EIP-7951: Precompile for secp256r1 Curve Support #2452
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Show resolved
Hide resolved
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Outdated
Show resolved
Hide resolved
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Show resolved
Hide resolved
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Outdated
Show resolved
Hide resolved
| // Set success bit and output limb | ||
| successBit = returnData.bitLength() / 8 == TOTAL_SIZE_P256_VERIFY_RESULT; | ||
| limb.set(8, Bytes.EMPTY); | ||
| limb.set(9, successBit ? returnData.slice(16, 16) : Bytes.EMPTY); |
There was a problem hiding this comment.
Bug: Flawed P256 Verify Handling: Misread Result, Unused Variable
In handleP256Verify, the successBit is set based on return data size (returnData.bitLength() / 8 == TOTAL_SIZE_P256_VERIFY_RESULT) rather than the actual verification result. The return data extraction and validation logic appears incomplete, and the recoveredAddress variable is declared but never used meaningfully.
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Show resolved
Hide resolved
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Outdated
Show resolved
Hide resolved
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Outdated
Show resolved
Hide resolved
arithmetization/src/main/java/net/consensys/linea/zktracer/module/ecdata/EcDataOperation.java
Outdated
Show resolved
Hide resolved
| // hubSuccess ≡ true | ||
|
|
||
| // ECRECOVER can only be FAILURE_KNOWN_TO_HUB or some form of SUCCESS_XXXX_REVERT | ||
| // TODO: what about P256_VERIFY? |
There was a problem hiding this comment.
Bug: Incomplete RAM failure categorization for precompiles
P256_VERIFY is excluded from the check that sets PRC_FAILURE_KNOWN_TO_RAM scenario when OOB succeeds but the precompile fails. Like ECADD, ECMUL, and ECPAIRING, P256_VERIFY performs internal validation checks (signature parameters, curve membership) that can fail after OOB checks pass. Without this, P256_VERIFY failures won't be properly categorized as RAM-level failures.
| // hubSuccess ≡ true | ||
|
|
||
| // ECRECOVER can only be FAILURE_KNOWN_TO_HUB or some form of SUCCESS_XXXX_REVERT | ||
| // TODO: what about P256_VERIFY? |
There was a problem hiding this comment.
Bug: Standardize Precompile Failure Handling Logic
PRC_P256_VERIFY is missing from the condition that sets the scenario to PRC_FAILURE_KNOWN_TO_RAM when hubSuccess && !callSuccess. The TODO comment on line 136 explicitly questions whether P256_VERIFY should be included. Since P256_VERIFY is an elliptic curve precompile similar to ECADD, ECMUL, and ECPAIRING, it likely needs the same failure handling logic to correctly set the scenario when hub validation succeeds but the precompile call fails.
| // Set success bit and output limb | ||
| successBit = returnData.toArray().length == TOTAL_SIZE_P256_VERIFY_RESULT; | ||
| limb.set(10, Bytes.EMPTY); | ||
| limb.set(11, successBit ? returnData.slice(16, 16) : Bytes.EMPTY); |
There was a problem hiding this comment.
Bug: Incomplete P256 Verification Output
In handleP256Verify(), the result limbs are not populated correctly. limb.set(10, Bytes.EMPTY) should instead set it to returnData.slice(0, 16) to capture the full hi/lo parts of the verification result, similar to other precompile handlers like handleRecover().
Note
Add secp256r1 (P-256) VERIFY precompile tracing with counters, Osaka constants, MMU/OOB wiring, and extensive tests; refactor BLS OOB helpers under post-Cancun.
PRC_P256_VERIFYinEcDataOperation: input parsing, internal checks (range, nonzero, on-curve),callToR1Membership, result formatting; exposereturnData.isP256VerifyData/Resulttrace flags and phases; useWCP.ISZEROfor zero checks.PRECOMPILE_P256_VERIFY_EFFECTIVE_CALLStoModuleName; new incrementing modules inZkCounterandHub; wire intoEcData.PrecompileScenarioFragmentwithPRC_P256_VERIFY(address mapping, data/result phases, validation, line counts); add toCallSection.P256VerifyOobCall.*PostCancunPrecompilesand select EC/BLS paths; adjust expected return sizes.common.postCancunpackages.TraceOsaka.P256VerifyTestand large vector filep256_verify_test_vectors.json.Written by Cursor Bugbot for commit c9aa4d2. This will update automatically on new commits. Configure here.