The "Trojan Horse" in the Ethereum Fusaka Upgrade

Author: Zhixiong Pan

You actually already have a "hardware wallet" in your pocket

Our everyday mobile phones and computers actually have built-in dedicated security chips. For example, the "Secure Enclave" in iPhones, or Keystore/Trust Zone/StrongBox in Android phones.

This independent physical area is usually called a TEE (Trusted Execution Environment). Its characteristic is "only in, no out": private keys are generated inside and never leave this physical area; external entities can only request it to sign data.

This is actually the standard for hardware wallets. And these chips generally use an industry-standard algorithm curve selected by NIST (National Institute of Standards and Technology): secp256r1, when signing. This is also the cornerstone behind WebAuthn and FIDO2 (such as your fingerprint login and Face ID).

The difference is only one letter. Ironically, Ethereum doesn't natively support the mainstream secp256r1. Back then, the Bitcoin community, concerned about potential "national backdoors" in the NIST curve, opted for the relatively less common secp256k1. Therefore, Ethereum followed this tradition when designing its account system. Although r1 and k1 seem to differ by only one letter, mathematically they are completely different languages. This leads to a huge pain point: the security chip in your phone is completely clueless about Ethereum; it cannot directly sign Ethereum transactions. Since hardware cannot be changed, the only option is to ensure compatibility with it in this version. Ethereum obviously cannot force Apple or Samsung to change their chip designs to adapt to secp256k1; the only way is for Ethereum itself to adapt to secp256r1. Could we use smart contracts to verify r1 signatures? Theoretically, yes, but the mathematical calculations are too complex, and a single verification could consume hundreds of thousands of gas, making it economically impractical. Therefore, in the Fusaka upgrade, developers unleashed a powerful tool: precompile contracts. This is equivalent to opening a "backdoor" or "plugin" within the Ethereum Virtual Machine (EVM). Instead of having the EVM calculate step by step, the verification function is directly written into the client's underlying code. Developers only need to call a specific address to complete the verification at a very low cost. In EIP-7951, this cost is fixed at 6900 Gas, dropping from hundreds of thousands to thousands, finally entering the range of "usable in real-world products." The final piece of the puzzle for account abstraction. The implementation of this EIP means we can finally sign and authorize smart accounts on Ethereum within the TEE environment of our mobile phones. It's important to note that this does not apply to your current MetaMask EOA address (because their public key generation logic is still k1). It is specifically designed for "Account Abstraction" (AA wallet). In the future, your wallet will no longer be a mnemonic phrase, but a smart contract. The contract states: "As long as the fingerprint (r1 signature) is verified to be correct, the transfer is allowed." In summary, EIP-7951 may not eliminate mnemonic phrases overnight, but it has finally removed the biggest obstacle to the widespread adoption of Ethereum. Before this, users were always faced with a cruel choice: Want "bank-grade" self-sufficiency? You had to buy a OneKey, Keystone, or Ledger, and safeguard your mnemonic phrase like a gold bar; want the smoothest experience? You could only store your coins on exchanges or in custodial wallets, at the cost of relinquishing control (sacrificing decentralization). After the Fusaka upgrade, this choice will no longer exist. With the implementation of EIP-7951, the "phone as hardware wallet" will gradually become a reality. For the next billion new users, they may not need to know what a "private key" is, nor will they face the psychological pressure of copying 12 words. They will simply scan their face and press their fingerprint, just like buying coffee. The iPhone's security chip will then call secp256r1 to sign the transaction and complete the verification through Ethereum's native pre-compiled contract. This is the right way for Ethereum to embrace the next billion users: not arrogantly demanding that users learn complex cryptography, but rather humbled itself to be compatible with universal internet standards and proactively reach into users' pockets.