Technical Terms Glossary
Advanced Encryption Standard (AES) is a symmetric block cipher to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity and electronic data protection.
Intended to prevent phishing attempts using email or the internet to trick someone into giving information that would allow others to take money out of their bank account.
American Standard Code for Information Interchange. text using the English alphabet, numbers, and other common symbols.
A segwit address format specified by BIP 0173. This address format is also known as "bc1 addresses". Bech32 is more efficient with block space.
This BIP describes a general structure of hierarchical deterministic wallet (HD wallet). In particular, it defines how to derive private and public keys of a wallet from a binary master seed and an ordered set of indices.
A BIP39 or Mnemonic phrase is a list of words that store all the information needed for the recovery of a Bitcoin wallet. Usually, a wallet generates a mnemonic backup phrase by itself, so that the user could write it down on paper. Also known as a seed phrase.
BIP32-based systems give special meaning to the layers in the tree structure. Let the same seed support multiple currencies, multiple accounts, and so on.
Derivation scheme for P2WPKH-nested-in-P2SH based accounts. This BIP defines an implementation of a HD wallet for SegWit P2WPKH-in-P2SH addresses.
BIP84 refers to the accepted common standard of deriving native segwit addresses. These addresses always begin with bc1 - and are referred to bech32 addresses.
Boot Rom security
BootROM is a piece of code stored in a Read Only Memory (ROM). Generally it is the very first code executed by the booting core when it is powered-on. Hence this code contains instructions to configure the system-on-chip (SoC) to allow the SoC to execute applications.
Brute force attacks
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
Cipher Block Chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.
In HD wallets, a key derived from a parent key. The key can be either a private key or a public key.
A cryptocurrency wallet that cannot be compromised because it is not connected to the Internet. Also called a "hardware wallet" and "offline wallet," the cold wallet stores the user's address and private key and works in conjunction with compatible software in the computer.
A Cyclic Redundancy Check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data. Blocks of data entering these systems get a short check value attached, based on the remainder of a polynomial division of their contents. On retrieval, the calculation is repeated and, in the event the check values do not match, corrective action can be taken against data corruption.
Defense in Depth
Multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical security for the duration of the system's life cycle.
We provide an optional "duress PIN code". If you enter that PIN code, instead of the "real" PIN code, nothing special is shown on the screen and everything operates as normal... However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet! To take best advantage of this feature, you should put some Bitcoin into the duress wallet. How much you are willing to lose or what you need to make it plausible, we don't know. The "duress" wallet will still be derived from the original BIP39 words, so you don't need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.
Electrostatic discharge (ESD) is the sudden flow of electricity between two electrically charged objects caused by contact, an electrical short, or dielectric breakdown.
A File Allocation Table (FAT) is a file system developed for hard drives that originally used 12 or 16 bits for each cluster entry into the file allocation table. It is used by the Operating System (OS) to manage files on hard drives and other computer systems. It is used to store file information and extend the life of a hard drive.
A Hierarchical Deterministic wallet ("HD Wallet") is a system that can generate a tree-like structure from a single seed to store multiple sets of keypairs (private and public keys). The advantage is that it can be easily backed up, transferred to other compatible devices (because only seed is needed), and hierarchical permission control.
A Hardware Security Module (HSM) is a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.
Initialization Vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation.
Key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key.
Man in The Middle cyberattacks allow attackers to secretly intercept communications or alter them.
Normal Bitcoin transactions presume a single "owner" of the coins. With Multisig transactions, there are up to 15 possible owners (signers) and between 1 to 15 of them are needed to approve any spending.This is called an M-of-N wallet or "Multisig P2SH" (pay to script hash) wallet. Coldcard supports M-of-N wallets with up 15 co-signers. This is an optional, advanced, feature and does not affect normal "single signer" operations. The transaction approval and signing process is not significantly different from single signer mode, but in multisig cases the "wallet" needs to be defined before use. A typical PSBT file does not carry enough information to encode all the details of the signatures required, and to properly secure change outputs the parameters of the multisig wallet should be established before the PSBT is examined.
Also known as bech32 – Native Segwit is the latest step in the address formats. This means having an even faster transaction speed versus SegWit transactions, better scalability and even lower fees per transaction.
In HD wallets, a key used to derive child keys. The key can be either a private key or a public key, and the key derivation may also require a chain code.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
A secret number that allows bitcoins to be spent. Every Bitcoin wallet contains one or more private keys, which are saved in the wallet file. The private keys are mathematically related to all Bitcoin addresses generated for the wallet. Because the private key is the "ticket" that allows someone to spend bitcoins, it is important that these are kept secret and safe. Private keys can be kept on computer files, which is not very safe. It is recommended to be written on paper. Private keys themselves are almost never handled by the user, instead the user will typically be given a seed phrase that encodes the same information as private keys.
