HIPs are formal specifications for protocol-level changes to HeLa Chain. They cover precompiles, native modules, identity standards, governance rules, and any other change that requires consensus from validators or coordination across multiple components of the stack.
Each HIP follows a lifecycle: Draft → Proposed → LIVE (after on-chain governance vote and node activation) → Final. HIPs that go LIVE on testnet may be promoted to mainnet via a separate governance vote.
STATUS LEGEND
| Status | Meaning |
|---|---|
| DRAFT | Author is still drafting. Spec may change at any time. Not implemented. |
| PROPOSED | Spec stable and under review. Implementation may be in progress on devnet, but no governance vote yet. |
| LIVE | Governance vote passed, nodes upgraded, feature active on the target network. Production-grade. |
CURRENT HIPS
| HIP | Title | Status | Network |
|---|---|---|---|
| HIP-001 | EIP-7951 P-256 Precompile | LIVE | Mainnet (8668) + Testnet (666888) |
| HIP-002 | Citizen ID Protocol | PROPOSED | Testnet trials |
| HIP-003 | AI Agent On-Chain Reputation | PROPOSED | — |
/hip#hip-001 to deep-link directly to the P-256 precompile spec.| Field | Value |
|---|---|
| Status | LIVE on HeLa Mainnet (Chain ID 8668) and HeLa Testnet (Chain ID 666888) |
| Mainnet activation | 2026-04-23 — governance vote, epoch 26,021 |
| Testnet activation | 2026-04-15 — governance vote |
| Precompile address | 0x0000000000000000000000000000000000000100 |
| Gas cost | 3,450 (fixed) |
| Specification | EIP-7951 (security-hardened RIP-7212) |
OVERVIEW
The P-256 (secp256r1 / NIST P-256) precompile enables native verification of ECDSA signatures using the P-256 curve directly in the EVM. This is the same curve used by:
- WebAuthn / Passkeys — FIDO2 authenticators, Touch ID, Face ID, Windows Hello
- Apple Secure Enclave — iOS/macOS hardware key storage
- Android Keystore — hardware-backed key generation
- TLS certificates — most HTTPS connections use P-256
- Smart card / HSM signatures — government IDs, banking tokens
Without this precompile, verifying a P-256 signature in Solidity costs ~300,000 gas (elliptic curve math in EVM opcodes). With the precompile: 3,450 gas — an 87× reduction.
WHY THIS MATTERS FOR HELA
HeLa's onboarding flow uses ERC-4337 Account Abstraction with passkey signers. Every user action (mint Citizen ID, create agent, post job) requires signature verification. At 300K gas per verification, onboarding costs ~0.09 HLUSD per signup. With the precompile, it drops to ~0.035 HLUSD — enabling truly gasless onboarding via Paymaster.
INTERFACE
INPUT — 160 bytes, ABI-packed
| Offset | Size | Field | Description |
|---|---|---|---|
| 0 | 32 | msg_hash | SHA-256 hash of the signed message |
| 32 | 32 | r | ECDSA signature component r |
| 64 | 32 | s | ECDSA signature component s |
| 96 | 32 | x | Public key X coordinate (uncompressed) |
| 128 | 32 | y | Public key Y coordinate (uncompressed) |
OUTPUT
| Result | Meaning |
|---|---|
| [object Object] (32 bytes) | Signature is valid |
| Empty (0 bytes) | Signature is invalid |
GAS
Fixed cost of 3,450 gas. Reverts with out-of-gas if insufficient gas is provided.
SECURITY PROPERTIES — EIP-7951 vs RIP-7212
EIP-7951 is the security-hardened version of RIP-7212. Shipped to Ethereum L1 in the Fusaka upgrade (December 2025) as EIP-7951 at 6,900 gas — the security-hardened successor to RIP-7212.
HeLa's implementation runs EIP-7951's validation logic at RIP-7212's gas pricing (3,450 gas). Ethereum L1 priced the same logic at 6,900 gas in Fusaka based on different benchmarking. Source for HeLa's gas constant: oasis-sdk/runtime-sdk/modules/evm/src/precompile/p256verify.rs.
| Check | RIP-7212 | EIP-7951 (HeLa) |
|---|---|---|
| Point-at-infinity (recovered R') | Not checked | Rejected |
| r comparison | plain equality (r' == r) | modular (r' ≡ r mod n) |
| r range | r < n (field order) | r < n |
| s range | s > 0, s < n | s > 0, s < n |
| Off-curve points | Rejected | Rejected |
INPUT VALIDATION
The precompile rejects:
r = 0ors = 0r >= nors >= n(wherenis the P-256 curve order)- Public key not on the P-256 curve
- Public key at point-at-infinity
- Input shorter than 160 bytes
CRYPTOGRAPHIC LIBRARY
Uses the RustCrypto p256 crate v0.10.1, audited by zkSecurity (April 2025). Same ecosystem as k256 (secp256k1) used for Ethereum's ecrecover precompile.
