From 3f40a620553373d05abd6d847945b60e79f96e58 Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Fri, 22 Nov 2024 15:18:52 +0100 Subject: [PATCH 1/4] Add eip --- EIPS/eip-modexp-limit.md | 61 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 EIPS/eip-modexp-limit.md diff --git a/EIPS/eip-modexp-limit.md b/EIPS/eip-modexp-limit.md new file mode 100644 index 00000000000000..d7d6c88111f65e --- /dev/null +++ b/EIPS/eip-modexp-limit.md @@ -0,0 +1,61 @@ +--- +eip: nnnn +title: Set upper bounds for MODEXP +description: Each input field is restricted to a maximum of 8192 bits +author: Alex Beregszaszi (@axic), Radoslaw Zagorowicz (@rodiazet) +discussions-to: +status: Draft +type: Standards Track +category: Core +created: 2024-11-11 +requires: 198 +--- + +## Abstract + +Introduce an upper bound on the inputs of the MODEXP precompile. This can reduce the number of potential bugs, because the testing surface is not infinite anymore, and makes it easier to be replaced using EVMMAX. + +## Motivation + +The MODEXP precompile has been a source of numerous consensus bugs. Many of them were due to specifically crafted cases using impractical input lengths. + +Its pricing function is also quite complex given its nature of unbounded inputs. While we don't suggest to rework the pricing function, it may be possible in a future upgrade once the limits are in place. + +Furthermore this limitation makes it more feasible to have the precompile replaced with EVM code through features like EVMMAX. + +## Specification + +Recap from [EIP-198](./eip-198.md): +> At address `0x00……05`, add a precompile that expects input in the following format: +> +> ` ` + +We introduce an upper bound to the inputs of the precompile, each of the length inputs (`length_of_BASE`, `length_of_EXPONENT` and `length_of_MODULUS`) MUST be less than or equal to 8192 bits (1024 bytes). + +If any of these inputs are larger than the limit, the precompile execution stops, returns an error, and consumes all gas. + +## Rationale + +### Limit + +This upper bound allows the existing use cases of MODEXP: +1. RSA verification with up to 8192 bit keys. Commonly used ones are 1024/2048/4196 bits. +2. Elliptic curve related use cases are usually less than 384 bits. + +### EVMMAX + +Replacing the precompile with EVM code using an instruction set like EVMMAX would be made simpler with this limit: Common cases (256, 381, 1024, 2048) could be implemented in special fast paths, while a slow fallback could be provided for the rest. Or even special, frequently used, moduli could have their own paths. + +Furthermore one could consider limiting the lengths to certain inputs only. + +## Backwards Compatibility + +This is a backwards incompatible change. Needs thorough check of transaction history to see if this would have caused failures. + +## Security Considerations + +Needs discussion. + +## Copyright + +Copyright and related rights waived via [CC0](../LICENSE.md). From e81f4b7faabf294bd386fff59c14190f30fad20e Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Sat, 23 Nov 2024 15:52:16 +0100 Subject: [PATCH 2/4] Rename to eip-7823 --- EIPS/{eip-modexp-limit.md => eip-7823.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename EIPS/{eip-modexp-limit.md => eip-7823.md} (99%) diff --git a/EIPS/eip-modexp-limit.md b/EIPS/eip-7823.md similarity index 99% rename from EIPS/eip-modexp-limit.md rename to EIPS/eip-7823.md index d7d6c88111f65e..6e4c5d67e2e7c5 100644 --- a/EIPS/eip-modexp-limit.md +++ b/EIPS/eip-7823.md @@ -1,5 +1,5 @@ --- -eip: nnnn +eip: 7823 title: Set upper bounds for MODEXP description: Each input field is restricted to a maximum of 8192 bits author: Alex Beregszaszi (@axic), Radoslaw Zagorowicz (@rodiazet) From 58f5bfab3a0e8c3d5da97df614496fab8bf2b579 Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Sat, 23 Nov 2024 15:55:54 +0100 Subject: [PATCH 3/4] Ad d discussion link --- EIPS/eip-7823.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-7823.md b/EIPS/eip-7823.md index 6e4c5d67e2e7c5..32ca6f46945016 100644 --- a/EIPS/eip-7823.md +++ b/EIPS/eip-7823.md @@ -3,7 +3,7 @@ eip: 7823 title: Set upper bounds for MODEXP description: Each input field is restricted to a maximum of 8192 bits author: Alex Beregszaszi (@axic), Radoslaw Zagorowicz (@rodiazet) -discussions-to: +discussions-to: https://ethereum-magicians.org/t/eip-7823-set-upper-bounds-for-modexp/21798 status: Draft type: Standards Track category: Core From 385b888e8b689ae0f089e992f22d27c020e9d781 Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Sat, 23 Nov 2024 16:33:32 +0100 Subject: [PATCH 4/4] lint --- EIPS/eip-7823.md | 1 + 1 file changed, 1 insertion(+) diff --git a/EIPS/eip-7823.md b/EIPS/eip-7823.md index 32ca6f46945016..a30504a34767ce 100644 --- a/EIPS/eip-7823.md +++ b/EIPS/eip-7823.md @@ -39,6 +39,7 @@ If any of these inputs are larger than the limit, the precompile execution stops ### Limit This upper bound allows the existing use cases of MODEXP: + 1. RSA verification with up to 8192 bit keys. Commonly used ones are 1024/2048/4196 bits. 2. Elliptic curve related use cases are usually less than 384 bits.