bring btcec into minigeth

288c7b42 · George Hotz · 81bec775 · 288c7b42 · 288c7b42 · 288c7b42
Commit 288c7b42 authored Oct 06, 2021 by George Hotz
22 changed files
--- a/minigeth/crypto/btcec/README.md
+++ b/minigeth/crypto/btcec/README.md
+btcec
+=====
+
+[![Build Status](https://github.com/btcsuite/btcd/workflows/Build%20and%20Test/badge.svg)](https://github.com/btcsuite/btcd/actions)
+[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
+[![GoDoc](https://pkg.go.dev/github.com/btcsuite/btcd/btcec?status.png)](https://pkg.go.dev/github.com/btcsuite/btcd/btcec)
+
+Package btcec implements elliptic curve cryptography needed for working with
+Bitcoin (secp256k1 only for now). It is designed so that it may be used with the
+standard crypto/ecdsa packages provided with go.  A comprehensive suite of test
+is provided to ensure proper functionality.  Package btcec was originally based
+on work from ThePiachu which is licensed under the same terms as Go, but it has
+signficantly diverged since then.  The btcsuite developers original is licensed
+under the liberal ISC license.
+
+Although this package was primarily written for btcd, it has intentionally been
+designed so it can be used as a standalone package for any projects needing to
+use secp256k1 elliptic curve cryptography.
+
+## Installation and Updating
+
+```bash
+$ go get -u github.com/btcsuite/btcd/btcec
+```
+
+## Examples
+
+* [Sign Message](https://pkg.go.dev/github.com/btcsuite/btcd/btcec#example-package--SignMessage)  
+  Demonstrates signing a message with a secp256k1 private key that is first
+  parsed form raw bytes and serializing the generated signature.
+
+* [Verify Signature](https://pkg.go.dev/github.com/btcsuite/btcd/btcec#example-package--VerifySignature)  
+  Demonstrates verifying a secp256k1 signature against a public key that is
+  first parsed from raw bytes.  The signature is also parsed from raw bytes.
+
+* [Encryption](https://pkg.go.dev/github.com/btcsuite/btcd/btcec#example-package--EncryptMessage)
+  Demonstrates encrypting a message for a public key that is first parsed from
+  raw bytes, then decrypting it using the corresponding private key.
+
+* [Decryption](https://pkg.go.dev/github.com/btcsuite/btcd/btcec#example-package--DecryptMessage)
+  Demonstrates decrypting a message using a private key that is first parsed
+  from raw bytes.
+
+## GPG Verification Key
+
+All official release tags are signed by Conformal so users can ensure the code
+has not been tampered with and is coming from the btcsuite developers.  To
+verify the signature perform the following:
+
+- Download the public key from the Conformal website at
+  https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
+
+- Import the public key into your GPG keyring:
+  ```bash
+  gpg --import GIT-GPG-KEY-conformal.txt
+  ```
+
+- Verify the release tag with the following command where `TAG_NAME` is a
+  placeholder for the specific tag:
+  ```bash
+  git tag -v TAG_NAME
+  ```
+
+## License
+
+Package btcec is licensed under the [copyfree](http://copyfree.org) ISC License
+except for btcec.go and btcec_test.go which is under the same license as Go.
+
--- a/minigeth/crypto/btcec/bench_test.go
+++ b/minigeth/crypto/btcec/bench_test.go
+// Copyright 2013-2016 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"encoding/hex"
+	"testing"
+)
+
+// BenchmarkAddJacobian benchmarks the secp256k1 curve addJacobian function with
+// Z values of 1 so that the associated optimizations are used.
+func BenchmarkAddJacobian(b *testing.B) {
+	b.StopTimer()
+	x1 := new(fieldVal).SetHex("34f9460f0e4f08393d192b3c5133a6ba099aa0ad9fd54ebccfacdfa239ff49c6")
+	y1 := new(fieldVal).SetHex("0b71ea9bd730fd8923f6d25a7a91e7dd7728a960686cb5a901bb419e0f2ca232")
+	z1 := new(fieldVal).SetHex("1")
+	x2 := new(fieldVal).SetHex("34f9460f0e4f08393d192b3c5133a6ba099aa0ad9fd54ebccfacdfa239ff49c6")
+	y2 := new(fieldVal).SetHex("0b71ea9bd730fd8923f6d25a7a91e7dd7728a960686cb5a901bb419e0f2ca232")
+	z2 := new(fieldVal).SetHex("1")
+	x3, y3, z3 := new(fieldVal), new(fieldVal), new(fieldVal)
+	curve := S256()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		curve.addJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3)
+	}
+}
+
+// BenchmarkAddJacobianNotZOne benchmarks the secp256k1 curve addJacobian
+// function with Z values other than one so the optimizations associated with
+// Z=1 aren't used.
+func BenchmarkAddJacobianNotZOne(b *testing.B) {
+	b.StopTimer()
+	x1 := new(fieldVal).SetHex("d3e5183c393c20e4f464acf144ce9ae8266a82b67f553af33eb37e88e7fd2718")
+	y1 := new(fieldVal).SetHex("5b8f54deb987ec491fb692d3d48f3eebb9454b034365ad480dda0cf079651190")
+	z1 := new(fieldVal).SetHex("2")
+	x2 := new(fieldVal).SetHex("91abba6a34b7481d922a4bd6a04899d5a686f6cf6da4e66a0cb427fb25c04bd4")
+	y2 := new(fieldVal).SetHex("03fede65e30b4e7576a2abefc963ddbf9fdccbf791b77c29beadefe49951f7d1")
+	z2 := new(fieldVal).SetHex("3")
+	x3, y3, z3 := new(fieldVal), new(fieldVal), new(fieldVal)
+	curve := S256()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		curve.addJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3)
+	}
+}
+
+// BenchmarkScalarBaseMult benchmarks the secp256k1 curve ScalarBaseMult
+// function.
+func BenchmarkScalarBaseMult(b *testing.B) {
+	k := fromHex("d74bf844b0862475103d96a611cf2d898447e288d34b360bc885cb8ce7c00575")
+	curve := S256()
+	for i := 0; i < b.N; i++ {
+		curve.ScalarBaseMult(k.Bytes())
+	}
+}
+
+// BenchmarkScalarBaseMultLarge benchmarks the secp256k1 curve ScalarBaseMult
+// function with abnormally large k values.
+func BenchmarkScalarBaseMultLarge(b *testing.B) {
+	k := fromHex("d74bf844b0862475103d96a611cf2d898447e288d34b360bc885cb8ce7c005751111111011111110")
+	curve := S256()
+	for i := 0; i < b.N; i++ {
+		curve.ScalarBaseMult(k.Bytes())
+	}
+}
+
+// BenchmarkScalarMult benchmarks the secp256k1 curve ScalarMult function.
+func BenchmarkScalarMult(b *testing.B) {
+	x := fromHex("34f9460f0e4f08393d192b3c5133a6ba099aa0ad9fd54ebccfacdfa239ff49c6")
+	y := fromHex("0b71ea9bd730fd8923f6d25a7a91e7dd7728a960686cb5a901bb419e0f2ca232")
+	k := fromHex("d74bf844b0862475103d96a611cf2d898447e288d34b360bc885cb8ce7c00575")
+	curve := S256()
+	for i := 0; i < b.N; i++ {
+		curve.ScalarMult(x, y, k.Bytes())
+	}
+}
+
+// BenchmarkNAF benchmarks the NAF function.
+func BenchmarkNAF(b *testing.B) {
+	k := fromHex("d74bf844b0862475103d96a611cf2d898447e288d34b360bc885cb8ce7c00575")
+	for i := 0; i < b.N; i++ {
+		NAF(k.Bytes())
+	}
+}
+
+// BenchmarkSigVerify benchmarks how long it takes the secp256k1 curve to
+// verify signatures.
+func BenchmarkSigVerify(b *testing.B) {
+	b.StopTimer()
+	// Randomly generated keypair.
