export class Utils implements BaseUtils {
   isValidAddress(address: string): boolean {
     throw new Error('Method not implemented.');
@@ -102,11 +100,9 @@ export class Utils implements BaseUtils {
   }
 
   derivePrincipalFromPublicKey(publicKeyHex: string): DfinityPrincipal {
-    const publicKeyBuffer = Buffer.from(publicKeyHex, 'hex');
-
     try {
-      const ellipticKey = Secp256k1Curve.keyFromPublic(publicKeyBuffer);
-      const uncompressedPublicKeyHex = ellipticKey.getPublic(false, 'hex');
+      const point = secp256k1.ProjectivePoint.fromHex(publicKeyHex);
+      const uncompressedPublicKeyHex = point.toHex(false);
       const derEncodedKey = agent.wrapDER(Buffer.from(uncompressedPublicKeyHex, 'hex'), agent.SECP256K1_OID);
       const principalId = DfinityPrincipal.selfAuthenticating(Buffer.from(derEncodedKey));
       const principal = DfinityPrincipal.fromUint8Array(principalId.toUint8Array());
diff --git a/modules/sdk-coin-stx/package.json b/modules/sdk-coin-stx/package.json
@@ -43,18 +43,17 @@
     "@bitgo/sdk-core": "^28.25.0",
     "@bitgo/statics": "^51.0.0",
     "@bitgo/utxo-lib": "^11.2.2",
+    "@noble/curves": "1.8.1",
     "@stacks/network": "^4.3.0",
     "@stacks/transactions": "2.0.1",
     "bignumber.js": "^9.0.0",
     "bn.js": "^5.2.1",
-    "elliptic": "^6.6.1",
     "ethereumjs-util": "7.1.5",
     "lodash": "^4.17.15"
   },
   "devDependencies": {
     "@bitgo/sdk-api": "^1.58.8",
-    "@bitgo/sdk-test": "^8.0.71",
-    "@types/elliptic": "^6.4.18"
+    "@bitgo/sdk-test": "^8.0.71"
   },
   "gitHead": "18e460ddf02de2dbf13c2aa243478188fb539f0c"
 }
diff --git a/modules/sdk-coin-stx/src/lib/utils.ts b/modules/sdk-coin-stx/src/lib/utils.ts
@@ -26,7 +26,7 @@ import {
   TransactionVersion,
   validateStacksAddress,
 } from '@stacks/transactions';
-import { ec } from 'elliptic';
+import { secp256k1 } from '@noble/curves/secp256k1';
 import * as _ from 'lodash';
 import { InvalidTransactionError, isValidXprv, isValidXpub, SigningError, UtilsError } from '@bitgo/sdk-core';
 import { AddressDetails, SendParams } from './iface';
@@ -157,11 +157,9 @@ export function isValidPublicKey(pub: string): boolean {
   if (!allHexChars(pub)) return false;
 
   // validate the public key
-  const secp256k1 = new ec('secp256k1');
   try {
-    const keyPair = secp256k1.keyFromPublic(Buffer.from(pub, 'hex'));
-    const { result } = keyPair.validate();
-    return result;
+    secp256k1.ProjectivePoint.fromHex(pub);
+    return true;
   } catch (e) {
     return false;
   }
diff --git a/modules/sdk-coin-xtz/package.json b/modules/sdk-coin-xtz/package.json
@@ -44,11 +44,11 @@
     "@bitgo/sdk-core": "^28.25.0",
     "@bitgo/statics": "^51.0.0",
     "@bitgo/utxo-lib": "^11.2.2",
+    "@noble/curves": "1.8.1",
     "@taquito/local-forging": "6.3.5-beta.0",
     "@taquito/signer": "6.3.5-beta.0",
     "bignumber.js": "^9.0.0",
     "bs58check": "^2.1.2",
-    "elliptic": "^6.6.1",
     "libsodium-wrappers": "^0.7.6",
     "lodash": "^4.17.15"
   },
diff --git a/modules/sdk-coin-xtz/src/lib/utils.ts b/modules/sdk-coin-xtz/src/lib/utils.ts
@@ -1,7 +1,7 @@
 import { isValidXpub, SigningError } from '@bitgo/sdk-core';
 import { InMemorySigner } from '@taquito/signer';
 import * as base58check from 'bs58check';
-import { ec as EC } from 'elliptic';
+import { secp256k1 } from '@noble/curves/secp256k1';
 import sodium from 'libsodium-wrappers';
 import { HashType, SignResponse } from './iface';
 import { KeyPair } from './keyPair';
@@ -101,9 +101,8 @@ export async function verifySignature(
   signature: string,
   watermark: Uint8Array = DEFAULT_WATERMARK
 ): Promise<boolean> {
-  const rawPublicKey = decodeKey(publicKey, hashTypes.sppk);
-  const ec = new EC('secp256k1');
-  const key = ec.keyFromPublic(rawPublicKey);
+  const rawPublicKey = decodeKey(publicKey, hashTypes.sppk).toString('hex');
+  const key = secp256k1.ProjectivePoint.fromHex(rawPublicKey);
 
