The secp256k1 crate is a Rust wrapper around the well-vetted and constant-time C library that is actively maintained.
While including a non-trivial C dependency into our (so far) all-Rust project isn't the ideal answer, this library is a better choice in terms of maintainability (and offloading that to someone else) for us than some of the all-Rust alternatives out there, which are either less-great from a constant-time, implementation perspective or are just less mature than bitcoin-core/secp256k1.
Changed title so that we have one issue for integrating the dependency and one issue for adding transparent keys and addresses.
Pulling this in exposes the signing operations needed to verify script ops for transparent transactions without joinsplits.
The library requires building a context object and using the context, which is sort of awkward. Maybe the easiest thing to do would be to use lazy_static to build the context and store it as a "constant" somewhere in zebra-chain.
Not to co-opt this issue, but it could be worth looking into sandboxing. As far as I know, libsecp256k1 makes no syscalls, so you could use the strictest sandboxing policy. I think Google has some excellent open source, cross-platform sandboxing libraries, but they're for C++ (could be useful for seeing which APIs to use on each platform).
Sandboxing seems great, but unfortunately I don't think that we have resources to do it in the medium term. I don't feel great about C libraries in general, but I feel that of all C libraries that a Rust project might use, this one is relatively less risk than others.