feat: P256Verify precompile glue (#1739)

commit 7b78570
Author: Ivo Kubjas <[email protected]>
Date:   Mon Nov 24 12:50:12 2025 +0000

    chore: gnark update to master

commit 9c19167
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 03:19:28 2025 +0000

    fix: ensure assignment is called

commit 03437cf
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:53:20 2025 +0000

    feat: define p256 input instance count

commit 1cf0482
Merge: 81d6377 c5117f9
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:50:51 2025 +0000

    Merge branch 'feat/bls-glue' into feat/secp256r1

commit c5117f9
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:48:12 2025 +0000

    feat: add default circuit sizes

commit 81d6377
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:47:29 2025 +0000

    feat: loat p256 module

commit abedf2e
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:45:28 2025 +0000

    fix: correct instance number calculation

commit 0aab08d
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:44:58 2025 +0000

    docs: circuit size

commit bdfa261
Author: Ivo Kubjas <[email protected]>
Date:   Wed Nov 19 02:44:24 2025 +0000

    chore: gnark update

commit 1ae0acc
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 12:06:59 2025 +0000

    docs: refer to test vector location

commit 2aa908b
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 12:05:31 2025 +0000

    test: include generated tests

commit d4094d3
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 12:05:18 2025 +0000

    test: implement unit tests

commit dae2651
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 12:05:05 2025 +0000

    test: do not write noop test cases

commit 119bd71
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 12:04:38 2025 +0000

    feat: implement inputfiller

commit 7620614
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 11:27:39 2025 +0000

    test: add testdata generator

commit 332f497
Author: Ivo Kubjas <[email protected]>
Date:   Tue Nov 18 11:27:07 2025 +0000

    fix: enforce public vars

commit cb05285
Author: Ivo Kubjas <[email protected]>
Date:   Mon Nov 17 11:45:14 2025 +0000

    chore: implement p256verify glue

commit e19129c
Author: Ivo Kubjas <[email protected]>
Date:   Mon Nov 17 11:44:58 2025 +0000

    chore: gnark update

commit 439b911
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 21:08:48 2025 +0000

    fix: more unique constraint names

commit be09cf7
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:52:05 2025 +0000

    fix: incorrect limb count for scalar

commit 206ee01
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:48:05 2025 +0000

    fix: ensure unique constraints

commit afbfaee
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:43:31 2025 +0000

    fix: store new rangechecker

commit dd4e1eb
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:20:59 2025 +0000

    chore: clarify error message

commit f76c7c4
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:18:36 2025 +0000

    chore: remove excessive logging

commit b83d78c
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:14:15 2025 +0000

    fix: compilation errors

commit 6f60e01
Merge: 5fdb039 cbf344e
Author: Ivo Kubjas <[email protected]>
Date:   Sun Nov 16 20:12:33 2025 +0000

    Merge branch 'main' into feat/bls-glue

commit 5fdb039
Author: Ivo Kubjas <[email protected]>
Date:   Fri Sep 26 08:14:18 2025 +0000

    test: make source local

commit 4d526ed
Author: Ivo Kubjas <[email protected]>
Date:   Mon Sep 29 22:18:09 2025 +0000

    feat: integrate BLS precompile with zkevm

commit 81a8876
Author: Ivo Kubjas <[email protected]>
Date:   Mon Sep 29 22:17:48 2025 +0000

    docs: limits documentation

commit a102526
Author: Ivo Kubjas <[email protected]>
Date:   Mon Sep 29 22:17:26 2025 +0000

    feat: precise bls source getters

commit d312c3d
Author: Ivo Kubjas <[email protected]>
Date:   Mon Sep 29 13:14:35 2025 +0000

    test: regenerate testdata

commit b392c30
Author: Ivo Kubjas <[email protected]>
Date:   Mon Sep 29 11:36:29 2025 +0000

