Go to Home
Web3 security pattern.
Pectra Competition
Web3 security pattern.
EIP-2537
EIP-2537 enables BLS12-381 operations in Ethereum, boosting efficiency and security for BLS signatures over the weaker BN254 precompile.EIP-2537 adds a BLS12-381 precompile for efficient, gas-optimized cryptographic operations, improving security over the existing BN254.

EIP-2537

Table of Contents

Heading 2
Heading 3
Heading 4

What is this EIP about?

EIP-2537 proposes the addition of a precompile to Ethereum for operations on the BLS12-381 curve, which is widely used for cryptographic purposes such as BLS signature verification. The proposal aims to improve the efficiency and security of performing these operations within Ethereum smart contracts.

The purpose of this EIP is to enable efficient and gas-optimized operations for BLS12-381, addressing the limitations of the existing BN254 precompile, which only provides 80 bits of security compared to the desired 120+ bits.

Why is this EIP needed?

The existing cryptographic tools in Ethereum, specifically the BN254 precompile, are insufficient for applications that demand higher security levels, such as those requiring pairing-friendly curves for zero-knowledge proofs or aggregate signatures. The BLS12-381 curve offers better cryptographic properties and is increasingly adopted in blockchain ecosystems for secure operations.

The BLS12-381 curve is a pairing-friendly elliptic curve used for efficient aggregation of signatures and verification of proofs in cryptographic protocols. These operations are computationally expensive to implement directly in EVM, necessitating a precompiled contract to optimize performance and reduce gas costs.

What does this EIP propose, and how does it function?

EIP-2537 introduces seven new precompile addresses, each corresponding to a specific operation over the BLS12-381 curve. These operations include point addition, multi-scalar multiplication, pairing checks, and field-to-curve mappings for cryptographic purposes.

Key Mechanisms:

  1. G1 and G2 Operations:
    • Point addition and multi-scalar multiplication for groups G1 (over base prime field) and G2 (over the quadratic extension field).
  2. Pairing Checks:
    • Verifies relationships between G1 and G2 points to confirm cryptographic proofs.
  3. Field-to-Curve Mapping:
    • Maps field elements to elliptic curve points, essential for signature schemes.

Gas Optimization:The proposal includes specific gas costs for each operation and discounts for efficient multi-scalar multiplication using algorithms like Pippenger's.What are the security implications of this EIP?Potential Risks:

  1. Malformed Inputs:
    • Invalid encodings of field elements or points could lead to unexpected behavior.
  2. Denial of Service (DoS):
    • Complex operations may introduce vulnerabilities if improperly implemented or mispriced.

Mitigation Measures:

  1. Error Handling:
    • Clear rules for handling invalid inputs to prevent misuse.
  2. Gas Costing:
    • Accurate gas pricing reflects the computational cost, reducing the risk of underpriced operations that could be exploited.

By standardizing and optimizing these cryptographic operations, EIP-2537 enhances Ethereum’s ability to support modern cryptographic use cases securely and efficiently.