EIP-7951: Precompile for secp256r1 Curve Support #817
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| (* ECADD (is_ecadd)) | ||
| (* ECMUL (is_ecmul)) | ||
| (* ECPAIRING (is_ecpairing) | ||
| (* P256_VERIFY (is_p256_verify))))) |
There was a problem hiding this comment.
Bug: Syntax Error Affects Address Sum Calculation
The address_sum function is missing a closing parenthesis for the ECPAIRING term. This incorrectly nests the P256_VERIFY term, causing address_sum to calculate incorrectly and impacting stamp-constancy constraints.
| (callToMULMOD (+ k 1) P_x_hi P_x_lo P_x_hi P_x_lo P_R1_HI P_R1_LO) | ||
| (callToMULMOD (+ k 2) P_x_square_hi P_x_square_lo P_x_hi P_x_lo P_R1_HI P_R1_LO) | ||
| (callToMULMOD (+ k 3) A_COEFF_R1_HI A_COEFF_R1_LO P_x_hi P_x_lo P_R1_HI P_R1_LO) | ||
| (callToADDMOD (+ k 4) P_x_cube_hi P_x_lo a_times_P_x_hi a_times_P_x_lo P_R1_HI P_R1_LO) |
There was a problem hiding this comment.
Bug: Incorrect Argument in Curve Membership Validation
The callToADDMOD at (+ k 4) in callToR1MembershipEXT uses P_x_lo instead of P_x_cube_lo as the second argument. This leads to an incorrect calculation of P_x_cube + a*P_x, which is critical for validating R1 curve membership during P256_VERIFY operations.
| ;; 3.4.5 R1 membership ;; | ||
| ;; utilities ;; | ||
| ;;;;;;;;;;;;;;;;;;;;;;;;; | ||
| (defun (callToR1Membership k P_x_hi P_x_lo P_y_hi P_y_lo) |
There was a problem hiding this comment.
Only non trivial part of this PR.
| ;; ;; | ||
| ;; 3.7.3 Interface for ;; | ||
| ;; Gnark ;; | ||
| ;;;;;;;;;;;;;;;;;;;;;;;;; |
There was a problem hiding this comment.
Those can be converted into computed columns.
Note
Adds P256_VERIFY (secp256r1) precompile with full constraints, constants, OOB plumbing, and Makefile wiring for the Osaka fork.
GAS_CONST_P256_VERIFY,PRECOMPILE_CALL_DATA_SIZE___P256_VERIFY,PRECOMPILE_RETURN_DATA_SIZE___P256_VERIFY, EC phases (PHASE_P256_VERIFY_*), and OOB opcodeOOB_INST_P256_VERIFYinconstants/constants.lisp.ecdata/osaka/*withcolumns.lisp,constants.lisp(secp256r1 params),constraints.lispimplementingP256_VERIFYplus existing EC ops, and lookupslookups/ecdata_into_{ext,wcp}.lisp.IS_P256_VERIFYflag,CT_MAX_P256_VERIFY, and include P256_VERIFY in flag/weight/ct-max sums inshorthands.lispandconstants.lisp.ct-max-sum.Makefileto introduceEC_DATA_LONDONandEC_DATA_OSAKA, include EC data per fork, and wire Osaka modules (OOB_OSAKA,MMU_OSAKA,RLP_TXN_RCPT_OSAKA).Written by Cursor Bugbot for commit e2a76f9. This will update automatically on new commits. Configure here.