How does the bitcoin source code define its 21 million cap?
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…,
A bitcoin hardware wallet is a compact, dedicated device that generates and safely stores your bitcoin’s private and public keys offline.
Private and public keys are used by your chosen bitcoin wallet software to generate addresses, authorize spending, and safeguard access to your funds on the blockchain. Keeping your bitcoin keys offline is an integral part of bitcoin security that minimizes the risk of remote attacks and malware stealing your funds. Hardware wallets typically offer a variety of protections to prevent anyone with physical access to the device from accessing the keys inside.
Bitcoin hardware wallets (the devices themselves) are also distinct from bitcoin wallets. A bitcoin wallet is a collection of private and public keys generated from a single master private key. A bitcoin hardware wallet can be home to several bitcoin wallets.
Here, we discuss what a bitcoin hardware wallet is, what it does and doesn’t do, how hardware wallets sign transactions, and some of their advantages and disadvantages.
A common misconception is that a hardware wallet stores bitcoin inside the device. In reality, no bitcoin wallet—software or hardware—stores bitcoin inside it. Instead, all bitcoin stays on the blockchain. Hardware wallets store the keys to bitcoin only.
The misconception that bitcoin is held on hardware wallets themselves is so widespread that many bitcoin industry folks recommend not using the misleading term “hardware wallet” at all. However, alternative and potentially more accurate names, such as “signing device” or “signer,” have been slow to catch on.
Additionally, a hardware wallet cannot check bitcoin balances on the blockchain or broadcast and verify bitcoin transactions. Performing these functions requires separate bitcoin wallet software. (All bitcoin wallets connect to bitcoin nodes to receive, transmit, and validate new transactions.)
Hardware wallets carry out multiple functions necessary for receiving, securing, and spending bitcoin. When first initialized, hardware wallets (that use BIP39 standards) generate a seed, the cornerstone for constructing a bitcoin wallet. Based on the seed, addresses are generated for receiving bitcoin on the blockchain. Once bitcoin is received, you can use your hardware wallet to sign (authorize) transactions to spend your bitcoin. Hardware wallets can also recover a previously-created bitcoin wallet from a backup seed phrase.
Let’s look at each of these functions one by one.
During setup, most hardware wallets generate a seed for you. This seed, which is a large, randomly-generated string of binary digits, can be represented in human-readable form as a seed phrase. The seed phrase is presented to you during setup as a list of 12 to 24 words. These should be carefully written down in order and saved in a secure offline location.
A seed phrase is not the same as the private key for a bitcoin address. Instead, the seed phrase derives the “master private key” from which all of a wallet’s addresses and their associated private and public keys originate. Modern deterministic wallets can generate nearly an unlimited number of bitcoin addresses (with public and private key pairs generated for each address), all from a single seed phrase.
Hardware wallets generate seed phrases by generating a seed and mapping it to a list of 2,048 words. Hardware wallets use various methods to achieve randomness, such as random number generators (RNGs). In many hardware wallets, the RNG firmware runs on an isolated microprocessor called a secure element installed inside the physical hardware wallet. Other wallets use a combination of internal and external sources to generate entropy, the most popular example of the latter being dice rolls.
Once generated during initialization, your bitcoin wallet’s seed (and associated seed phrase) is stored inside the hardware wallet. If the hardware wallet uses a secure element, it generally resides there and cannot be exported from the device in plain-text form.
A hardware wallet’s limitations for exposing the seed are part of what make it secure. Hardware wallets are a form of “cold storage” because they store seeds in an environment that is isolated from the internet. Due to their limited attack surface, a hardware wallet can theoretically be connected to a virus-infected computer (not recommended!) and still protect your wallet’s seed.
The primary use case for hardware wallets is to securely sign transactions—which authorize spending from your bitcoin wallet. In a singlesig wallet, one signature from one hardware wallet is enough to move your bitcoin. In multisig wallets, generally, two or more signatures from separate hardware wallets are required to transfer funds.
To sign transactions, hardware wallets must communicate with the wallet software on a desktop or smartphone. Depending on the hardware wallet model, it may connect to your device by USB, Bluetooth, or NFC. Fully air-gapped (i.e., not directly connected to the internet) solutions are also available, including using a camera, QR codes, or SD cards to transfer data between the hardware wallet and your device.
Connecting your hardware wallet to an internet-connected device may seem counterintuitive for an offline “cold storage” solution. However, as mentioned above, even with a wired connection, your wallet’s seed and corresponding public and private keys remain isolated, keeping them safe.
Signing a transaction with a hardware wallet involves a series of steps. At no point during the process does a private key leave the hardware wallet or touch an internet-connected device. Only the transaction data (signed and unsigned) moves between the wallet software and the hardware wallet.
Hardware wallets also play a role in wallet recovery. Imagine you set up a bitcoin hardware wallet, write down the seed phrase, and later, something happens to the hardware wallet itself—fire, theft, flood, malfunction, loss, etc. One means of recovering your funds is to use your seed phrase to restore your old wallet to a new hardware wallet. During the setup of the new hardware wallet, you’re asked whether you want to create a new wallet or recover an existing wallet. Choosing to recover an existing wallet allows you to enter your old seed phrase, which restores access to your funds.
Bitcoin transactions are immutable, which means if you send your bitcoin to the wrong address, it can be permanently lost. Thankfully, hardware wallets also allow you to check your bitcoin address on the device before sending funds. Checking your address on your hardware wallet teaches you three important things:
You should always check the receive or change address on your hardware wallet before sending meaningful amounts of funds to that address.
Most hardware wallets require the manufacturer’s wallet software to initialize the device, and many choose to use the OEM software for wallet functionality as well. Once initialization is complete, however, you can use third-party bitcoin wallet software alongside your hardware wallet to manage your bitcoin, if preferred. Popular options include Sparrow, BlueWallet, and our very own multisig wallet solution.
When you connect your hardware wallet to your wallet software, you’ll mostly interact with the device where the software is installed (desktop or smartphone). But as outlined above, the hardware wallet never shares your private keys with the device—all signing of transactions occurs on the hardware wallet before being passed back to the wallet software.
When it comes to safely storing your bitcoin’s private and public keys, the advantages of hardware wallets far outweigh their disadvantages. This is especially true when compared to alternatives such as hot wallets, which store private and public keys online.
Still, there are nuances to be aware of:
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…Ted Stevenot, Stephen Hall
When Satoshi Nakamoto created bitcoin, he established in its code a fixed number of bitcoin that will ever exist. Since…Ted Stevenot
Originally published in Parker’s dedicated Gradually, Then Suddenly publication. Bitcoin is often described as a hedge, or more specifically, a…Parker Lewis