The "Trojan Horse" in the Ethereum Fusaka upgrade

Author: Zhixiong Pan

You actually already have a “hardware wallet” in your pocket.

The mobile phones and computers we use daily actually have specialized security chips built into them. For example, the “Secure Enclave” in the iPhone, or Keystore / Trust Zone / StrongBox in Android phones.

This independent physical area is commonly referred to as a TEE (Trusted Execution Environment). Its characteristic is “input only, no output”: the private key is generated inside and will never leave this physical area, and external parties can only request it to sign data.

This is essentially the standard for hardware wallets. These chips commonly use an industry-standard algorithm curve selected by NIST (National Institute of Standards and Technology) for signing: secp256r1. This is also the foundation behind WebAuthn and FIDO2 (such as your fingerprint login, FaceID).

A chasm that differs by just one letter

The awkward thing is that Ethereum natively does not support this mainstream secp256r1.

At that time, the Bitcoin community chose the relatively obscure secp256k1 due to concerns about a potential “national backdoor” in the NIST curves, so Ethereum adopted the tradition of using this curve when designing its account system.

Although r1 and k1 seem to differ by just one letter, they are completely two different languages in mathematics. This leads to a huge pain point: the security chip in your phone is baffled by Ethereum, as it cannot directly sign Ethereum transactions.

Since we cannot change the hardware, let's make this version “compatible” with it.

Ethereum clearly cannot force Apple or Samsung to change their chip designs to accommodate secp256k1; the only way is for Ethereum to adapt to secp256r1 itself.

Is it possible to write code with smart contracts to verify the r1 signature? In theory, yes, but the mathematical operations are too complex, and running a single verification could consume hundreds of thousands of Gas, which is completely impractical economically.

In the Fusaka upgrade, the developers unleashed a powerful tool: precompiled contracts. This is equivalent to opening a “backdoor” or “plugin” in the Ethereum Virtual Machine (EVM). Instead of having the EVM compute step by step, it's better to write this verification function directly into the underlying client code. Developers only need to call a specific address to complete the verification at a very low cost.

In EIP-7951, this cost is fixed at 6900 Gas, dropping from hundreds of thousands directly to thousands, finally entering the range of “daily use in real products.”

The Last Piece of the Account Abstraction Puzzle

The implementation of this EIP means that we can finally authorize signature for smart accounts on Ethereum in the TEE environment of mobile phones.

It should be noted that this does not apply to your current MetaMask EOA address (because their public key generation logic is still k1).

It is specifically designed for “Account Abstraction” (AA wallet). In the future, your wallet will no longer be a string of mnemonic words, but rather a smart contract. This contract states:

“As long as this fingerprint (r1 signature) is verified to be correct, the transfer is allowed.”

Summary

EIP-7951 may not make mnemonic phrases disappear overnight, but it has finally removed the biggest stumbling block on the path to the mass adoption of Ethereum.

Before this, users were always faced with a cruel choice: Want to have “bank-level” self-security? You need to spend money to buy a OneKey, Keystone, or Ledger, and you have to keep your mnemonic phrase safe like you're guarding gold bars; Want the smoothest experience? You can only keep your coins in exchanges or custodial wallets, at the cost of giving up control (sacrificing decentralization).

After the Fusaka upgrade, this multiple-choice question will no longer exist.

With the implementation of EIP-7951, “mobile as a hardware wallet” will gradually become a reality. For the billion new users in the future, they may not need to know what a “private key” is, nor face the psychological pressure of writing down 12 words.

They just need to scan their face and press their fingerprint like they usually do when buying coffee, and the iPhone's secure chip in the back will call secp256r1 to sign the transaction and complete the verification through Ethereum's native precompiled contract.

This is the correct way for Ethereum to embrace the next billion users: not arrogantly demanding users to learn complex cryptography, but rather lowering the bar to accommodate universal internet standards and actively stepping into users' pockets.