PHPackages amashukov/secp256k1-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. amashukov/secp256k1-php ActiveLibrary[Utility & Helpers](/categories/utility) amashukov/secp256k1-php ======================= secp256k1 elliptic-curve arithmetic + RFC 6979 deterministic ECDSA sign / verify / recover in pure PHP on ext-gmp. v0.1.0(2w ago)0213↑92.3%2MITPHPPHP >=8.3CI passing Since May 24Pushed 2w agoCompare [ Source](https://github.com/AndreyMashukov/secp256k1-php)[ Packagist](https://packagist.org/packages/amashukov/secp256k1-php)[ RSS](/packages/amashukov-secp256k1-php/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (5)Versions (2)Used By (2) amashukov/secp256k1-php ======================= [](#amashukovsecp256k1-php) Pure-PHP secp256k1 elliptic-curve arithmetic and RFC 6979 deterministic ECDSA — sign, verify and recover for Ethereum and Bitcoin signatures. [![CI](https://camo.githubusercontent.com/d2dd3fcd7085571be279f689508faaf528110f5c2ef22cbb2639931125848972/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f416e647265794d617368756b6f762f736563703235366b312d7068702f63692e796d6c3f6272616e63683d6d61696e266c6162656c3d4349)](https://github.com/AndreyMashukov/secp256k1-php/actions)[![PHPStan L9](https://camo.githubusercontent.com/b570b2a1e75e814e62bc7cf09c80621cb7ab262db3f53cd26cdf82204cc36278/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f416e647265794d617368756b6f762f736563703235366b312d7068702f7374616e2e796d6c3f6272616e63683d6d61696e266c6162656c3d5048505374616e2532304c39)](https://github.com/AndreyMashukov/secp256k1-php/actions)[![Latest Version](https://camo.githubusercontent.com/e720864ae17327d2682d1410b6b6952cd08daa02b13d2b1fce02c8e0f9a51e95/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616d617368756b6f762f736563703235366b312d706870)](https://packagist.org/packages/amashukov/secp256k1-php)[![Downloads](https://camo.githubusercontent.com/c1cd4ff090e07b41e09901b52297e577d1feeb8d5c166f4dddaccb567e633950/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f616d617368756b6f762f736563703235366b312d706870)](https://packagist.org/packages/amashukov/secp256k1-php)[![PHP](https://camo.githubusercontent.com/f232b4317badeebb644f7607fcd7364b84fdce27747de99a5a8de69e986f40e8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646570656e64656e63792d762f616d617368756b6f762f736563703235366b312d7068702f706870)](https://packagist.org/packages/amashukov/secp256k1-php)[![License](https://camo.githubusercontent.com/04aa96ee2e24e166695647ffa10e9862cce94d5ca31f62d9034efe4ba8bffcfa/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f616d617368756b6f762f736563703235366b312d706870)](LICENSE)[![Stars](https://camo.githubusercontent.com/34ef27f705389957f13f11ffcc45056e417b632f08ea3f1759f69dce7ee8b3f0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f416e647265794d617368756b6f762f736563703235366b312d7068703f7374796c653d736f6369616c)](https://github.com/AndreyMashukov/secp256k1-php) `amashukov/secp256k1-php` implements the secp256k1 elliptic curve and ECDSA signature primitives in pure PHP on top of `ext-gmp`. It covers point arithmetic, RFC 6979 deterministic signing, signature verification and public-key recovery — the building blocks behind Ethereum and Bitcoin signatures, EIP-191 / EIP-712 signer derivation and EVM wallet tooling. Two static classes: - **`Secp256k1`** — curve constants (`P`, `N`, `Gx`, `Gy`) and point arithmetic (`pointAdd`, `pointDouble`, `scalarMul`, `scalarMulG`). - **`Ecdsa`** — RFC 6979 deterministic `sign`, `verify`, and `recover` (the latter is what EIP-191 / EIP-712 implementations call to derive a public key from a signature triple). The package is a leaf primitive — it ships with zero composer dependencies (`ext-gmp` + `ext-hash` from PHP core), and the EIP-191 / EIP-712 message-prefix hashing belongs in a downstream package that owns the keccak / domain-separator step. Features -------- [](#features) - **secp256k1 curve arithmetic** — `pointAdd`, `pointDouble`, `scalarMul`, `scalarMulG` over GMP big integers. - **RFC 6979 deterministic ECDSA** — same input always yields the same signature; no entropy source required. - **Canonical low-S signatures** — two clients signing the same payload produce byte-identical output. - **Public-key recovery** — derive the `04 || x || y` uncompressed key from a `(v, r, s)` triple, the EIP-191 / EIP-712 signer step. - **Validated public surface** — malformed lengths and out-of-range scalars are rejected. - **Zero composer dependencies** — `ext-gmp` + `ext-hash` only. - PHPStan level 9 clean, `@PER-CS` formatted, CI-tested. Why amashukov/secp256k1-php --------------------------- [](#why-amashukovsecp256k1-php) `simplito/elliptic-php` is a fine general-purpose elliptic-curve library, but it is curve-agnostic and carries the machinery for many curves. `amashukov/secp256k1-php` is single-curve by design: it focuses exclusively on secp256k1 and the ECDSA operations EVM and Bitcoin tooling actually need — deterministic RFC 6979 signing, canonical low-S output and `(v, r, s)` recovery — with a smaller, audited surface and zero composer dependencies. Installation ------------ [](#installation) ``` composer require amashukov/secp256k1-php ``` Usage ----- [](#usage) ### Curve arithmetic [](#curve-arithmetic) ``` use Amashukov\Secp256k1\Secp256k1; $p = Secp256k1::p(); // curve modulus $n = Secp256k1::n(); // curve order $G = Secp256k1::g(); // generator point ['x' => GMP, 'y' => GMP] // Public key from a 32-byte private key. $priv = hex2bin('c85ef7d79691fe79573b1a7064c19c1a9819ebdbd1faaab1a8ec92344438aaf4'); $d = gmp_import($priv); $pub = Secp256k1::scalarMul($G, $d, $p); // ['x' => GMP, 'y' => GMP] ``` ### Deterministic ECDSA sign (RFC 6979) [](#deterministic-ecdsa-sign-rfc-6979) ``` use Amashukov\Secp256k1\Ecdsa; $msgHash = hex2bin('5e89218a87e0bd6df9fdc62af4a8a87f48c44fcab6cdeefd6c6d3fcdcad1b48d'); // 32 bytes $privKey = hex2bin('c85ef7d79691fe79573b1a7064c19c1a9819ebdbd1faaab1a8ec92344438aaf4'); // 32 bytes $signature = Ecdsa::sign($msgHash, $privKey); // → ['r' => 32 bytes, 's' => 32 bytes, 'v' => 0|1] ``` Signatures are deterministic per RFC 6979 (same input → same output) and returned in canonical low-S form, so two clients signing the same payload produce byte-identical signatures. ### Verify [](#verify) ``` $pubKey = "\x04" . str_pad(gmp_export($pub['x']), 32, "\x00", STR_PAD_LEFT) . str_pad(gmp_export($pub['y']), 32, "\x00", STR_PAD_LEFT); $ok = Ecdsa::verify($msgHash, $pubKey, $signature['r'], $signature['s']); ``` ### Recover (EIP-191 / EIP-712 step) [](#recover-eip-191--eip-712-step) ``` // Given a (v, r, s) signature triple from an EVM wallet: $pubKey = Ecdsa::recover($msgHash, $signature['v'], $signature['r'], $signature['s']); // → 65 raw bytes uncompressed (`04 || x || y`), or null on failure ``` The recovered public key can then be hashed (keccak-256 of `x || y` → take last 20 bytes) to derive the signer's Ethereum address. Requirements ------------ [](#requirements) - PHP 8.3+ - `ext-gmp` - `ext-hash` (bundled with PHP core; used for HMAC-SHA256 in RFC 6979 nonce derivation) No composer dependencies. Security notes -------------- [](#security-notes) - **Not constant-time.** `Secp256k1::scalarMul` walks the scalar bit-by-bit with conditional adds — it leaks timing information about secret scalars. Use this package for signing only when the resulting timing channel is acceptable for the deployment (server-side signing of own keys is generally fine; never use it to handle attacker-controlled scalars on shared hardware). - **No side-channel hardening.