Bitcoin Core is eventually going to replace OpenSSL with libsecp256k1 for all ECDSA operations. As I understand it, this is motivated by wanting consensus-critical rules to not depend on OpenSSL.
Is libsecp256k1 signature verification also faster than OpenSSL? I've heard conflicting information about that.
Yes it's a lot faster. For example from one of the core developers:
reddit - Pieter Wuille / 2015-02-19 18:13
Just did a benchmark on libsecp256k1's current master, without GMP, without hand-written assembly, and it's around 3.6x faster than OpenSSL on my machine (64-bit code, i7 cpu). When the assembly is compiled in (which does not require any extra dependencies anymore), it's 4.9 times faster.
This talks about signature verification, which is currently the bottleneck when catching up to the blockchain.
