# Preimages # ## --- # ~~Preimages~~ # Precompiles ### EVM's escape hatch --- ## Agenda This is not a cryptography presentation * What are Precompiles (with mainnet examples) * How do they work? * Use outside Mainnet * L2 use and Alt L1 use * Future developments --- ## Three Kinds of "Precompiles" * Precompiles * Tasks you _could_ do with the EVM, but are too expensive/slow * System Contracts * Tasks and side effects you _cannot_ do with the EVM * Predeployed Contracts * Contracts that are part of the initial state --- ## Ethereum Mainnet Precompiles * 0x01 - ecRecover * 0x02 - SHA2-256 * 0x03 - RIPEMD-160 * 0x04 - identity * 0x05 - modexp (Byzantium) * 0x06, 0x07, 0x08 - ecAdd, ecMul, and ecPairing on alt_bn128 (Byzantium) * 0x09 - Blake2B F Function (Istanbul) * 0x0A - KZG Point Evaluation (Cancun) [evm.codes](https://www.evm.codes/precompiled) --- ## EVM View * Precompiles look like any other contract * Variable amount of data passed in via calldata * Consume gas based on the input * Returns data via the return buffer or to output memory --- ## Deep example - ECRecover * Input * 0x00 - 0x1f - commit hash * 0x20 - 0x3f - v (27 or 28, pre recovery id) * 0x40 - 0x5f - r (x-value for secp256k1) * 0x60 - 0x7f - s (as per secp256k1) * return * 0x00 - 0x1f - lower 20 bytes of 256-bit public key * Gas cost * 3000 no matter what --- ## Design issues in Precompiles * All boundary conditions must be specified * Gas should scale with effort * Execution * Algorithms can hide problems * Input * Variable input should always be charged * Costs should account for the worst case * People will troll the chain --- ## How it's Implemented * [Besu](https://github.com/hyperledger/besu/tree/main/evm/src/main/java/org/hyperledger/besu/evm/precompile) - org.hyperledger.besu.evm.precompile package * [Geth](https://github.com/ethereum/go-ethereum/blob/main/core/vm/contracts.go) - core/vm/contracts.go * [Nethermind](https://github.com/NethermindEth/nethermind/tree/master/src/Nethermind/Nethermind.Evm/Precompiles) - Nethermind.EVM.Precompiles namespace * [Reth](https://github.com/bluealloy/revm/tree/main/crates/precompile/src) - REVM Precompiles Crates --- ## Implementation Strategies * Implement with client software * For simple and well understood precompiles only * Implement with an external library * Either as source or as binary * pro: Client Devs don't need to understand the math * con: Different libraries may have different bugs --- ## System Contracts "System contracts are a pathway to many capabilities some consider to be unaligned" \- Darth Genesis --- ## System Contract Uses * Access L1/L2 Bridging * Arbitrum, Optimism, ZK chains * Access Foreign host chain services * [Moonbeam](https://docs.moonbeam.network/builders/pallets-precompiles/precompiles/overview/ ), [Aurora](https://doc.aurora.dev/dev-reference/precompiles) \(Near\), [Hedera](https://docs.hedera.com/hedera/core-concepts/smart-contracts/tokens-managed-by-smart-contracts/hedera-token-service-system-contract) * Advanced Services (coming soon) * Fhenix (FHE), Ritual (AI Model Execution) --- ## Typical L2 System Contract Uses * L1/L2 communications * Treasury / Fee Vault Management * Security / Admin tasks * Chain Info queries (rather than new 0x30-0x4f opcodes) [rollup.codes](https://www.rollup.codes/) --- ## Notable Design Choices in L2 Contracts * Use of Solidity ABI for Precompiled Access * Maybe we need an ERC for this * Mixed API designs * Multiple contracts * One giant contract * Mixed Permanence * Some Proxied * Some Fixed --- ## Notable Design Choices in L2 Contracts (Cont.) * Mixed Implementation Strategies * Direct implementation in Node Software * Solidity implemented predeploys and events controlling L2Node actions * Mixed Contract Address Deployments * Consecutive addresses (low or prefixed) * CREATE2 driven --- ## System Contract — Foreign Host Chain Services * AltL1 Token Access * Moonbean, Aurora, Hedera all have proxies to their AltL1 Token Systems * AltL1 Account Tools * AltL1 Foreign Features * ICP, Polkadot voting, etc. * zk features * zkSync Feature Simulation --- ## Security and System Contracts * Precompiles don't share Ethereum's Memory Model * i.e., Contract Owned Storage * DELEGATECALLS can impersonate SENDERs via callback * Best to Ban Delegatecalls into precompiles * Check that ADDRESS of contract is what your deployment was * Also, ensure all actions are revertible * All solidity approaches get this for free --- ## Precompile Futures * There is resistance to adding new mainnet precompiles * BLS - 9 separate functions * RollCall is standardizing L2 Precompiles * ECDSA(secp256r1) verification * EVMMAX (modular math extensions) may reduce the demand * Aspirationally to be w/in 2x gas cost --- ## Progressive Precompiles * [New quasi-proposal](https://ethereum-magicians.org/t/progressive-precompiles-via-create2-shadowing/14821) to "canonize" well-known contracts * How to handle Gas is unresolved * Needs better math support (example: EVMMAX) * Mixed Execution Example: [EIP-4788](https://eips.ethereum.org/EIPS/eip-4788) - Canonical EVM code exists * Execute the Contract - [Geth](https://github.com/ethereum/go-ethereum/blob/28ccb2bbf82af487da856d459d4daaa7c0d9b064/core/state_processor.go#L188-L204) / [Reth](https://github.com/paradigmxyz/reth/blob/main/crates/primitives/src/revm/env.rs#L144) * Native Evaluation - [Besu](https://github.com/hyperledger/besu/blob/main/ethereum/core/src/main/java/org/hyperledger/besu/ethereum/mainnet/ParentBeaconBlockRootHelper.java) / [Nethermind](https://github.com/NethermindEth/nethermind/blob/master/src/Nethermind/Nethermind.Blockchain/BeaconBlockRoot/BeaconBlockRootHandler.cs#L22) --- # Q&A