+	// Private key: 9e0699c91ca1e3b7e3c9ba71eb71c89890872be97576010fe593fbf3fd57e66d
+	pubKey := PublicKey{
+		Curve: S256(),
+		X:     fromHex("d2e670a19c6d753d1a6d8b20bd045df8a08fb162cf508956c31268c6d81ffdab"),
+		Y:     fromHex("ab65528eefbb8057aa85d597258a3fbd481a24633bc9b47a9aa045c91371de52"),
+	}
+
+	// Double sha256 of []byte{0x01, 0x02, 0x03, 0x04}
+	msgHash := fromHex("8de472e2399610baaa7f84840547cd409434e31f5d3bd71e4d947f283874f9c0")
+	sig := Signature{
+		R: fromHex("fef45d2892953aa5bbcdb057b5e98b208f1617a7498af7eb765574e29b5d9c2c"),
+		S: fromHex("d47563f52aac6b04b55de236b7c515eb9311757db01e02cff079c3ca6efb063f"),
+	}
+
+	if !sig.Verify(msgHash.Bytes(), &pubKey) {
+		b.Errorf("Signature failed to verify")
+		return
+	}
+	b.StartTimer()
+
+	for i := 0; i < b.N; i++ {
+		sig.Verify(msgHash.Bytes(), &pubKey)
+	}
+}
+
+// BenchmarkFieldNormalize benchmarks how long it takes the internal field
+// to perform normalization (which includes modular reduction).
+func BenchmarkFieldNormalize(b *testing.B) {
+	// The normalize function is constant time so default value is fine.
+	f := new(fieldVal)
+	for i := 0; i < b.N; i++ {
+		f.Normalize()
+	}
+}
+
+// BenchmarkParseCompressedPubKey benchmarks how long it takes to decompress and
+// validate a compressed public key from a byte array.
+func BenchmarkParseCompressedPubKey(b *testing.B) {
+	rawPk, _ := hex.DecodeString("0234f9460f0e4f08393d192b3c5133a6ba099aa0ad9fd54ebccfacdfa239ff49c6")
+
+	var (
+		pk  *PublicKey
+		err error
+	)
+
+	b.ReportAllocs()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		pk, err = ParsePubKey(rawPk, S256())
+	}
+	_ = pk
+	_ = err
+}
--- a/minigeth/crypto/btcec/btcec.go
+++ b/minigeth/crypto/btcec/btcec.go
--- a/minigeth/crypto/btcec/btcec_test.go
+++ b/minigeth/crypto/btcec/btcec_test.go
--- a/minigeth/crypto/btcec/ciphering.go
+++ b/minigeth/crypto/btcec/ciphering.go
+// Copyright (c) 2015-2016 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/sha512"
+	"errors"
+	"io"
+)
+
+var (
+	// ErrInvalidMAC occurs when Message Authentication Check (MAC) fails
+	// during decryption. This happens because of either invalid private key or
+	// corrupt ciphertext.
+	ErrInvalidMAC = errors.New("invalid mac hash")
+
+	// errInputTooShort occurs when the input ciphertext to the Decrypt
+	// function is less than 134 bytes long.
+	errInputTooShort = errors.New("ciphertext too short")
+
+	// errUnsupportedCurve occurs when the first two bytes of the encrypted
+	// text aren't 0x02CA (= 712 = secp256k1, from OpenSSL).
+	errUnsupportedCurve = errors.New("unsupported curve")
+
+	errInvalidXLength = errors.New("invalid X length, must be 32")
+	errInvalidYLength = errors.New("invalid Y length, must be 32")
+	errInvalidPadding = errors.New("invalid PKCS#7 padding")
+
+	// 0x02CA = 714
+	ciphCurveBytes = [2]byte{0x02, 0xCA}
+	// 0x20 = 32
+	ciphCoordLength = [2]byte{0x00, 0x20}
+)
+
+// GenerateSharedSecret generates a shared secret based on a private key and a
+// public key using Diffie-Hellman key exchange (ECDH) (RFC 4753).
+// RFC5903 Section 9 states we should only return x.
+func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte {
+	x, _ := pubkey.Curve.ScalarMult(pubkey.X, pubkey.Y, privkey.D.Bytes())
+	return x.Bytes()
+}
+
+// Encrypt encrypts data for the target public key using AES-256-CBC. It also
+// generates a private key (the pubkey of which is also in the output). The only
+// supported curve is secp256k1. The `structure' that it encodes everything into
+// is:
+//
+//	struct {
+//		// Initialization Vector used for AES-256-CBC
+//		IV [16]byte
+//		// Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyX +
+//		// len_of_pubkeyY(2) + pubkeyY (curve = 714)
+//		PublicKey [70]byte
+//		// Cipher text
+//		Data []byte
+//		// HMAC-SHA-256 Message Authentication Code
+//		HMAC [32]byte
+//	}
+//
+// The primary aim is to ensure byte compatibility with Pyelliptic.  Also, refer
+// to section 5.8.1 of ANSI X9.63 for rationale on this format.
+func Encrypt(pubkey *PublicKey, in []byte) ([]byte, error) {
+	ephemeral, err := NewPrivateKey(S256())
+	if err != nil {
+		return nil, err
+	}
+	ecdhKey := GenerateSharedSecret(ephemeral, pubkey)
+	derivedKey := sha512.Sum512(ecdhKey)
+	keyE := derivedKey[:32]
+	keyM := derivedKey[32:]
+
+	paddedIn := addPKCSPadding(in)
+	// IV + Curve params/X/Y + padded plaintext/ciphertext + HMAC-256
+	out := make([]byte, aes.BlockSize+70+len(paddedIn)+sha256.Size)
+	iv := out[:aes.BlockSize]
+	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+	// start writing public key
+	pb := ephemeral.PubKey().SerializeUncompressed()
+	offset := aes.BlockSize
+
+	// curve and X length
+	copy(out[offset:offset+4], append(ciphCurveBytes[:], ciphCoordLength[:]...))
+	offset += 4
+	// X
+	copy(out[offset:offset+32], pb[1:33])
+	offset += 32
+	// Y length
+	copy(out[offset:offset+2], ciphCoordLength[:])
+	offset += 2
+	// Y
+	copy(out[offset:offset+32], pb[33:])
+	offset += 32
+
+	// start encryption
+	block, err := aes.NewCipher(keyE)
+	if err != nil {
+		return nil, err
+	}
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(out[offset:len(out)-sha256.Size], paddedIn)
+
+	// start HMAC-SHA-256
+	hm := hmac.New(sha256.New, keyM)
+	hm.Write(out[:len(out)-sha256.Size])          // everything is hashed
+	copy(out[len(out)-sha256.Size:], hm.Sum(nil)) // write checksum
+
+	return out, nil
+}
+
+// Decrypt decrypts data that was encrypted using the Encrypt function.
+func Decrypt(priv *PrivateKey, in []byte) ([]byte, error) {
+	// IV + Curve params/X/Y + 1 block + HMAC-256
+	if len(in) < aes.BlockSize+70+aes.BlockSize+sha256.Size {
+		return nil, errInputTooShort
+	}
+
+	// read iv
+	iv := in[:aes.BlockSize]
+	offset := aes.BlockSize
+
+	// start reading pubkey
+	if !bytes.Equal(in[offset:offset+2], ciphCurveBytes[:]) {
+		return nil, errUnsupportedCurve
+	}
+	offset += 2
+
+	if !bytes.Equal(in[offset:offset+2], ciphCoordLength[:]) {
+		return nil, errInvalidXLength
+	}
+	offset += 2
+
+	xBytes := in[offset : offset+32]
+	offset += 32
+
+	if !bytes.Equal(in[offset:offset+2], ciphCoordLength[:]) {
+		return nil, errInvalidYLength
+	}
+	offset += 2
+
+	yBytes := in[offset : offset+32]
+	offset += 32
+
+	pb := make([]byte, 65)
+	pb[0] = byte(0x04) // uncompressed
+	copy(pb[1:33], xBytes)
+	copy(pb[33:], yBytes)
+	// check if (X, Y) lies on the curve and create a Pubkey if it does
+	pubkey, err := ParsePubKey(pb, S256())
+	if err != nil {
+		return nil, err
+	}
+
+	// check for cipher text length
+	if (len(in)-aes.BlockSize-offset-sha256.Size)%aes.BlockSize != 0 {
+		return nil, errInvalidPadding // not padded to 16 bytes
+	}
+
+	// read hmac
+	messageMAC := in[len(in)-sha256.Size:]
+
+	// generate shared secret
+	ecdhKey := GenerateSharedSecret(priv, pubkey)
+	derivedKey := sha512.Sum512(ecdhKey)
+	keyE := derivedKey[:32]
+	keyM := derivedKey[32:]
+
+	// verify mac
+	hm := hmac.New(sha256.New, keyM)
+	hm.Write(in[:len(in)-sha256.Size]) // everything is hashed
+	expectedMAC := hm.Sum(nil)
+	if !hmac.Equal(messageMAC, expectedMAC) {
+		return nil, ErrInvalidMAC
+	}
+
+	// start decryption
+	block, err := aes.NewCipher(keyE)
+	if err != nil {
+		return nil, err
+	}
+	mode := cipher.NewCBCDecrypter(block, iv)
+	// same length as ciphertext
+	plaintext := make([]byte, len(in)-offset-sha256.Size)
+	mode.CryptBlocks(plaintext, in[offset:len(in)-sha256.Size])
+
+	return removePKCSPadding(plaintext)
+}
+
+// Implement PKCS#7 padding with block size of 16 (AES block size).
