Can you unpack on why begin a new protocol with an algorithm in doubt? I understand implementations are well understood, but the "incentivizing the verification of its security" period will seem small comfort when the break comes, no?
For other readers, here is some discussion of secp256k1 security. (You mention r1 above, but BitAuth references k1?)