** No blinding, no constant-time inversion. - **Validated inputs.** `Ecdsa::recover` and `Ecdsa::sign` reject malformed lengths and out-of-range scalars at the public surface. Related packages ---------------- [](#related-packages) Part of a modular pure-PHP blockchain toolkit: PackagePurpose[amashukov/keccak-php](https://github.com/AndreyMashukov/keccak-php)Keccak-256 / SHA-3 / SHAKE hashing[amashukov/secp256k1-php](https://github.com/AndreyMashukov/secp256k1-php)secp256k1 ECDSA sign / verify / recover[amashukov/rlp-php](https://github.com/AndreyMashukov/rlp-php)Ethereum RLP encode / decode[amashukov/ton-cell-php](https://github.com/AndreyMashukov/ton-cell-php)TON TLB Cell / Builder / Slice / BOC[amashukov/eip1559-tx-signer-php](https://github.com/AndreyMashukov/eip1559-tx-signer-php)EIP-1559 transaction signer[amashukov/abi-encoder-php](https://github.com/AndreyMashukov/abi-encoder-php)Ethereum ABI encoder[amashukov/eth-rpc-client-php](https://github.com/AndreyMashukov/eth-rpc-client-php)Ethereum JSON-RPC client[amashukov/eth-php](https://github.com/AndreyMashukov/eth-php)EVM umbrella packageQuality ------- [](#quality) - PHPStan level 9. - php-cs-fixer with the `@PER-CS` ruleset. - GitHub Actions CI on every push. - Test vectors validated against the SEC 2 / RFC 6979 reference outputs. References ---------- [](#references) - SEC 2: Recommended Elliptic Curve Domain Parameters — - RFC 6979 — Deterministic ECDSA — License ------- [](#license) MIT License. ### Health Score 42 — FairBetter than 88% of packages Maintenance97 Actively maintained with recent releases Popularity16 Limited adoption so far Community10 Small or concentrated contributor base Maturity38 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 17d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4b3e86ca79a82515b23e0239b1d3616c747e59b64c40e169d538d5c759c9bbc4?d=identicon)[Andrey Mashukov](/maintainers/Andrey%20Mashukov) --- Top Contributors [![AndreyMashukov](https://avatars.githubusercontent.com/u/24682497?v=4)](https://github.com/AndreyMashukov "AndreyMashukov (3 commits)") --- Tags blockchaincryptographyecdsaelliptic-curveethereumphpsecp256k1signaturecryptoelliptic curvebitcoinethereumECDSAeccsecp256k1 ### Code Quality TestsPHPUnit Static AnalysisPHPStan, Rector Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/amashukov-secp256k1-php/health.svg) ``` [![Health](https://phpackages.com/badges/amashukov-secp256k1-php/health.svg)](https://phpackages.com/packages/amashukov-secp256k1-php) ``` ### Alternatives [ccxt/ccxt A cryptocurrency trading API with more than 100 exchanges in JavaScript / TypeScript / Python / C# / PHP / Go 42.9k337.6k1](/packages/ccxt-ccxt)[simplito/elliptic-php Fast elliptic curve cryptography 2302.4M266](/packages/simplito-elliptic-php)[bitwasp/secp256k1-php PHP Extension with bindings for bitcoin/secp256k1. 58189.2k36](/packages/bitwasp-secp256k1-php)[bitcoin-php/bitcoin-ecdsa PHP library allowing to generate BTC addresses from private keys 23265.4k7](/packages/bitcoin-php-bitcoin-ecdsa)[ionux/phactor Phactor is a high-performance PHP implementation of the elliptic curve math functions required to generate & verify private/public (asymmetric) EC keypairs and ECDSA signatures based on secp256k1 curve parameters. This library also includes a class to generate Service Identification Numbers (SINs) based on the published Identity Protocol v1 spec. 5283.3k30](/packages/ionux-phactor)[kornrunner/secp256k1 Pure PHP secp256k1 40595.2k115](/packages/kornrunner-secp256k1) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)