I’m not sure if there are any technical blockers with adding secp256r1 (P-256) to the supported threshold ECDSA curves, but I’ve been hitting limitations trying to implement web standards that require it. Most OAuth 2.0 implementations and JWT libraries default to ES256 signatures, which need the P-256 curve specifically - this includes things like OAuth DPoP, AT Protocol, and pretty much any modern identity/auth system.
Right now I can only use secp256k1, which works great for blockchain stuff but doesn’t help with mainstream web protocols. Having P-256 support would unlock implementing a lot of standard web authentication flows directly on IC.
Is secp256r1 something that could be added, or is it already on the roadmap? Any other curves being considered?
Hi, thanks for raising this! You’re absolutely right that threshold ECDSA support for secp256r1 (P-256) isn’t available in the IC stack yet.
The good news is that the cryptographic protocol already supports P-256 at a lower level. What’s still missing is integration into the higher layers of the IC stack (consensus, execution, governance). The existing design was built with extensibility in mind, so adding P-256 support should not be too complex.
After that integration, governance proposals will be needed to enable the generation and backup of the threshold keys.
I don’t have a precise timeline to share today. At the moment, our focus is on improving the performance of threshold signatures. That said, P-256 support is on our radar, and we expect to start working on it within the next few months. I’ll make sure to share updates as progress is made.
I believe that threshold ECDSA P-256 support will be a significant advancement in the digital identity space. The compatibility with NIST standards in particular opens up applications for various use cases. I’m looking forward to the progress on the implementation.