rbsecp256k1 3.0.0 → 5.0.1

data/documentation/key_pair.md

@@ -0,0 +1,28 @@
+[Index](index.md)
+
+Secp256k1::KeyPair
+==================
+
+Secp256k1::KeyPair represents a public-private Secp256k1 key pair.
+
+Initializers
+------------
+
+#### new(public_key, private_key)
+
+Initializes a new key pair with `public_key` (type: [PublicKey](public_key.md)) and `private_key` (type: [PrivateKey](private_key.md)).
+
+Instance Methods
+----------------
+
+#### public_key
+
+Returns the [PublicKey](public_key.md) part of this key pair.
+
+#### private_key
+
+Returns the [PrivateKey](private_key.md) part of this key pair.
+
+#### ==(other)
+
+Returns `true` if the `other` has the same public and private key.

data/documentation/private_key.md

@@ -0,0 +1,25 @@
+[Index](index.md)
+
+Secp256k1::PrivateKey
+=====================
+
+Secp256k1::PrivateKey represents the private key part of a public-private key pair.
+
+Class Methods
+-------------
+
+#### from_data(private_key_data)
+
+Loads new private key from the given binary `private_key_data` string. Raises
+`Secp256k1::Error` if the given data is invalid.
+
+Instance Methods
+----------------
+
+#### data
+
+Returns the binary private key data as a `String`.
+
+#### ==(other)
+
+Returns `true` if this private key matches `other`.

data/documentation/public_key.md

@@ -0,0 +1,32 @@
+[Index](index.md)
+
+Secp256k1::PublicKey
+====================
+
+Secp256k1::PublicKey represents the public key part of a public-private key pair.
+
+See: [KeyPair](key_pair.md)
+
+Class Methods
+-------------
+
+#### from_data(public_key_data)
+
+Parses compressed or uncompressed from binary string `public_key_data` and
+creates and returns a new public key from it. Raises a `Secp256k1::DeserializationError`
+if the given public key data is invalid.
+
+Instance Methods
+----------------
+
+#### compressed
+
+Returns the binary compressed representation of this public key.
+
+#### uncompressed
+
+Returns the binary uncompressed representation of this public key.
+
+#### ==(other)
+
+Return `true` if this public key matches `other`.

data/documentation/recoverable_signature.md

@@ -0,0 +1,30 @@
+[Index](index.md)
+
+Secp256k1::RecoverableSignature
+===============================
+
+**Requires:** libsecp256k1 was build with recovery module.
+
+Secp256k1::RecoverableSignature represents a recoverable ECDSA signature
+signing the 32-byte SHA-256 hash of some data.
+
+Instance Methods
+----------------
+
+#### compact
+
+Returns an array whose first element is the 64-byte compact signature as a
+binary string and whose second element is the integer recovery ID.
+
+#### recover_public_key
+
+Recovers the public key corresponding to the recoverable signature. Returns a
+[PublicKey](public_key.md).
+
+#### to_signature
+
+Converts a recoverable signature to a non-recoverable [Signature](signature.md) object.
+
+#### ==(other)
+
+Returns `true` if this recoverable signature matches `other`.

data/documentation/secp256k1.md

@@ -0,0 +1,19 @@
+[Index](index.md)
+
+Secp256k1
+=========
+
+Secp256k1 is the top-level module for this library.
+
+Class Methods
+-------------
+
+#### have_recovery?
+
+Returns `true` if the recovery module was built with libsecp256k1, `false`
+otherwise.
+
+#### have_ecdh?
+
+Returns `true` if the EC Diffie-Hellman module was built with libsecp256k1,
+`false` otherwise.

data/documentation/shared_secret.md

@@ -0,0 +1,16 @@
+[Index](index.md)
+
+Secp256k1::SharedSecret
+=======================
+
+**Requires:** libsecp256k1 was build with ECDH module.
+
+Secp256k1::SharedSecret represents a 32-byte shared secret computed from a
+public key (point) and private key (scalar).
+
+Instance Methods
+----------------
+
+#### data
+
+Binary string containing the 32-byte shared secret.

data/documentation/signature.md

@@ -0,0 +1,42 @@
+[Index](index.md)
+
+Secp256k1::Signature
+====================
+
+Secp256k1::Signature represents an ECDSA signature signing the 32-byte SHA-256
+hash of some data.
+
+Class Methods
+-------------
+
+#### from_compact(compact_signature)
+
+Parses a signature from binary string `compact_signature`. Raises a
+`Secp256k1::DeserializationError` if the signature data is invalid.
+
+#### from_der_encoded(der_encoded_signature)
+
+Parses a signature from binary string `der_encoded_signature`. Raises a
+`Secp256k1::DeserializationError` if the signature data is invalid.
+
+Instance Methods
+----------------
+
+#### der_encoded
+
+Returns the DER encoded representation of this signature.
+
+#### compact
+
+Returns the compact 64-byte representation of this signature.
+
+#### normalized
+
+Returns an array containing two elements. The first is a Boolean indicating
+whether or not the signature was normalized, false if it was already in lower-S
+normal form. The second element is a `Signature` containing the normalized
+signature object.
+
+#### ==(other)
+
+Returns `true` if this signature matches `other`.

data/documentation/util.md

@@ -0,0 +1,17 @@
+[Index](index.md)
+
+Secp256k1::Util
+===============
+
+Secp256k1::Util in a module containing generally useful methods for using the library.
+
+Class Methods
+-------------
+
+#### bin_to_hex(binary_data)
+
+Returns the hexadecimal string representation of `binary_data`
+
+#### hex_to_bin(hex_string)
+
+Returns the binary string representation of `hex_string`

data/ext/rbsecp256k1/extconf.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'mini_portile2'
 require 'mkmf'
 require 'zip'
@@ -5,10 +7,10 @@ require 'zip'
 # Recipe for downloading and building libsecp256k1 as part of installation
 class Secp256k1Recipe < MiniPortile
   # Hard-coded URL for libsecp256k1 zipfile (HEAD of master as of 26-11-2018)
-  LIBSECP256K1_ZIP_URL = 'https://github.com/bitcoin-core/secp256k1/archive/e34ceb333b1c0e6f4115ecbb80c632ac1042fa49.zip'.freeze
+  LIBSECP256K1_ZIP_URL = 'https://github.com/bitcoin-core/secp256k1/archive/e34ceb333b1c0e6f4115ecbb80c632ac1042fa49.zip'
 