    fix: align G2 tower order with gnark

commit e823165
Author: Ivo Kubjas <[email protected]>
Date:   Fri Sep 26 13:09:09 2025 +0000

    feat: remove circuit number limits

commit 152d2a0
Author: Ivo Kubjas <[email protected]>
Date:   Wed Sep 24 11:28:54 2025 +0000

    test: update included test files

commit 3bf1ff6
Author: Ivo Kubjas <[email protected]>
Date:   Wed Sep 24 10:49:29 2025 +0000

    fix: change ordering of serialized values

commit c1bb5b6
Author: Ivo Kubjas <[email protected]>
Date:   Thu Sep 18 09:36:56 2025 +0000

    chore: go mod tidy

commit 9b138df
Author: Ivo Kubjas <[email protected]>
Date:   Fri Sep 5 11:37:24 2025 +0000

    test: add BLS testdata generator

commit 44d9251
Author: Ivo Kubjas <[email protected]>
Date:   Tue Sep 2 11:05:12 2025 +0000

    test: include minimal number of test files

commit 81d4abf
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:09:24 2025 +0000

    feat: add BLS precompile glue

commit 6902d28
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:09:01 2025 +0000

    feat: csvtraces fill up to column size

commit ae6bc69
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:07:38 2025 +0000

    fix: gnark schema walker field

commit 896ba98
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:07:17 2025 +0000

    fix: typed builder

commit af228c7
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:06:50 2025 +0000

    fix: remove unused test engine option

commit 8bbd5ba
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:06:38 2025 +0000

    fix: gnark logderiv interface change

commit 2d1d55e
Author: Ivo Kubjas <[email protected]>
Date:   Fri Aug 29 15:05:50 2025 +0000

    chore: cherry pick gkr changes from smallfield

commit b6a374a
Author: Ivo Kubjas <[email protected]>
Date:   Thu Sep 18 09:35:46 2025 +0000

    chore: gnark dependency update

Author: ivokub

prover/go.mod

@@ -5,7 +5,7 @@ go 1.24.6
 require (
 	github.com/bits-and-blooms/bitset v1.24.0
 	github.com/consensys/compress v0.2.5
-	github.com/consensys/gnark v0.14.1-0.20251115181224-9c9cf0deb462
+	github.com/consensys/gnark v0.14.1-0.20251124124756-6a0918db4556
 	github.com/consensys/gnark-crypto v0.19.3-0.20251115174214-022ec58e8c19
 	github.com/consensys/go-corset v1.1.28
 	github.com/crate-crypto/go-kzg-4844 v1.1.0
@@ -28,9 +28,9 @@ require (
 	github.com/spf13/cobra v1.10.1
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.11.1
-	golang.org/x/crypto v0.42.0
-	golang.org/x/net v0.43.0
-	golang.org/x/sync v0.17.0
+	golang.org/x/crypto v0.45.0
+	golang.org/x/net v0.47.0
+	golang.org/x/sync v0.18.0
 	golang.org/x/time v0.9.0
 )
 
@@ -83,7 +83,7 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/text v0.29.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 )
@@ -94,6 +94,6 @@ require (
 	github.com/pkg/profile v1.7.0
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b
-	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