   const messageBuffer = Uint8Array.from(Buffer.from(message, 'hex'));
   // Tezos signatures always have a watermark
@@ -115,7 +114,7 @@ export async function verifySignature(
   const bytesHash = Buffer.from(sodium.crypto_generichash(32, messageWithWatermark));
 
   const rawSignature = decodeSignature(signature, hashTypes.sig);
-  return key.verify(bytesHash, { r: rawSignature.slice(0, 32), s: rawSignature.slice(32, 64) });
+  return secp256k1.verify(rawSignature, bytesHash, key.toHex());
 }
 
 /**
diff --git a/modules/sdk-core/package.json b/modules/sdk-core/package.json
@@ -43,9 +43,8 @@
     "@bitgo/sjcl": "^1.0.1",
     "@bitgo/statics": "^51.0.0",
     "@bitgo/utxo-lib": "^11.2.2",
-    "@noble/secp256k1": "1.6.3",
+    "@noble/curves": "1.8.1",
     "@stablelib/hex": "^1.0.0",
-    "@types/elliptic": "^6.4.18",
     "@types/superagent": "4.1.15",
     "bech32": "^2.0.0",
     "big.js": "^3.1.3",
@@ -56,7 +55,6 @@
     "bs58": "^4.0.1",
     "create-hmac": "^1.1.7",
     "debug": "^3.1.0",
-    "elliptic": "^6.6.1",
     "ethereumjs-util": "7.1.5",
     "fp-ts": "^2.12.2",
     "io-ts": "npm:@bitgo-forks/io-ts@2.1.4",
diff --git a/modules/sdk-core/src/account-lib/mpc/tss/ecdsa/ecdsa.ts b/modules/sdk-core/src/account-lib/mpc/tss/ecdsa/ecdsa.ts
@@ -1,6 +1,6 @@
 import * as paillierBigint from 'paillier-bigint';
 import * as bigintCryptoUtils from 'bigint-crypto-utils';
-import * as secp from '@noble/secp256k1';
+import { secp256k1 as secp } from '@noble/curves/secp256k1';
 import { createHash, Hash, randomBytes } from 'crypto';
 import { bip32 } from '@bitgo/utxo-lib';
 import { bigIntFromBufferBE, bigIntFromU8ABE, bigIntToBufferBE, getPaillierPublicKey } from '../../util';
@@ -1369,7 +1369,7 @@ export default class Ecdsa {
       Ecdsa.curve.pointAdd(hexToBigInt(oShare.Gamma), hexToBigInt(dShare.Gamma)),
       Ecdsa.curve.scalarInvert(delta)
     );
-    const pointR = secp.Point.fromHex(bigIntToBufferBE(R, 32));
+    const pointR = secp.ProjectivePoint.fromHex(bigIntToBufferBE(R, 32));
     const r = pointR.x;
 
     const s = Ecdsa.curve.scalarAdd(
@@ -1410,7 +1410,7 @@ export default class Ecdsa {
    */
   generateVAProofs(M: Buffer, vaShare: VAShare): VAShareWithProofs {
     const s = hexToBigInt(vaShare.s);
-    const R = bigIntFromU8ABE(secp.Point.fromHex(vaShare.R).toRawBytes(true));
+    const R = bigIntFromU8ABE(secp.ProjectivePoint.fromHex(vaShare.R).toRawBytes(true));
 
