FIP: secp256r1 (P-256) P256VERIFY precompile #1228
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
snissn
requested review from
TippyFlitsUK,
anorth,
dannyob,
jennijuju,
jsoares,
lanzafame,
momack2 and
rvagg
as code owners
Member
|
@snissn uncontroversial IMO so let's assign FIP number 0113 to this one - update filename, frontmatter and README. |
lanzafame
approved these changes
Feb 4, 2026
Contributor
lanzafame
left a comment
lanzafame
left a comment
There was a problem hiding this comment.
Approval assumes changes put forward by rvagg
jsoares
approved these changes
Feb 11, 2026
| ## Abstract | ||
| This FIP proposes adding a `P256VERIFY` precompile at Ethereum address `0x0000000000000000000000000000000000000100` (i.e., `0x0100`) to the FEVM. The precompile verifies an ECDSA signature `(r,s)` against a 32-byte message hash and an uncompressed public key `(x,y)` on the secp256r1 curve, returning `0x…01` on success and an empty byte array on failure. | ||
|
|
||
| For Filecoin’s purposes, **EIP-7951 and RIP-7212 should be understood as addressing the same user-facing feature**: a `P256VERIFY` precompile at `0x0100`. At the EVM interface level they are equivalent: same address, same 160-byte input format, and same return values/failure behavior. The key difference is that EIP-7951 tightens validation/verification requirements (notably: a point-at-infinity check and a modular comparison `r' ≡ r (mod n)`), while Ethereum’s fixed *EVM gas schedule* for this precompile is not directly applicable to FEVM’s gas accounting model. |
Member
There was a problem hiding this comment.
Suggested change
| For Filecoin’s purposes, **EIP-7951 and RIP-7212 should be understood as addressing the same user-facing feature**: a `P256VERIFY` precompile at `0x0100`. At the EVM interface level they are equivalent: same address, same 160-byte input format, and same return values/failure behavior. The key difference is that EIP-7951 tightens validation/verification requirements (notably: a point-at-infinity check and a modular comparison `r' ≡ r (mod n)`), while Ethereum’s fixed *EVM gas schedule* for this precompile is not directly applicable to FEVM’s gas accounting model. | |
| For Filecoin’s purposes, **EIP-7951 and [RIP-7212](https://github.com/ethereum/RIPs/blob/master/RIPS/rip-7212.md) should be understood as addressing the same user-facing feature**: a `P256VERIFY` precompile at `0x0100`. At the EVM interface level they are equivalent: same address, same 160-byte input format, and same return values/failure behavior. The key difference is that EIP-7951 tightens validation/verification requirements (notably: a point-at-infinity check and a modular comparison `r' ≡ r (mod n)`), while Ethereum’s fixed *EVM gas schedule* for this precompile is not directly applicable to FEVM’s gas accounting model. |
We seem to be missing a pointer to RIP-7212, despite many subsequent references and overall relevance.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Abstract
This FIP proposes adding a
P256VERIFYprecompile at Ethereum address0x0000000000000000000000000000000000000100(i.e.,0x0100) to the FEVM. The precompile verifies an ECDSA signature(r,s)against a 32-byte message hash and an uncompressed public key(x,y)on the secp256r1 curve, returning0x…01on success and an empty byte array on failure.For Filecoin’s purposes, EIP-7951 and RIP-7212 should be understood as addressing the same user-facing feature: a
P256VERIFYprecompile at0x0100. At the EVM interface level they are equivalent: same address, same 160-byte input format, and same return values/failure behavior. The key difference is that EIP-7951 tightens validation/verification requirements (notably: a point-at-infinity check and a modular comparisonr' ≡ r (mod n)), while Ethereum’s fixed EVM gas schedule for this precompile is not directly applicable to FEVM’s gas accounting model.Accordingly, this FIP targets EIP-7951 semantics while remaining interface-compatible with RIP-7212-style callers.
Discussion
#1227
Reference Implementation
filecoin-project/builtin-actors#1708