prover/go.sum

@@ -74,8 +74,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk=
 github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk=
-github.com/consensys/gnark v0.14.1-0.20251115181224-9c9cf0deb462 h1:X2GtytWZIH0PT0g4RfFWu/56Fhus9Uf08cEacDmbN+E=
-github.com/consensys/gnark v0.14.1-0.20251115181224-9c9cf0deb462/go.mod h1:y3yL/y4fe6pg5Hakknn5r8ukr19T6l8OZq90+PHVM1o=
+github.com/consensys/gnark v0.14.1-0.20251124124756-6a0918db4556 h1:DLtPn4esNLrqdP0FIZJhPu4yxIzvjSPxEkz68c7R/ew=
+github.com/consensys/gnark v0.14.1-0.20251124124756-6a0918db4556/go.mod h1:XBV7LkFSZq5AyQhdEN1Y6ntm/QNdu7lnKNvZnh25O7I=
 github.com/consensys/gnark-crypto v0.19.3-0.20251115174214-022ec58e8c19 h1:uUbFaofcFwkv5T/zbR/Gyfm06v84Rua9a1xv9VZrPAA=
 github.com/consensys/gnark-crypto v0.19.3-0.20251115174214-022ec58e8c19/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E=
 github.com/consensys/go-corset v1.1.28 h1:4vaaIFAWCzEgGTz6YGm8rt7+0F6mHDT8DS2u+WWslFw=
@@ -459,8 +459,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -540,8 +540,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -567,8 +567,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -625,8 +625,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -641,8 +641,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

prover/zkevm/full.go

@@ -23,6 +23,7 @@ import (
 	"github.com/consensys/linea-monorepo/prover/zkevm/prover/hash/keccak"
 	"github.com/consensys/linea-monorepo/prover/zkevm/prover/hash/sha2"
 	"github.com/consensys/linea-monorepo/prover/zkevm/prover/modexp"
+	"github.com/consensys/linea-monorepo/prover/zkevm/prover/p256verify"
 	"github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager"
 	"github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/accumulator"
 )
@@ -250,6 +251,9 @@ func FullZKEVMWithSuite(tl *config.TracesLimits, suite CompilationSuite, cfg *co
 			NbPointEvalInputInstances:        NbInputPerInstanceBLSPointEval,
 			NbPointEvalFailureInputInstances: NbInputPerInstanceBLSPointEvalFailure,
 		},
+		P256Verify: p256verify.Limits{
+			NbInputInstances: NbInputPerInstanceP256Verify,
+		},
 	}
 
