Precompiles for ECADD and ECMUL #102
Description
Parameters
METROPOLIS_FORK_BLKNUM: TBAGECADD: 200GECMUL: 1000
Specification
Adds a precompile at address 0x0000....0a which accepts as input 224 bytes that it interprets as [x1, y1, x2, y2, P, A, B] (if less than 224 bytes are provided the remaining bytes are assumed to be zero, if more than 224 bytes are provided they are ignored). Throws if (x1, y1) or (x2, y2) are not on the curve defined by (P, A, B) (ie. x**3+A*x+B-y**2 is not a multiple of P), otherwise returns 64 bytes representing the elliptic curve addition (x1, y1) + (x2, y2) on that curve.
Adds a precompile at address 0x0000....0b which accepts as input192 bytes that it interprets as [x, y, n, P, A, B] (if less than 192 bytes are provided the remaining bytes are assumed to be zero, if more than 192 bytes are provided they are ignored). Throws if (x1, y1) is not on the curve defined by (P, A, B) (ie. x**3+A*x+B-y**2 is not a multiple of P), otherwise returns 64 bytes representing the elliptic curve multiplication (x1, y1) * n on that curve.
Rationale
Allows for the efficient application of ring signatures and other cryptography based on elliptic curves. Currently, an secp256k1-focused implementation of these operations (see https://github.com/ethereum/serpent/blob/develop/examples/ecc/jacobian_arith.se ) takes ~200k gas for a multiply, ~750k gas for an ecrecover and ~900k gas per linkable ring signature participant, which is unacceptably high.