+
+// addPKCSPadding adds padding to a block of data
+func addPKCSPadding(src []byte) []byte {
+	padding := aes.BlockSize - len(src)%aes.BlockSize
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(src, padtext...)
+}
+
+// removePKCSPadding removes padding from data that was added with addPKCSPadding
+func removePKCSPadding(src []byte) ([]byte, error) {
+	length := len(src)
+	padLength := int(src[length-1])
+	if padLength > aes.BlockSize || length < aes.BlockSize {
+		return nil, errInvalidPadding
+	}
+
+	return src[:length-padLength], nil
+}
--- a/minigeth/crypto/btcec/ciphering_test.go
+++ b/minigeth/crypto/btcec/ciphering_test.go
+// Copyright (c) 2015-2016 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"bytes"
+	"encoding/hex"
+	"testing"
+)
+
+func TestGenerateSharedSecret(t *testing.T) {
+	privKey1, err := NewPrivateKey(S256())
+	if err != nil {
+		t.Errorf("private key generation error: %s", err)
+		return
+	}
+	privKey2, err := NewPrivateKey(S256())
+	if err != nil {
+		t.Errorf("private key generation error: %s", err)
+		return
+	}
+
+	secret1 := GenerateSharedSecret(privKey1, privKey2.PubKey())
+	secret2 := GenerateSharedSecret(privKey2, privKey1.PubKey())
+
+	if !bytes.Equal(secret1, secret2) {
+		t.Errorf("ECDH failed, secrets mismatch - first: %x, second: %x",
+			secret1, secret2)
+	}
+}
+
+// Test 1: Encryption and decryption
+func TestCipheringBasic(t *testing.T) {
+	privkey, err := NewPrivateKey(S256())
+	if err != nil {
+		t.Fatal("failed to generate private key")
+	}
+
+	in := []byte("Hey there dude. How are you doing? This is a test.")
+
+	out, err := Encrypt(privkey.PubKey(), in)
+	if err != nil {
+		t.Fatal("failed to encrypt:", err)
+	}
+
+	dec, err := Decrypt(privkey, out)
+	if err != nil {
+		t.Fatal("failed to decrypt:", err)
+	}
+
+	if !bytes.Equal(in, dec) {
+		t.Error("decrypted data doesn't match original")
+	}
+}
+
+// Test 2: Byte compatibility with Pyelliptic
+func TestCiphering(t *testing.T) {
+	pb, _ := hex.DecodeString("fe38240982f313ae5afb3e904fb8215fb11af1200592b" +
+		"fca26c96c4738e4bf8f")
+	privkey, _ := PrivKeyFromBytes(S256(), pb)
+
+	in := []byte("This is just a test.")
+	out, _ := hex.DecodeString("b0d66e5adaa5ed4e2f0ca68e17b8f2fc02ca002009e3" +
+		"3487e7fa4ab505cf34d98f131be7bd258391588ca7804acb30251e71a04e0020ecf" +
+		"df0f84608f8add82d7353af780fbb28868c713b7813eb4d4e61f7b75d7534dd9856" +
+		"9b0ba77cf14348fcff80fee10e11981f1b4be372d93923e9178972f69937ec850ed" +
+		"6c3f11ff572ddd5b2bedf9f9c0b327c54da02a28fcdce1f8369ffec")
+
+	dec, err := Decrypt(privkey, out)
+	if err != nil {
+		t.Fatal("failed to decrypt:", err)
+	}
+
+	if !bytes.Equal(in, dec) {
+		t.Error("decrypted data doesn't match original")
+	}
+}
+
+func TestCipheringErrors(t *testing.T) {
+	privkey, err := NewPrivateKey(S256())
+	if err != nil {
+		t.Fatal("failed to generate private key")
+	}
+
+	tests1 := []struct {
+		ciphertext []byte // input ciphertext
+	}{
+		{bytes.Repeat([]byte{0x00}, 133)},                   // errInputTooShort
+		{bytes.Repeat([]byte{0x00}, 134)},                   // errUnsupportedCurve
+		{bytes.Repeat([]byte{0x02, 0xCA}, 134)},             // errInvalidXLength
+		{bytes.Repeat([]byte{0x02, 0xCA, 0x00, 0x20}, 134)}, // errInvalidYLength
+		{[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IV
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x02, 0xCA, 0x00, 0x20, // curve and X length
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // X
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x20, // Y length
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Y
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ciphertext
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // MAC
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		}}, // invalid pubkey
+		{[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IV
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x02, 0xCA, 0x00, 0x20, // curve and X length
+			0x11, 0x5C, 0x42, 0xE7, 0x57, 0xB2, 0xEF, 0xB7, // X
+			0x67, 0x1C, 0x57, 0x85, 0x30, 0xEC, 0x19, 0x1A,
+			0x13, 0x59, 0x38, 0x1E, 0x6A, 0x71, 0x12, 0x7A,
+			0x9D, 0x37, 0xC4, 0x86, 0xFD, 0x30, 0xDA, 0xE5,
+			0x00, 0x20, // Y length
+			0x7E, 0x76, 0xDC, 0x58, 0xF6, 0x93, 0xBD, 0x7E, // Y
+			0x70, 0x10, 0x35, 0x8C, 0xE6, 0xB1, 0x65, 0xE4,
+			0x83, 0xA2, 0x92, 0x10, 0x10, 0xDB, 0x67, 0xAC,
+			0x11, 0xB1, 0xB5, 0x1B, 0x65, 0x19, 0x53, 0xD2,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ciphertext
+			// padding not aligned to 16 bytes
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // MAC
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		}}, // errInvalidPadding
+		{[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IV
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x02, 0xCA, 0x00, 0x20, // curve and X length
+			0x11, 0x5C, 0x42, 0xE7, 0x57, 0xB2, 0xEF, 0xB7, // X
+			0x67, 0x1C, 0x57, 0x85, 0x30, 0xEC, 0x19, 0x1A,
+			0x13, 0x59, 0x38, 0x1E, 0x6A, 0x71, 0x12, 0x7A,
+			0x9D, 0x37, 0xC4, 0x86, 0xFD, 0x30, 0xDA, 0xE5,
+			0x00, 0x20, // Y length
+			0x7E, 0x76, 0xDC, 0x58, 0xF6, 0x93, 0xBD, 0x7E, // Y
+			0x70, 0x10, 0x35, 0x8C, 0xE6, 0xB1, 0x65, 0xE4,
+			0x83, 0xA2, 0x92, 0x10, 0x10, 0xDB, 0x67, 0xAC,
+			0x11, 0xB1, 0xB5, 0x1B, 0x65, 0x19, 0x53, 0xD2,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ciphertext
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // MAC
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		}}, // ErrInvalidMAC
+	}
+
+	for i, test := range tests1 {
+		_, err = Decrypt(privkey, test.ciphertext)
+		if err == nil {
+			t.Errorf("Decrypt #%d did not get error", i)
+		}
+	}
+
+	// test error from removePKCSPadding
+	tests2 := []struct {
+		in []byte // input data
+	}{
+		{bytes.Repeat([]byte{0x11}, 17)},
+		{bytes.Repeat([]byte{0x07}, 15)},
+	}
+	for i, test := range tests2 {
+		_, err = removePKCSPadding(test.in)
+		if err == nil {
+			t.Errorf("removePKCSPadding #%d did not get error", i)
+		}
+	}
+}
--- a/minigeth/crypto/btcec/doc.go
+++ b/minigeth/crypto/btcec/doc.go
+// Copyright (c) 2013-2014 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+/*
+Package btcec implements support for the elliptic curves needed for bitcoin.