   # Expected SHA-256 of the zipfile above (computed using sha256sum)
-  LIBSECP256K1_SHA256 = 'd87d3ca7ebc42edbabb0f38e79205040b24b09b3e6d1c9ac89585de9bf302143'.freeze
+  LIBSECP256K1_SHA256 = 'd87d3ca7ebc42edbabb0f38e79205040b24b09b3e6d1c9ac89585de9bf302143'
 
   WITH_RECOVERY = ENV.fetch('WITH_RECOVERY', '1') == '1'
   WITH_ECDH = ENV.fetch('WITH_ECDH', '1') == '1'
@@ -36,6 +38,7 @@ class Secp256k1Recipe < MiniPortile
       # Windows doesn't recognize the shebang.
       execute('autogen', %w[sh ./autogen.sh])
     else
+      execute('chmod', %w[chmod +x ./autogen.sh])
       execute('autogen', %w[./autogen.sh])
     end
 
@@ -69,14 +72,9 @@ class Secp256k1Recipe < MiniPortile
   end
 end
 
-# OpenSSL flags
-print("checking for OpenSSL\n")
-results = pkg_config('openssl')
-abort "missing openssl pkg-config information" unless results && results[1]
-
 if with_config('system-library')
   # Require that libsecp256k1 be installed using `make install` or similar.
-  print("checking for libsecp256k1\n")
+  message("checking for libsecp256k1\n")
   results = pkg_config('libsecp256k1')
   abort "missing libsecp256k1" unless results && results[1]
 else
@@ -94,6 +92,11 @@ else
       "-Wall"
     ]
   )
+  append_ldflags(
+    [
+      "-Wl,--no-as-needed"
+    ]
+  )
   # rubocop:disable Style/GlobalVars
   $LIBPATH = ["#{recipe.path}/lib"] | $LIBPATH
   # rubocop:enable Style/GlobalVars

data/ext/rbsecp256k1/rbsecp256k1.c

@@ -6,12 +6,8 @@
 // and verifying signatures using the library.
 //
 // Dependencies:
-// * libsecp256k1
-// * openssl
+//   * libsecp256k1
 #include <ruby.h>
-
-#include <openssl/rand.h>
-
 #include <secp256k1.h>
 
 // Include recoverable signatures functionality if available
@@ -44,6 +40,14 @@
 // applications. Context initialization is expensive so it is recommended that
 // a single context be initialized and used throughout an application when
 // possible.
+//
+// Exception Hierarchy:
+//
+// The following hierarchy is used for exceptions raised from the library:
+//
+// +- Error (Descends from StandardError)
+// |-- SerializationError
+// |-- DeserializationError
 
 //
 // The section below contains purely internal methods used exclusively by the
@@ -61,6 +65,9 @@ const size_t COMPACT_SIG_SIZE_BYTES = 64;
 // objects from anywhere. The use of global variables seems to be inline with
 // how the Ruby project builds its own extension gems.
 static VALUE Secp256k1_module;
+static VALUE Secp256k1_Error_class;
+static VALUE Secp256k1_SerializationError_class;
+static VALUE Secp256k1_DeserializationError_class;
 static VALUE Secp256k1_Context_class;
 static VALUE Secp256k1_KeyPair_class;
 static VALUE Secp256k1_PublicKey_class;
@@ -87,17 +94,14 @@ typedef struct KeyPair_dummy {
 
 typedef struct PublicKey_dummy {
   secp256k1_pubkey pubkey; // Opaque object containing public key data
-  secp256k1_context *ctx;
 } PublicKey;
 
 typedef struct PrivateKey_dummy {
   unsigned char data[32]; // Bytes comprising the private key data
-  secp256k1_context *ctx;
 } PrivateKey;
 
 typedef struct Signature_dummy {
   secp256k1_ecdsa_signature sig; // Signature object, contains 64-byte signature
-  secp256k1_context *ctx;
 } Signature;
 
 #ifdef HAVE_SECP256K1_RECOVERY_H
@@ -140,7 +144,6 @@ PublicKey_free(void *in_public_key)
 {
   PublicKey *public_key;
   public_key = (PublicKey*)in_public_key;
-  secp256k1_context_destroy(public_key->ctx);
   xfree(public_key);
 }
 
@@ -157,7 +160,6 @@ PrivateKey_free(void *in_private_key)
 {
   PrivateKey *private_key;
   private_key = (PrivateKey*)in_private_key;
-  secp256k1_context_destroy(private_key->ctx);
   xfree(private_key);
 }
 
@@ -197,7 +199,6 @@ static void
 Signature_free(void *in_signature)
 {
   Signature *signature = (Signature*)in_signature;
-  secp256k1_context_destroy(signature->ctx);
   xfree(signature);
 }
 
@@ -268,33 +269,6 @@ typedef enum ResultT_dummy {
   RESULT_FAILURE
 } ResultT;
 
