CKB is designed as a cryptographic abstraction blockchain — the protocol itself does not depend on any specific cryptographic algorithm, such as secp256k1.
However, developers do not always choose the right algorithm implementations, leading to issues such as poor performance, low code quality, and bloated binaries. This document assembles a list of recommended implementations, primarily in C and Rust, including those optimized by the CKB team.
Secp256k1 / Schnorr
secp256k1 is an optimized C library for EC operations on curve secp256k1, used by Bitcoin.
It is audited and battle-tested by Bitcoin. Use it unless there is a specific reason not to.
An alternative is k256, a pure-Rust implementation that is also audited.
Secp256r1
RustCrypto’s p256 is a Rust implementation.
RSA
The C version is mbedtls. The Rust version is RSA.
Both are solid; the only difference is the programming language.
Ed25519
ed25519 from RustCrypto.
SPHINCS+ (SLH-DSA)
The recommended C implementation is sphincsplus from the official SPHINCS+ organization.
The Rust implementation is slh-dsa from RustCrypto.
ML-DSA
The recommended implementation is ml-dsa from RustCrypto.
There is also a ckb-vm-optimized fork available here, though the performance difference is modest.
SP1 Verifier
An optimized SP1 verifier for ckb-vm. The original implementation is significantly slower.
BN254 (alt-bn128)
ckb-alt-bn128 is optimized for ckb-vm. Other versions are notably slower.
BLS12-381
ckb-blst-rs is optimized for ckb-vm. Other versions are notably slower.
SHA2 / SHA3 / SHAKE / Keccak Hashing Functions
opt-libs is optimized for ckb-vm, written in C with Rust bindings. If performance is not a concern, RustCrypto’s Hashes is a fine alternative.
Sparse Merkle Tree
SMT. It is audited.
Blake2b
Included in ckb-std.