+
+Bitcoin uses elliptic curve cryptography using koblitz curves
+(specifically secp256k1) for cryptographic functions.  See
+http://www.secg.org/collateral/sec2_final.pdf for details on the
+standard.
+
+This package provides the data structures and functions implementing the
+crypto/elliptic Curve interface in order to permit using these curves
+with the standard crypto/ecdsa package provided with go. Helper
+functionality is provided to parse signatures and public keys from
+standard formats.  It was designed for use with btcd, but should be
+general enough for other uses of elliptic curve crypto.  It was originally based
+on some initial work by ThePiachu, but has significantly diverged since then.
+*/
+package btcec
--- a/minigeth/crypto/btcec/example_test.go
+++ b/minigeth/crypto/btcec/example_test.go
+// Copyright (c) 2014 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec_test
+
+import (
+	"encoding/hex"
+	"fmt"
+
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/btcsuite/btcd/chaincfg/chainhash"
+)
+
+// This example demonstrates signing a message with a secp256k1 private key that
+// is first parsed form raw bytes and serializing the generated signature.
+func Example_signMessage() {
+	// Decode a hex-encoded private key.
+	pkBytes, err := hex.DecodeString("22a47fa09a223f2aa079edf85a7c2d4f87" +
+		"20ee63e502ee2869afab7de234b80c")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	privKey, pubKey := btcec.PrivKeyFromBytes(btcec.S256(), pkBytes)
+
+	// Sign a message using the private key.
+	message := "test message"
+	messageHash := chainhash.DoubleHashB([]byte(message))
+	signature, err := privKey.Sign(messageHash)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Serialize and display the signature.
+	fmt.Printf("Serialized Signature: %x\n", signature.Serialize())
+
+	// Verify the signature for the message using the public key.
+	verified := signature.Verify(messageHash, pubKey)
+	fmt.Printf("Signature Verified? %v\n", verified)
+
+	// Output:
+	// Serialized Signature: 304402201008e236fa8cd0f25df4482dddbb622e8a8b26ef0ba731719458de3ccd93805b022032f8ebe514ba5f672466eba334639282616bb3c2f0ab09998037513d1f9e3d6d
+	// Signature Verified? true
+}
+
+// This example demonstrates verifying a secp256k1 signature against a public
+// key that is first parsed from raw bytes.  The signature is also parsed from
+// raw bytes.
+func Example_verifySignature() {
+	// Decode hex-encoded serialized public key.
+	pubKeyBytes, err := hex.DecodeString("02a673638cb9587cb68ea08dbef685c" +
+		"6f2d2a751a8b3c6f2a7e9a4999e6e4bfaf5")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	pubKey, err := btcec.ParsePubKey(pubKeyBytes, btcec.S256())
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Decode hex-encoded serialized signature.
+	sigBytes, err := hex.DecodeString("30450220090ebfb3690a0ff115bb1b38b" +
+		"8b323a667b7653454f1bccb06d4bbdca42c2079022100ec95778b51e707" +
+		"1cb1205f8bde9af6592fc978b0452dafe599481c46d6b2e479")
+
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	signature, err := btcec.ParseSignature(sigBytes, btcec.S256())
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Verify the signature for the message using the public key.
+	message := "test message"
+	messageHash := chainhash.DoubleHashB([]byte(message))
+	verified := signature.Verify(messageHash, pubKey)
+	fmt.Println("Signature Verified?", verified)
+
+	// Output:
+	// Signature Verified? true
+}
+
+// This example demonstrates encrypting a message for a public key that is first
+// parsed from raw bytes, then decrypting it using the corresponding private key.
+func Example_encryptMessage() {
+	// Decode the hex-encoded pubkey of the recipient.
+	pubKeyBytes, err := hex.DecodeString("04115c42e757b2efb7671c578530ec191a1" +
+		"359381e6a71127a9d37c486fd30dae57e76dc58f693bd7e7010358ce6b165e483a29" +
+		"21010db67ac11b1b51b651953d2") // uncompressed pubkey
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	pubKey, err := btcec.ParsePubKey(pubKeyBytes, btcec.S256())
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Encrypt a message decryptable by the private key corresponding to pubKey
+	message := "test message"
+	ciphertext, err := btcec.Encrypt(pubKey, []byte(message))
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Decode the hex-encoded private key.
+	pkBytes, err := hex.DecodeString("a11b0a4e1a132305652ee7a8eb7848f6ad" +
+		"5ea381e3ce20a2c086a2e388230811")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	// note that we already have corresponding pubKey
+	privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), pkBytes)
+
+	// Try decrypting and verify if it's the same message.
+	plaintext, err := btcec.Decrypt(privKey, ciphertext)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	fmt.Println(string(plaintext))
+
+	// Output:
+	// test message
+}
+
+// This example demonstrates decrypting a message using a private key that is
+// first parsed from raw bytes.
+func Example_decryptMessage() {
+	// Decode the hex-encoded private key.
+	pkBytes, err := hex.DecodeString("a11b0a4e1a132305652ee7a8eb7848f6ad" +
+		"5ea381e3ce20a2c086a2e388230811")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), pkBytes)
+
+	ciphertext, err := hex.DecodeString("35f644fbfb208bc71e57684c3c8b437402ca" +
+		"002047a2f1b38aa1a8f1d5121778378414f708fe13ebf7b4a7bb74407288c1958969" +
+		"00207cf4ac6057406e40f79961c973309a892732ae7a74ee96cd89823913b8b8d650" +
+		"a44166dc61ea1c419d47077b748a9c06b8d57af72deb2819d98a9d503efc59fc8307" +
+		"d14174f8b83354fac3ff56075162")
+
+	// Try decrypting the message.
+	plaintext, err := btcec.Decrypt(privKey, ciphertext)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	fmt.Println(string(plaintext))
+
+	// Output:
+	// test message
+}
--- a/minigeth/crypto/btcec/field.go
+++ b/minigeth/crypto/btcec/field.go
--- a/minigeth/crypto/btcec/field_test.go
+++ b/minigeth/crypto/btcec/field_test.go
--- a/minigeth/crypto/btcec/genprecomps.go
+++ b/minigeth/crypto/btcec/genprecomps.go
+// Copyright 2015 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+// This file is ignored during the regular build due to the following build tag.
+// It is called by go generate and used to automatically generate pre-computed
+// tables used to accelerate operations.
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"bytes"
+	"compress/zlib"
+	"encoding/base64"
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/ethereum/go-ethereum/crypto/btcec"
+)
+
+func main() {
+	fi, err := os.Create("secp256k1.go")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer fi.Close()
+
+	// Compress the serialized byte points.
+	serialized := btcec.S256().SerializedBytePoints()
+	var compressed bytes.Buffer
+	w := zlib.NewWriter(&compressed)
+	if _, err := w.Write(serialized); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	w.Close()
+
+	// Encode the compressed byte points with base64.
+	encoded := make([]byte, base64.StdEncoding.EncodedLen(compressed.Len()))
+	base64.StdEncoding.Encode(encoded, compressed.Bytes())
+
+	fmt.Fprintln(fi, "// Copyright (c) 2015 The btcsuite developers")
+	fmt.Fprintln(fi, "// Use of this source code is governed by an ISC")
+	fmt.Fprintln(fi, "// license that can be found in the LICENSE file.")
