← All proposalsLP-0157Final
Abstract
EVM precompile wrappers for BN254 (alt_bn128) operations: ECADD (0x06), ECMUL (0x07), ECPAIRING (0x08). Wraps LP-146 BN254 first-party body with EIP-196/197 ABI encoding + gas accounting. Hot-path on Lux C-Chain for ZK rollup verifiers and identity proofs. First-party Go + C++ CPU + Metal/CUDA/WGSL GPU.
Specification
Parameters
- Precompile addresses:
0x06 (ECADD), 0x07 (ECMUL), 0x08 (ECPAIRING)
- Input ABI: 32-byte big-endian field elements per EIP-196 §"Specification"
- Pairing input: tuples of
(G1, G2), k = 1..16 typical; cost grows linearly
- Gas: EIP-196 (Byzantium) revised by EIP-1108 (Istanbul) — ECADD 150, ECMUL 6000, ECPAIRING 45000+34000·k
Algorithm
- ECADD: validate G1 points on curve + in subgroup, then
R = P + Q
- ECMUL: scalar mul with constant-time NAF
- ECPAIRING: product-of-pairings
Π e(P_i, Q_i) checked against 1 ∈ Fp12
KAT
- EIP-196/197 reference vectors (Ethereum testsuite) PASS
lux/crypto/evm256/test/kat.json — 36 vectors, byte-equal go-ethereum
Implementation
Go canonical
lux/crypto/evm256/{ecadd,ecmul,ecpairing}.go — first-party, wraps LP-146 BN254- Module:
github.com/luxfi/crypto/evm256 @ v1.18.3
C++ CPU canonical
luxcpp/crypto/evm256/cpp/{ecadd,ecmul,ecpairing}.{hpp,cpp} (uses libbn254.a from LP-146)- C-ABI:
luxcpp/crypto/evm256/c-abi/evm256_capi.h
- Library:
libevm256.a
GPU kernels
- Metal:
luxcpp/crypto/evm256/gpu/metal/evm256.metal — batch ECADD/ECMUL/ECPAIRING for ZK-rollup batch verification
- CUDA:
luxcpp/crypto/evm256/gpu/cuda/evm256.cu
- WGSL:
luxcpp/crypto/evm256/gpu/wgsl/evm256.wgsl
Determinism
- CPU↔GPU byte-equality on N=1000 random precompile calls with k ∈ {1, 2, 4, 8, 16}; PASS.
Test oracle
- go-ethereum
core/vm/contracts.go precompile reference (test-only, FetchContent)
- Ethereum execution-spec-tests EIP-196/197 vectors
Security
- Subgroup check enforced for both G1 and G2 inputs (defense vs invalid-curve attack)
- Gas-metered: long pairings are charged proportional to
k to prevent DOS
- Constant-time inherited from LP-146 BN254
References
- EIP-196 (ECADD/ECMUL precompile)
- EIP-197 (ECPAIRING precompile)
- EIP-1108 (Istanbul gas-cost reduction)
- LP-146 (BN254 — underlying curve)
- LP-137 (umbrella)