DEV Community

BuildCoreWorks
BuildCoreWorks

Posted on

Building High-Performance Secp256k1 ECDSA for PHP: 2,987 Faster

#php #webdev #programming #opensource

Making PHP Viable for Blockchain Development

PHP is rarely used for blockchain applications, and for good reason: pure PHP implementations of secp256k1 ECDSA operations are prohibitively slow. Signing a single transaction can take 90-136 milliseconds—far too slow for production cryptocurrency wallets or blockchain nodes.

But what if we could make PHP 2,500-3,000× faster at cryptography?

The Challenge

Secp256k1 is the elliptic curve used by Bitcoin and Ethereum for signing transactions. It requires complex mathematical operations:

  • Point multiplication on an elliptic curve
  • Modular arithmetic with 256-bit integers
  • Secure random number generation

PHP, being an interpreted language, struggles with these operations. The best pure PHP implementation (kornrunner/secp256k1) takes:

  • 90-136ms per signature
  • 100-135ms per verification
  • No support for public key recovery

For context, a blockchain node processing 1,000 transactions per second would need:

  • Signing: 90-136 seconds in pure PHP
  • Verification: 100-135 seconds in pure PHP

That's 2-4 minutes per second of transactions. Clearly impractical.

The Solution: C Extension

By wrapping the official libsecp256k1 library (used by Bitcoin Core) in a PHP extension, we achieve:

  • 0.03-0.06ms per signature
  • 0.04-0.06ms per verification
  • Full support for public key recovery (Ethereum-style)

That's 2,400-3,000× faster than pure PHP.

Performance Benchmarks

Hardware Operation C Extension Pure PHP Speedup
Intel i3-2130 (2011) Sign 0.045 ms 112.9 ms 2,509×
AMD Ryzen 7 3700X Sign 0.030 ms 89.6 ms 2,987×

Real-world impact:

  • 100,000 signatures: 3-5 seconds (C) vs 2.5-3 hours (PHP)
  • 1,000,000 signatures: 30-45 seconds (C) vs 25-31 hours (PHP)

Implementation Details

The extension provides three functions:

// Sign a message hash
$signature = secp256k1_sign($messageHash, $privateKey);
// Returns: r (64 hex) + s (64 hex) + v (2 hex) = 130 characters

// Verify a signature
$isValid = secp256k1_verify($messageHash, $signature, $publicKey);
// Returns: true or false

// Recover public key (Ethereum-style)
$publicKey = secp256k1_recover($messageHash, $signature);
// Returns: 128-character hex (X + Y coordinates)
Enter fullscreen mode Exit fullscreen mode

Ethereum Address Derivation

// Complete Ethereum workflow
$messageHash = keccak_hash($transactionData);
$signature = secp256k1_sign($messageHash, $privateKey);
$publicKey = secp256k1_recover($messageHash, $signature);
$address = '0x' . substr(keccak_hash(hex2bin($publicKey)), -40);
Enter fullscreen mode Exit fullscreen mode

Security Features

  • Thread-safe: Uses pthread mutex for ZTS compatibility
  • Context randomization: Uses OpenSSL's CSPRNG on initialization
  • Secure memory: All private keys and hashes are zeroed after use
  • Battle-tested: Wraps libsecp256k1 from Bitcoin Core (production since 2015)

Real-World Applications

With this performance, PHP becomes viable for:

  • Cryptocurrency wallets: Sign transactions in real-time
  • Blockchain nodes: Process thousands of TPS per node
  • dApp backends: Server-side transaction signing
  • Payment APIs: High-throughput Bitcoin/Ethereum processing
  • Authentication systems: ECDSA-based login

Blockchain Node Performance

With this extension, a single PHP process can:

  • Sign ~33,000 transactions per second
  • Verify ~18,000 signatures per second
  • Combined throughput: ~16,600 TPS

This makes real-time blockchain implementations in PHP feasible, including gaming blockchains with sub-100ms block times.

Installation

# Install dependencies
sudo apt-get install libsecp256k1-dev libssl-dev php-dev

# Build extension
git clone https://github.com/BuildCoreWorks/php-secp256k1.git
cd php-secp256k1
phpize && ./configure && make && sudo make install

# Enable extension
echo "extension=secp256k1.so" | sudo tee /etc/php/8.1/mods-available/secp256k1.ini
sudo phpenmod secp256k1
Enter fullscreen mode Exit fullscreen mode

Try It Yourself

Full benchmarks, documentation, and code examples are available on GitHub:
https://github.com/BuildCoreWorks/php-secp256k1
Combined with our php-keccak256 extension, PHP developers now have complete, production-grade cryptography tools for Bitcoin and Ethereum development.

Conclusion

By leveraging C extensions for cryptographic operations, PHP transforms from "too slow for blockchain" to a viable platform for production cryptocurrency applications. The 2,500-3,000× performance improvement isn't incremental—it's the difference between impossible and practical.

This opens new possibilities:

  • Building blockchain nodes in a language millions of developers know
  • Rapid prototyping of cryptocurrency applications
  • Enterprise blockchain solutions using existing PHP infrastructure
  • Educational blockchain projects with accessible technology

The extension is open source (MIT licensed) and production-ready. We're using it for a PHP blockchain implementation capable of real-time transaction processing.

Try it out and let me know what you build with it!

GitHub: https://github.com/BuildCoreWorks/php-secp256k1

Top comments (0)