Hierarchical Deterministic Wallet
A wallet that uses a cryptographically secure key derivation function (e.g. PBKDF2) to create an arbirtarily large number of unique addresses from a single master seed. These are beneficial as only the master seed needs to be backed up to protect against loss. Some HD wallet software can also support multi-signature configurations where multiple master seeds are combined when creating addresses. HD Wallets generally organize addresses into an n-ary tree structure, where each address is associated with a path through the tree. The first HD wallet standard adopted by many applications in the bitcoin community was BIP32 as proposed by Pieter Wuille. BIP44 introduced additional functionality allowing sub-paths to be shared without compromising the security of the entire wallet.
Key Compromise Protocol
A document that outlines the specific actions that are to be taken by every actor in an Information System in order to regenerate the system’s set of keys in the event that a key may have been compromised.
In the context of most cryptocurrencies, a wallet is a public-private keypair, where some encoding of the public key (an address) can be used in transaction outputs to transfer funds. The private key can then be used to generate a valid signature for a transaction spending those funds. In practice, however, ‘wallet’ usually refers to an application that manages a large number of these keypairs, allowing a new address to be used for each transactions. Wallet applications generally fall into one of two categories:
- JBOK (Just a Bunch of Keys) Wallets where the wallet uses a PRNG to generate each keypair and stores them for use.
- HD (Hierarchical Deterministic) Wallets which derives an arbitrary number of keypairs from one random seed.
Wallet software can introduce additional complexity, for example by combining multiple keypairs into single addresses, as in the case of a multi-signature wallet. For the purposes of this document, the term ‘wallet’ refers to some collection of cryptocurrency addresses.
Pseudo-Random Number Generator
An algorithm, program, or system used to produce arbitrary difficult-to-guess values for cryptographic applications. Typically seeded with some source of entropy, PRNGs are used, among other things, to generate cryptographic keys. Sometimes CSPRNG (Cryptographically Secure PRNG). See related: DRBG (Deterministic Random Bit Generator). Wikipedia
A one-time password is any token (often used as a factor of authentication) that is valid for one and only one use. OTP tokens are generally as secure as the weakest of:
- The channel used to deliver the OTP to the intended user, if any.
- The system where the OTP is generated and stored until “redeemed.”
A cryptocurrency address is (usually) an encoded form of a public key from a wallet that can be used as the recipient of a transaction. In multi-signature schemes, an address may be an encoding of information including several public keys and/or other information as in the case of a bitcoin P2SH address.
Authenticated Communication Channel
A communication channel that provides high confidence of the identities of the communicating parties. This could be a voice call where the sound of their known voice is verified, a digitally-signed message (using strong encryption such as PGP/GPG or S/MIME), or a combination of multiple separate channels that are unlikely to be simultaneously compromised, such as an email + an SMS message + an instant message via Slack.
Deterministic Random Bit Generator
(stub) A cryptographic key is an input to a cryptographic function. Wikipedia In public-key cryptography a public key is used to encrypt data that can only be decrypted using a corresponding private key. Similarly, the private key can be used to generate irreproducible signatures for arbitrary data which the public key can verify. In cryptocurrency, a private key may often include additional application-specific information such as bitcoin’s chain code. In such cases, the term
keycan apply to extended key information OR partial information which might be used to reconstruct a full key as both are sensitive, private information.
For the purposes of this specification, trusted environments include:
- machines owned by the organization with appropriate antivirus/anti-malware software installed
- machines owned by a keyholder
- other machines upon which the organization permits the use of keys/seeds.
An organization’s trusted environment policy should require hard disk encryption, short screen-lock timeouts, sufficiently entropic account passwords, and other sensible security measures.
Additionally, trusted environments should, where possible, make use of physical access control to prevent “shoulder surfing” of keyboard and screen by unauthorized individuals.
Public machines such as those in Internet cafes, libraries, and other public spaces are not trusted environments.
A system for encrypting data using an industry-standard encryption or key derivation algorithm with an encryption key or password such that modern cryptanalysis techniques would require the estimated global combined computing power and 1,000x more time than the expected life of the key or seed to decrypt the encrypted data. An example of an encryption algorithm that would provide the necessary level of security at the time of this writing (and potentially for the next few decades barring the discovery of a new attack vector) is AES-256. An example of a password-based key derivation function is PBKDF2 as described BIP 39. Wikipedia
Identity verification is a tiered process by which an organization or system attempts to confirm the authenticity of an actors’ claim to be a given individual or organization.
Typical methods of identity verification for individuals include:
- one or more forms of government-issued identification (driver’s license, passport, etc.)
- one or more proofs of residency at the individual’s home (utility bills, bank statements, etc.)
- successful completion of challenge questions through a reputable identity-verification service operating in the individual’s country of residence (e.g. Equifax)
In cases of an organization, the supporting records can include:
- Employer Identification Number (“EIN”), Business Number, or similar identifier based on jurisdiction
- D-U-N-S Number
- Articles of Incorporation
In either case, enough supporting documentation should be provided and verified to support the actor’s identity claim.
Factor of Authentication
Multi-factor authentication schemes require multiple demonstrations of identity. The most common example is a username and password combination, where each input is a factor of authentication. To access protected information in this scheme, an actor must provide those two pieces of information. Additional factors generally (although with diminishing returns) increase the security of the system. Common examples include:
- A TOTP token may be required, where the token can only be obtained from a device seeded with the TOTP secret (Google Authenticator), which effectively requires the actor be in possession of a specific pre-authorized device.
- An OTP can be delivered to a phone number via SMS, MMS, or a voice call.
- A biometric scan may be required - although this is usually only useful if the access point is in a controlled and trusted environment.
Colloquially, a username is not considered a factor of authentication since usernames are not commonly secret information. The same applies to email addresses, phone numbers, and other pieces of data which only “identify” actors. The requirement imposed by a factor of authentication should only be satisfiable by the actor identified.
Randomness usually collected from hardware, environmental factors (time of execution), or external sources (user-input). Wikipedia
Proof of Reserve
A demonstration that an organization has access to all funds to which it claims ownership is called a Proof-of-Reserve. Cryptocurrencies based on a public ledger (blockchain) enable proofs of reserve to be conducted and publicly verified, although the term can also be applied to private audits intended to assure some audience that an organization is operating in good faith and not as a fractional reserve