Add Fusaka: secp256r1 precompile + CLZ opcode (#400)

* add new precompile and evm version

* add CLZ

---------

Co-authored-by: Brage <[email protected]>

Author: Kemperino

context/ethereumContext.tsx

@@ -65,6 +65,7 @@ const postMergeHardforkNames: Array<string> = [
   'shanghai',
   'cancun',
   'prague',
+  'osaka',
 ]
 export const prevrandaoDocName = '44_merge'
 const EOF_EIPS = [
@@ -538,12 +539,14 @@ export const EthereumProvider: React.FC<{}> = ({ children }) => {
 
   const _loadPrecompiled = () => {
     const precompiled: IReferenceItem[] = []
+    const meta = PrecompiledMeta as IReferenceItemMetaList
 
     const addressIterator = getActivePrecompiles(common).keys()
     let result = addressIterator.next()
     while (!result.done) {
-      const meta = PrecompiledMeta as IReferenceItemMetaList
-      const addressString = '0x' + result.value.slice(-2)
+      // Convert full address (e.g., "0000...0001" or "0000...0100") to short form
+      // Format: 0x01-0x0f (2 digits), 0x10-0x11 (2 digits), 0x100 (3 digits)
+      const addressString = '0x' + result.value.slice(2).replace(/^0+(?=..)/, '')
 
       if (!meta[addressString]) {
         result = addressIterator.next()

docs/opcodes/1E.mdx

@@ -0,0 +1,54 @@
+---
+fork: Osaka
+group: Comparison & Bitwise Logic Operations
+---
+
+*Index 1 is top of the stack.*
+
+## Notes
+
+Counts the number of leading zero bits in a 256-bit word. If the input is zero, the result is 256. This operation is useful for efficient implementation of mathematical functions (sqrt, cbrt, log2), byte/word size comparisons, and bitmap operations.
+
+This opcode is specified in [EIP-7939](https://eips.ethereum.org/EIPS/eip-7939).
+
+## Stack input
+
+0. `x`: 256-bit value to count leading zeros of.
+
+## Stack output
+
+0. `clz(x)`: the number of leading zero bits in `x` (0 to 256).
+
+## Examples
+
+| * | Input | Output |
+|--:|------:|-------:|
+| `1` | `0x0000000000000000000000000000000000000000000000000000000000000000` | `0x100` |
+
+| * | Input | Output |
+|--:|------:|-------:|
+| `1` | `0x8000000000000000000000000000000000000000000000000000000000000000` | `0x0` |
+
+| * | Input | Output |
+|--:|------:|-------:|
+| `1` | `0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` | `0x0` |
+
+| * | Input | Output |
+|--:|------:|-------:|
+| `1` | `0x4000000000000000000000000000000000000000000000000000000000000000` | `0x1` |
+
+| * | Input | Output |
+|--:|------:|-------:|
+| `1` | `0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` | `0x1` |
+
+| * | Input | Output |
+|--:|------:|-------:|
+| `1` | `0x0000000000000000000000000000000000000000000000000000000000000001` | `0xff` |
+
+[Reproduce in playground](/playground?fork=osaka&unit=Wei&codeType=Mnemonic&code='PUSH32%200x7zzz%5CnCLZ'~fffffffz~~~%01z~_).
+
+## Error cases
+
+The state changes done by the current context are [reverted](#FD) in those cases:
+- Not enough gas.
+- Not enough values on the stack.