USAGE — SOLIDITY
// Verify a P-256 signature (e.g., from a passkey/WebAuthn assertion)
function verifyP256(
bytes32 msgHash,
bytes32 r,
bytes32 s,
bytes32 x,
bytes32 y
) internal view returns (bool) {
bytes memory input = abi.encodePacked(msgHash, r, s, x, y);
(bool success, bytes memory result) = address(0x100).staticcall(input);
return success && result.length == 32 && abi.decode(result, (uint256)) == 1;
}--evm-version london to ensure compatibility.USAGE — ERC-4337 (WEBAUTHN SIGNER)
contract HelaSmartAccount is BaseAccount {
bytes32 public immutable pubKeyX;
bytes32 public immutable pubKeyY;
function _validateSignature(
PackedUserOperation calldata userOp,
bytes32 userOpHash
) internal view override returns (uint256) {
// Extract r, s from WebAuthn assertion
(bytes32 r, bytes32 s) = abi.decode(userOp.signature, (bytes32, bytes32));
// Verify using P-256 precompile
bytes memory input = abi.encodePacked(userOpHash, r, s, pubKeyX, pubKeyY);
(bool success, bytes memory result) = address(0x100).staticcall(input);
if (success && result.length == 32 && abi.decode(result, (uint256)) == 1) {
return 0; // SIG_VALIDATION_SUCCESS
}
return 1; // SIG_VALIDATION_FAILED
}
}USAGE — DIRECT RPC (curl)
# Generate a P-256 test vector and verify on testnet
node -e "
const crypto = require('crypto');
const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', { namedCurve: 'P-256' });
const rawData = crypto.randomBytes(32);
const sig = crypto.sign(null, rawData, { key: privateKey, dsaEncoding: 'ieee-p1363' });
const msgHash = crypto.createHash('sha256').update(rawData).digest();
const pubRaw = publicKey.export({ type: 'spki', format: 'der' }).slice(-65);
const input = Buffer.concat([msgHash, sig.slice(0,32), sig.slice(32,64), pubRaw.slice(1,33), pubRaw.slice(33,65)]);
console.log('0x' + input.toString('hex'));
" | xargs -I{} curl -s -X POST https://testnet-rpc.helachain.com \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_call","params":[{"to":"0x0000000000000000000000000000000000000100","data":"{}","gas":"0x100000"},"latest"],"id":1}'
# Expected: {"result":"0x0000000000000000000000000000000000000000000000000000000000000001"}DEPLOYMENT — MAINNET
The mainnet upgrade touched 13 servers, activated atomically at epoch 26,021 on 2026-04-23:
| Type | Count | Purpose |
|---|---|---|
| Validator nodes | 5 | Consensus |
| Compute nodes | 5 | Block production + transaction execution |
| Client nodes | 3 | RPC queries (eth_call, estimateGas) |
| Web3 gateway nodes | 2 | EVM RPC interface |
The new runtime binary (.orc) and web3 gateway were built using HeLa's official builder toolchain, registered on-chain for epoch 26,021, and pushed to all nodes via the deployment system. Nodes restarted and automatically activated the new runtime at the target epoch. Zero downtime — the chain never stopped producing blocks.
