Ethereum Fusaka upgrade's "Trojan Horse": How to turn billions of mobile phones into hardware wallets?

Written by: Zhixiong Pan

You actually already have a “hardware wallet” in your pocket.

The mobile phones and computers we use daily actually have dedicated security chips built in. For example, the “Secure Enclave” in iPhone or Keystore / Trust Zone / StrongBox in Android phones.

This independent physical area is typically referred to as a TEE (Trusted Execution Environment). It is characterized by “input only”: private keys are generated inside and never leave this physical area; external parties can only request it to sign data.

This is essentially the standard for hardware wallets. The chips commonly use an industry-standard algorithm curve selected by NIST (National Institute of Standards and Technology) for signing: secp256r1. This is also the cornerstone behind WebAuthn and FIDO2 (like your fingerprint login, FaceID).

A gap of only one letter

The awkward part is that Ethereum natively does not support this mainstream secp256r1.

At that time, the Bitcoin community chose the relatively obscure secp256k1 due to concerns about a “national-level backdoor” in the NIST curve, so Ethereum followed this tradition in designing its account system.

Although r1 and k1 look like they differ by only one letter, they are completely two different languages in mathematics. This leads to a huge pain point: the security chip in your phone is clueless when faced with Ethereum; it cannot directly sign Ethereum transactions.

Since we can't change the hardware, let's make this version “compatible” with it.

Ethereum clearly cannot force Apple or Samsung to change their chip designs to accommodate secp256k1; the only way is for Ethereum to adapt to secp256r1 itself.

Is it possible to write code with smart contracts to verify the r1 signature? Theoretically yes, but the mathematical calculations are too complex, and running a single verification might consume hundreds of thousands of Gas, which is completely unfeasible economically.

Therefore, in the Fusaka upgrade, the developers unleashed a powerful weapon: Precompiled Contracts. This is equivalent to opening a “backdoor” or “plug-in” in the Ethereum Virtual Machine (EVM). Instead of having the EVM compute step by step, it is better to write this verification function directly into the underlying code of the client. Developers only need to call a specific address to complete the verification at a very low cost.

In EIP-7951, this cost is fixed at 6900 Gas, dropping directly from hundreds of thousands to a few thousand, finally entering the range of “daily use in real products.”

The last piece of the puzzle of account abstraction

The implementation of this EIP means that we can finally authorize signature for smart accounts on Ethereum in the TEE environment of mobile phones.

It is important to note that this does not apply to your current MetaMask EOA address (because their public key generation logic is still k1).

It is specifically designed for “Account Abstraction” (AA wallet). In the future, your wallet will no longer be a string of mnemonic words, but rather a smart contract. This contract states:

“As long as this fingerprint (r1 signature) is verified to be correct, the transfer is allowed.”

Summary

EIP-7951 may not make mnemonic phrases disappear overnight, but it has finally removed the biggest stumbling block on the path to the widespread adoption of Ethereum.

Before this, the users were always faced with a cruel choice: Do you want to have “bank-level” self-security? You have to spend money to buy a OneKey, Keystone, or Ledger, and you also have to keep the mnemonic phrase as if you were storing gold bars; Do you want the smoothest experience? You can only keep your coins on exchanges or in custodial wallets, sacrificing control (sacrificing decentralization).

After the Fusaka upgrade, this multiple-choice question will no longer exist.

With the implementation of EIP-7951, “mobile as hardware wallet” will gradually become a reality. For the future billion new users, they may not need to know what a “private key” is, nor face the psychological pressure of writing down 12 words.

They just need to swipe their face and press their fingerprint like buying coffee as usual, and the Apple security chip behind the iPhone will invoke secp256r1 to sign the transaction and complete the verification through Ethereum's native precompiled contracts.

This is the correct way for Ethereum to embrace the next billion users: not arrogantly demanding users to learn complex cryptography, but lowering its stance to accommodate the universal standards of the internet and actively stepping into the users' pockets.