From a944aa43147985f3b3a3736ed4d9ba2d3ea93d5f Mon Sep 17 00:00:00 2001
From: Federico Gimenez <federico.gimenez@gmail.com>
Date: Tue, 27 Jan 2026 19:37:32 +0000
Subject: [PATCH] docs: document P256/WebAuthn shared address derivation

---
 .../use-accounts/webauthn-p256-signatures.mdx      | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/pages/guide/use-accounts/webauthn-p256-signatures.mdx b/src/pages/guide/use-accounts/webauthn-p256-signatures.mdx
index 3b675b0d..8e5ad22b 100644
--- a/src/pages/guide/use-accounts/webauthn-p256-signatures.mdx
+++ b/src/pages/guide/use-accounts/webauthn-p256-signatures.mdx
@@ -20,6 +20,20 @@ WebAuthn signatures include authenticator data from biometric devices. Identifie
 
 The verification data contains information from the authenticator (device metadata, user presence flags, etc.).
 
+## Address derivation
+
+### secp256k1
+
+Standard Ethereum address derivation: `keccak256(uncompressed_public_key)[12:32]`.
+
+### P256 and WebAuthn
+
+Both P256 and WebAuthn derive addresses from the public key coordinates: `keccak256(pub_key_x || pub_key_y)[12:32]`.
+
+:::info[Shared address space]
+P256 and WebAuthn use identical address derivation, so the same key pair produces the same address regardless of signature type. A passkey can authorize transactions via raw P256 signatures and vice versa.
+:::
+
 ---
 
 :::info