{"id":7198,"library":"ecpy","title":"ECPy: Pure Python Elliptic Curve Library","description":"ECPy is a pure Python Elliptic Curve library providing implementations of ECDSA, EDDSA (Ed25519), ECSchnorr, and Borromean signatures, alongside fundamental Point operations. The library is currently at version 1.2.5, with its last release in October 2020. While its documentation historically noted a 'beta stage' status, the current lack of recent development suggests it is in maintenance mode rather than active feature development.","status":"maintenance","version":"1.2.5","language":"en","source_language":"en","source_url":"https://github.com/cslashm/ECPy","tags":["cryptography","elliptic curve","ecdsa","eddsa","ecschnorr","security","pure-python","signature"],"install":[{"cmd":"pip install ECPy","lang":"bash","label":"Install latest stable version"}],"dependencies":[],"imports":[{"symbol":"Curve","correct":"from ecpy.curves import Curve"},{"symbol":"Point","correct":"from ecpy.curves import Point"},{"symbol":"ECPublicKey","correct":"from ecpy.keys import ECPublicKey"},{"symbol":"ECPrivateKey","correct":"from ecpy.keys import ECPrivateKey"},{"symbol":"ECDSA","correct":"from ecpy.ecdsa import ECDSA"}],"quickstart":{"code":"from ecpy.curves import Curve, Point\nfrom ecpy.keys import ECPublicKey, ECPrivateKey\nfrom ecpy.ecdsa import ECDSA\n\n# Get a predefined elliptic curve (secp256k1 is commonly used)\ncv = Curve.get_curve('secp256k1')\n\n# Define public and private keys (example values, in a real scenario these would be generated securely)\n# Private key (scalar 'd')\npv_scalar = 0xfb26a4e75eec75544c0f44e937dcf5ee6355c7176600b9688c667e5c283b43c5\npv_key = ECPrivateKey(pv_scalar, cv)\n\n# Public key (Point 'Q' = d * G, where G is the generator point of the curve)\n# For secp256k1, the generator is part of the curve definition. \n# The public key point is derived from the private scalar.\nQ_x = 0x65d5b8bf9ab1801c9f168d4815994ad35f1dcb6ae6c7a1a303966b677b813b00\nQ_y = 0xe6b865e529b8ecbf71cf966e900477d49ced5846d7662dd2dd11ccd55c0aff7f\npu_key_point = Point(Q_x, Q_y, cv)\npu_key = ECPublicKey(pu_key_point)\n\n# Create an ECDSA signer instance\nsigner = ECDSA()\n\n# Message to be signed (must be bytes)\nmessage = b'This is a test message to be signed.'\n\n# Sign the message\nsig = signer.sign(message, pv_key)\n\n# Verify the signature\nis_valid = signer.verify(message, sig, pu_key)\n\nprint(f\"Message: {message.decode()}\")\nprint(f\"Private Key (scalar): {hex(pv_scalar)}\")\nprint(f\"Public Key (Point): ({hex(pu_key_point.x)}, {hex(pu_key_point.y)})\")\nprint(f\"Signature: {sig.hex()}\")\nprint(f\"Signature Valid: {is_valid}\")\n\nassert is_valid, \"Signature verification failed!\"\nprint(\"Signature successfully verified.\")","lang":"python","description":"This quickstart demonstrates the core functionality of ECPy by performing an ECDSA signature and verification. It initializes a secp256k1 elliptic curve, creates a public/private key pair, signs a simple message, and then verifies the signature."},"warnings":[{"fix":"Ensure your code uses curve-specific infinity points, typically managed internally by `ECPy` when performing point operations or key generations.","message":"The handling of infinity points was changed in version 1.1.0. Relying on a global (non-curve-attached) infinity point is now deprecated, and it is recommended to declare one infinity point per curve.","severity":"deprecated","affected_versions":"<1.1.0"},{"fix":"Upgrade to ECPy 1.2.4 or newer. Ensure that your hash function output size is appropriate for the chosen elliptic curve, or handle truncation/reduction correctly before signing.","message":"Prior to version 1.2.4, ECDSA signatures could fail or behave unexpectedly if the message hash length was greater than the domain order length of the elliptic curve.","severity":"gotcha","affected_versions":"<1.2.4"},{"fix":"Upgrade to ECPy 1.2.3 or newer. Verify that hash outputs are properly handled and reduced modulo the curve order before being used in Schnorr signature computations.","message":"Versions prior to 1.2.3 had issues with ECSchnorr signatures where the 'r' value (part of the signature) was greater than the curve's order, especially when using hash functions with a bitlength greater than the curve size.","severity":"gotcha","affected_versions":"<1.2.3"},{"fix":"Immediately upgrade to ECPy 1.2.0 or newer to ensure cryptographically sound ECDSA signatures, especially when using RFC 6979 deterministic signing.","message":"A critical bug in ECDSA's rfc6979 implementation prior to version 1.2.0 caused the curve's field value to be used instead of the order for maximum random generation, potentially leading to insecure signatures. Version 1.2.0 fixed this to conform with RFC 6979.","severity":"breaking","affected_versions":"<1.2.0"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Verify that the x and y coordinates used to instantiate a Point object are indeed valid points on the `Curve` object provided. Double-check curve parameters (a, b, field, order) if defining custom curves, and ensure all cryptographic operations are correctly chained with valid points.","cause":"This error occurs when attempting to create a Point object with coordinates (x, y) that do not satisfy the elliptic curve equation (y² = x³ + ax + b for Weierstrass form, or equivalent for other forms) of the specified curve. It can also happen during point addition/multiplication if intermediate points fall off the curve due to incorrect parameters or operations.","error":"ECPyException: Point not on curve"},{"fix":"Upgrade ECPy to the latest available version (1.2.5). If the issue persists, carefully review the EDDSA example code and ensure all inputs (keys, messages) conform to the expected types and formats for Curve25519 in ECPy.","cause":"This issue (reported in GitHub issues) indicates an internal incompatibility or missing attribute in older versions of ECPy when attempting EDDSA operations, specifically with the Curve25519 (a Twisted Edward curve).","error":"AttributeError: '_TwistedEdwardCurvePoint' object has no attribute '_coord_size' when using EDDSA with Curve25519"},{"fix":"Ensure ECPy is properly installed via `pip install ECPy`. If using a custom build, verify `setup.py` and environment. Consider creating a fresh virtual environment. This error might be resolved in newer versions of the library.","cause":"This error has been reported in older issues and likely stems from an internal variable not being correctly defined or imported within the ECPy library itself, possibly due to an incomplete installation or specific execution environment.","error":"NameError: name 'reqs' is not defined"}]}