+	fmt.Fprintln(fi)
+	fmt.Fprintln(fi, "package btcec")
+	fmt.Fprintln(fi)
+	fmt.Fprintln(fi, "// Auto-generated file (see genprecomps.go)")
+	fmt.Fprintln(fi, "// DO NOT EDIT")
+	fmt.Fprintln(fi)
+	fmt.Fprintf(fi, "var secp256k1BytePoints = %q\n", string(encoded))
+
+	a1, b1, a2, b2 := btcec.S256().EndomorphismVectors()
+	fmt.Println("The following values are the computed linearly " +
+		"independent vectors needed to make use of the secp256k1 " +
+		"endomorphism:")
+	fmt.Printf("a1: %x\n", a1)
+	fmt.Printf("b1: %x\n", b1)
+	fmt.Printf("a2: %x\n", a2)
+	fmt.Printf("b2: %x\n", b2)
+}
--- a/minigeth/crypto/btcec/gensecp256k1.go
+++ b/minigeth/crypto/btcec/gensecp256k1.go
+// Copyright (c) 2014-2015 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+// This file is ignored during the regular build due to the following build tag.
+// This build tag is set during go generate.
+// +build gensecp256k1
+
+package btcec
+
+// References:
+//   [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone)
+
+import (
+	"encoding/binary"
+	"math/big"
+)
+
+// secp256k1BytePoints are dummy points used so the code which generates the
+// real values can compile.
+var secp256k1BytePoints = ""
+
+// getDoublingPoints returns all the possible G^(2^i) for i in
+// 0..n-1 where n is the curve's bit size (256 in the case of secp256k1)
+// the coordinates are recorded as Jacobian coordinates.
+func (curve *KoblitzCurve) getDoublingPoints() [][3]fieldVal {
+	doublingPoints := make([][3]fieldVal, curve.BitSize)
+
+	// initialize px, py, pz to the Jacobian coordinates for the base point
+	px, py := curve.bigAffineToField(curve.Gx, curve.Gy)
+	pz := new(fieldVal).SetInt(1)
+	for i := 0; i < curve.BitSize; i++ {
+		doublingPoints[i] = [3]fieldVal{*px, *py, *pz}
+		// P = 2*P
+		curve.doubleJacobian(px, py, pz, px, py, pz)
+	}
+	return doublingPoints
+}
+
+// SerializedBytePoints returns a serialized byte slice which contains all of
+// the possible points per 8-bit window.  This is used to when generating
+// secp256k1.go.
+func (curve *KoblitzCurve) SerializedBytePoints() []byte {
+	doublingPoints := curve.getDoublingPoints()
+
+	// Segregate the bits into byte-sized windows
+	serialized := make([]byte, curve.byteSize*256*3*10*4)
+	offset := 0
+	for byteNum := 0; byteNum < curve.byteSize; byteNum++ {
+		// Grab the 8 bits that make up this byte from doublingPoints.
+		startingBit := 8 * (curve.byteSize - byteNum - 1)
+		computingPoints := doublingPoints[startingBit : startingBit+8]
+
+		// Compute all points in this window and serialize them.
+		for i := 0; i < 256; i++ {
+			px, py, pz := new(fieldVal), new(fieldVal), new(fieldVal)
+			for j := 0; j < 8; j++ {
+				if i>>uint(j)&1 == 1 {
+					curve.addJacobian(px, py, pz, &computingPoints[j][0],
+						&computingPoints[j][1], &computingPoints[j][2], px, py, pz)
+				}
+			}
+			for i := 0; i < 10; i++ {
+				binary.LittleEndian.PutUint32(serialized[offset:], px.n[i])
+				offset += 4
+			}
+			for i := 0; i < 10; i++ {
+				binary.LittleEndian.PutUint32(serialized[offset:], py.n[i])
+				offset += 4
+			}
+			for i := 0; i < 10; i++ {
+				binary.LittleEndian.PutUint32(serialized[offset:], pz.n[i])
+				offset += 4
+			}
+		}
+	}
+
+	return serialized
+}
+
+// sqrt returns the square root of the provided big integer using Newton's
+// method.  It's only compiled and used during generation of pre-computed
+// values, so speed is not a huge concern.
+func sqrt(n *big.Int) *big.Int {
+	// Initial guess = 2^(log_2(n)/2)
+	guess := big.NewInt(2)
+	guess.Exp(guess, big.NewInt(int64(n.BitLen()/2)), nil)
+
+	// Now refine using Newton's method.
+	big2 := big.NewInt(2)
+	prevGuess := big.NewInt(0)
+	for {
+		prevGuess.Set(guess)
+		guess.Add(guess, new(big.Int).Div(n, guess))
+		guess.Div(guess, big2)
+		if guess.Cmp(prevGuess) == 0 {
+			break
+		}
+	}
+	return guess
+}
+
+// EndomorphismVectors runs the first 3 steps of algorithm 3.74 from [GECC] to
+// generate the linearly independent vectors needed to generate a balanced
+// length-two representation of a multiplier such that k = k1 + k2λ (mod N) and
+// returns them.  Since the values will always be the same given the fact that N
+// and λ are fixed, the final results can be accelerated by storing the
+// precomputed values with the curve.
+func (curve *KoblitzCurve) EndomorphismVectors() (a1, b1, a2, b2 *big.Int) {
+	bigMinus1 := big.NewInt(-1)
+
+	// This section uses an extended Euclidean algorithm to generate a
+	// sequence of equations:
+	//  s[i] * N + t[i] * λ = r[i]
+
+	nSqrt := sqrt(curve.N)
+	u, v := new(big.Int).Set(curve.N), new(big.Int).Set(curve.lambda)
+	x1, y1 := big.NewInt(1), big.NewInt(0)
+	x2, y2 := big.NewInt(0), big.NewInt(1)
+	q, r := new(big.Int), new(big.Int)
+	qu, qx1, qy1 := new(big.Int), new(big.Int), new(big.Int)
+	s, t := new(big.Int), new(big.Int)
+	ri, ti := new(big.Int), new(big.Int)
+	a1, b1, a2, b2 = new(big.Int), new(big.Int), new(big.Int), new(big.Int)
+	found, oneMore := false, false
+	for u.Sign() != 0 {
+		// q = v/u
+		q.Div(v, u)
+
+		// r = v - q*u
+		qu.Mul(q, u)
+		r.Sub(v, qu)
+
+		// s = x2 - q*x1
+		qx1.Mul(q, x1)
+		s.Sub(x2, qx1)
+
+		// t = y2 - q*y1
+		qy1.Mul(q, y1)
+		t.Sub(y2, qy1)
+
+		// v = u, u = r, x2 = x1, x1 = s, y2 = y1, y1 = t
+		v.Set(u)
+		u.Set(r)
+		x2.Set(x1)
+		x1.Set(s)
+		y2.Set(y1)
+		y1.Set(t)
+
+		// As soon as the remainder is less than the sqrt of n, the
+		// values of a1 and b1 are known.
+		if !found && r.Cmp(nSqrt) < 0 {
+			// When this condition executes ri and ti represent the
+			// r[i] and t[i] values such that i is the greatest
+			// index for which r >= sqrt(n).  Meanwhile, the current
+			// r and t values are r[i+1] and t[i+1], respectively.
+
+			// a1 = r[i+1], b1 = -t[i+1]
+			a1.Set(r)
+			b1.Mul(t, bigMinus1)
+			found = true
+			oneMore = true
+
+			// Skip to the next iteration so ri and ti are not
+			// modified.
+			continue
+
+		} else if oneMore {
+			// When this condition executes ri and ti still
+			// represent the r[i] and t[i] values while the current
+			// r and t are r[i+2] and t[i+2], respectively.
+
+			// sum1 = r[i]^2 + t[i]^2
+			rSquared := new(big.Int).Mul(ri, ri)
+			tSquared := new(big.Int).Mul(ti, ti)
+			sum1 := new(big.Int).Add(rSquared, tSquared)
+
+			// sum2 = r[i+2]^2 + t[i+2]^2
+			r2Squared := new(big.Int).Mul(r, r)
+			t2Squared := new(big.Int).Mul(t, t)
+			sum2 := new(big.Int).Add(r2Squared, t2Squared)
+
+			// if (r[i]^2 + t[i]^2) <= (r[i+2]^2 + t[i+2]^2)
+			if sum1.Cmp(sum2) <= 0 {
+				// a2 = r[i], b2 = -t[i]
+				a2.Set(ri)
+				b2.Mul(ti, bigMinus1)
+			} else {
+				// a2 = r[i+2], b2 = -t[i+2]
+				a2.Set(r)
+				b2.Mul(t, bigMinus1)
+			}
+
+			// All done.
