Preimages

Preimages

Precompiles

EVM's escape hatch

Agenda

This is not a cryptography presentation

• What are Precompiles (with mainnet examples)
• How do they work?
• Use outside Mainnet
  • L2 use and Alt L1 use
• Future developments

Three Kinds of "Precompiles"

• Precompiles
  • Tasks you could do with the EVM, but are too expensive/slow
• System Contracts
  • Tasks and side effects you cannot do with the EVM
• Predeployed Contracts
  • Contracts that are part of the initial state

Ethereum Mainnet Precompiles

• 0x01 - ecRecover
• 0x02 - SHA2-256
• 0x03 - RIPEMD-160
• 0x04 - identity
• 0x05 - modexp (Byzantium)
• 0x06, 0x07, 0x08 - ecAdd, ecMul, and ecPairing on alt_bn128 (Byzantium)
• 0x09 - Blake2B F Function (Istanbul)
• 0x0A - KZG Point Evaluation (Cancun)

evm.codes

EVM View

• Precompiles look like any other contract
  • Variable amount of data passed in via calldata
  • Consume gas based on the input
  • Returns data via the return buffer or to output memory

Deep example - ECRecover

• Input
  • 0x00 - 0x1f - commit hash
  • 0x20 - 0x3f - v (27 or 28, pre recovery id)
  • 0x40 - 0x5f - r (x-value for secp256k1)
  • 0x60 - 0x7f - s (as per secp256k1)
• return
  • 0x00 - 0x1f - lower 20 bytes of 256-bit public key
• Gas cost
  • 3000 no matter what

Design issues in Precompiles

• All boundary conditions must be specified
• Gas should scale with effort
  • Execution
    • Algorithms can hide problems
  • Input
    • Variable input should always be charged
• Costs should account for the worst case
  • People will troll the chain

How it's Implemented

• Besu - org.hyperledger.besu.evm.precompile package
• Geth - core/vm/contracts.go
• Nethermind - Nethermind.EVM.Precompiles namespace
• Reth - REVM Precompiles Crates

Implementation Strategies

• Implement with client software
  • For simple and well understood precompiles only
• Implement with an external library
  • Either as source or as binary
  • pro: Client Devs don't need to understand the math
  • con: Different libraries may have different bugs

System Contracts

"System contracts are a pathway to many capabilities some consider to be unaligned"
- Darth Genesis

System Contract Uses

• Access L1/L2 Bridging
  • Arbitrum, Optimism, ZK chains
• Access Foreign host chain services
  • Moonbeam, Aurora (Near), Hedera
• Advanced Services (coming soon)
  • Fhenix (FHE), Ritual (AI Model Execution)

Typical L2 System Contract Uses

• L1/L2 communications
• Treasury / Fee Vault Management
• Security / Admin tasks
• Chain Info queries (rather than new 0x30-0x4f opcodes)

rollup.codes

Notable Design Choices in L2 Contracts

• Use of Solidity ABI for Precompiled Access
  • Maybe we need an ERC for this
• Mixed API designs
  • Multiple contracts
  • One giant contract
• Mixed Permanence
  • Some Proxied
  • Some Fixed

Notable Design Choices in L2 Contracts (Cont.)

• Mixed Implementation Strategies
  • Direct implementation in Node Software
  • Solidity implemented predeploys and events controlling L2Node actions
• Mixed Contract Address Deployments
  • Consecutive addresses (low or prefixed)
  • CREATE2 driven

System Contract — Foreign Host Chain Services

• AltL1 Token Access
  • Moonbean, Aurora, Hedera all have proxies to their AltL1 Token Systems
• AltL1 Account Tools
• AltL1 Foreign Features
  • ICP, Polkadot voting, etc.
• zk features
  • zkSync Feature Simulation

Security and System Contracts

• Precompiles don't share Ethereum's Memory Model
  • i.e., Contract Owned Storage
• DELEGATECALLS can impersonate SENDERs via callback
• Best to Ban Delegatecalls into precompiles
  • Check that ADDRESS of contract is what your deployment was
• Also, ensure all actions are revertible
  • All solidity approaches get this for free

Precompile Futures

• There is resistance to adding new mainnet precompiles
  • BLS - 9 separate functions
• RollCall is standardizing L2 Precompiles
  • ECDSA(secp256r1) verification
• EVMMAX (modular math extensions) may reduce the demand
  • Aspirationally to be w/in 2x gas cost

Progressive Precompiles

• New quasi-proposal to "canonize" well-known contracts

• How to handle Gas is unresolved

• Needs better math support (example: EVMMAX)

• Mixed Execution Example: EIP-4788 - Canonical EVM code exists

  • Execute the Contract - Geth / Reth
  • Native Evaluation - Besu / Nethermind

Q&A