Skip to content

daimo-eth/p256-verifier

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

audits

audits

 
 

broadcast/Deploy.s.sol

broadcast/Deploy.s.sol

 
 

lib

lib

 
 

script

script

 
 

src

src

 
 

test-vectors

test-vectors

 
 

test

test

 
 

website

website

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

.solhint.json

.solhint.json

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

foundry.toml

foundry.toml

 
 

lcov.info

lcov.info

 
 

remappings.txt

remappings.txt

 
 

Repository files navigation

P256Verifier Solidity contract

This is currently the only audited, open source P256 verifier. It's not quite the lowest-gas implementation, but it's close. Our implementation uses no unsafe or assembly to maximize simplicity and security.

Verifying a signature costs about 330k gas. Pure function, no precomputation.

This contract matches the EIP-7212 precompile spec.

It exists at a deterministic CREATE2 address: 0xc2b78104907F722DABAc4C69f826a522B2754De4. You can use it on any EVM chain. So far, we've deployed it on Ethereum L1, OP Mainnet, Base, Arbitrum and others. You can deploy to any EVM chain using forge script.

The secp256r1 elliptic curve, aka P256, is used by security keys like Yubikey, Apple's Secure Enclave, the Android Keystore, and WebAuthn, aka passkeys. P256 verification enables secure hardware-based signing keys, great UX and passkey backup.

Our implementation was inspired by Renaud Dubois/Ledger's FCL library and blst.

Usage

Address 0xc2b78104907F722DABAc4C69f826a522B2754De4

Available on any chain. If missing, see deploy.sh.

Install with:

  • forge install daimo-eth/p256-verifier
  • add p256-verifier/=lib/p256-verifier/src/ to remappings.txt
import "p256-verifier/P256.sol";

bytes32 hash; // message hash
uint256 r, s; // signature
uint256 x, y; // public key

bool valid = P256.verifySignature(hash, r, s, x, y);

Alternately, calling P256.verifySignatureAllowMalleability ignores malleability of signatures, matching the behavior specified by the NIST standard exactly.

You can also verify WebAuthn/Passkey signatures using the WebAuthn.sol library contract.

Audits

Development

Run foundryup to ensure you have the latest foundry. Then,

git clone --recurse-submodules git@github.com:daimo-eth/p256-verifier
cd p256-verifier
forge test -vv

This runs test input and output handling as well as all applicable Wycheproof test vectors, covering a range of edge cases.

Code coverage Install the recommended VSCode extension to view line-by-line test coverage. To regenerate coverage: 
forge coverage --ir-minimum --report lcov
Test vectors

To regenerate test vectors:

cd test-vectors
npm i

# Download, extract, clean test vectors
# This regenerates ../test/vectors.jsonl
npm start

# Validate that all vectors produce expected results with SubtleCrypto and noble library implementation
npm test

# Validate that all vectors also work with EIP-7212
# Test the fallback contract...
cd ..
forge test -vv

# In future, execution spec and clients can test against the same clean vectors

About

P256 signature verification solidity contract

p256.eth.limo

Topics

solidity signature-verification p256

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

133 stars

Watchers

4 watching

Forks

25 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages