LLMpediaThe first transparent, open encyclopedia generated by LLMs

EIP-196

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: ES EVM Hop 4
Expansion Funnel Raw 38 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted38
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
EIP-196
Number196
TitlePrecompiled contracts for addition and scalar multiplication on the elliptic curve alt_bn128
AuthorChristian Reitwiessner, Vitalik Buterin
Created2017-02-06
StatusFinal
CategoryCore
RequiresEIP-197

EIP-196. This Ethereum Improvement Proposal introduced two new precompiled contracts to the Ethereum Virtual Machine, enabling efficient elliptic curve addition and scalar multiplication operations on the alt_bn128 curve. Authored by core developers Christian Reitwiessner and Vitalik Buterin, it was a foundational technical upgrade that expanded the cryptographic primitives available for on-chain computation. Its implementation, part of the Byzantium hard fork, was essential for enabling more complex zero-knowledge proof systems and layer 2 scaling solutions on the Ethereum blockchain.

Overview

EIP-196 specifically added two low-level operations to the Ethereum protocol for performing arithmetic on a pairing-friendly elliptic curve. This curve, known as alt_bn128 or BN254, was chosen for its efficiency in bilinear pairing operations, which are critical for advanced cryptography. The proposal was intrinsically linked to EIP-197, which added a third precompile for performing the actual pairing check. Together, these upgrades transformed the Ethereum network from a platform supporting basic smart contract logic into one capable of verifying sophisticated cryptographic proofs. This capability was a direct enabler for protocols like zk-SNARKs, which later became pivotal for projects such as Zcash-inspired privacy tools and rollup technology.

Technical specification

The proposal defined two new precompiled contracts at specific addresses within the Ethereum Virtual Machine. The first contract, at address `0x06`, performs point addition on the elliptic curve, taking encoded inputs of two points `(x1, y1)` and `(x2, y2)` and returning their sum `(x, y)`. The second, at address `0x07`, handles scalar multiplication, taking a point `(x1, y1)` and a scalar value to compute the resulting point. Both operations are defined over the finite field defined by the prime modulus of the alt_bn128 curve. The gas costs for these operations were set to be low enough to be practical for on-chain use while reflecting their computational complexity, a calculation informed by benchmarks from libraries like the libsnark library. The exact encoding and validation rules for points were specified to ensure consensus across all Ethereum client implementations like Geth and Parity.

Rationale and motivation

Prior to EIP-196, the Ethereum Virtual Machine lacked native support for the complex elliptic curve operations required for verifying zero-knowledge proofs. Performing such computations directly in EVM bytecode was prohibitively expensive in terms of gas, effectively making advanced cryptography infeasible on-chain. The primary motivation was to enable efficient verification of zk-SNARKs, a technology pioneered by projects like Zcash. This would allow for new use cases including private transactions, scalable layer 2 solutions, and trustless bridges. The choice of the alt_bn128 curve was driven by its widespread adoption in existing proof systems and its optimal balance between security and performance for the 128-bit security level targeted at the time.

Implementation and adoption

Implementation of EIP-196 was included in the Byzantium network upgrade, which activated at block 4,370,000 on the Ethereum mainnet. Core development teams, including those working on Geth, Parity, and Nethermind, integrated the new precompiles into their respective clients. Adoption was initially driven by early privacy-focused projects and researchers experimenting with zk-SNARKs. Its use became more widespread with the development of scaling solutions, most notably zk-rollups like those pioneered by Matter Labs with zkSync and the team behind StarkWare. The precompiles also became a cornerstone for decentralized finance protocols seeking to incorporate privacy features or more efficient cryptographic verification.

Impact and significance

The impact of EIP-196 on the Ethereum ecosystem was profound and far-reaching. It provided the essential cryptographic building blocks that made on-chain zero-knowledge proof verification viable, directly catalyzing the entire field of zk-rollup scaling technology. This has been critical for addressing the scalability trilemma and reducing congestion on the Ethereum mainnet. Furthermore, it established a precedent for expanding the Ethereum Virtual Machine's capabilities through targeted precompiles, a pattern followed by subsequent proposals like EIP-2537 for BLS signatures. The proposal cemented Ethereum's position as a flexible, programmable blockchain capable of supporting next-generation cryptographic research and applications, influencing the design of other networks like Polygon and Arbitrum. Category:Ethereum Improvement Proposals Category:Ethereum Category:Blockchain protocols