⚠️ Draft Standards Track: Core

EIP-8030: P256 transaction support

Adds an EIP-7932 algorithm type for P256 support of type `0x0`

Authors	James Kempton (@SirSpudlington)
Created	2025-09-20
Discussion Link	https://ethereum-magicians.org/t/discussion-topic-for-eip-8030/25557
Requires	EIP-7932

Abstract
Motivation
Specification
- P256Verify Function
Rationale
- Additional 500 gas penalty
- Why P256?
Backwards Compatibility
Security Considerations
Copyright

Abstract

This EIP adds a new EIP-7932 algorithm of type 0x0 for supporting P256 signatures.

Motivation

P256 (a.k.a secp256r1) is a widely-used NIST standardized algorithm that already has a presence within the Ethereum codebase. This makes it a great algorithm to write test cases against implementations of EIP-7932.

Specification

This EIP defines a new EIP-7932 algorithmic type with the following parameters:

Constant	Value
`ALG_TYPE`	`Bytes1(0x0)`
`GAS_PENALTY`	`500`
`MAX_SIZE`	`128`

N = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551


def verify(signature_info: bytes, payload_hash: Hash32) -> Bytes:
    assert(len(signature_info) == 128)
    (r, s, x, y) = (signature_info[0:32], signature_info[32:64], signature_info[64:96], signature_info[96:128])

    # This is similar to [EIP-2](/EIPS/eip-2)'s malleability verification.
    assert(s <= N/2)

    # This is defined in [P256Verify Function](#p256verify-function)
    assert(P256Verify(payload_hash, r, s, x, y) == Bytes("0x0000000000000000000000000000000000000000000000000000000000000001"))
        
    return x.to_bytes(32, "big") + y.to_bytes(32, "big")

`P256Verify` Function

The P256Verify function is logic of the precompile defined in EIP-7951, the only exeception is that this function MUST not charge any gas.

Rationale

Additional 500 gas penalty

Much of this proposal is drawn from EIP-7951. Some of the test cases in EIP-7951 show that P256 is slower than secp256k1 and as such, a small penalty has been added to combat the slowdown of verification.

Why P256?

P256 or secp256r1, is used globally but (more importantly) has an existing implementation in all execution clients. This allows easy implementation of a known-safe algorithm, which is perfect for a test algorithm.

Backwards Compatibility

No backward compatibility issues found.

Security Considerations

Needs discussion.

Copyright

Citation

Please cite this document as:

James Kempton (@SirSpudlington), "EIP-8030: P256 transaction support [DRAFT]," Ethereum Improvement Proposals, no. 8030, September 2025. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-8030.