 	// Initialize the Full zkEVM arithmetization

prover/zkevm/prover/p256verify/circuit.go

@@ -0,0 +1,99 @@
+package p256verify
+
+import (
+	"fmt"
+
+	"github.com/consensys/gnark/frontend"
+	"github.com/consensys/gnark/std/evmprecompiles"
+	"github.com/consensys/gnark/std/math/bitslice"
+	"github.com/consensys/gnark/std/math/emulated"
+	"github.com/consensys/gnark/std/math/emulated/emparams"
+)
+
+const (
+	nbBits  = 128 // for large-field we use 128-bit limbs both for base and scalar fields
+	nbBytes = nbBits / 8
+
+	nbFrLimbs  = 2 // P-256 scalar field represented with 2 limbs of 128 bits
+	nbFpLimbs  = 2 // P-256 base field represented with 2 limbs of 128 bits
+	nbResLimbs = 2
+
+	nbG1Limbs = 2 * nbFpLimbs // (Ax, Ay)
+
+	nbRows = 3*nbFrLimbs + nbG1Limbs + nbResLimbs // msg
+)
+
+type scalarfield = emparams.P256Fr
+type basefield = emparams.P256Fp
+
+var fpParams basefield
+var frParams scalarfield
+
+type scalarElementWizard struct {
+	S [nbFrLimbs]frontend.Variable
+}
+
+func (c scalarElementWizard) ToElement(api frontend.API, fr *emulated.Field[scalarfield]) *emulated.Element[scalarfield] {
+	Slimbs := make([]frontend.Variable, frParams.NbLimbs())
+	Slimbs[2], Slimbs[3] = bitslice.Partition(api, c.S[0], 64, bitslice.WithNbDigits(128))
+	Slimbs[0], Slimbs[1] = bitslice.Partition(api, c.S[1], 64, bitslice.WithNbDigits(128))
+	return fr.NewElement(Slimbs)
+}
+
+type baseElementWizard struct {
+	P [nbFpLimbs]frontend.Variable
+}
+
+func (c baseElementWizard) ToElement(api frontend.API, fp *emulated.Field[basefield]) *emulated.Element[basefield] {
+	Plimbs := make([]frontend.Variable, fpParams.NbLimbs())
+	Plimbs[2], Plimbs[3] = bitslice.Partition(api, c.P[0], 64, bitslice.WithNbDigits(128))
+	Plimbs[0], Plimbs[1] = bitslice.Partition(api, c.P[1], 64, bitslice.WithNbDigits(128))
+	return fp.NewElement(Plimbs)
+}
+
+type p256VerifyInstance struct {
+	H        scalarElementWizard           `gnark:",public"`
+	R        scalarElementWizard           `gnark:",public"`
+	S        scalarElementWizard           `gnark:",public"`
+	Qx       baseElementWizard             `gnark:",public"`
+	Qy       baseElementWizard             `gnark:",public"`
+	Expected [nbResLimbs]frontend.Variable `gnark:",public"`
+}
+
+type multiP256VerifyInstanceCircuit struct {
+	Instances []p256VerifyInstance
+}
+
+func (c *multiP256VerifyInstanceCircuit) Define(api frontend.API) error {
+	scalarApi, err := emulated.NewField[scalarfield](api)
+	if err != nil {
+		return fmt.Errorf("new scalar field: %w", err)
+	}
+	baseApi, err := emulated.NewField[basefield](api)
+	if err != nil {
+		return fmt.Errorf("new base field: %w", err)
+	}
+
+	nbInstances := len(c.Instances)
+	for i := 0; i < nbInstances; i++ {
+		h := c.Instances[i].H.ToElement(api, scalarApi)
+		r := c.Instances[i].R.ToElement(api, scalarApi)
+		s := c.Instances[i].S.ToElement(api, scalarApi)
+		qx := c.Instances[i].Qx.ToElement(api, baseApi)
+		qy := c.Instances[i].Qy.ToElement(api, baseApi)
+		// the high limb of the result is always zero
+		api.AssertIsEqual(c.Instances[i].Expected[0], 0)
+		// the expected result should be boolean
+		expected := c.Instances[i].Expected[1]
+		api.AssertIsBoolean(expected)
+		res := evmprecompiles.P256Verify(api, h, r, s, qx, qy)
+		api.AssertIsEqual(res, expected)
+	}
+	return nil
+}
+
+func newP256VerifyCircuit(limits *Limits) frontend.Circuit {
+	return &multiP256VerifyInstanceCircuit{
+		Instances: make([]p256VerifyInstance, limits.NbInputInstances),
+	}
+}

prover/zkevm/prover/p256verify/input_filler.go

@@ -0,0 +1,34 @@
+package p256verify
+
+import (
+	"github.com/consensys/linea-monorepo/prover/maths/field"
+	"github.com/consensys/linea-monorepo/prover/protocol/dedicated/plonk"
+)
+
+const (
+	input_filler_key = "p256-verify-input-filler"
+)
+
+func init() {
+	plonk.RegisterInputFiller(input_filler_key, inputFiller)
+}
+
+func inputFiller(circuitInstance, inputIndex int) field.Element {
+	datas := []string{
+		// h
+		"0", "0",
+		// r
+		"0", "1",
+		// s
+		"0", "1",
+		// qx
+		"0x77037d812deb33a0f4a13945d898c296",
+		"0x6b17d1f2e12c4247f8bce6e563a440f2",
+		// qy
+		"0x2bce33576b315ececbb6406837bf51f5",
+		"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e16",
+		// expected result
+		"0", "0",
+	}
+	return field.NewFromString(datas[inputIndex%nbRows])
+}

prover/zkevm/prover/p256verify/limits.go

@@ -0,0 +1,10 @@
+package p256verify
+
+// Limits defines limits for P256Verify module.
+type Limits struct {
+	// NbInputInstances is the number of P256 input instances per a single
+	// verification circuit. gnark circuit size approximately 709k constraints
+	// and in Plonk-in-Wizard (with externalized range checks) approximately
+	// 183k rows per instance.
+	NbInputInstances int
+}

