Secp256k1 support

Hello.

I see some changes merged to the main branch of Daml, but I don’t see the 3.4.0-snapshot.20250820.0 contains the changes - should I use an additional compilation flag? I see on the main branch it’s hidden behind the feature DAML_CRYPTO_ADDITIONS, so should we enable it in another way or just to wait for a newer snapshot?

Now, I’m using the 20250827 snapshot, but still,

Should it be enabled in any special way?
```shell
./CryptoExample.daml:12:17: error:
Variable not in scope:
secp256k1signWithEcdsaOnly : Text → Text → Script b0
File: ./CryptoExample.daml
Hidden: no
Range: 16:8-16:30
Source: typecheck
Severity: DsError
Message:
./CryptoExample.daml:16:8: error:
Variable not in scope:
secp256k1WithEcdsaOnly : Text → Text → Text → Bool
```

Your Daml project will need to target 2.dev. That should then allow you to compile using these new features.

So, building your project code with daml build --target=2.dev should be sufficient here.

Alternatively, you can add the following to your project’s daml.yaml file:

build-options:
  - --target=2.dev

If you also want to disable the crypto warnings on compilation, also add the following to your project’s daml.yaml file:

build-options:
  - -Wno-crypto-text-is-alpha

Thanks. I’m able to build it.

But it’s still not working properly.

Looking into the java docs,

The ECDSA signature algorithms as defined in ANSI X9.62.

Note: "ECDSA" is an ambiguous name for the "SHA1withECDSA" algorithm and should not be used. The formal name "SHA1withECDSA" should be used instead.

So there probably should be NoneWithECDSA used instead of ECDSA as an algorithm passed to new MessageSignaturePrototypeUtil(“ECDSA”) for pure secp256k1 without hashing.

For your example from tests

it should return sth like that:

PrivKey 7308c95bf6e240ed8de37b5a7c5f453d88ece2b5e93c02ef985e8553f856474a

PubKey 043f4ae6efb79de2cf60636219110f11b695d5c1776c0b0dad1468672fba1c6f6acf79396b8403e110cbf60ccd7aefab4c541d49844a51049fcbd22dae1a51d681

PubKeyDer 3056301006072a8648ce3d020106052b8104000a034200043f4ae6efb79de2cf60636219110f11b695d5c1776c0b0dad1468672fba1c6f6acf79396b8403e110cbf60ccd7aefab4c541d49844a51049fcbd22dae1a51d681

Digest b03c694bc07762ef8f08a0260d68dd6ecc9da10a6fe1c1abfb6a21f71e88ff1c

SigEcdsa d5bbc8f7144e31b95b19d96e5631864dec0eddb84d96c0d0f6b36d6a96982d58148bf5301f6897ccd380aa6b558fc3a57e07adbf17dbb24824c57536ce1e46cb

SigDigest d5bbc8f7144e31b95b19d96e5631864dec0eddb84d96c0d0f6b36d6a96982d58148bf5301f6897ccd380aa6b558fc3a57e07adbf17dbb24824c57536ce1e46cb

SigDer 3045022100d5bbc8f7144e31b95b19d96e5631864dec0eddb84d96c0d0f6b36d6a96982d580220148bf5301f6897ccd380aa6b558fc3a57e07adbf17dbb24824c57536ce1e46cb

but

msgSig ← secp256k1signWithEcdsaOnly privateKey1 expectedDigest

debug msgSig

returns
3045022100bdbe3c37aa32885baedc4f3b6a6fdf3064ccb841e1ed7e269b8735b289743a4c0220413cbe3121071160ec7eddc81f69190930f5126fda2aa37d16b1755eb67cb299

Thanks for that @Lukasz2891

Let me patch the underlying code and lets see if things work better.

Hi @Lukasz2891, thanks again for your help on this.

A patch for this is now in place and I’ve validated my changes against your original code snippet. The next snapshot release should allow you to validate this on your side.

Thanks

Hello

Will be maybe a new snapshot available this week?

Hi @Lukasz2891. Just been checking with the release team. Apologies, but the snapshot release has unfortunately been delayed until next week.

Would the snapshot be released this week :)?

Hi @Lukasz2891. Apologies for the delay in answering you here - I was waiting for confirmation that the snapshot release had actually occurred.

Snapshot release 3.4.0-snapshot.20250911.0 contains the fixes you are after.

Thanks, I was sure I confirmed it - maybe that was on our TG

Do you have a plan to enable it by default, not by 2.dev target?

Yes, plans are currently in motion to do this.