Adding ecdsa secp256r1 (p256) to Soroban host functions

[Leigh McCulloch]

Hi all,

It was proposed that functions for verifying ecdsa secp256r1 signatures be added to Soroban.

The main use case that's been suggested so far is Webauthn/Passkeys powered accounts.

This is the CAP in draft: https://github.com/stellar/stellar-protocol/blob/master/core/cap-0051.md

There are still some unanswered questions within, such as verify vs recovery, and whether it's sufficient on its own to support an efficient webauth contract.

I'm working on a prototype that'll demonstrate ecdsa secp256r1 working. I'll post a link to it here and in the discussion once I get it working.

In the meantime feedback appreciated on the proposal itself. Also if anyone has other use cases would be great to discuss them.

Why not webauthn ed25519? – In the past I wrote a prototype that used Webauthn/Passkeys with ed25519 signatures such that the Webauth/Passkey device (a Yubikey) was able to act as an account on Stellar, using Soroban's custom account contract interface. Most Webauthn clients don't support ed25519 though and there is much more support for ecdsa secp256r1. With secp256r1 support a Soroban custom account contract could support most modern browsers and phones being an account.

Cheers,

Leigh