Skip to content

EIP-7951: Precompile for secp256r1 Curve Support #817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 34 commits into
base: master
Choose a base branch
from
Open

EIP-7951: Precompile for secp256r1 Curve Support #817

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
b049d33
updated oob columns and renaming shorthands
lorenzogentile404 Oct 23, 2025
683c690
Merge branch 'master' into 780-eip-7951-precompile-for-secp256r1-curv…
lorenzogentile404 Oct 27, 2025
b0e8be1
updated shorthands
lorenzogentile404 Oct 27, 2025
812739b
added specialized computation
lorenzogentile404 Oct 27, 2025
fd53f84
added osaka ecdata
lorenzogentile404 Oct 27, 2025
ff3faed
updated ec_data columns
lorenzogentile404 Oct 27, 2025
c53a2f2
updated ec_data generalities
lorenzogentile404 Oct 27, 2025
d3ea5f9
added utils
lorenzogentile404 Oct 27, 2025
60235fe
added specialized computation
lorenzogentile404 Oct 28, 2025
e2a76f9
added circuit selector
lorenzogentile404 Oct 28, 2025
73cf33d
used ISZERO instead of LT for ECRECOVER and P256_VERIFY
lorenzogentile404 Nov 3, 2025
46f6500
Merge branch 'master' into 780-eip-7951-precompile-for-secp256r1-curv…
lorenzogentile404 Nov 4, 2025
7740e5f
fixed Makefile
lorenzogentile404 Nov 4, 2025
da87f2e
fixed callToR1MembershipEXT
lorenzogentile404 Nov 4, 2025
63cfb67
fixed address_sum
lorenzogentile404 Nov 4, 2025
177afca
used computed columns for circuit selectors
lorenzogentile404 Nov 4, 2025
3335fca
partially updated osaka hub with P256_VERIFY
lorenzogentile404 Nov 5, 2025
961b7da
fixed precompile success case
lorenzogentile404 Nov 5, 2025
84cb1ab
fixed naming
lorenzogentile404 Nov 5, 2025
b1ecca9
fixed formatting
lorenzogentile404 Nov 5, 2025
cd73010
Merge branch 'master' into 780-eip-7951-precompile-for-secp256r1-curv…
lorenzogentile404 Nov 5, 2025
2f23e74
EIP-7823: Set upper bounds for `MODEXP` --- `OOB` side (#813)
OlivierBBB Nov 7, 2025
40959eb
EIP-7823: Set upper bounds for `MODEXP` --- `BLAKE_MODEXP` side (#812)
OlivierBBB Nov 7, 2025
c483d9e
EIP-7823: Set upper bounds for `MODEXP` --- `MMU` side (#814)
OlivierBBB Nov 7, 2025
78ad636
Automatic vanishing constraints of `misc/XXX_?` columns when `misc/XX…
OlivierBBB Nov 7, 2025
00e31bc
EIP-7823: Set upper bounds for `MODEXP` --- `HUB` side (#815)
OlivierBBB Nov 7, 2025
2fd0833
Merge branch 'master' into 780-eip-7951-precompile-for-secp256r1-curv…
lorenzogentile404 Nov 7, 2025
2a547ac
Replace `R@C` in ROFF constant name with `RAC` (#822)
OlivierBBB Nov 7, 2025
29694c1
Merge branch 'master' into 780-eip-7951-precompile-for-secp256r1-curv…
lorenzogentile404 Nov 7, 2025
7a5f259
removed deprecated comments
lorenzogentile404 Nov 9, 2025
8923512
added TODOs
lorenzogentile404 Nov 10, 2025
4ad1faf
feat: precompile processing justifying success and FKTR update for pv…
amkCha Nov 12, 2025
ee70747
feat: update nsr and flag sums + rm TODOs
amkCha Nov 12, 2025
15aa249
Merge branch 'master' into 780-eip-7951-precompile-for-secp256r1-curv…
lorenzogentile404 Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,9 @@ CONSTANTS_LONDON := constants/london/constants.zkasm
CONSTANTS_CANCUN := constants/cancun/constants.zkasm
CONSTANTS_PRAGUE := constants/prague/constants.zkasm