+			break
+		}
+
+		ri.Set(r)
+		ti.Set(t)
+	}
+
+	return a1, b1, a2, b2
+}
--- a/minigeth/crypto/btcec/precompute.go
+++ b/minigeth/crypto/btcec/precompute.go
+// Copyright 2015 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"compress/zlib"
+	"encoding/base64"
+	"encoding/binary"
+	"io/ioutil"
+	"strings"
+)
+
+//go:generate go run -tags gensecp256k1 genprecomps.go
+
+// loadS256BytePoints decompresses and deserializes the pre-computed byte points
+// used to accelerate scalar base multiplication for the secp256k1 curve.  This
+// approach is used since it allows the compile to use significantly less ram
+// and be performed much faster than it is with hard-coding the final in-memory
+// data structure.  At the same time, it is quite fast to generate the in-memory
+// data structure at init time with this approach versus computing the table.
+func loadS256BytePoints() error {
+	// There will be no byte points to load when generating them.
+	bp := secp256k1BytePoints
+	if len(bp) == 0 {
+		return nil
+	}
+
+	// Decompress the pre-computed table used to accelerate scalar base
+	// multiplication.
+	decoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(bp))
+	r, err := zlib.NewReader(decoder)
+	if err != nil {
+		return err
+	}
+	serialized, err := ioutil.ReadAll(r)
+	if err != nil {
+		return err
+	}
+
+	// Deserialize the precomputed byte points and set the curve to them.
+	offset := 0
+	var bytePoints [32][256][3]fieldVal
+	for byteNum := 0; byteNum < 32; byteNum++ {
+		// All points in this window.
+		for i := 0; i < 256; i++ {
+			px := &bytePoints[byteNum][i][0]
+			py := &bytePoints[byteNum][i][1]
+			pz := &bytePoints[byteNum][i][2]
+			for i := 0; i < 10; i++ {
+				px.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
+				offset += 4
+			}
+			for i := 0; i < 10; i++ {
+				py.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
+				offset += 4
+			}
+			for i := 0; i < 10; i++ {
+				pz.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
+				offset += 4
+			}
+		}
+	}
+	secp256k1.bytePoints = &bytePoints
+	return nil
+}
--- a/minigeth/crypto/btcec/privkey.go
+++ b/minigeth/crypto/btcec/privkey.go
+// Copyright (c) 2013-2016 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"math/big"
+)
+
+// PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing
+// things with the the private key without having to directly import the ecdsa
+// package.
+type PrivateKey ecdsa.PrivateKey
+
+// PrivKeyFromBytes returns a private and public key for `curve' based on the
+// private key passed as an argument as a byte slice.
+func PrivKeyFromBytes(curve elliptic.Curve, pk []byte) (*PrivateKey,
+	*PublicKey) {
+	x, y := curve.ScalarBaseMult(pk)
+
+	priv := &ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: curve,
+			X:     x,
+			Y:     y,
+		},
+		D: new(big.Int).SetBytes(pk),
+	}
+
+	return (*PrivateKey)(priv), (*PublicKey)(&priv.PublicKey)
+}
+
+// NewPrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey
+// instead of the normal ecdsa.PrivateKey.
+func NewPrivateKey(curve elliptic.Curve) (*PrivateKey, error) {
+	key, err := ecdsa.GenerateKey(curve, rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	return (*PrivateKey)(key), nil
+}
+
+// PubKey returns the PublicKey corresponding to this private key.
+func (p *PrivateKey) PubKey() *PublicKey {
+	return (*PublicKey)(&p.PublicKey)
+}
+
+// ToECDSA returns the private key as a *ecdsa.PrivateKey.
+func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey {
+	return (*ecdsa.PrivateKey)(p)
+}
+
+// Sign generates an ECDSA signature for the provided hash (which should be the result
+// of hashing a larger message) using the private key. Produced signature
+// is deterministic (same message and same key yield the same signature) and canonical
+// in accordance with RFC6979 and BIP0062.
+func (p *PrivateKey) Sign(hash []byte) (*Signature, error) {
+	return signRFC6979(p, hash)
+}
+
+// PrivKeyBytesLen defines the length in bytes of a serialized private key.
+const PrivKeyBytesLen = 32
+
+// Serialize returns the private key number d as a big-endian binary-encoded
+// number, padded to a length of 32 bytes.
+func (p *PrivateKey) Serialize() []byte {
+	b := make([]byte, 0, PrivKeyBytesLen)
+	return paddedAppend(PrivKeyBytesLen, b, p.ToECDSA().D.Bytes())
+}
--- a/minigeth/crypto/btcec/privkey_test.go
+++ b/minigeth/crypto/btcec/privkey_test.go
+// Copyright (c) 2013-2016 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"bytes"
+	"testing"
+)
+
+func TestPrivKeys(t *testing.T) {
+	tests := []struct {
+		name string
+		key  []byte
+	}{
+		{
+			name: "check curve",
+			key: []byte{
+				0xea, 0xf0, 0x2c, 0xa3, 0x48, 0xc5, 0x24, 0xe6,
+				0x39, 0x26, 0x55, 0xba, 0x4d, 0x29, 0x60, 0x3c,
+				0xd1, 0xa7, 0x34, 0x7d, 0x9d, 0x65, 0xcf, 0xe9,
+				0x3c, 0xe1, 0xeb, 0xff, 0xdc, 0xa2, 0x26, 0x94,
+			},
+		},
+	}
+
+	for _, test := range tests {
+		priv, pub := PrivKeyFromBytes(S256(), test.key)
+
+		_, err := ParsePubKey(pub.SerializeUncompressed(), S256())
+		if err != nil {
+			t.Errorf("%s privkey: %v", test.name, err)
+			continue
+		}
+
+		hash := []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9}
+		sig, err := priv.Sign(hash)
+		if err != nil {
+			t.Errorf("%s could not sign: %v", test.name, err)
+			continue
+		}
+
+		if !sig.Verify(hash, pub) {
+			t.Errorf("%s could not verify: %v", test.name, err)
+			continue
+		}
+
+		serializedKey := priv.Serialize()
+		if !bytes.Equal(serializedKey, test.key) {
+			t.Errorf("%s unexpected serialized bytes - got: %x, "+
+				"want: %x", test.name, serializedKey, test.key)
+		}
+	}
+}
--- a/minigeth/crypto/btcec/pubkey.go
+++ b/minigeth/crypto/btcec/pubkey.go
+// Copyright (c) 2013-2014 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"crypto/ecdsa"
+	"errors"
+	"fmt"
+	"math/big"
+)
+
+// These constants define the lengths of serialized public keys.
+const (
+	PubKeyBytesLenCompressed   = 33
+	PubKeyBytesLenUncompressed = 65
+	PubKeyBytesLenHybrid       = 65
+)
+
+func isOdd(a *big.Int) bool {
+	return a.Bit(0) == 1
+}
+
+// decompressPoint decompresses a point on the secp256k1 curve given the X point and
+// the solution to use.
+func decompressPoint(curve *KoblitzCurve, bigX *big.Int, ybit bool) (*big.Int, error) {
+	var x fieldVal
+	x.SetByteSlice(bigX.Bytes())
+
+	// Compute x^3 + B mod p.
+	var x3 fieldVal
+	x3.SquareVal(&x).Mul(&x)
+	x3.Add(curve.fieldB).Normalize()
+
+	// Now calculate sqrt mod p of x^3 + B
+	// This code used to do a full sqrt based on tonelli/shanks,
+	// but this was replaced by the algorithms referenced in
+	// https://bitcointalk.org/index.php?topic=162805.msg1712294#msg1712294
+	var y fieldVal
+	y.SqrtVal(&x3).Normalize()
+	if ybit != y.IsOdd() {
+		y.Negate(1).Normalize()
+	}
+
+	// Check that y is a square root of x^3 + B.
+	var y2 fieldVal
+	y2.SquareVal(&y).Normalize()
+	if !y2.Equals(&x3) {
+		return nil, fmt.Errorf("invalid square root")
+	}
+
+	// Verify that y-coord has expected parity.
