Notes
- why threshold ecdsa + passkeys?
- self-custodied browser based wallets are hard
- where to put the keys?
- concerns about browser security model: who can read the private key?
- Kyle: what about WebCryptoAPI?
- keys are not exportable. great!
- but how to get authenticated on other devices? root of authority trapped in browser
- wrapKey api might allow this to be portable
- passkeys provide an alternative to key management
- there’s tension between OS key management solutions, vs cross-platform KMS like 1Password
- MPC threshold ECDSA
- how is passkey recovery handled?
- can be protected against by authenticating passkeys from multiple devices
- each service could also decide on its own process for allowing re-linking of an identity to a new passkey
- how future proof is this to new curves, etc?
- this would require extensions and moving through the w3c standards process
- prf extension is an example right now: enables passkey use for not just signing but encryption
- wallet as a passkey?
- a wallet could support passkeys (act as a WebAuthN provider) in the same way that it supports multiple networks (see CAIP-2 + 10)
- those passkeys could then be rooted for recovery in the recovery phrase
- also the recovery phrase could be replaced in a wallet by a passkey; just wallet just requires the PRF spec to land in a wallet
- can passkey be used to sign on ethereum?
- requires signature validation of a non-native curve
- there is EIP-7212 precompile
- how does this fit into TSS?
- DKG would split shares
- could a passkey be a holder of a share?
- OR instead of a mathematical threshold, what about a programmatic threshold? only affordable if off-chain