All cryptographers understand the difference between a standard elliptic curve which everybody uses and recommends (say NIST, NSA, NATO, Microsoft, EMV bank cards etc) and a bizarre elliptic curve which nobody ever uses and which no responsible crypto engineer would recommend, except strangely in bitcoin.
How to Upgrade
It would be incredibly easy to upgrade, it would require to modify just about 3 lines of code. Here is how:
- accept both secp256k1 and secp256r1 for 1 year,
- miners should implement a policy to mine signatures with secp256k1 X blocks later,
when X months after the upgrade roll-out in bitcoin core client,
- this will provide an increasing incentive for people to upgrade, without being too harsh,
Even if initially only some miners, not all implement this policy this will already make that the expected average approval time for transactions using the old elliptic curve would steadily grow with time, reaching rather unbearable levels in some distant future, yet really allowing plenty of time for everybody to upgrade.
Remark: Strangely enough bitcoin developers do NOT plan to listen to cryptographers.
It seems that an upgrade is out of the question according to Jeff Garzik, and the recent efforts to develop a super-specialized new library for bitcoin will make that it even harder for bitcoin developers to accept to switch in the future.