This repo implements a gas-efficient P256 signature verifier based on Renaud Dubois from Ledger's implementation.
Verifying a signature costs about 200k gas. Pure function, no precomputation.
This implementation is a fallback contract exactly matching the proposed EIP-7212 precompile, letting us ship it as a progressive precompile.
The contract exists at a deterministic CREATE2 address. You can use it on any EVM chain. If a chain has implemented EIP-7212, you pay ~3k gas. If not, you pay ~200k gas. Either way, the contract address and results are identical.
The secp256r1 elliptic curve, aka P256, is interesting because it's a widely implemented standard. P256 is used in hardware keys such as Yubikey, Apple's Secure Element, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys.
Run foundryup to ensure you have the latest foundry. Then,
git clone --recurse-submodules [email protected]:daimo-eth/eip-7212
cd eip-7212
forge test