P256 precompile for passkey/WebAuthn transaction authentication

## Summary

Add a P256 (secp256r1) signature verification precompile so that end users can authenticate transactions using device passkeys (FaceID, fingerprint, hardware security keys) via WebAuthn, instead of managing secp256k1 private keys.

## Motivation

Private key management is the single biggest UX barrier for consumer-facing blockchain applications. Users lose keys, get phished, and struggle with seed phrases. Modern devices universally support WebAuthn/FIDO2 passkeys backed by the P256 curve (secp256r1), which is different from Ethereum's secp256k1.

Tempo has validated this pattern: their 0x76 transaction type supports passkey-based biometric authentication (FaceID, fingerprint) as a first-class signing method. Since ev-reth already implements the 0x76 transaction type (ADR-0003), adding P256 verification is the natural next step to unlock passkey auth.

**Customer impact:**
- Users sign transactions with biometrics -- no seed phrases, no browser extensions
- Mobile-first UX becomes possible without smart contract wallets
- Reduces key management liability for enterprise customers
- Compatible with existing WebAuthn infrastructure (Apple, Google, Microsoft passkey providers)

## Design

### Precompile specification

- **Address**: Fixed system address (e.g., `0x0100` or a higher address to avoid EIP conflicts)
- **Input**: `(hash: bytes32, r: bytes32, s: bytes32, x: bytes32, y: bytes32)` -- the message hash and P256 public key coordinates
- **Output**: `(success: bytes32)` -- `1` if signature is valid, `0` otherwise
- **Gas cost**: ~3,450 gas (per RIP-7212 / EIP-7212 benchmarks)

### Integration points

1. **`crates/ev-precompiles/`**: Implement P256 verification precompile using a well-audited Rust P256 library (`p256` crate from RustCrypto)
2. **`crates/ev-revm/`**: Register the precompile in the custom EVM configuration, activated via chainspec height
3. **`crates/ev-primitives/`**: Extend `EvNodeTransaction` (0x76) signature validation to accept P256 signatures as an alternative to secp256k1
4. **Chainspec**: Add `p256_precompile_activation_height` to `EvolveConfig` extras

### Transaction flow with passkeys

1. User authenticates with device biometric (FaceID/fingerprint)
2. Device signs the transaction hash using its P256 private key via WebAuthn
3. Transaction includes P256 signature instead of secp256k1
4. EVM handler verifies signature via the P256 precompile
5. `tx.origin` maps to the user's P256-derived address

## Prior art

- [RIP-7212: Precompile for secp256r1](https://github.com/ethereum/RIPs/blob/master/RIPS/rip-7212.md) -- Rollup improvement proposal, already deployed on Base, Optimism, Arbitrum, Polygon
- [EIP-7212](https://eips.ethereum.org/EIPS/eip-7212) -- L1 proposal (same spec)
- [Tempo: passkey authentication](https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction)
- [RustCrypto p256 crate](https://github.com/RustCrypto/elliptic-curves/tree/master/p256)
- [ADR-0003](docs/adr/ADR-0003-typed-transactions-sponsorship.md) -- ev-reth's 0x76 transaction type

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

P256 precompile for passkey/WebAuthn transaction authentication #126

Summary

Motivation

Design

Precompile specification

Integration points

Transaction flow with passkeys

Prior art

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

P256 precompile for passkey/WebAuthn transaction authentication #126

Description

Summary

Motivation

Design

Precompile specification

Integration points

Transaction flow with passkeys

Prior art

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions