Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update RIP-7212: Last Call deadline added, implementation address changed #6

Merged
merged 4 commits into from
Jan 2, 2024
Merged

Update RIP-7212: Last Call deadline added, implementation address changed #6

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8fe7881
Update RIP: Add last call deadline for the rip
ulerdogan Dec 21, 2023
04e3933
Update RIP: Change the implementation address of the precompile
ulerdogan Dec 21, 2023
8358b2a
Update rip-7212.md
ulerdogan Jan 2, 2024
dd10fae
Update rip-7212.md
ulerdogan Jan 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions RIPS/rip-7212.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ description: Proposal to add precompiled contract that performs signature verifi
author: Ulaş Erdoğan (@ulerdogan), Doğan Alpaslan (@doganalpaslan)
discussions-to: https://ethereum-magicians.org/t/eip-7212-precompiled-for-secp256r1-curve-support/14789
status: Last Call
last-call-deadline: 2024-01-10
type: Standards Track
category: Core
created: 2023-06-22
Expand All @@ -30,7 +31,7 @@ Modern devices have these signing mechanisms that are designed to be more secure

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174.

As of `FORK_TIMESTAMP` in the integrated EVM chain, add precompiled contract `P256VERIFY` for signature verifications in the “secp256r1” elliptic curve at address `PRECOMPILED_ADDRESS` in `0x0b`.
As of `FORK_TIMESTAMP` in the integrated EVM chain, add precompiled contract `P256VERIFY` for signature verifications in the “secp256r1” elliptic curve at address `PRECOMPILED_ADDRESS` in `0x100` (indicates 0x0000000000000000000000000000000000000100).

### Elliptic Curve Information

Expand Down Expand Up @@ -119,7 +120,7 @@ Another important difference is that the NIST FIPS 186-5 specification does not

Wrapper libraries **SHOULD** add a malleability check by default, with functions wrapping the raw precompile call (exact NIST FIPS 186-5 spec, without malleability check) clearly identified. For example, `P256.verifySignature` and `P256.verifySignatureWithoutMalleabilityCheck`. Adding the malleability check is straightforward and costs minimal gas.

The `PRECOMPILED_ADDRESS` is chosen as `0x0b` as it is the next available address in the precompiled address set.
The `PRECOMPILED_ADDRESS` is chosen as `0x100` as `P256VERIFY` is the first precompiled contract presented as an RIP, and the address is the first available address in the precompiled address set that is reserved for the RIP precompiles.

The gas cost is proposed by comparing the performance of the `P256VERIFY` and the `ECRECOVER` precompiled contract which is implemented in the EVM at `0x01` address. It is seen that “secp256r1” signature verification is ~15% slower (elaborated in [test cases](#test-cases)) than “secp256k1” signature recovery, so `3450` gas is proposed by comparison which causes similar “mgas/op” values in both precompiled contracts.

Expand Down