feat: EIP-7951 for ECDSA on P-256 curve #1649
Conversation
yelhousni
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR implements the P256Verify precompile (EIP-7951) for ECDSA signature verification over the secp256r1 (P-256) elliptic curve. The implementation provides a gnark circuit for verifying ECDSA signatures at the EVM precompile address 0x100.
Key changes:
- Adds
P256Verifyfunction implementing EIP-7951 using gnark's emulated P256 curve and ECDSA signature verification - Includes comprehensive test coverage with both basic functional tests and Wycheproof test vectors
- Provides 60+ test vectors from the Wycheproof project covering edge cases and malleability scenarios
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| std/evmprecompiles/256-p256verify.go | Core implementation of P256Verify precompile using emulated ECDSA signature verification |
| std/evmprecompiles/256-p256verify_test.go | Test suite with basic circuit tests and EIP vector validation |
| std/evmprecompiles/test_vectors/p256verify_vectors_clean.json | Wycheproof test vectors for comprehensive edge case coverage |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
ivokub
left a comment
ivokub
left a comment
There was a problem hiding this comment.
I made a few changes. See if it makes sense. Its good to merge on my side
|
It looks good and passes all the test vectors, so good to merge on my end too. But I will do an optimization PR for to use |
|
@ivokub Good catch! Actually |
Indeed! I actually changed to JointScalarMulBase and improved from 1M to 700k constraints. And seems all tests pass. |
Description
This PR implements a circuit corresponding to https://eips.ethereum.org/EIPS/eip-7951 alongside test against Consensys/gnark-crypto#767 and Wycheproof test vectors (https://eips.ethereum.org/assets/eip-7951/test-vectors.json).
Needs Consensys/gnark-crypto#767 to be merged first.
Type of change
How has this been tested?
Tests against gnark-crypto pass but against Wycheproof some edge cases fail because they are checked at the arithmetization level not the gnark circuit level. Currently,
p256verify_vectors_clean.jsoncontains some data that passes gnark circuit test andp256verify_vectors.jsonis the entire data.How has this been benchmarked?
In a BN254 circuit:
Checklist:
golangci-lintdoes not output errors locallyNote
Implements the P-256 ECDSA verification circuit (EIP-7951) and updates curve ops to support complete/unified arithmetic, with comprehensive tests and vectors.
std/evmprecompiles/P256Verify: ECDSA verification over P-256 usingJointScalarMulBasewith complete arithmetic; limbwise field conversion and modular equality checks.doubleGeneric,tripleGeneric,doubleAndAddGenericwithunifiedhandling to avoid edge cases (zero denominators) viaSelectguards.AddUnified/generic doubling in loops based oncfg.CompleteArithmetic.std/evmprecompiles/test_vectors/.Written by Cursor Bugbot for commit 5fef998. This will update automatically on new commits. Configure here.