Prompted by a Tweet by matt.bit (Nervos network community):
Prediction: over the next 2 years, every blockchain other than Bitcoin and its offspring will fork to include support for secp256r1 Windows 11 is going passwordless. Here's what you'll be using instead. | Mashable
The “passwordless” method mentioned is the “passkey” method, commonly referred to as CTAP/FIDO2:
The two primary technical specifications that work together to enable passkeys are Web Authentication, commonly referred to as WebAuthn, and the Client to Authenticator Protocol (CTAP), commonly referred to as FIDO2.
The two specs together are often referred to as one stack, FIDO2/WebAuthn.
The FIDO Client to Authenticator Protocol , often referred to by its acronym CTAP, is responsible for communications with the authenticator over a number of transports including USB, NFC, and Bluetooth. Operating systems, and in some cases apps, utilize this protocol to pass requests from WebAuthn to the appropriate authenticator over its desired transport.
The standard is getting wide industry acceptance and hardware keys are being mass-produced and are widely available: https://www.pcmag.com/picks/the-best-security-keys-for-multi-factor-authentication
- Possibility of turning any “authkey” device into a Bitcoin Cash hardware wallet
- One-off node upgrade costs + minimal maintenance
There’s already an EIP for this: EIP-7212: Precompiled for secp256r1 Curve Support
Recall how pubkeys read by
OP_*SIG* opcodes are encoded.
They have a single byte prefix that can be 02, 03, or 04:
Public key formats
Public keys are also presented in different ways, most importantly as either compressed or uncompressed public keys.
As we saw previously, the public key is a point on the elliptic curve consisting of a pair of coordinates
(x,y). It is usually presented with the prefix
04followed by two 256-bit numbers, one for the x coordinate of the point, the other for the y coordinate. The prefix
04is used to distinguish uncompressed public keys from compressed public keys that begin with a
– A. M. Antonopoulos, Mastering Bitcoin, chapter 4
We could add another prefix there, to indicate that the pushed public key is associated with another curve, so the VM can switch signature verification to secp256r1.
This same method could later be used to implement a quantum-resistant signature scheme.