The Shapella Mainnet launch is scheduled for April 12th, which will enable activation of ETH Withdrawals. Concurrently, preparations for Ethereum's upcoming upgrade are also underway. Developers are working to finalize the EIP specifications for the next Dencun (Cancun + Deneb) upgrade. In a recent developers' call, EVMMAX emerged as a one of the key topics of discussion. While some developers believe that using the BLS12-381 Curve is sufficient. In this article will dive deeper into EVMMAX and its potential impact on the Ethereum Blockchain.
EVMMAX
EVMMAX aims to bring greater flexibility to arithmetic operations and signature schemes on Ethereum. Currently, there are two EVMMAX proposals, one with and one without EOF. We will discuss both of them one by one. Jared Wasinger and Alex Beregszaszi are the key authors of the related EIPs.
EIP-5483: EVM Modular Arithmetic Extensions
EIP-5843 proposes the introduction of EVMMAX (EVM Modular Arithmetic Extensions), a set of opcodes for efficient modular addition, subtraction, and Montgomery modular multiplication at different bitwidths.
ADDMOD
and MULMOD
are useful EVM opcodes for modular addition and multiplication, but they have limitations. They only work with 256-bit values and don't leverage optimizations that could significantly improve performance.
The aim is to reduce the need for new cryptographic precompiles by optimizing common bottlenecks, making it easier to implement desired use-cases within EVM contracts. This would help address the complexity and potential issues that come with introducing new cryptographic precompiles.
EIP-5483 depends on EIP-4750 (removal of dynamic jumps) and EIP-3670 (disallowing deployment of invalidly-formed EVM bytecode). These dependencies ensure compatibility and proper implementation of the proposed EVMMAX opcodes.
EIP-6601: EVM Modular Arithmetic Extensions (EVMMAX)
This EIP proposes adding optimized modular addition, subtraction, and multiplication opcodes to the EVM for odd moduli up to 4096 bits.
The benefits of these proposed changes include:
- Enabling elliptic curve arithmetic operations on various curves, including BLS12-381, as EVM contracts.
- Reducing gas costs for operations on values up to 256 bits by 90-95% compared to existing
MULMOD
andADDMOD
opcodes. - Allowing modexp precompile to be implemented as an EVM contract.
- Enabling significant cost reductions for algebraic hash functions (e.g., MiMC/Poseidon) and ZKP verification in the EVM.
Contracts using EVMMAX will have a new EOF section type called the setup section, which contains a modulus, the number of values for operations, and two precomputed Montgomery parameters. Multiple setup sections can be present to allow the use of different moduli in the same contract. For dynamic moduli, a setup section omits the modulus and Montgomery parameters.
EIP-5483 vs EIP-6601
EIP-6601 and EIP-5843 are both proposals aimed at improving the efficiency of modular arithmetic operations in Ethereum. Here are some differences between both of these proposals:
- EIP-6601 introduces a new section type in Ethereum Object Format (EOF) called the setup section. This section stores the modulus, precomputed Montgomery parameters, and the number of values to be used for operations. EIP-5843 doesn't have this concept.
- EIP-6601 uses a separate memory space for EVMMAX values and introduces new load/store opcodes (STOREX/LOADX) to move values between EVM and EVMMAX memory. EIP-5843 doesn't have separate memory spaces or these specific opcodes.
- EIP-6601 supports operations on moduli up to 4096 bits, while EIP-5843 doesn't specify the bit limit.
EIP-6601 is a more advanced proposal that offers better organization and flexibility for modular arithmetic operations by introducing the setup section, separate memory space, and new opcodes, while supporting larger moduli.
EIP-6690: EVM Modular Arithmetic Extensions (EVMMAX)
EIP-6990 is a proposal adapted from EIP-6601, which aims to introduce optimized modular arithmetic operations to the EVM without depending on the EOF. While EIP-6601 requires EIP-4750 and EIP-3670 as dependencies, EIP-6990 offers a more self-contained solution. It provides a more streamlined approach by eliminating the dependency on EOF.