-/**
- * Generate a series of cryptographically secure random bytes using OpenSSL.
- *
- * \param out_bytes Desired number of bytes will be written here.
- * \param in_size Number of bytes of random data to be generated.
- * \return RESULT_SUCCESS if the bytes were generated successfully,
- *   RESULT_FAILURE otherwise.
- */
-static ResultT
-GenerateRandomBytes(unsigned char *out_bytes, int in_size)
-{
-  // OpenSSL RNG has not been seeded with enough data and is therefore
-  // not usable.
-  if (RAND_status() == 0)
-  {
-    return RESULT_FAILURE;
-  }
-
-  // Attempt to generate random bytes using the OpenSSL RNG
-  if (RAND_bytes(out_bytes, in_size) != 1)
-  {
-    return RESULT_FAILURE;
-  }
-
-  return RESULT_SUCCESS;
-}
-
 /**
  * Computes the ECDSA signature of the given 32-byte SHA-256 hash.
  *
@@ -468,16 +442,14 @@ PublicKey_create_from_private_key(Context *in_context,
         (&public_key->pubkey),
         private_key_data) != 1)
   {
-    rb_raise(rb_eTypeError, "invalid private key data");
+    rb_raise(Secp256k1_DeserializationError_class, "invalid private key data");
   }
 
-  public_key->ctx = secp256k1_context_clone(in_context->ctx);
   return result;
 }
 
 static VALUE
-PublicKey_create_from_data(Context *in_context,
-                           unsigned char *in_public_key_data,
+PublicKey_create_from_data(unsigned char *in_public_key_data,
                            unsigned int in_public_key_data_len)
 {
   PublicKey *public_key;
@@ -486,18 +458,39 @@ PublicKey_create_from_data(Context *in_context,
   result = PublicKey_alloc(Secp256k1_PublicKey_class);
   TypedData_Get_Struct(result, PublicKey, &PublicKey_DataType, public_key);
 
-  if (secp256k1_ec_pubkey_parse(in_context->ctx,
+  if (secp256k1_ec_pubkey_parse(secp256k1_context_no_precomp,
                                 &(public_key->pubkey),
                                 in_public_key_data,
                                 in_public_key_data_len) != 1)
   {
-    rb_raise(rb_eRuntimeError, "invalid public key data");
+    rb_raise(Secp256k1_DeserializationError_class, "invalid public key data");
   }
 
-  public_key->ctx = secp256k1_context_clone(in_context->ctx);
   return result;
 }
 
+/**
+ * Loads a public key from compressed or uncompressed binary data.
+ *
+ * @param in_public_key_data [String] binary string with compressed or
+ *   uncompressed public key data.
+ * @return [Secp256k1::PublicKey] public key derived from data.
+ * @raise [Secp256k1::DeserializationError] if public key data is invalid.
+ */
+static VALUE
+PublicKey_from_data(VALUE klass, VALUE in_public_key_data)
+{
+  unsigned char *public_key_data;
+
+  Check_Type(in_public_key_data, T_STRING);
+
+  public_key_data = (unsigned char*)StringValuePtr(in_public_key_data);
+  return PublicKey_create_from_data(
+    public_key_data,
+    (int)RSTRING_LEN(in_public_key_data)
+  );
+}
+
 /**
  * @return [String] binary string containing the uncompressed representation
  *   of this public key.
@@ -512,7 +505,7 @@ PublicKey_uncompressed(VALUE self)
 
   TypedData_Get_Struct(self, PublicKey, &PublicKey_DataType, public_key);
 
-  secp256k1_ec_pubkey_serialize(public_key->ctx,
+  secp256k1_ec_pubkey_serialize(secp256k1_context_no_precomp,
                                 serialized_pubkey,
                                 &serialized_pubkey_len,
                                 &(public_key->pubkey),
@@ -535,7 +528,7 @@ PublicKey_compressed(VALUE self)
 
   TypedData_Get_Struct(self, PublicKey, &PublicKey_DataType, public_key);
 
-  secp256k1_ec_pubkey_serialize(public_key->ctx,
+  secp256k1_ec_pubkey_serialize(secp256k1_context_no_precomp,
                                 serialized_pubkey,
                                 &serialized_pubkey_len,
                                 &(public_key->pubkey),
@@ -569,14 +562,14 @@ PublicKey_equals(VALUE self, VALUE other)
   TypedData_Get_Struct(other, PublicKey, &PublicKey_DataType, rhs);
 
   secp256k1_ec_pubkey_serialize(
-    lhs->ctx,
+    secp256k1_context_no_precomp,
     lhs_compressed,
     &lhs_len,
     &(lhs->pubkey),
     SECP256K1_EC_COMPRESSED
   );
   secp256k1_ec_pubkey_serialize(
-    rhs->ctx,
+    secp256k1_context_no_precomp,
     rhs_compressed,
     &rhs_len,
     &(rhs->pubkey),
@@ -610,26 +603,52 @@ PrivateKey_alloc(VALUE klass)
 }
 
 static VALUE
-PrivateKey_create(Context *in_context, unsigned char *in_private_key_data)
+PrivateKey_create(unsigned char *in_private_key_data)
 {
   PrivateKey *private_key;
   VALUE result;
 
-  if (secp256k1_ec_seckey_verify(in_context->ctx, in_private_key_data) != 1)
+  if (secp256k1_ec_seckey_verify(secp256k1_context_no_precomp,
+                                 in_private_key_data) != 1)
   {
-    rb_raise(rb_eArgError, "invalid private key data");
+    rb_raise(Secp256k1_Error_class, "invalid private key data");
   }
 
   result = PrivateKey_alloc(Secp256k1_PrivateKey_class);
   TypedData_Get_Struct(result, PrivateKey, &PrivateKey_DataType, private_key);
   MEMCPY(private_key->data, in_private_key_data, char, 32);
-  private_key->ctx = secp256k1_context_clone(in_context->ctx);
 
   rb_iv_set(result, "@data", rb_str_new((char*)in_private_key_data, 32));
 
   return result;
 }
 
+/**
+ * Load a private key from binary data.
+ *
+ * @param in_private_key_data [String] 32 byte binary string of private key
+ *   data.
+ * @return [Secp256k1::PrivateKey] private key loaded from the given data.
+ * @raise [Secp256k1::Error] if private key data is not 32 bytes or is invalid.
+ */
+static VALUE
+PrivateKey_from_data(VALUE klass, VALUE in_private_key_data)
+{
+  unsigned char *private_key_data;
+
+  Check_Type(in_private_key_data, T_STRING);
+  if (RSTRING_LEN(in_private_key_data) != 32)
+  {
+    rb_raise(
+      Secp256k1_Error_class,
+      "private key data must be 32 bytes in length"
+    );
+  }
+
+  private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
+  return PrivateKey_create(private_key_data);
+}
+
 /**
  * Compare two private keys.
  *
@@ -672,6 +691,77 @@ Signature_alloc(VALUE klass)
   return new_instance;
 }
 
