FIP-0105: Add Full Support for EIP-2537 (BLS12-381 Precompiles) in the Filecoin EVM #1669
Conversation
| @@ -230,6 +230,12 @@ pub(super) fn extract_g2_input( | |||
| /// Accepts a safe reference to a `blst_fp`; the only unsafe is localized to | |||
| /// the FFI call that writes the big-endian bytes. | |||
| pub(super) fn fp_to_bytes(out: &mut [u8], input: &blst_fp) { | |||
| debug_assert_eq!( | |||
There was a problem hiding this comment.
Did you just add this to check if we ever hit this condition? I think it would be reasonable to just keep this as an assert and fail the call if out buffer is inproperly sized. I know its a departure from revm but it seems more correct.
There was a problem hiding this comment.
I just removed this assert, since these values are chacked for anyways just below the debug_assert. 931ba51
| @@ -303,7 +309,9 @@ fn decode_g1_on_curve( | |||
| // * An input is neither a point on the G1 elliptic curve nor the infinity point | |||
| // | |||
| // SAFETY: Out is a blst value. | |||
| if unsafe { !blst_p1_affine_on_curve(&out) } { | |||
| let on_curve = unsafe { blst_p1_affine_on_curve(&out) }; | |||
| let is_inf = unsafe { blst_p1_affine_is_inf(&out) }; | |||
There was a problem hiding this comment.
blst_p1_affine_on_curve checks this (https://github.com/supranational/blst/blob/master/src/e1.c#L115) and revm implementation just does the one call. I don't see a good reason to introduce 2 ffi crossings unless you have a strong reason I am missing.
| @@ -345,7 +353,9 @@ fn decode_g2_on_curve( | |||
| // * An input is neither a point on the G2 elliptic curve nor the infinity point | |||
| // | |||
| // SAFETY: Out is a blst value. | |||
| if unsafe { !blst_p2_affine_on_curve(&out) } { | |||
| let on_curve = unsafe { blst_p2_affine_on_curve(&out) }; | |||
| /// Note: While this function contains an unsafe block for BLST operations, | ||
| /// the function itself is safe because: | ||
| /// 1. Input types (&blst_fp2) are guaranteed safe by Rust's type system | ||
| /// 2. All possible input variants are covered by test vectors from EIP-2537 | ||
| /// | ||
| /// The unsafe block is used purely for FFI calls to the BLST library. |
There was a problem hiding this comment.
| /// Note: While this function contains an unsafe block for BLST operations, | |
| /// the function itself is safe because: | |
| /// 1. Input types (&blst_fp2) are guaranteed safe by Rust's type system | |
| /// 2. All possible input variants are covered by test vectors from EIP-2537 | |
| /// | |
| /// The unsafe block is used purely for FFI calls to the BLST library. | |
| /// Note: While this function contains an unsafe block for BLST operations, | |
| /// the function itself is safe because: | |
| /// 1. input types are all defined by blst and `repr(C)` | |
| /// 2. blst behavior is assumed memory safe | |
| /// 3. The unsafe block is used purely for FFI calls to the BLST library. |
Please use this block throughout. I remove reference to inputs type (which was incorrect here) so that you can copy paste everywherre without worrying about fixing up.
Co-authored-by: ZenGround0 <5515260+ZenGround0@users.noreply.github.com>
github-project-automation
bot
moved this from ⌨️ In Progress
to ✔️ Approved by reviewer
in FilOz
github-project-automation
bot
moved this from ⌨️ In Progress
to 🎉 Done
in nv27 Track Board
github-project-automation
bot
moved this from ✔️ Approved by reviewer
to 🎉 Done
in FilOz
|
Validation in Lotus will be tracked in filecoin-project/lotus#13285 |
Description
This PR introduces full support for EIP-2537 in the Filecoin EVM, implementing a suite of precompiled contracts that perform operations over the BLS12-381 elliptic curve. These precompiles enable efficient and secure cryptographic operations needed for BLS signature schemes, pairing-based proofs, and other advanced protocols. They mirror Ethereum’s spec exactly to ensure compatibility with existing tooling and cross-chain applications.
Each precompile validates input encoding, field membership, and subgroup properties as required by the EIP. Failure on malformed inputs is deterministic and burns all gas, consistent with Ethereum behavior.
New Operations
The following precompiled contracts are now available at their EIP-2537-defined addresses:
BLS12_G1ADD0x0bBLS12_G1MSM0x0cBLS12_G2ADD0x0dBLS12_G2MSM0x0eBLS12_PAIRING_CHECK0x0fBLS12_MAP_FP_TO_G10x10BLS12_MAP_FP2_TO_G20x11All operations follow the ABI, encoding rules, and semantics outlined in the EIP.
Testing
The test suite ensures correctness, security, and spec compliance:
✅ Success Cases
❌ Failure Cases
🧪 Edge Behavior
Implementation Notes
blst, a battle-tested BLS12-381 library used across the Ethereum ecosystemSysteminterfaceRemaining TODOs
This PR enhances FEVM’s cryptographic capabilities, aligning Filecoin with Ethereum’s tooling and enabling secure, high-performance applications that depend on BLS12-381.