Implements SR25519 (Schnorrkel over Ristretto255) signature verification as an EVM precompile. SR25519 is the default signature scheme for all Substrate-based chains (Polkadot, Kusama). This precompile enables on-chain verification of Substrate wallet signatures, primarily for Substrate-to-EVM account migration and cross-chain message verification.
0x0A00000000000000000000000000000000000001 -- Substrate Curves range.
Variable-length input (minimum 97 bytes).
Input (97+ bytes):
bytes 0-31: public key (32 bytes, Ristretto255 compressed)
bytes 32-95: signature (64 bytes, R || s Schnorrkel format)
bytes 96+: message (variable length, >= 1 byte)
Output:
Valid: 32 bytes with value 1
Invalid: 32 bytes with value 0
The signing context is fixed to "substrate" (the default for all Substrate runtimes and polkadot-js).
SR25519 is approximately 3x the cost of Ed25519 due to Ristretto255 point decompression and Merlin transcript construction.
1. SR25519 provides ~128-bit security based on Ristretto255 (which eliminates cofactor issues from Curve25519).
2. Uses the Merlin transcript framework for domain separation, preventing cross-protocol attacks.
3. The C implementation (sr25519-donna) is used via CGO for performance. A pure Go fallback is available when CGO is disabled.
4. Not post-quantum.
5. The fixed "substrate" signing context means this precompile cannot verify signatures made with custom contexts.
github.com/luxfi/precompile/sr25519/Copyright (C) 2024-2026, Lux Partners Limited. All rights reserved.
Licensed under the MIT License.