WebAuthn compatibility, enabling use of passkeys with account abstraction powered by EIP4337.
Latest modifications include a mulmuladd operation performing the operation u.P+vQ, enabling to select the hash function used outside of the precompile.
After digging into implementation details, it appears that ed25519 as standardized requires SHA512. Also following EIP-7212 discussion (EIP-7212: Precompiled for secp256r1 Curve Support - #39 by ccamrobertson), it seems preferable to externalize the call to hash function to the elliptic precompile, to enable alternative hash (like poseidon) for zkp usage.
The question is now quite similar to EIP7212 ones should we choose:
a full RFC8032 compatible precompile
a ecrecover compatible precompile (takes h,v,r,s) as input
a ec_mulmuladd (compute uG+vQ over Ed25519 curve) precompile?
The first one is the choice of current EIP6565, but appears to limit its use and the process seems stuck.
Preliminary implementation of curve computations is available here and one block only SHA512 is available here to be pushed as progressive precompile.
The expensive cost of SHA512 (around 120K for now) suggests to also push a precompile for the SHA512 call, either in the same EIP, either in a distinct one.