Valentine (SECP) upgrade

The Valentine (or SECP) upgrade is Cardano’s intra-era hard fork that follows the Vasil upgrade. Valentine is a small and focused semantic change to the ledger, which brings new built-in functions to Plutus to support SECP elliptic curves (ECDSA and Schnorr). Although an intra-era hard fork requires a hard fork combinator event, it does not change the ledger era, which means that this is an upgrade to the Babbage era (Vasil functionality).

Live on Cardano testnets

Support for SECP256k1 is currently live on Cardano’s preview testing environment. The upgrade is planned to go live on the pre-production testing environment on February 11, 2023 at 00:00 UTC.

The community is encouraged to try out Valentine functionality before the mainnet release, which is proposed tentatively for February 14, 2023 at 21:44:51 UTC.

The current mainnet node, v.1.35.5, supports the SECP upgrade. To track the latest versions of the node and all downstream components, see these release notes and the compatibility matrix.

To get started:

About ECC

ECC is a popular primitive for developing cryptographic protocols and secure applications using custom encryption and decryption algorithms validated by digital signatures. ECC provides the same level of security as other mechanisms while using shorter keys and signatures.

There are different elliptic curves one can use, with secp256k1 as one of the options. Each of these curves differs in its parameters. The secp256k1 curve provides two common signature schemes – ECDSA and Schnorr.

Cardano uses the Edwards-curve Digital Signature Algorithm (EdDSA) with elliptic curve Curve25519 as its base curve (Ed25519). Ed25519 is designed to be resistant to certain types of cryptographic attacks, making it a secure choice.

Ed25519 is part of the family of safeCurves, which secp256k1 is not part of. The variance in algorithms means that Plutus DApp developers who want to work with other blockchains and need to validate ECDSA and Schnorr signatures would have to spend time, effort, and funds to implement such algorithms over the Standards for Efficient Cryptography (SECP) elliptic curves in Plutus. This extra implementation considerably increases potential security risks.

Since only Cardano’s primary signature algorithm Ed25519 is provided as a Plutus built-in function, ECDSA and Schnorr operations would be more expensive and time-consuming unless also provided as built-in functions.

What does the SECP upgrade bring?

Cardano’s Valentine upgrade adds new built-in functions to Plutus to support ECDSA and Schnorr signatures along with Cardano’s native signature.

These built-in functions will become native to Cardano, and since they will be implemented and audited by experts, they will provide the highest level of security. This standardization will allow any Plutus DApp developer to widen the choice of multi-signature or threshold signature design to use.

CIP-49 provides a more in-depth oversight of the motivation and specification for the new implementation of built-in functions.

After the new cryptographic primitives implementation, Plutus will be able to easily verify transactions from other blockchains using ECDSA and Schnorr standards. For example, Plutus will be able to natively verify signatures generated in EVM sidechains, which will improve the developer experience in terms of process simplicity, cost, and advanced security.

cardano-secp

Example scripts

Below are links to examples of scripts and script data files containing the inputs to be used for working with SECP256k1 elliptic curves.

The use of these scripts is similar to a token minting process, where you build a transaction to mint a token using --mint-script-file with a provided Plutus script and --mint-redeemer-file for provided input script data.