prover/zkevm/prover/p256verify/module.go

@@ -0,0 +1,83 @@
+package p256verify
+
+import (
+	"fmt"
+
+	"github.com/consensys/linea-monorepo/prover/protocol/dedicated/plonk"
+	"github.com/consensys/linea-monorepo/prover/protocol/ifaces"
+	"github.com/consensys/linea-monorepo/prover/protocol/query"
+	"github.com/consensys/linea-monorepo/prover/protocol/wizard"
+)
+
+const (
+	NAME_P256_VERIFY = "P256_VERIFY"
+	moduleName       = "ECDATA"
+	ROUND_NR         = 0
+)
+
+func colNameFn(colName string) ifaces.ColID {
+	return ifaces.ColID(fmt.Sprintf("%s.%s", moduleName, colName))
+}
+
+type p256VerifyDataSource struct {
+	ID       ifaces.Column
+	CS       ifaces.Column
+	Limb     ifaces.Column
+	Index    ifaces.Column
+	IsData   ifaces.Column
+	IsResult ifaces.Column
+}
+
+func newP256VerifyDataSource(comp *wizard.CompiledIOP) *p256VerifyDataSource {
+	return &p256VerifyDataSource{
+		ID:       comp.Columns.GetHandle(colNameFn("ID")),
+		CS:       comp.Columns.GetHandle(colNameFn("CIRCUIT_SELECTOR_P256_VERIFY")),
+		Limb:     comp.Columns.GetHandle(colNameFn("LIMB")),
+		Index:    comp.Columns.GetHandle(colNameFn("INDEX")),
+		IsData:   comp.Columns.GetHandle(colNameFn("DATA_P256_VERIFY_FLAG")),
+		IsResult: comp.Columns.GetHandle(colNameFn("RSLT_P256_VERIFY_FLAG")),
+	}
+}
+
+type P256Verify struct {
+	*p256VerifyDataSource
+	p256VerifyGnarkData *plonk.Alignment
+	*Limits
+}
+
+func newP256Verify(_ *wizard.CompiledIOP, limits *Limits, src *p256VerifyDataSource) *P256Verify {
+	res := &P256Verify{
+		p256VerifyDataSource: src,
+		Limits:               limits,
+	}
+
+	return res
+}
+
+func (pv *P256Verify) WithCircuit(comp *wizard.CompiledIOP, options ...query.PlonkOption) *P256Verify {
+	nbRowsPerCircuit := nbRows * pv.Limits.NbInputInstances
+	maxNbCircuits := (pv.p256VerifyDataSource.CS.Size() + nbRowsPerCircuit - 1) / nbRowsPerCircuit
+
+	toAlign := &plonk.CircuitAlignmentInput{
+		Name:               fmt.Sprintf("%s_ALIGNMENT", NAME_P256_VERIFY),
+		Round:              ROUND_NR,
+		DataToCircuitMask:  pv.p256VerifyDataSource.CS,
+		DataToCircuit:      pv.p256VerifyDataSource.Limb,
+		Circuit:            newP256VerifyCircuit(pv.Limits),
+		NbCircuitInstances: maxNbCircuits,
+		PlonkOptions:       options,
+		InputFillerKey:     input_filler_key,
+	}
+	pv.p256VerifyGnarkData = plonk.DefineAlignment(comp, toAlign)
+	return pv
+}
+
+func (pv *P256Verify) Assign(run *wizard.ProverRuntime) {
+	if pv.p256VerifyGnarkData != nil {
+		pv.p256VerifyGnarkData.Assign(run)
+	}
+}
+
+func NewP256VerifyZkEvm(comp *wizard.CompiledIOP, limits *Limits) *P256Verify {
+	return newP256Verify(comp, limits, newP256VerifyDataSource(comp))
+}