[Electrum 3.2.3] Why does it wish to use an at-risk package called libsecp256k1?

[tUnes3]

I managed to launch Electrum 3.2.3 from its folder. However it comes with the following warning:

$ ./run_electrum
[ecc] info: libsecp256k1 library not available, falling back to python-ecdsa. This means signing operations will be slower.

According to Debian (url: https://packages.debian.org/stretch/libsecp256k1-0), it warns that

NB! This library is a work in progress and is being used to research best practices. Use at your own risk.

I wonder how many of you have been using libsecp256k1 since Electrum 3.2.2

[1714968885]

1714968885

[1714968885]

1714968885

[1714968885]

1714968885

[achow101]

Because there isn't really a risk to using libsecp256k1. That's just there as a disclaimer since some parts of the library are experimental, but those are also labeled clearly.

libsecp256k1 is what Bitcoin Core uses for all of its ECDSA operations for several years now. The library was created by some Bitcoin Core developers.

[tUnes3]

Because there isn't really a risk to using libsecp256k1. That's just there as a disclaimer since some parts of the library are experimental, but those are also labeled clearly.

Has there been any reported hacks that took advantage of the fact that some parts of libsecp256k1 are experimental?

libsecp256k1 is what Bitcoin Core uses for all of its ECDSA operations for several years now. The library was created by some Bitcoin Core developers.

Thanks a lot for this piece of information.

[achow101]

Has there been any reported hacks that took advantage of the fact that some parts of libsecp256k1 are experimental?

No, because those things are not used in Bitcoin. Also, the library is heavily reviewed by cryptographers.

Even experimental things are generally safe to use as their cryptography is reviewed before it is implemented into libsecp256k1. The experimental mostly refers to the fact that APIs may change for those experimental things. Also, the experimental stuff is not enabled by default and must be explicitly enabled when compiling the library.

[tUnes3]

Has there been any reported hacks that took advantage of the fact that some parts of libsecp256k1 are experimental?

No, because those things are not used in Bitcoin. Also, the library is heavily reviewed by cryptographers.

Even experimental things are generally safe to use as their cryptography is reviewed before it is implemented into libsecp256k1. The experimental mostly refers to the fact that APIs may change for those experimental things. Also, the experimental stuff is not enabled by default and must be explicitly enabled when compiling the library.

Thanks for your explanation. I've acquired some knowledge today