docs/precompiled/0x100.mdx

@@ -0,0 +1,73 @@
+---
+fork: Osaka
+---
+
+## Notes
+
+P256VERIFY performs ECDSA signature verification over the secp256r1 elliptic curve (also known as P-256 or prime256v1). This curve is a NIST-standardized curve widely supported in modern secure hardware including Apple Secure Enclave, Android Keystore, HSMs, TEEs, and FIDO2/WebAuthn authenticators.
+
+Native secp256r1 support enables sophisticated account abstraction patterns like device-native signing, multi-factor authentication, and simplified key management - reducing friction for mainstream adoption through familiar authentication flows.
+
+This precompile is specified in [EIP-7951](https://eips.ethereum.org/EIPS/eip-7951) and supersedes RIP-7212 by implementing the same functionality with the same interface, but with critical security fixes:
+- **Point-at-infinity check**: Ensures the recovered point R' is not the point at infinity, preventing non-deterministic behavior.
+- **Modular comparison**: Uses `r' ≡ r (mod n)` instead of `r' == r` to handle cases where the x-coordinate exceeds the curve order.
+
+## Inputs
+
+| Byte range | Name | Description |
+|-----------:|-----:|------------:|
+| `[0; 31]` (32 bytes) | hash | Message hash to verify |
+| `[32; 63]` (32 bytes) | r | Signature component r, must satisfy `0 < r < n` |
+| `[64; 95]` (32 bytes) | s | Signature component s, must satisfy `0 < s < n` |
+| `[96; 127]` (32 bytes) | qx | Public key x-coordinate, must satisfy `0 ≤ qx < p` |
+| `[128; 159]` (32 bytes) | qy | Public key y-coordinate, must satisfy `0 ≤ qy < p` |
+
+Input must be exactly **160 bytes**. All values are encoded as big-endian unsigned integers.
+
+### Input Validation
+
+The precompile performs the following validation checks:
+- Input length must be exactly 160 bytes
+- Signature components `r` and `s` must be in range `(0, n)`
+- Public key coordinates must be valid field elements `[0, p)`
+- The point `(qx, qy)` must satisfy the curve equation `qy² ≡ qx³ + ax + b (mod p)`
+- The point `(qx, qy)` must not be the point at infinity
+
+### Curve Parameters
+
+| Parameter | Value |
+|----------:|------:|
+| Field modulus (p) | `0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff` |
+| Subgroup order (n) | `0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551` |
+| Coefficient a | `0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc` |
+| Coefficient b | `0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b` |
+
+## Output
+
+| Byte range | Name | Description |
+|-----------:|-----:|------------:|
+| `[0; 31]` (32 bytes) | success | `0x0000000000000000000000000000000000000000000000000000000000000001` for valid signatures |
+
+Returns empty output (``) for:
+- Invalid input length
+- Invalid field element encoding
+- Invalid signature component bounds
+- Invalid public key (not on curve or point at infinity)
+- Signature verification failure
+
+## Example
+
+| Input | Output |
+|------:|-------:|
+| `0xbb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca6050232ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e184cd60b855d442f5b3c7b11eb6c4e0ae7525fe710fab9aa7c77a67f79e6fadd762927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838c7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e` | `0x0000000000000000000000000000000000000000000000000000000000000001` |
+
+The example above breaks down as:
+- **hash**: `0xbb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023`
+- **r**: `0x2ba3a8be6b94d5ec80a6d9d1190a436effe50d85a1eee859b8cc6af9bd5c2e18`
+- **s**: `0x4cd60b855d442f5b3c7b11eb6c4e0ae7525fe710fab9aa7c77a67f79e6fadd76`
+- **qx**: `0x2927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838`
+- **qy**: `0xc7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e`
+
+## Gas
+
+The gas cost is fixed at **6900** gas. This cost is based on benchmarking against the existing ECRECOVER precompile (3000 gas). If the input does not allow computation of a valid result, all the gas sent is consumed.

docs/precompiled/0x100/osaka.mdx

@@ -0,0 +1,8 @@
+## Gas
+
+    static_gas = 6900
+    dynamic_gas = 0
+
+The gas cost is fixed at 6900 gas based on benchmarking against the ECRECOVER precompile (3000 gas). The actual cost of secp256r1 verification was found to be significantly higher than secp256k1 recovery.
+
+If the input does not allow computation of a valid result (invalid inputs or verification failure), all the gas sent is consumed.

opcodes.json

@@ -160,9 +160,9 @@
     "description": "Arithmetic (signed) right shift operation"
   },
   "1e": {
-    "input": "",
-    "output": "",
-    "description": ""
+    "input": "x",
+    "output": "clz(x)",
+    "description": "Count leading zero bits"
   },
   "1f": {
     "input": "",

package.json

@@ -19,12 +19,12 @@
     "@babel/core": "^7.0.0",
     "@emotion/react": "^11.11.3",
     "@emotion/styled": "^11.11.0",
-    "@ethereumjs/block": "^10.0.0",
-    "@ethereumjs/common": "^10.0.0",
-    "@ethereumjs/evm": "^10.0.0",
-    "@ethereumjs/tx": "^10.0.0",
-    "@ethereumjs/util": "^10.0.0",
-    "@ethereumjs/vm": "^10.0.0",
+    "@ethereumjs/block": "^10.1.0",
+    "@ethereumjs/common": "^10.1.0",
+    "@ethereumjs/evm": "^10.1.0",
+    "@ethereumjs/tx": "^10.1.0",
+    "@ethereumjs/util": "^10.1.0",
+    "@ethereumjs/vm": "^10.1.0",
     "@kunigi/string-compression": "1.0.2",
     "@mdx-js/loader": "^2.3.0",
     "@mdx-js/react": "^2.3.0",