IMPLEMENTATION
| Item | Value |
|---|---|
| Source | oasis-sdk/runtime-sdk/modules/evm/src/precompile/p256verify.rs |
| Lines of code | ~280 |
| Dispatch check | addr_bytes[18] == 1 && addr_bytes[19] == 0 |
| Dependencies | p256 = 0.10.1 |
| Toolchain | Rust nightly-2022-08-22 (Oasis SDK requirement) |
| Dependency pins | rayon 1.10.0, rayon-core 1.12.1, indexmap 2.2.6 (nightly compat) |
TIMELINE
| Date | Milestone |
|---|---|
| 2026-04-09 | Code written, 8 unit tests passing |
| 2026-04-10 | Deployed to all 8 testnet nodes, verified via eth_call |
| 2026-04-14 | Seth security audit — 0 critical, 0 high; GO-WITH-FIXES |
| 2026-04-15 | Testnet governance vote, 8/8 tests passed on public testnet |
| 2026-04-23 | Mainnet activation — governance vote, all 13 mainnet nodes upgraded, epoch 26,021 |
ADOPTION
The P-256 precompile (RIP-7212 / EIP-7951) is deployed on:
- Polygon, Optimism (Fjord), Arbitrum (ArbOS 31 "Bianca"), Base, zkSync, Scroll — zero incidents reported
- Required by all major AA wallet providers (Privy, Turnkey, ZeroDev, Alchemy)
- Shipped to Ethereum L1 in the Fusaka upgrade (December 2025) as EIP-7951 at 6,900 gas
SOURCES
- EIP-7951 spec
- RIP-7212 spec
- Ethereum Fusaka Upgrade dev guide (Alchemy, 2025)
- What is RIP-7212? (Alchemy)
- OP Stack precompiles spec
- Arbitrum AIP: Support RIP-7212 (ArbOS 31 "Bianca")
- HeLa P-256 implementation source:
oasis-sdk/runtime-sdk/modules/evm/src/precompile/p256verify.rs
RELATED POSTS
TL;DR. HeLa's on-chain identity for AI agents, aligned with the ERC-8004 Trustless Agents standard (live on Ethereum mainnet 2026-01-29). The CitizenRegistry holds AI agent identities, each backed by an ERC-721 NFT and an ERC-6551 token-bound account. Humans participate as Guardians (NFT owners controlling one or more agents), not as Citizens. Reputation, jobs, brain-storage anchoring, and Guardian-Node attestations all hang off this identity.
WHAT THIS COVERS
- Citizen ID schema (agent-only, type = AI agent, controlled by Guardian via NFT ownership, creation epoch, GrowthTier).
- ERC-8004 compliance mapping. CitizenRegistry serves as Identity Registry. AgentRegistry + Brain Vault event stream feeds the Reputation Registry. Validation Registry receives Guardian-Node attestations through a HeLa-side aggregator owned by governance timelock.
- ERC-6551 token-bound account per Citizen.
HeLaCitizenAccountat0x2f5F82b812C558936756341666d874628998D4B5stays as the canonical implementation. Guardian (NFT owner) controls the TBA via standard ERC-6551 flow. - Mint policy: 1 HELA fee to treasury per mint, with the first 10,000 agent mints sponsored by HeLa to reduce friction for early adopters.
- Non-transferability and recovery rules.
- Brain-storage and A2A messaging anchoring through the Citizen ID.
- Compatibility with ERC-4337 onboarding and the P-256 precompile (HIP-001).
DEPLOYMENT PATH
HIP-002 ships in two stages.
- Testnet 666888. The HeLa engineering team deploys the ERC-8004 canonical registries (via the Safe Singleton Factory with published per-network salts), the HeLa-owned thin adapter shim, and the Guardian-Node attestation aggregator. Testnet activation is unilateral for HeLa engineering, gated only by internal security + test review.
- Mainnet 8668. Activation is preceded by (a) closure of any open governance-RPC scoping items, (b) a formal written update to the HeLa chain core team describing the deploy plan, intended addresses, gas impact, and any precompile or runtime touchpoints, with a 5-business-day concern window before push, and (c) on-chain transfer of adapter-shim ownership to the HeLa governance timelock before any mainnet write path is enabled. The concern window is an early-warning to coordinate with chain-core upgrades, not a permission-ask.
TL;DR. A dual-score reputation system for AI agents on HeLa — one score for skill (job completion quality, peer-reviewed) and one for trust (custodian-attested behaviour, audit history). Reputation gates access to roles, but never to votes — voting power for protocol governance stays anchored to $HELA for humans and stake-weighted attestations for organizations.
WHAT THIS WILL COVER
- Skill score — earned from completed on-chain jobs (chain-jobs marketplace), peer-reviewed
- Trust score — issued by custodians and verified through audit trail history
- Decay model — both scores fade without ongoing activity
- Role gating — high-stakes roles (keeper, oracle, custodian) require minimum scores
- Strict separation from
$HELAtoken voting power