+	if ybit != y.IsOdd() {
+		return nil, fmt.Errorf("ybit doesn't match oddness")
+	}
+
+	return new(big.Int).SetBytes(y.Bytes()[:]), nil
+}
+
+const (
+	pubkeyCompressed   byte = 0x2 // y_bit + x coord
+	pubkeyUncompressed byte = 0x4 // x coord + y coord
+	pubkeyHybrid       byte = 0x6 // y_bit + x coord + y coord
+)
+
+// IsCompressedPubKey returns true the the passed serialized public key has
+// been encoded in compressed format, and false otherwise.
+func IsCompressedPubKey(pubKey []byte) bool {
+	// The public key is only compressed if it is the correct length and
+	// the format (first byte) is one of the compressed pubkey values.
+	return len(pubKey) == PubKeyBytesLenCompressed &&
+		(pubKey[0]&^byte(0x1) == pubkeyCompressed)
+}
+
+// ParsePubKey parses a public key for a koblitz curve from a bytestring into a
+// ecdsa.Publickey, verifying that it is valid. It supports compressed,
+// uncompressed and hybrid signature formats.
+func ParsePubKey(pubKeyStr []byte, curve *KoblitzCurve) (key *PublicKey, err error) {
+	pubkey := PublicKey{}
+	pubkey.Curve = curve
+
+	if len(pubKeyStr) == 0 {
+		return nil, errors.New("pubkey string is empty")
+	}
+
+	format := pubKeyStr[0]
+	ybit := (format & 0x1) == 0x1
+	format &= ^byte(0x1)
+
+	switch len(pubKeyStr) {
+	case PubKeyBytesLenUncompressed:
+		if format != pubkeyUncompressed && format != pubkeyHybrid {
+			return nil, fmt.Errorf("invalid magic in pubkey str: "+
+				"%d", pubKeyStr[0])
+		}
+
+		pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33])
+		pubkey.Y = new(big.Int).SetBytes(pubKeyStr[33:])
+		// hybrid keys have extra information, make use of it.
+		if format == pubkeyHybrid && ybit != isOdd(pubkey.Y) {
+			return nil, fmt.Errorf("ybit doesn't match oddness")
+		}
+
+		if pubkey.X.Cmp(pubkey.Curve.Params().P) >= 0 {
+			return nil, fmt.Errorf("pubkey X parameter is >= to P")
+		}
+		if pubkey.Y.Cmp(pubkey.Curve.Params().P) >= 0 {
+			return nil, fmt.Errorf("pubkey Y parameter is >= to P")
+		}
+		if !pubkey.Curve.IsOnCurve(pubkey.X, pubkey.Y) {
+			return nil, fmt.Errorf("pubkey isn't on secp256k1 curve")
+		}
+
+	case PubKeyBytesLenCompressed:
+		// format is 0x2 | solution, <X coordinate>
+		// solution determines which solution of the curve we use.
+		/// y^2 = x^3 + Curve.B
+		if format != pubkeyCompressed {
+			return nil, fmt.Errorf("invalid magic in compressed "+
+				"pubkey string: %d", pubKeyStr[0])
+		}
+		pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33])
+		pubkey.Y, err = decompressPoint(curve, pubkey.X, ybit)
+		if err != nil {
+			return nil, err
+		}
+
+	default: // wrong!
+		return nil, fmt.Errorf("invalid pub key length %d",
+			len(pubKeyStr))
+	}
+
+	return &pubkey, nil
+}
+
+// PublicKey is an ecdsa.PublicKey with additional functions to
+// serialize in uncompressed, compressed, and hybrid formats.
+type PublicKey ecdsa.PublicKey
+
+// ToECDSA returns the public key as a *ecdsa.PublicKey.
+func (p *PublicKey) ToECDSA() *ecdsa.PublicKey {
+	return (*ecdsa.PublicKey)(p)
+}
+
+// SerializeUncompressed serializes a public key in a 65-byte uncompressed
+// format.
+func (p *PublicKey) SerializeUncompressed() []byte {
+	b := make([]byte, 0, PubKeyBytesLenUncompressed)
+	b = append(b, pubkeyUncompressed)
+	b = paddedAppend(32, b, p.X.Bytes())
+	return paddedAppend(32, b, p.Y.Bytes())
+}
+
+// SerializeCompressed serializes a public key in a 33-byte compressed format.
+func (p *PublicKey) SerializeCompressed() []byte {
+	b := make([]byte, 0, PubKeyBytesLenCompressed)
+	format := pubkeyCompressed
+	if isOdd(p.Y) {
+		format |= 0x1
+	}
+	b = append(b, format)
+	return paddedAppend(32, b, p.X.Bytes())
+}
+
+// SerializeHybrid serializes a public key in a 65-byte hybrid format.
+func (p *PublicKey) SerializeHybrid() []byte {
+	b := make([]byte, 0, PubKeyBytesLenHybrid)
+	format := pubkeyHybrid
+	if isOdd(p.Y) {
+		format |= 0x1
+	}
+	b = append(b, format)
+	b = paddedAppend(32, b, p.X.Bytes())
+	return paddedAppend(32, b, p.Y.Bytes())
+}
+
+// IsEqual compares this PublicKey instance to the one passed, returning true if
+// both PublicKeys are equivalent. A PublicKey is equivalent to another, if they
+// both have the same X and Y coordinate.
+func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool {
+	return p.X.Cmp(otherPubKey.X) == 0 &&
+		p.Y.Cmp(otherPubKey.Y) == 0
+}
+
+// paddedAppend appends the src byte slice to dst, returning the new slice.
+// If the length of the source is smaller than the passed size, leading zero
+// bytes are appended to the dst slice before appending src.
+func paddedAppend(size uint, dst, src []byte) []byte {
+	for i := 0; i < int(size)-len(src); i++ {
+		dst = append(dst, 0)
+	}
+	return append(dst, src...)
+}
--- a/minigeth/crypto/btcec/pubkey_test.go
+++ b/minigeth/crypto/btcec/pubkey_test.go
+// Copyright (c) 2013-2016 The btcsuite developers
+// Use of this source code is governed by an ISC
+// license that can be found in the LICENSE file.