+/**
+ * Deserializes a Signature from 64-byte compact signature data.
+ *
+ * @param in_compact_signature [String] compact signature as 64-byte binary
+ *   string.
+ * @return [Secp256k1::Signature] object deserialized from compact signature.
+ * @raise [Secp256k1::DeserializationError] if signature data is invalid.
+ */
+static VALUE
+Signature_from_compact(VALUE klass, VALUE in_compact_signature)
+{
+  Signature *signature;
+  VALUE signature_result;
+  unsigned char *signature_data;
+
+  Check_Type(in_compact_signature, T_STRING);
+
+  if (RSTRING_LEN(in_compact_signature) != 64)
+  {
+    rb_raise(Secp256k1_Error_class, "compact signature must be 64 bytes");
+  }
+
+  signature_data = (unsigned char*)StringValuePtr(in_compact_signature);
+
+  signature_result = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
+
+  if (secp256k1_ecdsa_signature_parse_compact(secp256k1_context_no_precomp,
+                                              &(signature->sig),
+                                              signature_data) != 1)
+  {
+    rb_raise(Secp256k1_DeserializationError_class, "invalid compact signature");
+  }
+
+  return signature_result;
+}
+
+/**
+ * Converts a DER encoded binary signature into a signature object.
+ *
+ * @param in_der_encoded_signature [String] DER encoded signature as binary
+ *   string.
+ * @return [Secp256k1::Signature] signature object initialized using signature
+ *   data.
+ * @raise [Secp256k1::DeserializationError] if signature data is invalid.
+ */
+static VALUE
+Signature_from_der_encoded(VALUE klass, VALUE in_der_encoded_signature)
+{
+  Signature *signature;
+  VALUE signature_result;
+  unsigned char *signature_data;
+
+  Check_Type(in_der_encoded_signature, T_STRING);
+
+  signature_data = (unsigned char*)StringValuePtr(in_der_encoded_signature);
+
+  signature_result = Signature_alloc(Secp256k1_Signature_class);
+  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
+
+  if (secp256k1_ecdsa_signature_parse_der(secp256k1_context_no_precomp,
+                                          &(signature->sig),
+                                          signature_data,
+                                          RSTRING_LEN(in_der_encoded_signature)) != 1)
+  {
+    rb_raise(Secp256k1_DeserializationError_class, "invalid DER encoded signature");
+  }
+
+  return signature_result;
+}
+
 /**
  * Return Distinguished Encoding Rules (DER) encoded signature data.
  *
@@ -688,12 +778,15 @@ Signature_der_encoded(VALUE self)
   TypedData_Get_Struct(self, Signature, &Signature_DataType, signature);
 
   der_signature_len = 72;
-  if (secp256k1_ecdsa_signature_serialize_der(signature->ctx,
+  if (secp256k1_ecdsa_signature_serialize_der(secp256k1_context_no_precomp,
                                               der_signature,
                                               &der_signature_len,
                                               &(signature->sig)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "could not compute DER encoded signature");
+    rb_raise(
+      Secp256k1_SerializationError_class,
+      "could not compute DER encoded signature"
+    );
   }
 
   return rb_str_new((char*)der_signature, der_signature_len);
@@ -713,11 +806,14 @@ Signature_compact(VALUE self)
 
   TypedData_Get_Struct(self, Signature, &Signature_DataType, signature);
 
-  if (secp256k1_ecdsa_signature_serialize_compact(signature->ctx,
+  if (secp256k1_ecdsa_signature_serialize_compact(secp256k1_context_no_precomp,
                                                   compact_signature,
                                                   &(signature->sig)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "unable to compute compact signature");
+    rb_raise(
+      Secp256k1_SerializationError_class,
+      "unable to compute compact signature"
+    );
   }
 
   return rb_str_new((char*)compact_signature, COMPACT_SIG_SIZE_BYTES);
@@ -751,15 +847,13 @@ Signature_normalized(VALUE self)
 
   was_normalized = Qfalse;
   if (secp256k1_ecdsa_signature_normalize(
-        signature->ctx,
+        secp256k1_context_no_precomp,
         &(normalized_signature->sig),
         &(signature->sig)) == 1)
   {
     was_normalized = Qtrue;
   }
 
-  normalized_signature->ctx = secp256k1_context_clone(signature->ctx);
-
   result = rb_ary_new2(2);
   rb_ary_push(result, was_normalized);
   rb_ary_push(result, result_sig);
@@ -787,10 +881,10 @@ Signature_equals(VALUE self, VALUE other)
   TypedData_Get_Struct(other, Signature, &Signature_DataType, rhs);
 
   secp256k1_ecdsa_signature_serialize_compact(
-    lhs->ctx, lhs_compact, &(lhs->sig)
+    secp256k1_context_no_precomp, lhs_compact, &(lhs->sig)
   );
   secp256k1_ecdsa_signature_serialize_compact(
-    rhs->ctx, rhs_compact, &(rhs->sig)
+    secp256k1_context_no_precomp, rhs_compact, &(rhs->sig)
   );
 
   if (memcmp(lhs_compact, rhs_compact, 64) == 0)
@@ -827,7 +921,7 @@ RecoverableSignature_alloc(VALUE klass)
  *
  * @return [Array] first element is the 64 byte compact encoding of signature,
  *   the second element is the integer recovery ID.
- * @raise [RuntimeError] if signature serialization fails.
+ * @raise [Secp256k1::SerializationError] if signature serialization fails.
  */
 static VALUE
 RecoverableSignature_compact(VALUE self)
@@ -845,12 +939,15 @@ RecoverableSignature_compact(VALUE self)
   );
 
   if (secp256k1_ecdsa_recoverable_signature_serialize_compact(
-        recoverable_signature->ctx,
+        secp256k1_context_no_precomp,
         compact_sig,
         &recovery_id,
         &(recoverable_signature->sig)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "unable to serialize recoverable signature");
+    rb_raise(
+      Secp256k1_SerializationError_class,
+      "unable to serialize recoverable signature"
+    );
   }
 
