-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
21 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,12 @@ | ||
| ## EIP-7212 fallback `P256Verifier` contract | ||
|
|
||
| This repo implements a gas-efficient P256 signature verifier based on [Renaud Dubois from Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib). | ||
|
|
||
| Verifying a signature costs about 200k gas. Pure function, no precomputation. | ||
|
|
||
| This implementation is a fallback contract exactly matching the proposed [EIP-7212 precompile](https://eips.ethereum.org/EIPS/eip-7212), letting us ship it as a [progressive precompile](https://ethereum-magicians.org/t/progressive-precompiles-via-create2-shadowing/). | ||
| This repo implements a gas-efficient P256 signature verifier inspired by [Renaud Dubois's implementation](https://github.com/rdubois-crypto/FreshCryptoLib). Verifying a signature costs about 200k gas. Pure function, no precomputation. | ||
|
|
||
| **The contract exists at a deterministic CREATE2 address. You can use it on any EVM chain. If a chain has implemented EIP-7212, you pay ~3k gas. If not, you pay ~200k gas. Either way, the contract address and results are identical.** | ||
|
|
||
| The secp256r1 elliptic curve, aka P256, is interesting because it's a widely implemented standard. P256 is used in hardware keys such as Yubikey, Apple's Secure Element, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys. | ||
| This contract matches the proposed [EIP-7212 precompile](https://eips.ethereum.org/EIPS/eip-7212), letting us ship it as a [progressive precompile](https://ethereum-magicians.org/t/progressive-precompiles-via-create2-shadowing/). | ||
|
|
||
| The secp256r1 elliptic curve, aka P256, is interesting because it's supported by high-quality consumer enclaves including Yubikey, Apple's Secure Enclave, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys. | ||
|
|
||
| ## Development | ||
|
|
||
|
|
@@ -18,11 +16,25 @@ Run `foundryup` to ensure you have the latest foundry. Then, | |
| git clone --recurse-submodules [email protected]:daimo-eth/eip-7212 | ||
| cd eip-7212 | ||
| forge test --via-ir -vv | ||
| ``` | ||
|
|
||
| This runs test input and output handling as well as all applicable Wycheproof | ||
| test vectors, covering a range of edge cases. | ||
|
|
||
| # Coverage. Install the recommended extension to view. | ||
| <details> | ||
| <summary>Code coverage</summary> | ||
| Install the recommended extension to view line-by-line test coverage. | ||
| To regenerate coverage: | ||
|
|
||
| ``` | ||
| forge coverage --via-ir --ir-minimum --report lcov | ||
| ``` | ||
|
|
||
| </details> | ||
|
|
||
| <details> | ||
| <summary>Test vectors</summary> | ||
|
|
||
| To regenerate test vectors: | ||
|
|
||
| ``` | ||
|
|
@@ -43,3 +55,5 @@ forge test --via-ir -vv | |
| # In future, execution spec and clients can test against the same clean vectors | ||
| ``` | ||
|
|
||
| </details> | ||