|
December 16, 2018, 08:26:09 PM |
|
I would be strongly opposed to adding support to secp256r1-ecdsa to Bitcoin, particularly for this rather shallow application. r1 is slow to work with, now officially recommended against by the NSA, normal ECDSA cannot be batch verified and cannot be easily used as a threshold or adaptor signature.
There are many hardware wallets out there already, and U2F devices do not make for a good hardware wallet because they lack a display so that users can have any idea what they're signing (so they provide limited protection against a hacked computer).
If there is need for a U2F like device that works with bitcoin they could as easily be produced as ones that don't (including dual mode devices) but there just doesn't appear to be enough demand for that... accordingly, there isn't enough demand to add inferior cryptography to Bitcoin.
|