   // Create a new array with room for 2 elements and push data onto it
@@ -891,11 +988,10 @@ RecoverableSignature_to_signature(VALUE self)
 
   // NOTE: This method cannot fail
   secp256k1_ecdsa_recoverable_signature_convert(
-    recoverable_signature->ctx,
+    secp256k1_context_no_precomp,
     &(signature->sig),
     &(recoverable_signature->sig));
 
-  signature->ctx = secp256k1_context_clone(recoverable_signature->ctx);
   return result;
 }
 
@@ -904,7 +1000,9 @@ RecoverableSignature_to_signature(VALUE self)
  *
  * @param in_hash32 [String] 32-byte SHA-256 hash of data.
  * @return [Secp256k1::PublicKey] recovered public key.
- * @raise [RuntimeError] if the public key could not be recovered.
+ * @raise [Secp256k1::Error] if hash given is not 32 bytes.
+ * @raise [Secp256k1::DeserializationError] if public key could not be
+ *   recovered.
  */
 static VALUE
 RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
@@ -917,7 +1015,7 @@ RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
   Check_Type(in_hash32, T_STRING);
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
   }
 
   TypedData_Get_Struct(
@@ -936,11 +1034,10 @@ RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
                               &(recoverable_signature->sig),
                               hash32) == 1)
   {
-    public_key->ctx = secp256k1_context_clone(recoverable_signature->ctx);
     return result;
   }
 
-  rb_raise(rb_eRuntimeError, "unable to recover public key");
+  rb_raise(Secp256k1_DeserializationError_class, "unable to recover public key");
 }
 
 /**
@@ -1028,14 +1125,27 @@ Context_alloc(VALUE klass)
  *
  * Context initialization should be infrequent as it is an expensive operation.
  *
+ * @param context_randomization_bytes [String,nil] (Optional) 32 bytes of
+ *   random data used to randomize the context. If omitted then the
+ *   context remains unrandomized. It is recommended that you provide this
+ *   argument.
  * @return [Secp256k1::Context] 
- * @raise [RuntimeError] if context randomization fails.
+ * @raise [Secp256k1::Error] if context randomization fails.
  */
 static VALUE
-Context_initialize(VALUE self)
+Context_initialize(int argc, const VALUE* argv, VALUE self)
 {
   Context *context;
-  unsigned char seed[32];
+  unsigned char *seed32;
+  VALUE context_randomization_bytes;
+  VALUE opts;
+  static ID kwarg_ids;
+
+  context_randomization_bytes = Qnil;
+  if (!kwarg_ids)
+  {
+    CONST_ID(kwarg_ids, "context_randomization_bytes");
+  }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
 
@@ -1043,101 +1153,46 @@ Context_initialize(VALUE self)
     SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY
   );
 
-  // Randomize the context at initialization time rather than before calls so
-  // the same context can be used across threads safely.
-  GenerateRandomBytes(seed, 32);
-  if (secp256k1_context_randomize(context->ctx, seed) != 1)
-  {
-    rb_raise(rb_eRuntimeError, "context randomization failed");
-  }
-
-  return self;
-}
-
-/**
- * Generate a new public-private key pair.
- *
- * @return [Secp256k1::KeyPair] newly generated key pair.
- * @raise [RuntimeError] if private key generation fails.
- */
-static VALUE
-Context_generate_key_pair(VALUE self)
-{
-  Context *context;
-  VALUE private_key;
-  VALUE public_key;
-  VALUE result;
-  unsigned char private_key_bytes[32];
-
-  if (FAILURE(GenerateRandomBytes(private_key_bytes, 32)))
+  // Handle optional second argument containing random bytes to use for
+  // randomization. We pass ":" to rb_scan_args to say that we expect keyword
+  // arguments. We then parse the opts result of the scan in order to grab
+  // context_randomization_bytes from the hash.
+  rb_scan_args(argc, argv, ":", &opts);
+  rb_get_kwargs(opts, &kwarg_ids, 0, 1, &context_randomization_bytes);
+
+  // We need this check because rb_get_kwargs will set the result to Qundef if
+  // the keyword argument is not provided. This lets us use the NIL_P
+  // predicate.
+  if (context_randomization_bytes == Qundef)
   {
-    rb_raise(rb_eRuntimeError, "unable to generate private key bytes.");
+    context_randomization_bytes = Qnil;
   }
 