     const proofContext = createHash('sha256').update(M).update(bigIntToBufferBE(R, Ecdsa.curve.pointBytes)).digest();
 
diff --git a/modules/sdk-core/src/bitgo/utils/tss/ecdsa/base.ts b/modules/sdk-core/src/bitgo/utils/tss/ecdsa/base.ts
@@ -1,4 +1,4 @@
-import { ec } from 'elliptic';
+import { secp256k1 } from '@noble/curves/secp256k1';
 
 import { IBaseCoin } from '../../../baseCoin';
 import baseTSSUtils from '../baseTSSUtils';
@@ -34,9 +34,12 @@ export class BaseEcdsaUtils extends baseTSSUtils<KeyShare> {
 
   static validateCommonKeychainPublicKey(commonKeychain: string) {
     const pub = BaseEcdsaUtils.getPublicKeyFromCommonKeychain(commonKeychain);
-    const secp256k1 = new ec('secp256k1');
-    const key = secp256k1.keyFromPublic(pub, 'hex');
-    return key.getPublic().encode('hex', false).slice(2);
+    try {
+      const point = secp256k1.ProjectivePoint.fromHex(pub);
+      return point.toHex(false).slice(2);
+    } catch (e) {
+      throw new Error('Invalid commonKeychain, error: ' + e.message);
+    }
   }
 
   /**
diff --git a/modules/sdk-lib-mpc/package.json b/modules/sdk-lib-mpc/package.json
@@ -36,7 +36,7 @@
     ]
   },
   "dependencies": {
-    "@noble/curves": "1.4.0",
+    "@noble/curves": "1.8.1",
     "@silencelaboratories/dkls-wasm-ll-node": "1.1.2",
     "@silencelaboratories/dkls-wasm-ll-web": "1.1.2",
     "@types/superagent": "4.1.15",
diff --git a/modules/secp256k1/package.json b/modules/secp256k1/package.json
@@ -39,7 +39,6 @@
     "ecpair": "npm:@bitgo/ecpair@2.1.0-rc.0"
   },
   "devDependencies": {
-    "@types/elliptic": "^6.4.18",
     "@types/node": "^16.18.46"
   },
   "lint-staged": {
diff --git a/modules/utxo-bin/package.json b/modules/utxo-bin/package.json
@@ -31,16 +31,15 @@
     "@bitgo/unspents": "^0.47.18",
     "@bitgo/utxo-lib": "^11.2.2",
     "@bitgo/wasm-miniscript": "2.0.0-beta.4",
+    "@noble/curves": "1.8.1",
     "archy": "^1.0.0",
     "bech32": "^2.0.0",
     "bitcoinjs-lib": "npm:@bitgo-forks/bitcoinjs-lib@7.1.0-master.2",
-    "bn.js": "^5.2.1",
     "bs58": "^5.0.0",
     "bs58check": "^2.1.2",
     "cashaddress": "^1.1.0",
     "chalk": "4",
     "clipboardy-cjs": "^3.0.0",
-    "elliptic": "^6.6.1",
     "yargs": "^17.3.1"
   },
   "devDependencies": {
diff --git a/modules/utxo-bin/src/ecdsa.ts b/modules/utxo-bin/src/ecdsa.ts
@@ -1,9 +1,12 @@
-const BN = require('bn.js');
-const EC = require('elliptic').ec;
-const secp256k1 = new EC('secp256k1');
-const n = secp256k1.curve.n;
-const nDiv2 = n.shrn(1);
+import { secp256k1 } from '@noble/curves/secp256k1';
 
