ACP-204: Precompile Secp256r1
Details for Avalanche Community Proposal 204: Precompile Secp256r1
ACP-204: Precompile for secp256r1 Curve Support
| ACP | 204 |
|---|---|
| Title | Precompile for secp256r1 Curve Support |
| Author(s) | Santiago Cammi, Arran Schlosberg |
| Status | Proposed (Discussion) |
| Track | Standards |
Abstract
This proposal introduces a precompiled contract that performs signature verifications for the secp256r1 elliptic curve on Avalanche's C-Chain. The precompile will be implemented at address 0x0000000000000000000000000000000000000100 and will enable native verification of P-256 signatures, significantly improving gas efficiency for biometric authentication systems, WebAuthn, and modern device-based signing mechanisms.
Motivation
The secp256r1 (P-256) elliptic curve is the standard cryptographic curve used by modern device security systems, including Apple's Secure Enclave, Android Keystore, WebAuthn, and Passkeys. However, Avalanche currently only supports secp256k1 natively, forcing developers to use expensive Solidity-based verification that costs 200k-330k gas per signature verification.
This ACP proposes implementing EIP-7951's secp256r1 precompiled contract to unlock significant ecosystem benefits:
Enterprise & Institutional Adoption
- Reduced onboarding friction: Enterprises can leverage existing biometric authentication infrastructure instead of managing seed phrases or hardware wallets
- Regulatory compliance: Institutions can utilize their approved device security standards and identity management systems
- Cost optimization: ~50x gas reduction (from 200k-330k to 6,900 gas) makes enterprise-scale applications economically viable
The 100x gas cost reduction makes these use cases economically viable while maintaining the security properties institutions and users expect from their existing devices.
Adding the precompiled contract at the same address as used in RIP-7212 provides consistency across ecosystems, and allows for any libraries that have been developed to interact with the precompile to be used unmodified across ecosystems.
Specification
This ACP implements EIP-7951 for secp256r1 signature verification on Avalanche. The specification follows EIP-7951 exactly, with the precompiled contract deployed at address 0x0000000000000000000000000000000000000100.
Core Functionality
- Input: 160 bytes (message hash + signature components r,s + public key coordinates x,y)
- Output: success: 32 bytes
0x...01; failure: no data returned - Gas Cost: 6,900 gas (based on EIP-7951 benchmarking)
- Validation: Full compliance with NIST FIPS 186-3 specification
Activation
This precompile may be activated as part of Avalanche's next network upgrade. Individual Avalanche L1s and subnets could adopt this enhancement independently through their respective client software updates.
For complete technical specifications, validation requirements, and implementation details, refer to EIP-7951.
Backwards Compatibility
This ACP introduces a new precompiled contract and does not modify existing functionality. No backwards compatibility issues are expected since:
- The precompile uses a previously unused address
- No existing opcodes or consensus rules are modified
- The change is additive and opt-in for applications
Adoption requires a coordinated network upgrade for the C-Chain. Other EVM L1s can adopt this enhancement independently by upgrading their client software.
Security Considerations
Cryptographic Security
- The secp256r1 curve is standardized by NIST and widely vetted
- Security properties are comparable to secp256k1 (used by ECRECOVER)
- Implementation follows NIST FIPS 186-3 specification exactly
Implementation Security
- Signature verification (vs public-key recovery) approach maximizes compatibility with existing P-256 ecosystem
- No malleability check included to match NIST specification, but wrapper libraries may choose to add this
- Input validation prevents invalid curve points and out-of-range signature components
Network Security
- Gas cost prevents potential DoS attacks through expensive computation
- No consensus-level security implications beyond standard precompile considerations
Reference Implementation
The implementation will build upon existing work:
- EIP-7951 Reference: The [Go-Ethereum implementation]https://github.com/ethereum/go-ethereum/pull/31991) of EIP-7951 provides the foundation
- Coreth Implementation: Integration with Avalanche's C-Chain (Avalanche's fork of go-ethereum)
- Cryptographic Library: Implementation utilizes Go's standard library
crypto/ecdsaandcrypto/ellipticpackages, which implement NIST P-256 per FIPS 186-3 (Go documentation)
The implementation follows established patterns for precompile integration, adding the contract to the precompile registry and implementing the verification logic using established cryptographic libraries.
Copyright
Copyright and related rights waived via CC0.
Is this guide helpful?