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
-
-  private_key = PrivateKey_create(context, private_key_bytes);
-  public_key = PublicKey_create_from_private_key(context, private_key_bytes);
-  result = rb_funcall(
-    Secp256k1_KeyPair_class,
-    rb_intern("new"),
-    2,
-    public_key,
-    private_key
-  );
-
-  return result;
-}
-
-/**
- * Loads a public key from compressed or uncompressed binary data.
- *
- * @param in_public_key_data [String] binary string with compressed or
- *   uncompressed public key data.
- * @return [Secp256k1::PublicKey] public key derived from data.
- * @raise [RuntimeError] if public key data is invalid.
- */
-static VALUE
-Context_public_key_from_data(VALUE self, VALUE in_public_key_data)
-{
-  Context *context;
-  unsigned char *public_key_data;
-
-  Check_Type(in_public_key_data, T_STRING);
-
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
-  public_key_data = (unsigned char*)StringValuePtr(in_public_key_data);
-  return PublicKey_create_from_data(
-    context,
-    public_key_data,
-    (int)RSTRING_LEN(in_public_key_data)
-  );
-}
-
-/**
- * Load a private key from binary data.
- *
- * @param in_private_key_data [String] 32 byte binary string of private key
- *   data.
- * @return [Secp256k1::PrivateKey] private key loaded from the given data.
- * @raise [ArgumentError] if private key data is not 32 bytes or is invalid.
- */
-static VALUE
-Context_private_key_from_data(VALUE self, VALUE in_private_key_data)
-{
-  Context *context;
-  unsigned char *private_key_data;
-
-  Check_Type(in_private_key_data, T_STRING);
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
-  private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
-
-  if (RSTRING_LEN(in_private_key_data) != 32)
+  if (!NIL_P(context_randomization_bytes)) // Random bytes given
   {
-    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
+    Check_Type(context_randomization_bytes, T_STRING);
+    if (RSTRING_LEN(context_randomization_bytes) != 32)
+    {
+      rb_raise(
+        Secp256k1_Error_class,
+        "context_randomization_bytes must be 32 bytes in length"
+      );
+    }
+
+    seed32 = (unsigned char*)StringValuePtr(context_randomization_bytes);
+
+    // Randomize the context at initialization time rather than before calls so
+    // the same context can be used across threads safely.
+    if (secp256k1_context_randomize(context->ctx, seed32) != 1)
+    {
+      rb_raise(
+        Secp256k1_Error_class,
+        "context randomization failed"
+      );
+    }
   }
 
-  return PrivateKey_create(context, private_key_data);
+  return self;
 }
 
 /**
@@ -1145,7 +1200,7 @@ Context_private_key_from_data(VALUE self, VALUE in_private_key_data)
  *
  * @param in_private_key_data [String] binary private key data
  * @return [Secp256k1::KeyPair] key pair initialized from the private key data.
- * @raise [ArgumentError] if the private key data is invalid or key derivation
+ * @raise [Secp256k1::Error] if the private key data is invalid or key derivation
  *   fails.
  */
 static VALUE
@@ -1157,16 +1212,16 @@ Context_key_pair_from_private_key(VALUE self, VALUE in_private_key_data)
   unsigned char *private_key_data;
 
   Check_Type(in_private_key_data, T_STRING);
+  TypedData_Get_Struct(self, Context, &Context_DataType, context);
 
   if (RSTRING_LEN(in_private_key_data) != 32)
   {
-    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "private key data must be 32 bytes in length");
   }
 
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
   private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
 
-  private_key = PrivateKey_create(context, private_key_data);
+  private_key = PrivateKey_create(private_key_data);
   public_key = PublicKey_create_from_private_key(context, private_key_data);
 
   return rb_funcall(
@@ -1178,83 +1233,6 @@ Context_key_pair_from_private_key(VALUE self, VALUE in_private_key_data)
   );
 }
 
-/**
- * Converts a DER encoded binary signature into a signature object.
- *
- * @param in_der_encoded_signature [String] DER encoded signature as binary
- *   string.
- * @return [Secp256k1::Signature] signature object initialized using signature
- *   data.
- * @raise [ArgumentError] if signature data is invalid.
- */
-static VALUE
-Context_signature_from_der_encoded(VALUE self, VALUE in_der_encoded_signature)
-{
-  Context *context;
-  Signature *signature;
-  VALUE signature_result;
-  unsigned char *signature_data;
-
-  Check_Type(in_der_encoded_signature, T_STRING);
-
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
-  signature_data = (unsigned char*)StringValuePtr(in_der_encoded_signature);
-
-  signature_result = Signature_alloc(Secp256k1_Signature_class);
-  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
-
-  if (secp256k1_ecdsa_signature_parse_der(context->ctx,
-                                          &(signature->sig),
-                                          signature_data,
-                                          RSTRING_LEN(in_der_encoded_signature)) != 1)
-  {
-    rb_raise(rb_eArgError, "invalid DER encoded signature");
-  }
-
-  signature->ctx = secp256k1_context_clone(context->ctx);
-  return signature_result;
-}
-
-/**
- * Deserializes a Signature from 64-byte compact signature data.
- *
- * @param in_compact_signature [String] compact signature as 64-byte binary
- *   string.
- * @return [Secp256k1::Signature] object deserialized from compact signature.
- * @raise [ArgumentError] if signature data is invalid.
- */
-static VALUE
-Context_signature_from_compact(VALUE self, VALUE in_compact_signature)
-{
-  Context *context;
-  Signature *signature;
-  VALUE signature_result;
-  unsigned char *signature_data;
-
-  Check_Type(in_compact_signature, T_STRING);
-
-  if (RSTRING_LEN(in_compact_signature) != 64)
-  {
-    rb_raise(rb_eArgError, "compact signature must be 64 bytes");
-  }
-
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
-  signature_data = (unsigned char*)StringValuePtr(in_compact_signature);
-
-  signature_result = Signature_alloc(Secp256k1_Signature_class);
-  TypedData_Get_Struct(signature_result, Signature, &Signature_DataType, signature);
-
-  if (secp256k1_ecdsa_signature_parse_compact(context->ctx,
-                                              &(signature->sig),
-                                              signature_data) != 1)
-  {
-    rb_raise(rb_eArgError, "invalid compact signature");
-  }
-
-  signature->ctx = secp256k1_context_clone(context->ctx);
-  return signature_result;
-}
-
 /**
  * Computes the ECDSA signature of the data using the secp256k1 elliptic curve.
  *
@@ -1262,8 +1240,8 @@ Context_signature_from_compact(VALUE self, VALUE in_compact_signature)
  *   signing.
  * @param in_hash32 [String] 32-byte binary string with SHA-256 hash of data.
  * @return [Secp256k1::Signature] signature resulting from signing data.
- * @raise [RuntimeError] if signature computation fails.
- * @raise [ArgumentError] if hash is not 32-bytes in length.
+ * @raise [Secp256k1::Error] if hash is not 32-bytes in length or signature
+ *   computation fails.
  */
 static VALUE
 Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
@@ -1278,7 +1256,7 @@ Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
 
