YubiCastle

There have been crypto-specific hardware wallets in the market for number of years, but with the introduction of Account Abstraction (AA), more verification methods are now available - up for the innovation. For those who do want to have cold-wallet-like experience, I believe YubiKey is one of the famous hardware keys in the traditional customer market that satisfies such needs as it offers more advanced level of security, including the availability of EdDSA/Ed25519 at their hardware.

This project aims to explore integrating YubiKey with the on-chain key verification of EdDSA/Ed25519.

Onchain Key Verification - The computation relying on EdDSA/Ed25519 is generally heavy on-chain at the moment. Zero-knowledge (ZK) circuit for such curve is not practically available given that ZK arithmetic by nature may not work well with Ed25519 curve - therefore it ends up with a complex circuit which takes time (15+ minutes) to generate a proof in web browser. After the needed research and performance trial, verifying keys by solidity-based smart contract would be more applicable at the moment.

YubiKey Integration - Thanks to WebAuthn, it's easier to interact with YubiKey device (and other potential hardware) easily. However, WebAuthn has its own protocol, and it does not allow you to get the required information right away. Fair amount of conversion effort is required in order to extract all 3 components (namely message, signature, public key). At the end, smart contract can act like the official "relying party" (RP) in WebAuthn/FIDO2 architecture.

Wallet - The recently born Trampoline is used as the underlying wallet user interface implementation, given that it ties well with Account Abstraction (AA). While there is still new and require workarounds for advanced use cases, but this allows the developers to get up to speed with the needed AA concepts better.