+
+package btcec
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/davecgh/go-spew/spew"
+)
+
+type pubKeyTest struct {
+	name    string
+	key     []byte
+	format  byte
+	isValid bool
+}
+
+var pubKeyTests = []pubKeyTest{
+	// pubkey from bitcoin blockchain tx
+	// 0437cd7f8525ceed2324359c2d0ba26006d92d85
+	{
+		name: "uncompressed ok",
+		key: []byte{0x04, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: true,
+		format:  pubkeyUncompressed,
+	},
+	{
+		name: "uncompressed x changed",
+		key: []byte{0x04, 0x15, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: false,
+	},
+	{
+		name: "uncompressed y changed",
+		key: []byte{0x04, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa4,
+		},
+		isValid: false,
+	},
+	{
+		name: "uncompressed claims compressed",
+		key: []byte{0x03, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: false,
+	},
+	{
+		name: "uncompressed as hybrid ok",
+		key: []byte{0x07, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: true,
+		format:  pubkeyHybrid,
+	},
+	{
+		name: "uncompressed as hybrid wrong",
+		key: []byte{0x06, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: false,
+	},
+	// from tx 0b09c51c51ff762f00fb26217269d2a18e77a4fa87d69b3c363ab4df16543f20
+	{
+		name: "compressed ok (ybit = 0)",
+		key: []byte{0x02, 0xce, 0x0b, 0x14, 0xfb, 0x84, 0x2b, 0x1b,
+			0xa5, 0x49, 0xfd, 0xd6, 0x75, 0xc9, 0x80, 0x75, 0xf1,
+			0x2e, 0x9c, 0x51, 0x0f, 0x8e, 0xf5, 0x2b, 0xd0, 0x21,
+			0xa9, 0xa1, 0xf4, 0x80, 0x9d, 0x3b, 0x4d,
+		},
+		isValid: true,
+		format:  pubkeyCompressed,
+	},
+	// from tx fdeb8e72524e8dab0da507ddbaf5f88fe4a933eb10a66bc4745bb0aa11ea393c
+	{
+		name: "compressed ok (ybit = 1)",
+		key: []byte{0x03, 0x26, 0x89, 0xc7, 0xc2, 0xda, 0xb1, 0x33,
+			0x09, 0xfb, 0x14, 0x3e, 0x0e, 0x8f, 0xe3, 0x96, 0x34,
+			0x25, 0x21, 0x88, 0x7e, 0x97, 0x66, 0x90, 0xb6, 0xb4,
+			0x7f, 0x5b, 0x2a, 0x4b, 0x7d, 0x44, 0x8e,
+		},
+		isValid: true,
+		format:  pubkeyCompressed,
+	},
+	{
+		name: "compressed claims uncompressed (ybit = 0)",
+		key: []byte{0x04, 0xce, 0x0b, 0x14, 0xfb, 0x84, 0x2b, 0x1b,
+			0xa5, 0x49, 0xfd, 0xd6, 0x75, 0xc9, 0x80, 0x75, 0xf1,
+			0x2e, 0x9c, 0x51, 0x0f, 0x8e, 0xf5, 0x2b, 0xd0, 0x21,
+			0xa9, 0xa1, 0xf4, 0x80, 0x9d, 0x3b, 0x4d,
+		},
+		isValid: false,
+	},
+	{
+		name: "compressed claims uncompressed (ybit = 1)",
+		key: []byte{0x05, 0x26, 0x89, 0xc7, 0xc2, 0xda, 0xb1, 0x33,
+			0x09, 0xfb, 0x14, 0x3e, 0x0e, 0x8f, 0xe3, 0x96, 0x34,
+			0x25, 0x21, 0x88, 0x7e, 0x97, 0x66, 0x90, 0xb6, 0xb4,
+			0x7f, 0x5b, 0x2a, 0x4b, 0x7d, 0x44, 0x8e,
+		},
+		isValid: false,
+	},
+	{
+		name:    "wrong length)",
+		key:     []byte{0x05},
+		isValid: false,
+	},
+	{
+		name: "X == P",
+		key: []byte{0x04, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: false,
+	},
+	{
+		name: "X > P",
+		key: []byte{0x04, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFD, 0x2F, 0xb2, 0xe0,
+			0xea, 0xdd, 0xfb, 0x84, 0xcc, 0xf9, 0x74, 0x44, 0x64,
+			0xf8, 0x2e, 0x16, 0x0b, 0xfa, 0x9b, 0x8b, 0x64, 0xf9,
+			0xd4, 0xc0, 0x3f, 0x99, 0x9b, 0x86, 0x43, 0xf6, 0x56,
+			0xb4, 0x12, 0xa3,
+		},
+		isValid: false,
+	},
+	{
+		name: "Y == P",
+		key: []byte{0x04, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF,
+			0xFF, 0xFC, 0x2F,
+		},
+		isValid: false,
+	},
+	{
+		name: "Y > P",
+		key: []byte{0x04, 0x11, 0xdb, 0x93, 0xe1, 0xdc, 0xdb, 0x8a,
+			0x01, 0x6b, 0x49, 0x84, 0x0f, 0x8c, 0x53, 0xbc, 0x1e,
+			0xb6, 0x8a, 0x38, 0x2e, 0x97, 0xb1, 0x48, 0x2e, 0xca,
+			0xd7, 0xb1, 0x48, 0xa6, 0x90, 0x9a, 0x5c, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+			0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF,
+			0xFF, 0xFD, 0x2F,
+		},
+		isValid: false,
+	},
+	{
+		name: "hybrid",
+		key: []byte{0x06, 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb,
+			0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07,
+			0x02, 0x9b, 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59,
+			0xf2, 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
+			0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb,
+			0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48,
+			0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb,
+			0x10, 0xd4, 0xb8,
+		},
+		format:  pubkeyHybrid,
+		isValid: true,
+	},
+}
+
+func TestPubKeys(t *testing.T) {
+	for _, test := range pubKeyTests {
+		pk, err := ParsePubKey(test.key, S256())
+		if err != nil {
+			if test.isValid {
+				t.Errorf("%s pubkey failed when shouldn't %v",
+					test.name, err)
+			}
+			continue
+		}
+		if !test.isValid {
+			t.Errorf("%s counted as valid when it should fail",
+				test.name)
+			continue
+		}
+		var pkStr []byte
+		switch test.format {
+		case pubkeyUncompressed:
+			pkStr = pk.SerializeUncompressed()
+		case pubkeyCompressed:
+			pkStr = pk.SerializeCompressed()
+		case pubkeyHybrid:
+			pkStr = pk.SerializeHybrid()
+		}
+		if !bytes.Equal(test.key, pkStr) {
+			t.Errorf("%s pubkey: serialized keys do not match.",
+				test.name)
+			spew.Dump(test.key)
+			spew.Dump(pkStr)
+		}
+	}
+}
+
+func TestPublicKeyIsEqual(t *testing.T) {
+	pubKey1, err := ParsePubKey(
+		[]byte{0x03, 0x26, 0x89, 0xc7, 0xc2, 0xda, 0xb1, 0x33,
+			0x09, 0xfb, 0x14, 0x3e, 0x0e, 0x8f, 0xe3, 0x96, 0x34,
+			0x25, 0x21, 0x88, 0x7e, 0x97, 0x66, 0x90, 0xb6, 0xb4,
+			0x7f, 0x5b, 0x2a, 0x4b, 0x7d, 0x44, 0x8e,
+		},
+		S256(),
+	)
+	if err != nil {
+		t.Fatalf("failed to parse raw bytes for pubKey1: %v", err)
+	}
+
+	pubKey2, err := ParsePubKey(
+		[]byte{0x02, 0xce, 0x0b, 0x14, 0xfb, 0x84, 0x2b, 0x1b,
+			0xa5, 0x49, 0xfd, 0xd6, 0x75, 0xc9, 0x80, 0x75, 0xf1,
+			0x2e, 0x9c, 0x51, 0x0f, 0x8e, 0xf5, 0x2b, 0xd0, 0x21,
+			0xa9, 0xa1, 0xf4, 0x80, 0x9d, 0x3b, 0x4d,
+		},
+		S256(),
+	)
+	if err != nil {
+		t.Fatalf("failed to parse raw bytes for pubKey2: %v", err)
+	}
+
+	if !pubKey1.IsEqual(pubKey1) {
+		t.Fatalf("value of IsEqual is incorrect, %v is "+
+			"equal to %v", pubKey1, pubKey1)
+	}
+
+	if pubKey1.IsEqual(pubKey2) {
+		t.Fatalf("value of IsEqual is incorrect, %v is not "+
+			"equal to %v", pubKey1, pubKey2)
+	}
+}
+
+func TestIsCompressed(t *testing.T) {
+	for _, test := range pubKeyTests {
+		isCompressed := IsCompressedPubKey(test.key)
+		wantCompressed := (test.format == pubkeyCompressed)
+		if isCompressed != wantCompressed {
+			t.Fatalf("%s (%x) pubkey: unexpected compressed result, "+
+				"got %v, want %v", test.name, test.key,
+				isCompressed, wantCompressed)
+		}
+	}
+}
--- a/minigeth/crypto/btcec/secp256k1.go
+++ b/minigeth/crypto/btcec/secp256k1.go
--- a/minigeth/crypto/btcec/signature.go
+++ b/minigeth/crypto/btcec/signature.go
--- a/minigeth/crypto/btcec/signature_test.go
+++ b/minigeth/crypto/btcec/signature_test.go
--- a/minigeth/crypto/signature_nocgo.go
+++ b/minigeth/crypto/signature_nocgo.go
@@ -23,7 +23,7 @@ import (
 	"fmt"
 	"math/big"

-	"github.com/btcsuite/btcd/btcec"
+	"github.com/ethereum/go-ethereum/crypto/btcec"
 )

 // Ecrecover returns the uncompressed public key that created the given signature.

--- a/minigeth/go.mod
+++ b/minigeth/go.mod
@@ -3,7 +3,6 @@ module github.com/ethereum/go-ethereum
 go 1.17

 require (
-	github.com/btcsuite/btcd v0.22.0-beta // indirect
 	github.com/holiman/uint256 v1.2.0 // indirect
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
 	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect