EIP-7980: Ed25519 transaction support
Adds a EIP-7932 algorithm type for Ed25519 support of type `0x0`
| Authors | James Kempton (@SirSpudlington) |
|---|---|
| Created | 2025-06-25 |
| Discussion Link | https://ethereum-magicians.org/t/eip-7980-adding-ed25519-as-a-signature-scheme-to-test-eip-7932/24663 |
| Requires | EIP-7932 |
Table of Contents
Abstract
This EIP adds a new EIP-7932 algorithm of type 0x0 for supporting Ed25519 signatures.
Motivation
Ed25519 is one of the most widely used forms of Elliptic Curve Cryptography and is one of the defaults for SSH keys, this makes it a good contender to be able to sign transactions with. It also provides an algorithm to write test cases against during the implementation phase of EIP-7932.
Specification
This EIP defines a new EIP-7932 algorithmic type with the following parameters:
| Constant | Value |
| - | - |
| ALG_TYPE | Bytes1(0x0) |
| GAS_PENALTY| 1000 |
| MAX_SIZE | 96 |
def verify(signature_info: bytes, payload_hash: Hash32) -> ExecutionAddress:
assert(len(signature_info) == 96)
signature = signature_info[:64]
public_key = signature_info[64:]
# This is the `Verify` function described in [RFC 8032 Section 5.1.7](https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.7),
# This MUST be processed as raw `Ed25519` and not `Ed25519ctx` or `Ed25519ph`
assert(ed25519_verify(signature, public_key, payload_hash))
return keccak256(public_key)[-20:]
Rationale
Additional 1000 gas penality
The gas penality discourages people attempting to migrate off current secp256k1 accounts, and also covers the additional overhead (in regards to hashing) that the ed25519 curve applies.
Why Ed25519?
Ed25519 has significant tooling backing it, this makes it a good candidate for using as a “dummy” algorithm. This allows it to be an algorithm for client teams to easily test EIP-7932.
It may also be useful for signing in Hardware security modules in server environments designed for serving as ERC-4337 bundlers. It may also improve interoperability with other components such as TPM chips.
Appending the public key to the signature
Currently, without changing the algorithm itself, it is impossible to efficiently recover the public key from a signature and message.
Backwards Compatibility
No backward compatibility issues found.
Security Considerations
Needs discussion.
Copyright
Copyright and related rights waived via CC0.
Citation
Please cite this document as:
James Kempton (@SirSpudlington), "EIP-7980: Ed25519 transaction support [DRAFT]," Ethereum Improvement Proposals, no. 7980, June 2025. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-7980.