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
   }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
@@ -1294,11 +1272,10 @@ Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
                        private_key->data,
                        &(signature->sig))))
   {
-    signature->ctx = secp256k1_context_clone(context->ctx);
     return signature_result;
   }
 
-  rb_raise(rb_eRuntimeError, "unable to compute signature");
+  rb_raise(Secp256k1_Error_class, "unable to compute signature");
 }
 
 /**
@@ -1310,7 +1287,7 @@ Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
  * @param in_hash32 [String] 32-byte binary string containing SHA-256 hash of
  *   data.
  * @return [Boolean] True if the signature is valid, false otherwise.
- * @raise [ArgumentError] if hash is not 32-bytes in length.
+ * @raise [Secp256k1::Error] if hash is not 32-bytes in length.
  */
 static VALUE
 Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
@@ -1324,7 +1301,7 @@ Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
 
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32-bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32-bytes in length");
   }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
@@ -1354,7 +1331,8 @@ Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
  * @param in_hash32 [String] 32-byte binary string with SHA-256 hash of data.
  * @return [Secp256k1::RecoverableSignature] recoverable signature produced by
  *   signing the SHA-256 hash `in_hash32` with `in_private_key`.
- * @raise [ArgumentError] if the hash is not 32 bytes
+ * @raise [Secp256k1::Error] if the hash is not 32 bytes or signature could not
+ *   be computed.
  */
 static VALUE
 Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
@@ -1368,7 +1346,7 @@ Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
   Check_Type(in_hash32, T_STRING);
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
   }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
@@ -1394,7 +1372,7 @@ Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
     return result;
   }
 
-  rb_raise(rb_eRuntimeError, "unable to compute recoverable signature");
+  rb_raise(Secp256k1_Error_class, "unable to compute recoverable signature");
 }
 
 /**
@@ -1404,8 +1382,9 @@ Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
  *   data.
  * @param in_recovery_id [Integer] recovery ID (range [0, 3])
  * @return [Secp256k1::RecoverableSignature] signature parsed from data.
- * @raise [RuntimeError] if signature data or recovery ID is invalid.
- * @raise [ArgumentError] if compact signature is not 64 bytes or recovery ID
+ * @raise [Secp256k1::DeserializationError] if signature data or recovery ID is
+ *   invalid.
+ * @raise [Secp256k1::Error] if compact signature is not 64 bytes or recovery ID
  *   is not in range [0, 3].
  */
 static VALUE
@@ -1427,12 +1406,12 @@ Context_recoverable_signature_from_compact(
 
   if (RSTRING_LEN(in_compact_sig) != 64)
   {
-    rb_raise(rb_eArgError, "compact signature is not 64 bytes");
+    rb_raise(Secp256k1_Error_class, "compact signature is not 64 bytes");
   }
 
   if (recovery_id < 0 || recovery_id > 3)
   {
-    rb_raise(rb_eArgError, "invalid recovery ID, must be in range [0, 3]");
+    rb_raise(Secp256k1_Error_class, "invalid recovery ID, must be in range [0, 3]");
   }
 
   result = RecoverableSignature_alloc(Secp256k1_RecoverableSignature_class);
@@ -1444,7 +1423,7 @@ Context_recoverable_signature_from_compact(
   );
 
   if (secp256k1_ecdsa_recoverable_signature_parse_compact(
-        context->ctx,
+        secp256k1_context_no_precomp,
         &(recoverable_signature->sig),
         compact_sig,
         recovery_id) == 1)
@@ -1453,7 +1432,7 @@ Context_recoverable_signature_from_compact(
     return result;
   }
   
-  rb_raise(rb_eRuntimeError, "unable to parse recoverable signature");
+  rb_raise(Secp256k1_DeserializationError_class, "unable to parse recoverable signature");
 }
 
 #endif // HAVE_SECP256K1_RECOVERY_H
@@ -1469,7 +1448,7 @@ Context_recoverable_signature_from_compact(
  * @param point [Secp256k1::PublicKey] public-key representing ECDH point.
  * @param scalar [Secp256k1::PrivateKey] private-key representing ECDH scalar.
  * @return [Secp256k1::SharedSecret] shared secret
- * @raise [RuntimeError] If scalar was invalid (zero or caused overflow).
+ * @raise [Secp256k1::Error] If scalar was invalid (zero or caused overflow).
  */
 static VALUE
 Context_ecdh(VALUE self, VALUE point, VALUE scalar)
@@ -1496,7 +1475,7 @@ Context_ecdh(VALUE self, VALUE point, VALUE scalar)
                      NULL,
                      NULL) != 1)
   {
-    rb_raise(rb_eRuntimeError, "invalid scalar provided to ecdh");
+    rb_raise(Secp256k1_Error_class, "invalid scalar provided to ecdh");
   }
 
   rb_iv_set(result, "@data", rb_str_new((char*)shared_secret->data, 32));
@@ -1548,13 +1527,6 @@ Secp256k1_have_ecdh(VALUE module)
 
 void Init_rbsecp256k1()
 {
-  // NOTE: All classes derive from Data (rb_cData) rather than Object
-  // (rb_cObject). This makes it so we don't have to call rb_undef_alloc_func
-  // for each class and can instead simply define the allocation methods for
-  // each class.
-  //
-  // See: https://github.com/ruby/ruby/blob/trunk/doc/extension.rdoc#encapsulate-c-data-into-a-ruby-object
-
   // Secp256k1
   Secp256k1_module = rb_define_module("Secp256k1");
   rb_define_singleton_method(
@@ -1570,31 +1542,31 @@ void Init_rbsecp256k1()
     0
   );
 
