Ethereum's smart contract ecosystem has evolved significantly since its inception, enabling developers to build decentralized applications (dApps) with increasingly complex logic. However, certain computationally intensive operations—especially those involving cryptographic functions—pose performance and cost challenges when executed directly in the Ethereum Virtual Machine (EVM). To address this, Ethereum introduced precompiled contracts, a powerful mechanism that allows efficient execution of complex cryptographic operations while minimizing gas consumption.
This article explores how precompiled contracts work, their role in privacy-preserving blockchain solutions, and practical applications in real-world privacy asset projects.
Understanding Smart Contracts and the EVM
Before diving into precompiled contracts, it’s essential to understand Ethereum’s execution environment.
Ethereum features two types of accounts:
- Externally Owned Accounts (EOAs): Controlled by private keys, used to initiate transactions.
- Contract Accounts (CAs): Controlled by code, triggered by transactions or other contracts.
When a transaction targets a smart contract, it is processed by the Ethereum Virtual Machine (EVM). The EVM converts the transaction into a message and executes the associated bytecode. For simple transfers, this involves updating balances in the state database. For contract interactions, the EVM interprets each opcode in the contract’s code—performing operations on a stack-based architecture that includes memory, storage, and a gas counter.
👉 Discover how blockchain execution efficiency impacts dApp development.
However, due to its stack-based design and per-opcode gas model, the EVM is not optimized for heavy cryptographic computations such as elliptic curve pairings or zero-knowledge proofs. This limitation led to the creation of precompiled contracts.
What Are Precompiled Contracts?
Precompiled contracts are built-in Ethereum functions located at specific addresses (e.g., 0x01 to 0x0A). Unlike regular smart contracts written in Solidity and executed in the EVM, precompiled contracts are implemented directly in Ethereum client software (like Geth) using high-performance languages such as Go or C++.
They serve as an optimization for operations that are:
- Computationally expensive
- Frequently used
- Cryptographically complex
Because they bypass the EVM interpreter, precompiled contracts execute faster and consume less gas than equivalent EVM-based implementations.
Key Precompiled Contracts for Cryptography
Ethereum currently supports several precompiled contracts for cryptographic functions. The most relevant for privacy assets include:
bn256Add: Performs addition on the alt_bn128 elliptic curve (500 gas)bn256ScalarMul: Scalar multiplication on alt_bn128 (40000 gas)bn256Pairing: Bilinear pairing operation (80000 k + 100000 gas, where k* is the number of point pairs)
These functions were introduced via EIP-196 and EIP-197 to support advanced cryptographic protocols like zk-SNARKs, which require efficient pairing operations.
Implementation in Ethereum Clients
In the Go Ethereum (geth) implementation, precompiled contracts are invoked within the evm.go file through functions like Call, CallCode, DelegateCall, and StaticCall. When a contract call targets a precompiled address, the EVM checks against a predefined array of precompiles and routes execution accordingly.
For example:
if p := precompiles[address]; p != nil {
return RunPrecompiledContract(p, input, gas)
}The actual computation—such as elliptic curve addition—is performed natively in Go using optimized libraries like libff or mcl. This avoids the overhead of EVM interpretation and enables near-native performance.
Using Precompiled Contracts in Solidity
Developers can invoke precompiled contracts directly from Solidity using inline assembly. Here's an example of calling bn256Add:
function addPoints(bytes memory a, bytes memory b) public returns (bytes memory) {
bytes memory input = abi.encodePacked(a, b);
uint256[2] memory result;
assembly {
let len := mload(input)
let data := add(input, 0x20)
if iszero(staticcall(not(0), 0x06, data, len, result, 0x40)) {
revert(0, 0)
}
}
return abi.encode(result[0], result[1]);
}Here, 0x06 refers to the address of the bn256Add precompiled contract.
👉 Learn how developers leverage low-level EVM features for advanced dApps.
This approach gives developers fine-grained control over cryptographic operations while benefiting from native execution speed.
Role in Privacy Asset Development
Privacy assets aim to conceal transaction details—sender, receiver, and amount—while still allowing verifiable validation. Several projects leverage precompiled contracts to implement zero-knowledge proofs (ZKPs) on-chain.
