NEAR Protocol lands native P256/passkey cryptography at the runtime level and introduces a Pending Transaction Queue proposal that could reshape transaction ordering for developers.

> impact

**What shipped.** Two significant NEPs advanced this cycle. NEP-635, authored by Bowen Wang, has been merged into the NEAR protocol, adding a native P256 (secp256r1) host function to the NEAR runtime. This means smart contracts can now verify P256 elliptic curve signatures directly on-chain without expensive pure-WASM implementations or off-chain workarounds. Separately, NEP-611, introduced by robin-near, proposes a Pending Transaction Queue mechanism at the protocol layer — a structural change to how transactions are buffered and ordered before inclusion in chunks. **Why it matters.** P256 is the curve behind WebAuthn, Apple's Secure Enclave, Android Keystore, and most FIDO2 hardware security keys. With NEP-635 merged, NEAR becomes one of the first L1s to offer first-class, gas-efficient passkey verification natively in the runtime. This dramatically lowers the barrier for account abstraction flows where users authenticate with biometrics instead of seed phrases — a critical UX unlock for mainstream adoption. NEP-611, meanwhile, addresses a deeper infrastructure concern: by formalizing a pending transaction queue, the protocol gains a more predictable and extensible surface for transaction lifecycle management, which has downstream implications for MEV mitigation, priority fee markets, and relayer architectures. **Impact on developers.** If you're building wallets, onboarding flows, or any dApp that touches authentication, NEP-635 is immediately actionable — you can now verify passkey signatures on-chain at a fraction of the previous gas cost. For NEP-611, the impact is more forward-looking: teams building relayers, intent solvers, or sequencing-sensitive applications should track this proposal closely, as it may change assumptions about transaction finality ordering and require updates to indexing or retry logic in your tooling stack.

> Try this now

try this

# --- NEP-635: Verifying a P256 (WebAuthn/Passkey) signature on NEAR ---
# This walkthrough shows how a smart contract can use the new
# P256 host function to verify a passkey-generated signature.

# Step 1: Import the new P256 host function from the NEAR SDK.
# The function is exposed at the runtime level, so SDK bindings
# will surface it as a near_sdk or env-level call.
# (Check near-sdk-rs >= 5.x or near-sdk-js nightly for support.)

use near_sdk::env;

# Step 2: Your contract receives a WebAuthn assertion from the client.
# The client signs a challenge using the device's passkey (P256 key).
# You'll need three things:
#   - message:    the raw authenticator data + client data hash (the signed payload)
#   - signature:  the P256 ECDSA signature (64 bytes, r || s)
#   - public_key: the P256 public key registered at account creation (65 bytes, uncompressed)

#[near(contract_state)]
pub struct PasskeyAccount {
    pub registered_pubkey: Vec<u8>, // 65-byte uncompressed P256 public key
}

#[near]
impl PasskeyAccount {
    /// Verify a passkey signature against the registered public key.
    pub fn verify_passkey(&self, message: Vec<u8>, signature: Vec<u8>) -> bool {
        # Step 3: Call the new host function.
        # env::p256_verify takes (sig, msg, pub_key) and returns a bool.
        # This runs as a native host function — far cheaper in gas than
        # doing P256 arithmetic in WASM.
        let valid = env::p256_verify(&signature, &message, &self.registered_pubkey);

        # Step 4: Act on the result. In production you'd gate a
        # sensitive action (transfer, session key rotation, etc.)
        # behind this check.
        assert!(valid, "Invalid passkey signature");
        near_sdk::log!("Passkey signature verified successfully");
        valid
    }
}

# --- Estimated gas comparison ---
# Before NEP-635 (pure WASM P256 verify): ~120+ TGas
# After  NEP-635 (native host function):  ~10-15 TGas (estimate, benchmark pending)

# --- NEP-611: Pending Transaction Queue (tracking note) ---
# NEP-611 is still a proposal (not yet merged). No new SDK surface yet.
# Developers should watch:
#   https://github.com/near/NEPs/pull/611
# Key things to monitor:
#   - Will pending txns be queryable via RPC? (useful for relayers)
#   - Will ordering guarantees change for same-signer nonces?
#   - Impact on near-lake-indexer and transaction streaming pipelines.
# We'll ship a code walkthrough once the spec stabilizes.