EC_DATA := ecdata
EC_DATA_LONDON := ecdata/london

EC_DATA_OSAKA := ecdata/osaka

EUC := euc

Expand Down Expand Up @@ -116,7 +118,6 @@ ZKEVM_MODULES_COMMON := ${CONSTANTS} \
${BIN} \
${BLAKE2f_MODEXP_DATA} \
${BLOCKHASH} \
${EC_DATA} \
${EUC} \
${EXP} \
${GAS} \
Expand All @@ -135,6 +136,7 @@ ZKEVM_MODULES_LONDON := ${ZKEVM_MODULES_COMMON} \
${CONSTANTS_LONDON} \
${TABLES_LONDON} \
${BLOCKDATA_LONDON} \
${EC_DATA_LONDON} \
${HUB_LONDON} \
${LOG_INFO_LONDON} \
${MMIO_LONDON} \
Expand All @@ -152,6 +154,7 @@ ZKEVM_MODULES_SHANGHAI := ${ZKEVM_MODULES_COMMON} \
${CONSTANTS_LONDON} \
${TABLES_LONDON} \
${BLOCKDATA_PARIS} \
${EC_DATA_LONDON} \
${HUB_SHANGHAI} \
${LOG_INFO_LONDON} \
${MMIO_LONDON} \
Expand All @@ -166,6 +169,7 @@ ZKEVM_MODULES_CANCUN := ${ZKEVM_MODULES_COMMON} \
${CONSTANTS_CANCUN} \
${TABLES_CANCUN} \
${BLOCKDATA_CANCUN} \
${EC_DATA_LONDON} \
${BLS_CANCUN} \
${HUB_CANCUN} \
${LOG_INFO_CANCUN} \
Expand All @@ -182,6 +186,7 @@ ZKEVM_MODULES_PRAGUE := ${ZKEVM_MODULES_COMMON} \
${CONSTANTS_PRAGUE} \
${TABLES_PRAGUE} \
${BLOCKDATA_CANCUN} \
${EC_DATA_LONDON} \
${BLS_PRAGUE} \
${HUB_PRAGUE} \
${LOG_INFO_CANCUN} \
Expand All @@ -199,6 +204,7 @@ ZKEVM_MODULES_OSAKA := ${ZKEVM_MODULES_COMMON} \
${TABLES_PRAGUE} \
${BLOCKDATA_CANCUN} \
${BLS_PRAGUE} \
${EC_DATA_OSAKA} \
${HUB_OSAKA} \
${LOG_INFO_CANCUN} \
${MMIO_CANCUN} \
Expand Down
6 changes: 6 additions & 0 deletions constants/constants.lisp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@
GAS_CONST_BLS_MAP_FP2_TO_G2 23800
GAS_CONST_BLS_PAIRING_CHECK 37700
GAS_CONST_BLS_PAIRING_CHECK_PAIR 32600
GAS_CONST_P256_VERIFY 6900
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; EVM MISC ;;
Expand Down Expand Up @@ -326,6 +327,7 @@
PRECOMPILE_CALL_DATA_UNIT_SIZE___BLS_PAIRING_CHECK 384
PRECOMPILE_CALL_DATA_SIZE___FP_TO_G1 64
PRECOMPILE_CALL_DATA_SIZE___FP2_TO_G2 128
PRECOMPILE_CALL_DATA_SIZE___P256_VERIFY 160

PRC_ECPAIRING_SIZE (* 6 WORD_SIZE)
PRECOMPILE_CALL_DATA_SIZE___BLAKE2F 213
Expand All @@ -340,6 +342,7 @@
PRECOMPILE_RETURN_DATA_SIZE___BLS_PAIRING_CHECK 32
PRECOMPILE_RETURN_DATA_SIZE___BLS_MAP_FP_TO_G1 128
PRECOMPILE_RETURN_DATA_SIZE___BLS_MAP_FP2_TO_G2 256
PRECOMPILE_RETURN_DATA_SIZE___P256_VERIFY 32

PRC_BLS_G1_MSM_MAX_DISCOUNT 519
PRC_BLS_G2_MSM_MAX_DISCOUNT 524
Expand Down Expand Up @@ -403,6 +406,8 @@
PHASE_ECMUL_RESULT 0x070B
PHASE_ECPAIRING_DATA 0x080A
PHASE_ECPAIRING_RESULT 0x080B
PHASE_P256_VERIFY_DATA 0x100A
PHASE_P256_VERIFY_RESULT 0x100B
Copy link

@cursor cursor bot Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Phase IDs collide for precompile operations

Phase constant collision: PHASE_P256_VERIFY_DATA is set to 0x100A, which is identical to the existing PHASE_BLS_MAP_FP_TO_G1_DATA constant (also 0x100A). These phase identifiers must be unique to correctly distinguish between different precompile operations. This collision will cause the system to confuse P256_VERIFY operations with BLS_MAP_FP_TO_G1 operations.