Key Privacy Projects Using Precompiled Contracts
Aztec Protocol
Aztec uses zk-SNARKs with homomorphic encryption and range proofs to enable private transactions. It relies heavily on all three precompiled contracts:
- Multiple instances of
bn256Addandbn256ScalarMul - One
bn256Pairingcall for proof verification
Gas cost before optimization: ~121,000n + 41,000m + 219,000
(n, m: number of input/output notes)
Zether
An anonymous payment scheme built on Ethereum that uses ElGamal encryption and zero-knowledge range proofs. It requires bn256Add and bn256ScalarMul but does not use pairing.
Zether transaction gas: ~7.1 million (before optimizations)
PGC (Private General Computation)
An improved version of Zether using Bulletproofs instead of SNARKs. Also uses bn256 operations but could benefit from secp256k1 precompiles if available.
Gas Optimization: The EIP-1108 Proposal
Despite efficiency gains from precompiles, gas costs remain high—sometimes exceeding transfer values themselves. To address this, EIP-1108 proposes reducing gas costs for the three main precompiled contracts:
| Operation | Current Gas | Proposed Gas |
|---|---|---|
bn256Add | 500 | 150 |
bn256ScalarMul | 40,000 | 6,000 |
bn256Pairing | 80k×k+100k | 45k×k+34k |
This reduction stems from improvements in underlying cryptographic libraries (e.g., switching from libff to mcl), better algorithms, and more efficient curve arithmetic.
With EIP-1108:
- Zether gas drops from ~7.1M to ~1.7M
- PGC gas falls from ~6.5M to ~1.1M
- Aztec sees proportional reductions
While EIP-1108 is still in draft status, its implementation would make privacy-preserving transactions far more viable on Ethereum.
Expanding Precompiled Capabilities: Lessons from Qtum
Qtum, a UTXO-based blockchain with EVM compatibility, allocates up to 40 million gas per block—five times Ethereum’s limit. This makes it more suitable for gas-intensive privacy operations.
Qtum plans to introduce new precompiled contracts for:
- BLS12-381 curves: More secure and efficient than bn256; ideal for pairing-based ZKPs
- secp256k1: Widely used in Bitcoin/Ethereum signatures; adding precompiles here could improve efficiency for non-pairing schemes
- Bulletproofs: A pairing-free zero-knowledge proof system ideal for range proofs in MimbleWimble-style privacy protocols
By embedding these functions natively, Qtum aims to support full privacy protocols like MimbleWimble as smart contracts—without prohibitive gas costs.
FAQ: Common Questions About Precompiled Contracts
Q: Why can't we just write these functions in Solidity?
A: While possible, implementing cryptographic operations in Solidity would be extremely inefficient and costly in gas. Precompiled contracts offer native-speed execution at a fraction of the cost.
Q: Are precompiled contracts secure?
A: Yes—they are part of the Ethereum protocol specification and undergo rigorous review during EIP processes. However, incorrect usage in smart contracts can still lead to vulnerabilities.
Q: Can I create my own precompiled contract?
A: Not without a network upgrade. Adding new precompiles requires consensus-level changes via an EIP and client implementation updates.
Q: What’s the difference between bn256 and alt_bn128?
A: They refer to the same elliptic curve. "alt_bn128" is the original name; "bn256" reflects the 256-bit prime field size. The security level is approximately 128 bits.
Q: How is gas priced for precompiled contracts?
A: Gas is benchmarked against known operations (e.g., ecrecover). Execution time is measured, then converted to gas using a standard rate (e.g., 25.86 gas/ms).
Q: Will future Ethereum upgrades replace precompiles?
A: Possibly. As part of protocol evolution (e.g., proto-danksharding), some precompiles may be replaced or optimized further—but they remain critical today.
Final Thoughts
Precompiled contracts play a vital role in making advanced cryptography feasible on Ethereum. They enable practical implementations of privacy-preserving technologies like zk-SNARKs and Bulletproofs by drastically reducing computational overhead.
As demand for privacy grows—from DeFi anonymity to confidential enterprise transactions—the need for efficient, standardized cryptographic primitives will only increase. Projects like EIP-1108 and platforms like Qtum point toward a future where privacy is not just possible but economical on public blockchains.
👉 Explore how next-gen blockchains are redefining privacy and scalability.
With continued innovation in both protocol design and cryptographic engineering, precompiled contracts will remain a cornerstone of secure and private decentralized systems.