Conflux-Chain · Pana · Jan 16, 2026 · Copilot · Jan 16, 2026 · Copilot
diff --git a/CIPs/cip-167.md b/CIPs/cip-167.md
@@ -0,0 +1,55 @@
+---
+CIP No.: 167
+Title: Precompile for secp256r1 Curve Support
+Author: PanaW (@PanaW)
+Status: Draft
+Type: Spec Breaking
+Created: 2026-01-07
+Required CIPs: 
+---
+
+## Simple Summary
+
+Add precompiled contract for secp256r1 ECDSA signature verification with proper security checks
+
+## Abstract
+
+Introduce the `secp256r1` precompile as [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951), which can efficiently perform ECDSA signature verification over the secp256r1 elliptic curve (also known as P-256 or prime256v1).
+
+## Motivation
+
+The secp256r1 elliptic curve is a NIST-standardized curve widely supported in modern secure hardware and authentication systems. Adding native support for secp256r1 signature verification to Ethereum enables several important use cases that are currently impossible or prohibitively expensive.
-The secp256r1 elliptic curve is a NIST-standardized curve widely supported in modern secure hardware and authentication systems. Adding native support for secp256r1 signature verification to Ethereum enables several important use cases that are currently impossible or prohibitively expensive.
+The secp256r1 elliptic curve is a NIST-standardized curve widely supported in modern secure hardware and authentication systems. Adding native support for secp256r1 signature verification to Conflux enables several important use cases that are currently impossible or prohibitively expensive.
-The secp256r1 elliptic curve is a NIST-standardized curve widely supported in modern secure hardware and authentication systems. Adding native support for secp256r1 signature verification to Ethereum enables several important use cases that are currently impossible or prohibitively expensive.
+The secp256r1 elliptic curve is a NIST-standardized curve widely supported in modern secure hardware and authentication systems. Adding native support for secp256r1 signature verification to Conflux enables several important use cases that are currently impossible or prohibitively expensive.
+
+Modern secure hardware devices, including Apple Secure Enclave, Android Keystore, HSMs, TEEs, and FIDO2/WebAuthn authenticators, use secp256r1 for key storage and signing operations. Native secp256r1 support enables sophisticated account abstraction patterns like device-native signing, multi-factor authentication, and simplified key management - ultimately reducing friction for mainstream adoption through familiar authentication flows.
+
+The secp256r1 curve is already widely supported across blockchain networks and protocols, including Layer 2 networks, enterprise blockchains, and interoperability protocols. This broad compatibility enables seamless integration with existing infrastructure while maintaining security through hardware-backed signing capabilities.
+
+This EIP supersedes RIP-7212 by implementing the same functionality with the same interface, but without the vulnerability.
-This EIP supersedes RIP-7212 by implementing the same functionality with the same interface, but without the vulnerability.
+This CIP supersedes RIP-7212 by implementing the same functionality with the same interface, but without the vulnerability.
-This EIP supersedes RIP-7212 by implementing the same functionality with the same interface, but without the vulnerability.
+This CIP supersedes RIP-7212 by implementing the same functionality with the same interface, but without the vulnerability.
+
+## Specification
+
+Same as [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951). 
+
-Same as [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951). 
+This CIP introduces a precompiled contract for ECDSA verification over the `secp256r1` curve whose behavior is aligned with [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951).
+
+### Precompile Address
+
+The `secp256r1` verification precompile MUST be deployed at a single, well-defined address on all Conflux networks that implement this CIP.
+
+- Precompile address (Conflux): **TBD**  
+  - The final 20-byte address MUST be assigned following the conventions used in [CIP-165] (i.e., within the reserved precompile address space and without colliding with existing precompiles).
+  - The chosen address MUST be considered part of this CIP’s consensus specification before the CIP can reach `Final` status.
+
+Clients MUST treat this address as a built-in precompile and MUST NOT allow it to be modified by user-level transactions or contracts.
+
+### Interface and Semantics
+
+The precompile:
+
+- Accepts the same input format and length restrictions as defined in EIP-7951.
+- Returns the same output format and error conditions as EIP-7951.
+- MUST perform all validation and security checks mandated by EIP-7951 for `secp256r1` ECDSA verification.
+
+Unless otherwise specified in a future revision of this CIP, Conflux clients MUST implement the exact same verification algorithm and failure modes as described in EIP-7951.
+
+### Gas Costs
+
+The gas cost schedule for this precompile on Conflux SHOULD match the cost model recommended by EIP-7951.  
+
+- Any deviation from EIP-7951 gas costs MUST be documented in this section, along with rationale and a precise formula for gas calculation.  
+- Clients MUST charge a deterministic gas amount based solely on the input length and validity, consistent with the rules in EIP-7951.
+
+### Differences from EIP-7951
+
+At the time of drafting, this CIP does not define any behavioral differences from EIP-7951 beyond the choice of precompile address and integration into the Conflux consensus rules.
+
+Any future divergence from EIP-7951 (e.g., different input encoding, failure modes, or gas schedule) MUST be explicitly specified in this section.
-Same as [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951). 
+This CIP introduces a precompiled contract for ECDSA verification over the `secp256r1` curve whose behavior is aligned with [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951).
+
+### Precompile Address
+
+The `secp256r1` verification precompile MUST be deployed at a single, well-defined address on all Conflux networks that implement this CIP.