Fix in Cursor Fix in Web

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; BLS DATA MODULE ;;
Expand Down Expand Up @@ -521,6 +526,7 @@
OOB_INST_BLS_PAIRING_CHECK 0xFF0F
OOB_INST_BLS_MAP_FP_TO_G1 0xFF10
OOB_INST_BLS_MAP_FP2_TO_G2 0xFF11
OOB_INST_P256_VERIFY 0xF100
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; RLP* MODULE ;;
Expand Down
0 ecdata/columns.lisp → ecdata/london/columns.lisp
View file
Open in desktop
File renamed without changes.
0 ecdata/constants.lisp → ecdata/london/constants.lisp
View file
Open in desktop
File renamed without changes.
0 ecdata/constraints.lisp → ecdata/london/constraints.lisp
View file
Open in desktop
File renamed without changes.
0 ecdata/lookups/ecdata_into_ext.lisp → ecdata/london/lookups/ecdata_into_ext.lisp
View file
Open in desktop
File renamed without changes.
0 ecdata/lookups/ecdata_into_wcp.lisp → ecdata/london/lookups/ecdata_into_wcp.lisp
View file
Open in desktop
File renamed without changes.
80 changes: 80 additions & 0 deletions ecdata/osaka/columns.lisp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
(module ecdata)

(defcolumns
(STAMP :i32)
(ID :i32)
(INDEX :i16)
(LIMB :i128)
(TOTAL_SIZE :i16)
(PHASE :i16)
(INDEX_MAX :i16)
(SUCCESS_BIT :binary@prove)

(IS_ECRECOVER_DATA :binary@prove)
(IS_ECRECOVER_RESULT :binary@prove)
(IS_ECADD_DATA :binary@prove)
(IS_ECADD_RESULT :binary@prove)
(IS_ECMUL_DATA :binary@prove)
(IS_ECMUL_RESULT :binary@prove)
(IS_ECPAIRING_DATA :binary@prove)
(IS_ECPAIRING_RESULT :binary@prove)
(IS_P256_VERIFY_DATA :binary@prove)
(IS_P256_VERIFY_RESULT :binary@prove)

(TOTAL_PAIRINGS :i16)
(ACC_PAIRINGS :i16)
(INTERNAL_CHECKS_PASSED :binary@prove)
(HURDLE :binary@prove)
(BYTE_DELTA :byte@prove)
(CT :i3)
(CT_MAX :i3)
(IS_SMALL_POINT :binary@prove)
(IS_LARGE_POINT :binary@prove)
(NOT_ON_G2 :binary@prove)
(NOT_ON_G2_ACC :binary@prove)
(NOT_ON_G2_ACC_MAX :binary@prove)
(IS_INFINITY :binary@prove)
(OVERALL_TRIVIAL_PAIRING :binary@prove)
(G2_MEMBERSHIP_TEST_REQUIRED :binary@prove)
(ACCEPTABLE_PAIR_OF_POINTS_FOR_PAIRING_CIRCUIT :binary@prove)

(CIRCUIT_SELECTOR_ECRECOVER :binary@prove)
(CIRCUIT_SELECTOR_ECADD :binary@prove)
(CIRCUIT_SELECTOR_ECMUL :binary@prove)
(CIRCUIT_SELECTOR_ECPAIRING :binary@prove)
(CIRCUIT_SELECTOR_P256_VERIFY :binary@prove)
(CIRCUIT_SELECTOR_G2_MEMBERSHIP :binary@prove)

(WCP_FLAG :binary@prove)
(WCP_ARG1_HI :i128)
(WCP_ARG1_LO :i128)
(WCP_ARG2_HI :i128)
(WCP_ARG2_LO :i128)
(WCP_RES :binary)
(WCP_INST :byte :display :opcode)

