# RIP-7217 Implementation Assessment ## Overview Implement the `P256VERIFY` precompile that perform singature verification using `secp256r1` at address `0x100`. ## Resources - Video tutorial: [Can EIP-7212 Solve Ethereum's UX?](https://www.youtube.com/watch?v=HVlHfudlbgE&t=310s) - [A collection of EIP-7212 resources](https://gist.github.com/ulerdogan/8e3d2987d3f42132d9e6317e6be838d0) - [Wycheproof](https://github.com/C2SP/wycheproof) projects that test crypto libraries against known attacks, with secp256r1 [test cases](https://github.com/C2SP/wycheproof/blob/master/testvectors/ecdh_secp256r1_test.json). - Community discussion forum in [eth-magician](https://ethereum-magicians.org/t/eip-7212-precompiled-for-secp256r1-curve-support/14789/96) - [Current State of Verifying P256 Curve](https://hackmd.io/@1ofB8klpQky-YoR5pmPXFQ/SJ0nuzD1T) ## Implementation Status ### Geth - [Implementation](https://github.com/ethereum/go-ethereum/pull/27540/files) - [Test Cases](https://github.com/ulerdogan/go-ethereum/blob/ulerdogan-secp256r1/core/vm/testdata/precompiles/p256Verify.json) - This might be helpful for our testing - Note: Geth previously implemented secp256r1 for benchmark test with `ecrecover` ### Op-geth - [Implementation](https://github.com/ethereum-optimism/op-geth/pull/168) - This is done in [Fjord](https://specs.optimism.io/protocol/precompiles.html#P256VERIFY) upgrade - Test Cases: - Unit test under `core/vm/testdata/precompiles/p256Verify.json` file, similar to Geth tests. - Testing Upgrade: https://github.com/ethereum-optimism/optimism/blob/ddbb1a113792d6b1d757f9aef6574964ad4816ce/op-e2e/opgeth/op_geth_test.go#L1008 - Precompile test: https://github.com/ethereum-optimism/optimism/blob/develop/op-e2e/actions/proofs/precompile_test.go ### Polygon - [Implementation](https://github.com/maticnetwork/bor/pull/1069) - Note: the implementation is similar to geth implementation. ### Erigon - [Implementation](https://github.com/erigontech/erigon/pull/8975) - Note: It is similar to the Polygon bor implementation (Cherry Picks) ### Nethermind - [Implementation](https://github.com/NethermindEth/nethermind/blob/1a07baf79469352474bb54e6ac28d7db05c4e580/src/Nethermind/Nethermind.Evm/Precompiles/Secp256r1Precompile.cs#L12) - [Test Cases](https://github.com/NethermindEth/nethermind/blob/5d16b7e533e4bb71afa075d382f7113789aaf6d7/src/Nethermind/Nethermind.Evm.Test/Secp256r1PrecompileTests.cs#L13) ### Besu - Implementation: [Besu Native Library](https://github.com/hyperledger/besu-native/tree/82eeb245428ab1e42d1cbfa9bfa8f89dd4f5c59d/secp256r1), [Besu Client](https://github.com/hyperledger/besu/blob/main/crypto/algorithms/src/main/java/org/hyperledger/besu/crypto/SECP256R1.java) - [TBD] it [throws error](https://github.com/hyperledger/besu-native/blob/82eeb245428ab1e42d1cbfa9bfa8f89dd4f5c59d/secp256r1/src/main/java/org/hyperledger/besu/nativelib/secp256r1/LibSECP256R1.java#L62) when verification fails - Test Cases: [Besu Native Library](https://github.com/hyperledger/besu-native/blob/82eeb245428ab1e42d1cbfa9bfa8f89dd4f5c59d/secp256r1/src/test/java/org/hyperledger/besu/nativelib/secp256r1/LibSECP256R1Test.java) / [Besu Client](https://github.com/hyperledger/besu/blob/main/crypto/algorithms/src/test/java/org/hyperledger/besu/crypto/SECP256R1Test.java) ### ZkSync - [Implementation](https://github.com/matter-labs/era-contracts/blob/658404c24af4379084759118bf95037d42c148f1/system-contracts/contracts/precompiles/P256Verify.yul#L60) - This is implemented in Yul language - [Test Cases](https://github.com/matter-labs/era-contracts/blob/658404c24af4379084759118bf95037d42c148f1/system-contracts/test/P256Verify.spec.ts) ### Revm - [Implementation](https://github.com/alessandromazza98/revm/blob/eip-7212/crates/precompile/src/secp256r1.rs) - [Reth Book](https://reth.rs/docs/reth_revm/precompile/secp256r1/index.html) - Note: [explanation](https://alessandromazza.notion.site/P256VERIFY-Precompile-in-Revm-ca2f782a91214b7d99f130cba8ceaed5?pvs=4) provided. ### Arbitrum - Stylus ### EVMOS - [Implementation](https://github.com/evmos/evmos/pull/1922) - Note: precompile address is 0x13, which is outdated and does not follow the standard ## Testing Strategy - [Test Cases](https://github.com/daimo-eth/p256-verifier) from Daimo, using Wycheproof for testing ## Integration Issue - [Audit Report](https://blog.openzeppelin.com/mantle-op-geth-op-stack-diff-audit#missing-signature-malleability-check) from Mantle - Missing Signature Malleability Check - Improved Efficiency of Input Validation - [OZ Library Issue](https://github.com/OpenZeppelin/openzeppelin-contracts/issues/5619) resolved - RIP-7212 emits empty return data while OZ expect returning `false` for invalid signature - Base identified `P256Verify` as a [time intensive](https://blog.base.dev/scaling-base-accelerating-decentralization) precompile - Polyon PoS Napoli fork has different behavior compared to RIP-7212 ## Consideration for Testing - Pre fork precompile not working - For valid secp256r1 operation, it returns `1` - For invalid secp256r1 operation, it returns `nothing` - Incorrect length for `hash`, `r`, `s`, `x`, `y` field - Incorrect singature -> [Reference](https://github.com/C2SP/wycheproof/blob/master/testvectors/ecdh_secp256r1_test.json) - Gas uasage (3450) [Idea] - Interaction with Account Abstraction related proposal? - Interaction with EIP-7702? - Could EOA authorize to precompile - Call / Staticcal / Delegatecall / Callcode to the precompile? - Call / PAY / SELFDESTRUCT sending value to precompile? - Exceptional halt scenario (Insufficient Gas?) [TBD] - Singature malleability check - - Link: https://github.com/ethereum/RIPs/blob/master/RIPS/rip-7212.md#rationale (The fifth paragraph) - Is this a valid [case](https://github.com/hyperledger/besu-native/blob/82eeb245428ab1e42d1cbfa9bfa8f89dd4f5c59d/secp256r1/src/test/java/org/hyperledger/besu/nativelib/secp256r1/LibSECP256R1Test.java#L99)? ## Notes - It output nothing when the validation fails, but it might be hard for developer to know the root cause is (1) Invalid Singature (2) Non-implemented precompile --- https://ethereum-magicians.org/t/eip-7212-precompiled-for-secp256r1-curve-support/14789/96 https://github.com/code-423n4/2024-09-kakarot-findings/issues/58