Skip to content

EIP-7951: Precompile for secp256r1 Curve Support #817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 54 commits into from
Nov 22, 2025
Merged

EIP-7951: Precompile for secp256r1 Curve Support #817

merged 54 commits into from
Nov 22, 2025

Conversation

@lorenzogentile404
Copy link
Contributor

@lorenzogentile404 lorenzogentile404 commented Oct 27, 2025
edited by cursor bot
Loading

Note

Introduce P256_VERIFY (secp256r1) precompile end-to-end, with constants, phases, OOB opcode, ECData/OOB/Hub constraints, and scenario/plumbing; also refactor/adjust related selectors and ECRECOVER checks.

  • Precompile support (Osaka/Global):
    • Add P256_VERIFY precompile: gas cost (GAS_CONST_P256_VERIFY), call/return sizes, phases (PHASE_P256_VERIFY_*), and OOB opcode (OOB_INST_P256_VERIFY).
  • ECData (Osaka):
    • Extend columns with IS_P256_VERIFY_* and circuit selector CIRCUIT_SELECTOR_P256_VERIFY.
    • Implement P-256 verification constraints (range checks, R1 curve membership, result wiring) and utilities (R1 field params, membership helpers).
    • Update index/size/phase sums to include P256; allow transitions/ICPs with P256.
  • Hub (Osaka):
    • Add scenario flag PRC_P256_VERIFY and integrate into NSR/flag sums, GAS/NSR, success/failure justifications, and MMU transfers.
    • New success path shared with ECRECOVER for full/partial return handling; extend common generalities and sanity checks to Osaka.
  • OOB (Osaka):
    • Add IS_P256_VERIFY, CT_MAX_P256_VERIFY; integrate into weighted sums, phases, and ct-max.
    • Introduce unified fixed-size/cost handler for Cancun/Prague/Osaka precompiles (incl. P256); replace/remove older BLS fixed-size file; split shorthands into flag_sums, inst_sums, ctmax_sums, lookup_sums.
    • Heartbeat uses ct-max-sum (rename from maxct-sum).
  • ECData (London/Osaka) tweaks:
    • Switch positivity checks in ECRECOVER to ISZERO and adjust success-bit logic.
    • Convert circuit selectors to defcomputedcolumn and tighten selector binarity property.
  • Build/Constants:
    • Wire Osaka modules and constants; add P-256 sizes/constants to constants/constants.lisp.

Written by Cursor Bugbot for commit 3c4fc31. This will update automatically on new commits. Configure here.

@lorenzogentile404 lorenzogentile404 linked an issue Oct 27, 2025 that may be closed by this pull request
EIP-7951: Precompile for secp256r1 Curve Support #780
Closed
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

lorenzogentile404
lorenzogentile404 commented Oct 28, 2025
View reviewed changes
lorenzogentile404
lorenzogentile404 commented Oct 28, 2025
View reviewed changes
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]
cursor bot reviewed Nov 4, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 5, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 5, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 7, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 12, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 12, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 15, 2025
View reviewed changes
@OlivierBBB OlivierBBB force-pushed the 780-eip-7951-precompile-for-secp256r1-curve-support branch from 9bbfdce to aeb7677 Compare November 21, 2025 12:21
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
@OlivierBBB OlivierBBB force-pushed the 780-eip-7951-precompile-for-secp256r1-curve-support branch from e2e3261 to 2348a08 Compare November 21, 2025 13:44
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
ecdata/osaka/constraints.lisp
P_x_cube_plus_a_times_P_x_lo)
(eq! P_is_in_range (* P_x_is_in_range P_y_is_in_range))
(eq! R1_membership
(* P_is_in_range (- 1 P_is_point_at_infinity) P_satisfies_cubic))
Copy link

@cursor cursor bot Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: R1 membership incorrectly rejects point at infinity

The R1_membership calculation uses (* P_is_in_range (- 1 P_is_point_at_infinity) P_satisfies_cubic) which incorrectly rejects the point at infinity. This differs from C1_membership which correctly uses (* P_is_in_range (+ P_is_point_at_infinity P_satisfies_cubic)) to accept either the point at infinity or points satisfying the curve equation. The secp256r1 curve should accept the point at infinity as valid, so the formula needs (+ P_is_point_at_infinity P_satisfies_cubic) instead of (- 1 P_is_point_at_infinity) P_satisfies_cubic.

Fix in Cursor Fix in Web

@OlivierBBB OlivierBBB merged commit dc3b783 into master Nov 22, 2025
8 checks passed
@OlivierBBB OlivierBBB deleted the 780-eip-7951-precompile-for-secp256r1-curve-support branch November 22, 2025 01:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

EIP-7951: Precompile for secp256r1 Curve Support

4 participants

@lorenzogentile404 @OlivierBBB @amkCha