+  // Secp256k1 exception hierarchy
+  Secp256k1_Error_class = rb_define_class_under(
+    Secp256k1_module, "Error", rb_eStandardError
+  );
+  Secp256k1_SerializationError_class = rb_define_class_under(
+    Secp256k1_module, "SerializationError", Secp256k1_Error_class
+  );
+  Secp256k1_DeserializationError_class = rb_define_class_under(
+    Secp256k1_module, "DeserializationError", Secp256k1_Error_class
+  );
+
   // Secp256k1::Context
   Secp256k1_Context_class = rb_define_class_under(
-    Secp256k1_module, "Context", rb_cData
+    Secp256k1_module, "Context", rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_Context_class);
   rb_define_alloc_func(Secp256k1_Context_class, Context_alloc);
   rb_define_method(Secp256k1_Context_class,
                    "initialize",
                    Context_initialize,
-                   0);
-  rb_define_method(Secp256k1_Context_class,
-                   "generate_key_pair",
-                   Context_generate_key_pair,
-                   0);
+                   -1);
   rb_define_method(Secp256k1_Context_class,
                    "key_pair_from_private_key",
                    Context_key_pair_from_private_key,
                    1);
-  rb_define_method(Secp256k1_Context_class,
-                   "public_key_from_data",
-                   Context_public_key_from_data,
-                   1);
-  rb_define_method(Secp256k1_Context_class,
-                   "private_key_from_data",
-                   Context_private_key_from_data,
-                   1);
   rb_define_method(Secp256k1_Context_class,
                    "sign",
                    Context_sign,
@@ -1603,19 +1575,12 @@ void Init_rbsecp256k1()
                    "verify",
                    Context_verify,
                    3);
-  rb_define_method(Secp256k1_Context_class,
-                   "signature_from_der_encoded",
-                   Context_signature_from_der_encoded,
-                   1);
-  rb_define_method(Secp256k1_Context_class,
-                   "signature_from_compact",
-                   Context_signature_from_compact,
-                   1);
 
   // Secp256k1::KeyPair
   Secp256k1_KeyPair_class = rb_define_class_under(Secp256k1_module,
                                                   "KeyPair",
-                                                  rb_cData);
+                                                  rb_cObject);
+  rb_undef_alloc_func(Secp256k1_KeyPair_class);
   rb_define_alloc_func(Secp256k1_KeyPair_class, KeyPair_alloc);
   rb_define_attr(Secp256k1_KeyPair_class, "public_key", 1, 0);
   rb_define_attr(Secp256k1_KeyPair_class, "private_key", 1, 0);
@@ -1628,7 +1593,8 @@ void Init_rbsecp256k1()
   // Secp256k1::PublicKey
   Secp256k1_PublicKey_class = rb_define_class_under(Secp256k1_module,
                                                     "PublicKey",
-                                                    rb_cData);
+                                                    rb_cObject);
+  rb_undef_alloc_func(Secp256k1_PublicKey_class);
   rb_define_alloc_func(Secp256k1_PublicKey_class, PublicKey_alloc);
   rb_define_method(Secp256k1_PublicKey_class,
                    "compressed",
@@ -1638,20 +1604,34 @@ void Init_rbsecp256k1()
                    "uncompressed",
                    PublicKey_uncompressed,
                    0);
+  rb_define_singleton_method(
+    Secp256k1_PublicKey_class,
+    "from_data",
+    PublicKey_from_data,
+    1
+  );
   rb_define_method(Secp256k1_PublicKey_class, "==", PublicKey_equals, 1);
 
   // Secp256k1::PrivateKey
   Secp256k1_PrivateKey_class = rb_define_class_under(
-    Secp256k1_module, "PrivateKey", rb_cData
+    Secp256k1_module, "PrivateKey", rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_PrivateKey_class);
   rb_define_alloc_func(Secp256k1_PrivateKey_class, PrivateKey_alloc);
   rb_define_attr(Secp256k1_PrivateKey_class, "data", 1, 0);
   rb_define_method(Secp256k1_PrivateKey_class, "==", PrivateKey_equals, 1);
+  rb_define_singleton_method(
+    Secp256k1_PrivateKey_class,
+    "from_data",
+    PrivateKey_from_data,
+    1
+  );
 
   // Secp256k1::Signature
   Secp256k1_Signature_class = rb_define_class_under(Secp256k1_module,
                                                     "Signature",
-                                                    rb_cData);
+                                                    rb_cObject);
+  rb_undef_alloc_func(Secp256k1_Signature_class);
   rb_define_alloc_func(Secp256k1_Signature_class, Signature_alloc);
   rb_define_method(Secp256k1_Signature_class,
                    "der_encoded",
@@ -1669,14 +1649,27 @@ void Init_rbsecp256k1()
                    "==",
                    Signature_equals,
                    1);
+  rb_define_singleton_method(
+    Secp256k1_Signature_class,
+    "from_compact",
+    Signature_from_compact,
+    1
+  );
+  rb_define_singleton_method(
+    Secp256k1_Signature_class,
+    "from_der_encoded",
+    Signature_from_der_encoded,
+    1
+  );
 
 #ifdef HAVE_SECP256K1_RECOVERY_H
   // Secp256k1::RecoverableSignature
   Secp256k1_RecoverableSignature_class = rb_define_class_under(
     Secp256k1_module,
     "RecoverableSignature",
-    rb_cData
+    rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_RecoverableSignature_class);
   rb_define_alloc_func(
     Secp256k1_RecoverableSignature_class,
     RecoverableSignature_alloc
@@ -1725,8 +1718,9 @@ void Init_rbsecp256k1()
   Secp256k1_SharedSecret_class = rb_define_class_under(
     Secp256k1_module,
     "SharedSecret",
-    rb_cData
+    rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_SharedSecret_class);
   rb_define_alloc_func(Secp256k1_SharedSecret_class, SharedSecret_alloc);
   rb_define_attr(Secp256k1_SharedSecret_class, "data", 1, 0);