Summary
Implement the 7 BLS12-381 elliptic curve precompiles at addresses 0x0B–0x11, introduced in the Prague hardfork. These enable BLS signature verification and aggregation on-chain.
Specification
| Address |
Name |
Gas |
0x0B |
BLS12_G1ADD |
375 |
0x0C |
BLS12_G1MSM (multi-scalar multiplication) |
Variable: 12000 * k * discount[k] / 1000 |
0x0D |
BLS12_G2ADD |
600 |
0x0E |
BLS12_G2MSM |
Variable: 22500 * k * discount[k] / 1000 |
0x0F |
BLS12_PAIRING_CHECK |
32600 + 37700 per pair |
0x10 |
BLS12_MAP_FP_TO_G1 |
5500 |
0x11 |
BLS12_MAP_FP2_TO_G2 |
23800 |
Point Encoding
- G1 points: 128 bytes (two 64-byte Fp elements, big-endian, zero-padded)
- G2 points: 256 bytes (two 128-byte Fp2 elements)
- Scalar: 32 bytes (big-endian)
Input Validation
- All points must be on the curve and in the correct subgroup
- Field elements must be < field modulus p
- Invalid inputs return failure (empty output)
Implementation Guide
- Find a BLS12-381 library — options:
- Wrap
blst C library via Rust NIF (most performant)
- Use an existing Elixir/Erlang binding
- Pure Elixir (very slow but functional for testing)
- Create
lib/eevm/precompiles/bls12_381.ex with 7 functions
- Update precompile dispatcher to route addresses
0x0B–0x11
- Implement MSM discount table per EIP-2537 spec
- Tests: known test vectors from EIP-2537, invalid point rejection, gas calculations
Acceptance Criteria
Reference
Summary
Implement the 7 BLS12-381 elliptic curve precompiles at addresses
0x0B–0x11, introduced in the Prague hardfork. These enable BLS signature verification and aggregation on-chain.Specification
0x0B0x0C0x0D0x0E0x0F0x100x11Point Encoding
Input Validation
Implementation Guide
blstC library via Rust NIF (most performant)lib/eevm/precompiles/bls12_381.exwith 7 functions0x0B–0x11Acceptance Criteria
Reference