It retains the core functionality of EIP-6601, enabling optimized modular arithmetic operations for odd moduli up to 4096 bits. This simplification allows for more efficient implementation and adoption while still offering the benefits associated with EIP-6601.
BLS12-381 Curve
Ethereum currently has one elliptic curve with pairing support, BN254, which offers between 80 and 100 bits of security. This level of security is adequate but could be improved.
EIP-2537, similar to EVMMAX, introduces new cryptographic signature schemes to Ethereum. It aims to introduce a precompile that allows efficient operations on the BLS12-381 elliptic curve. This curve has pairing support, excellent performance, and provides 120+ bits of security, making it ideal for long-term use.
EIP-2537: Precompile for BLS12-381 curve operations
Initially, Alex Vlasov proposed EIP-1962, a generic precompile designed to accommodate a broad array of functionality. The intention was to enable various arithmetic operations on elliptic curves, catering to a wide range of needs. However, due to concerns about the complexity of this precompile, it was broken down into smaller parts.
EIP-2537 is the first and simplest proposal that focuses on the BLS12-381 curve. It's crucial to understand that BLS signatures and the BLS curve are distinct concepts, sharing only the letter 'B' for their creator, Dan Boneh.
For those unfamiliar with precompiles, they are natively implemented smart contracts in Ethereum optimized for performance. They have a fixed address and handle specific, computationally intensive tasks, reducing gas costs and enabling more advanced applications on the Ethereum network.
Operations
The BLS12-381 curve precompile brings three types of operations to Ethereum:
- Basic elliptic curve point operations: These operations include addition and multiplication, sufficient for cryptographic protocols like bulletproofs that don't require pairings.
- Pairing operations: These operations require the curve's special properties and are utilized in signature schemes, zero-knowledge proof verifications, and succinct proof systems.
- Auxiliary operation (hash-to-curve mapping): This operation securely maps a message or its hash (32 bytes) to a point on the elliptic curve, necessary for the BLS signature scheme. Due to its expense and incompatibility with standard Ethereum primitives, it's introduced as a separate, optimized precompile.
Applications
Various use cases can benefit from the BLS12-381 precompile:
- Randomness Beacons: BLS12-381 is used to create secure, unpredictable randomness sources like RANDAO, a decentralized on-chain beacon that generates random numbers for various applications.
- BLS Signature Scheme: Applied to DAO governance, roll-ups, plasma constructions, and cross-chain interactions for efficient signature verification.
- Zero-Knowledge Proofs (ZKPs): BLS12-381 can be used for scaling and privacy solutions, enhancing the blockchain's performance and capabilities.
- Research & Development: The BLS12-381 precompile can be used in advanced cryptographic research, such as vector commitments, which optimize data storage and verification in future Ethereum upgrades by enabling efficient proofs for individual elements within a set without revealing additional information or sharing the entire set.
Related Articles
- Shapella Testing
- Why Ethereum Clients prefer SSZ over RLP?
- Upcoming Changes to Ethereum Blockchain
- How Warm COINBASE helps in Gas Cost Reduction?
- Transient Storage for Beginners: EIP-1153 Explained
- How Layer 3 in Future will look like?
- An Overview of Beacon Chain API
Related Videos
- Client Diversity
- Reth: Ethereum Execution Layer Client Written in Rust
- Sign-In with Ethereum: EIP-4361
- TWAMM: Time-Weighted Average Market Maker
- MobyMask: An Initiative to Eliminate Phishers
- Fractional NFTs: EIP-4675 using EIP-1155 & EIP-1633
Disclaimer: The information contained on this web page is for education purposes only. Readers are suggested to conduct their own research, review, analyze and verify the content before relying on them.
To publish press releases, project updates and guest posts with us, please email at contact@etherworld.co.
Subscribe to EtherWorld YouTube channel for ELI5 content.
Support us at Gitcoin
You've something to share with the blockchain community, join us on Discord!