Pieter Wuille

Not every optional module is experimental, though, and I expect that longer term there will be more non-experimental but optional pieces of the codebase (simply because not every user needs...

One possibility is keeping the SHA256 padding/chopping into blocks on the secp256k1 side, and only require external implementations to provide a SHA256 transformation function. The API would look like: ```c...

I think there are a few somewhat related issues here. ### "experimental" used to not mean very much This library wasn't well maintained for a long time, and that led...

> Yes. All optional features will get turned on for the vast majority of users. If that's not safe, we need to seriously consider whether the feature should be included...

I think any time you end up with a zeroed public key, it's a sign you're really using the API incorrectly? They're not part of the public interface, but an...

What is the motivation for wanting a different representation for secret keys? The types for which we have this do so because they either have multiple common serializations, or because...

> because it would be difficult to add to the API / ABI later on. I agree with the fact that if we expect to want to change the representation...

Again, if you want a type that is a combination of private and public key, use `secp256k1_keypair`; it already exists. The only point that matters here is whether or not...

`secp256k1_scalar` is an internal type that's not exposed. It depends on compile-time parameters that shouldn't influence the public API.

* scriptWitness = the witness for a script (= the entire witness stack) * witnessScript = the script in a witness (= the last stack element for P2WSH) * witness...