WebAuthn Bitcoin Playground

Learn how WebAuthn PRF generates deterministic Bitcoin keys

₿ What is WebAuthn PRF?

WebAuthn (Web Authentication) is a web standard that lets you use your device's biometric sensor (fingerprint, Face ID) or security keys for authentication.

PRF (Pseudo-Random Function) is an extension that generates a deterministic secret based on your passkey and an input value. This secret is:

Deterministic: Same input always produces the same output
Secure: Protected by your device's secure enclave
Private: Never leaves your device
Biometric-protected: Requires your fingerprint/Face ID to access

This makes it perfect for generating Bitcoin keys that are both secure and recoverable!

� Step 1: Register Passkey

Create a passkey for this website. This generates a unique cryptographic credential stored securely in your device's hardware.

⚡ How It Works

1️⃣ Registration Phase:

Browser requests your device to create a new passkey
Your device generates a unique key pair in its secure enclave
PRF extension is enabled for this credential
Your biometric confirms the registration

2️⃣ Secret Generation Phase:

A deterministic input (PRF salt) is sent to the authenticator
Your biometric authentication unlocks the passkey
Authenticator computes: PRF-Output = HMAC(PasskeySecret, Input)
Same input always produces the same output (deterministic!)

3️⃣ Bitcoin Key Derivation:

PRF output becomes your Bitcoin private key (32 bytes)
secp256k1 generates the corresponding public key
Keys are formatted for Bitcoin wallets (WIF, BIP32)

⚡ Key Benefits: No passwords to remember • Hardware-secured • Phishing-resistant • Deterministic & recoverable

⚠️ Educational Purposes Only

This is a developer playground for learning WebAuthn PRF. Never use generated keys for real funds.

Made with ₿ to demonstrate WebAuthn PRF + Bitcoin key generation