Below we are publishing the initial version of the first EOS improvement proposal. In an effort to make EOSIO software development more decentralized and after Dan’s suggestion, we are here providing the initial write up for an improvement proposal regarding accelerating elliptic curve cryptography inside smart contracts.
Inspired by the way Ethereum improvement proposals are handled we are hopping EIPs will be eventually integrated into a repository in the EOS github, so that anyone can contribute, and allow a discussion to be made. In that spirit, hopefully, even improvements by block.one will be first documented as EIPs, in order to allow third party developers to anticipate and contribute more efficiently to the project.
*Where is EIP-1? Well EIP-1 will be the proposal for doing EIPs ;)
EIP-2: Provide intrinsics for addition and scalar multiplication on elliptic curves secp256r1 and secp256k1
Implementation of compiler toolkit intrinsics for elliptic curve operations inside contracts.
This improvement proposal suggests the addition of native intrinsic functions in the EOSIO platform that expose native implementations of elliptic curve scalar multiplication and addition. The native implementation of such functions will enable a much broader spectrum of dapps to be developed on the EOSIO smart contract software platform. Such functionality should cover the natively used curve secp256r1 and additionally the curve used mainly by bitcoin and other blockchains secp256k1.
Currently the implementation of elliptic curve operations on EOSIO has to be implemented by the smart contract itself and executed by the webassembly interpreter. Regardless of the improvements in the VM execution constantly provided by the EOSIO software updates, and even more by the anticipated EOSVM upgrade that will further improve the execution performance, elliptic curve operations can still be computationally expensive for a stack based interpreted system. EOSIO currently acknowledges that by providing native implementations for signature verification and hash generation.
Providing elliptic curve cryptography intrinsics to smart contracts will greatly improve the execution speed, along with the security that smart contract can provide to the users.
Additionally, providing primitives so basic will enable better extensibility to the system in the future without the need to provide a continuously growing native implementations of higher order functions like the signature verification that was mentioned above.
Provide the following intrinsic functions:
ecAdd_r1(r, x, y) and ecAdd_k1(r, x, y)
Inputs x, y are two curve points. Output: r is the curve point x + y where + is point addition on the elliptic curve secp256r1 in the case of ecAdd_r1 and secp256k1 in the case of ecAdd_k1. If input points do not lie on the curve or any of the coordinates is equal or larger than the field modulus p, the function asserts and the contract fails.
ecMul_r1(r, x, s) and ecMul_k1(r, x, s)
Inputs (x, s) are a curve point and a scalar. Output: r is the curve point x * s, where * is the scalar multiplication on the elliptic curve secp256r1 in the case of ecMul_r1 and secp256k1 in the case of ecMul_k1. If the input point does not lie on the curve or any of the coordinates is equal or larger than the field modulus p, the function asserts and the contract fails.
Implementation of these primitives are already available by the EOSIO software source code. Implementation should be about exposing these as intrinsic functions in the current VM and the EOSVM that will be released in the future. Exact function signatures should be designed with efficiency and code simplicity in mind.
Copyright and related rights waived via CC0.