Introducing a new Ethereum Improvement Proposal (EIP) titled “Verkle proof verification precompile” . The proposal is currently in the Draft stage and falls under the Core category.
TLDR
The EIP proposes the addition of a precompiled contract to provide up-to-date state proof verification capabilities to smart contracts in a stateless Ethereum context. This is aimed at keeping proving systems up-to-date without having to develop and deploy new proving libraries each time another proof format must be supported.
How does it work?
A precompiled contract is added at address 0x21
, wrapping the stateless ethereum proof verification function. The precompile requires 4 inputs, tightly encoded: version
, proof_data_location
, proof_data_size
, and state_root
. If version
is 0
, then the proof is expected to follow the SSZ format described in the verge proposal in the consensus spec. The precompile returns 1
if it was able to verify the proof, and 0
otherwise.
Full EIP text: https://github.com/ethereum/EIPs/pull/7926
3 Likes
EIP suggestion: move the version-byte from being a calldata argument to just being part of the memory range that is specified, so that the byte-prefix becomes a standard part of the opaque data that contracts pass around when proving state.
Edit: and if it’s truly a precompile, it should not have access to memory of the caller, and should probably just take only calldata.
I’d be interested in adding MPT verification code to this too. Verifying a branch is relatively easy, given the large amount of existing MPT code in the EL client code-bases. Whereas onchain MPT verification is considered quite risky.
The OP-Stack uses an onchain MPT contract on L1 for L2 withdrawals, and this contract is only really considered acceptable because of the audits, lindy effect and 7 day window for responses in case of verification bugs. This contract is very inefficient also; we have investigated optimizations, but those come with code-complexity risks. Even simple things like encoding the MPT nibbles differently are an ugly and very involved solidity/yul operation. Replacing this with a precompile call would be a great improvement.
With MPT support contracts can seemlessly move over from MPT state-verification to verkle state-verification also.
And a simple state-verification precompile in general can be incredibly valuable for cross-ethereum-chain messaging: if every chain supports the MPT/verkle verification of contract-storage, then inbox/outbox cross-chain messaging systems become a lot less risky to implement, and thus improve overall ethereum ecosystem security.
2 Likes