(EXT_FLAG :binary@prove)
(EXT_ARG1_HI :i128)
(EXT_ARG1_LO :i128)
(EXT_ARG2_HI :i128)
(EXT_ARG2_LO :i128)
(EXT_ARG3_HI :i128)
(EXT_ARG3_LO :i128)
(EXT_RES_LO :i128)
(EXT_RES_HI :i128)
(EXT_INST :byte :display :opcode))

;; aliases
(defalias
ICP INTERNAL_CHECKS_PASSED
TRIVIAL_PAIRING OVERALL_TRIVIAL_PAIRING
G2MTR G2_MEMBERSHIP_TEST_REQUIRED
ACCPC ACCEPTABLE_PAIR_OF_POINTS_FOR_PAIRING_CIRCUIT
CS_ECRECOVER CIRCUIT_SELECTOR_ECRECOVER
CS_ECADD CIRCUIT_SELECTOR_ECADD
CS_ECMUL CIRCUIT_SELECTOR_ECMUL
CS_ECPAIRING CIRCUIT_SELECTOR_ECPAIRING
CS_P256_VERIFY CIRCUIT_SELECTOR_P256_VERIFY
CS_G2_MEMBERSHIP CIRCUIT_SELECTOR_G2_MEMBERSHIP)


46 changes: 46 additions & 0 deletions ecdata/osaka/constants.lisp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
(module ecdata)

(defconst
P_BN_HI 0x30644e72e131a029b85045b68181585d
P_BN_LO 0x97816a916871ca8d3c208c16d87cfd47
SECP256K1N_HI 0xffffffffffffffffffffffffffffffff
SECP256K1N_LO 0xfffffffffffffffffffffffefffffc2f
P_R1_HI 0xffffffff000000010000000000000000
P_R1_LO 0x00000000ffffffffffffffffffffffff
SECP256R1N_HI 0xffffffff00000000ffffffffffffffff
SECP256R1N_LO 0xbce6faada7179e84f3b9cac2fc632551
A_COEFF_R1_HI 0xffffffff000000010000000000000000
A_COEFF_R1_LO 0x00000000fffffffffffffffffffffffc
B_COEFF_R1_HI 0x5ac635d8aa3a93e7b3ebbd55769886bc
B_COEFF_R1_LO 0x651d06b0cc53b0f63bce3c3e27d2604b
MULMOD 0x09
ADDMOD 0x08
ECRECOVER 0x01
ECADD 0x06
ECMUL 0x07
ECPAIRING 0x08
P256_VERIFY 0x100
INDEX_MAX_ECRECOVER_DATA 7
INDEX_MAX_ECADD_DATA 7
INDEX_MAX_ECMUL_DATA 5
INDEX_MAX_ECPAIRING_DATA_MIN 11
INDEX_MAX_ECRECOVER_RESULT 1
INDEX_MAX_ECADD_RESULT 3
INDEX_MAX_ECMUL_RESULT 3
INDEX_MAX_ECPAIRING_RESULT 1
INDEX_MAX_P256_VERIFY_DATA 10
Copy link

@cursor cursor bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Data Index Error Impacts Verification

The INDEX_MAX_P256_VERIFY_DATA constant is set to 10, but P256_VERIFY data has 10 limbs with indices 0-9, making the maximum index 9. This off-by-one error causes internal_checks_passed to be read from the wrong HURDLE offset in the justify-success-bit-256-verify constraint.

Fix in Cursor Fix in Web

INDEX_MAX_P256_VERIFY_RESULT 1
TOTAL_SIZE_ECRECOVER_DATA 128
TOTAL_SIZE_ECADD_DATA 128
TOTAL_SIZE_ECMUL_DATA 96
TOTAL_SIZE_ECPAIRING_DATA_MIN 192
TOTAL_SIZE_ECRECOVER_RESULT 32
TOTAL_SIZE_ECADD_RESULT 64
TOTAL_SIZE_ECMUL_RESULT 64
TOTAL_SIZE_ECPAIRING_RESULT 32
TOTAL_SIZE_P256_VERIFY_DATA 160
TOTAL_SIZE_P256_VERIFY_RESULT 32
CT_MAX_SMALL_POINT 3
CT_MAX_LARGE_POINT 7)


Loading
Loading