+
+- Precompile address (Conflux): **TBD**  
+  - The final 20-byte address MUST be assigned following the conventions used in [CIP-165] (i.e., within the reserved precompile address space and without colliding with existing precompiles).
+  - The chosen address MUST be considered part of this CIP’s consensus specification before the CIP can reach `Final` status.
+
+Clients MUST treat this address as a built-in precompile and MUST NOT allow it to be modified by user-level transactions or contracts.
+
+### Interface and Semantics
+
+The precompile:
+
+- Accepts the same input format and length restrictions as defined in EIP-7951.
+- Returns the same output format and error conditions as EIP-7951.
+- MUST perform all validation and security checks mandated by EIP-7951 for `secp256r1` ECDSA verification.
+
+Unless otherwise specified in a future revision of this CIP, Conflux clients MUST implement the exact same verification algorithm and failure modes as described in EIP-7951.
+
+### Gas Costs
+
+The gas cost schedule for this precompile on Conflux SHOULD match the cost model recommended by EIP-7951.  
+
+- Any deviation from EIP-7951 gas costs MUST be documented in this section, along with rationale and a precise formula for gas calculation.  
+- Clients MUST charge a deterministic gas amount based solely on the input length and validity, consistent with the rules in EIP-7951.
+
+### Differences from EIP-7951
+
+At the time of drafting, this CIP does not define any behavioral differences from EIP-7951 beyond the choice of precompile address and integration into the Conflux consensus rules.
+
+Any future divergence from EIP-7951 (e.g., different input encoding, failure modes, or gas schedule) MUST be explicitly specified in this section.
+## Rationale
+
+N/A
+
-N/A
+This CIP adopts the semantics and interface of [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951) instead of [RIP-7212](https://eips.ethereum.org/assets/eip-7212/RIP-7212.md) because RIP-7212 was found to contain a vulnerability in its original definition. EIP-7951 preserves the same high-level goal and call interface as RIP-7212, but corrects the vulnerability and clarifies edge-case behavior, providing a safer and more robust specification for secp256r1 ECDSA verification.
+
+Aligning Conflux with EIP-7951 ensures that applications, tooling, and audits built around the Ethereum ecosystem’s updated standard can be reused with minimal friction. By matching the EIP-7951 behavior as closely as possible, this CIP maximizes cross-chain compatibility, simplifies the reasoning for wallet and SDK authors, and avoids introducing Conflux-specific deviations that could lead to subtle interoperability bugs.
+
+From a Conflux-specific perspective, implementing this feature as a precompile (rather than as a contract-level library) guarantees predictable gas costs and significantly better performance for secp256r1 verification, which is critical for WebAuthn-style authentication flows and hardware-backed signing. The design follows EIP-7951’s input/output encoding and validation rules so that only the precompile address, gas schedule, and activation conditions need to be determined in a Conflux context; the cryptographic and API-level behavior remains identical to the well-reviewed EIP-7951 specification.
-N/A
+This CIP adopts the semantics and interface of [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951) instead of [RIP-7212](https://eips.ethereum.org/assets/eip-7212/RIP-7212.md) because RIP-7212 was found to contain a vulnerability in its original definition. EIP-7951 preserves the same high-level goal and call interface as RIP-7212, but corrects the vulnerability and clarifies edge-case behavior, providing a safer and more robust specification for secp256r1 ECDSA verification.
+
+Aligning Conflux with EIP-7951 ensures that applications, tooling, and audits built around the Ethereum ecosystem’s updated standard can be reused with minimal friction. By matching the EIP-7951 behavior as closely as possible, this CIP maximizes cross-chain compatibility, simplifies the reasoning for wallet and SDK authors, and avoids introducing Conflux-specific deviations that could lead to subtle interoperability bugs.
+
+From a Conflux-specific perspective, implementing this feature as a precompile (rather than as a contract-level library) guarantees predictable gas costs and significantly better performance for secp256r1 verification, which is critical for WebAuthn-style authentication flows and hardware-backed signing. The design follows EIP-7951’s input/output encoding and validation rules so that only the precompile address, gas schedule, and activation conditions need to be determined in a Conflux context; the cryptographic and API-level behavior remains identical to the well-reviewed EIP-7951 specification.
+## Backwards Compatibility
+
+This CIP is Spec Breaking.
+
+## Test Cases
+<!--Test cases for an implementation are mandatory for CIPs that are affecting consensus changes. Other CIPs can choose to include links to test cases if applicable.-->
+N/A
+
+## Implementation
+<!--The implementations must be completed before any CIP is given status "Final", but it need not be completed before the CIP is accepted. While there is merit to the approach of reaching consensus on the specification and rationale before writing code, the principle of "rough consensus and running code" is still useful when it comes to resolving many discussions of API details.-->
+N/A
+
+## Security Considerations
+<!--All CIPs must contain a section that discusses the security implications/considerations relevant to the proposed change. Include information that might be important for security discussions, surfaces risks and can be used throughout the life cycle of the proposal. E.g. include security-relevant design decisions, concerns, important discussions, implementation-specific guidance and pitfalls, an outline of threats and risks and how they are being addressed. CIP submissions missing the "Security Considerations" section will be rejected. a CIP cannot proceed to status "Final" without a Security Considerations discussion deemed sufficient by the reviewers.-->
+N/A
+
+## Copyright
+
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).