-export function isHighS(s: Buffer): boolean {
-  return new BN(s).cmp(nDiv2) > 0;
+const n = BigInt(secp256k1.CURVE.n);
+const nDiv2 = n / BigInt(2);
+
+function bytesToBigInt(bytes: Uint8Array): bigint {
+  return BigInt(`0x${Buffer.from(bytes).toString('hex')}`);
+}
+
+export function isHighS(s: Uint8Array): boolean {
+  return bytesToBigInt(s) > nDiv2;
 }
diff --git a/modules/utxo-lib/package.json b/modules/utxo-lib/package.json
@@ -48,13 +48,12 @@
   "dependencies": {
     "@bitgo/blake2b": "^3.2.4",
     "@brandonblack/musig": "^0.0.1-alpha.0",
-    "@noble/secp256k1": "1.6.3",
+    "@noble/curves": "1.8.1",
     "bech32": "^2.0.0",
     "bip174": "npm:@bitgo-forks/bip174@3.1.0-master.4",
     "bip32": "^3.0.1",
     "bitcoin-ops": "^1.3.0",
     "bitcoinjs-lib": "npm:@bitgo-forks/bitcoinjs-lib@7.1.0-master.9",
-    "bn.js": "^5.2.1",
     "bs58check": "^2.1.2",
     "cashaddress": "^1.1.0",
     "create-hash": "^1.2.0",
@@ -65,12 +64,11 @@
     "varuint-bitcoin": "^1.1.2"
   },
   "devDependencies": {
-    "@types/elliptic": "^6.4.18",
     "@types/fs-extra": "^9.0.12",
     "@types/node": "^16.18.46",
+    "@noble/secp256k1": "1.6.3",
     "axios": "^1.6.0",
     "debug": "^3.1.0",
-    "elliptic": "^6.6.1",
     "fs-extra": "^9.1.0"
   },
   "lint-staged": {
diff --git a/modules/utxo-lib/src/payments/p2tr.ts b/modules/utxo-lib/src/payments/p2tr.ts
@@ -5,7 +5,7 @@ import { networks } from '../networks';
 import { script as bscript, Payment, PaymentOpts, lazy } from 'bitcoinjs-lib';
 import * as taproot from '../taproot';
 import { musig } from '../noble_ecc';
-import * as necc from '@noble/secp256k1';
+import { secp256k1 as necc } from '@noble/curves/secp256k1';
 
 const typef = require('typeforce');
 const OPS = bscript.OPS;
@@ -24,7 +24,7 @@ const EMPTY_BUFFER = Buffer.alloc(0);
 function isPlainPubkey(pubKey: Uint8Array): boolean {
   if (pubKey.length !== 33) return false;
   try {
-    return !!necc.Point.fromHex(pubKey);
+    return !!necc.ProjectivePoint.fromHex(pubKey);
   } catch (e) {
     return false;
   }
diff --git a/modules/utxo-lib/test/bitgo/signatureModify.ts b/modules/utxo-lib/test/bitgo/signatureModify.ts
@@ -1,12 +1,14 @@
 /* eslint-disable no-redeclare */
 import { script, ScriptSignature, TxOutput } from 'bitcoinjs-lib';
 import { isPlaceholderSignature, parseSignatureScript, UtxoTransaction } from '../../src/bitgo';
+import { secp256k1 } from '@noble/curves/secp256k1';
 
-const BN = require('bn.js');
-const EC = require('elliptic').ec;
-const secp256k1 = new EC('secp256k1');
-const n = secp256k1.curve.n;
-const nDiv2 = n.shrn(1);
+const n = BigInt(secp256k1.CURVE.n);
+const nDiv2 = n / BigInt(2);
+
+function bytesToBigInt(bytes: Uint8Array): bigint {
+  return BigInt(`0x${Buffer.from(bytes).toString('hex')}`);
+}
 
 function changeSignatureToHighS(signatureBuffer: Buffer): Buffer {
   if (!script.isCanonicalScriptSignature(signatureBuffer)) {
@@ -21,16 +23,19 @@ function changeSignatureToHighS(signatureBuffer: Buffer): Buffer {
     throw new Error(`invalid scalar length`);
   }
 
-  let ss = new BN(s);
+  let ss = bytesToBigInt(s);
 
-  if (ss.cmp(nDiv2) > 0) {
+  if (ss > nDiv2) {
     throw new Error(`signature already has high s value`);
   }
 
   // convert to high-S
-  ss = n.sub(ss);
+  ss = n - ss;
 
-  const newSig = ScriptSignature.encode(Buffer.concat([r, ss.toArrayLike(Buffer, 'be', 32)]), hashType);
+  const newSig = ScriptSignature.encode(
+    Buffer.concat([r, Buffer.from(ss.toString(16).padStart(64, '0'), 'hex')]),
+    hashType
+  );
   if (!script.isCanonicalScriptSignature(newSig)) {
     throw new Error(`newSig not canonical`);
   }
diff --git a/package.json b/package.json
diff --git a/yarn.lock b/yarn.lock