Partially Signed Bitcoin Transactions are a data format that allows wallets and other tools to exchange information about a Bitcoin transaction and the signatures necessary to complete it. A PSBT can be created that identifies a set of UTXOs to spend and a set of outputs to receive that spent value. PSBTs is described by BIP 174. Coldcard is the first "PSBT Native" hardware wallet. It uses PSBT internally, and should be able to sign most PSBT files generated by conforming software. For completed transactions, we can output either a PSBT (with the new signatures added) or a finalized Bitcoin transaction, ready to send. Bitcoin Core has recently added HWI which supports uploading unsigned PSBT files, and receiving signed PSBT files back from the Coldcard. All the features of the Coldcard, including message signing and showing of addresses are already supported in HWI. This is a great way to use your Coldcard from the CLI over USB connection.
The public key is a unique personal address that is shared in the blockchain. A public key is a cryptographic code that is created using asymmetric-key encryption algorithms and is used to convert a message into an unreadable format. As the bitcoin public key is made up of an extremely long string of numbers, it is compressed and shortened to form the public address. If an owner loses their public key, it is possible to recreate it using the private key.
You are requiring the sender to supply a valid signature (from the private key and public key. The transaction output script will use the signature and public key and through some cryptographic functions will check if it matches with the public key hash, if it does, then the funds will be spendable. This method conceals your public key in the form of a hash for extra security.
The outputs of a transaction are just scripts that, if are executed with specific parameters, will result in a boolean of true or false. If a miner runs the output script with the supplied parameters and results in true, the money will be sent to your desired output. P2SH is used for multi-signature wallets making the output scripts logic that checks for multiple signatures before accepting the transaction. P2SH can also be used to allow anyone, or no one, to spend the funds. If the output script of a P2SH transaction is just 1 for true, then attempting to spend the output without supplying parameters will just result in 1 making the money spendable by anyone who tries. This also applies to scripts that return 0, making the output spendable by no one.
This is a feature of segwit. Instead of using scriptSig parameters to check the transaction validity, there is a new part of the transaction called witness where the validity occurs.
Random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards were developed to protect a user's password against being read from the system. A salt is one of those methods.
A seed phrase, seed recovery phrase or backup seed phrase is a list of words which store all the information needed to recover Bitcoin funds on-chain. A Coldcard or a software wallet will typically generate a seed phrase and instruct the user to write it down on paper.
A protocol update to Bitcoin that makes Bitcoin transaction sizes smaller, which allows Bitcoin to handle more transactions at once (scalability). It achieves this by separating Bitcoin signature data from transaction data.
Secure Hash Algorithm 256-bit and it's used for cryptographic security. Cryptographic hash algorithms produce irreversible and unique hashes. The larger the number of possible hashes, the smaller the chance that two values will create the same hash.
Single Level Cell is the highest grade of NAND Flash currently available and is used for industrial Purposes.
A software program in which Bitcoins are stored. Technically, Bitcoins are not stored anywhere. For every individual who has a balance in a Bitcoin wallet, there is a private key (secret number) corresponding to the Bitcoin address of that wallet. Software wallets facilitate the sending and receiving of Bitcoins and give ownership of the Bitcoin balance to the user. The Bitcoin wallet comes in many forms. The four main types are desktop, mobile, web, and hardware. Coldcards are extremely compatible with the following software wallets\: Electrum, Bitcoin Core, BTCPAY, Specter-Desktop, Wasabi, Fully Noded, Unchained Capital, Casa, and Blue Wallet.
A software that is identical to the software used by a cryptocurrency. Because testnets are built to experiment with new ideas without disturbing or breaking the main cryptocurrency software, its digital currency is worthless.
Tor, short for 'The Onion Router', is an open source privacy network that permits users to browse the web anonymously. Tor was initially developed and solely used by the US Navy to censor government communications before the network was made available to the public.
True Random Number Generator (TRNG) is a device that generates random numbers from a physical process, rather than by means of an algorithm.
Any malware which misleads users of its true intent.
Abbreviation for transaction.
The term UTXO refers to the amount of digital currency someone has left remaining after executing a cryptocurrency transaction. The letters stand for Unspent Transaction Output. Each bitcoin transaction begins with coins used to balance the ledger.
A list of people or things considered to be acceptable or trustworthy.
An extended private key is the combination of a private key and chain code and can be used to derive child private keys (and from them, child public keys). An extended public key is a public key and chain code, which can be used to create child public keys.
Extended Public Key. it can be used to view the child wallet’s addresses, transactions, and balances. You can think of it as a read-only view of a wallet. Although the Xpub doesn’t give you spending abilities, only the possibility to view a wallet’s information, it’s highly risky to share the key with anyone.
$5 Wrench Attacks
If someone finds out that you own a significant amount of coins, they can straight-off physically attack you, or threaten you to hand over your wallet's private key or threaten you to send over the funds to them by using a deadly weapon or a basic tool that can be used for harm.
Compressed archive files created with 7-Zip open source software. These files are created using a compression method called LZMA, which is an algorithm for lossless data compression—a type of compression known for reducing file size while preserving quality.