The biggest challenge to mass adoption of cryptocurrencies, before mass adoption is ever possible, is how to simply secure and spend them. Current hardware wallets, such as the popular Ledger Nano S or Trezor One, are a great first step, but they are simply too expensive – this is where Coinkite’s Coldcard comes in.
“Inexpensive and extremely safe”
The coldcard is a completely different device than most hardware wallets. Its design is based on a calculator layout with a small monochrome OLED display on the upper left and a 12-key pad that dominates the face. Coinkite’s design is focused on cutting costs, however, so the “keys” aren’t keys at all: they’re holes in the translucent plastic case that expose capacitive pads on the circuit board itself. Overall, the wallet is only slightly larger than a standard credit card – but significantly thicker.
Coinkite argues that “cheap” doesn’t have to mean “unsafe”. Internally, the wallet uses an Arm STM32 processor to both run its operations and provide a “secure enclave” – a portion of the processor that can store the private key associated with the wallet and that is where the signing processes take place, which makes it possible to use it the keys from the outside world. Even the packaging is nominally safe: the plastic bag, which contains the cold card itself, a recovery card for the 24-key BIP39 seed and a sticker, has a unique serial number that is checked by the device when it boots up for the first time Sealed tape that reads VOID when removed – although both could be defeated with a sharp knife and a cigarette lighter.
First run
Setting up the coldcard is easy, at least initially: connecting a micro USB cable triggers a self-test which, if everything is OK, the “GENUINE” LED on the side of the screen lights up and then asks the user to confirm the serial number the cold card matches the packaging. The coldcard then asks the user to choose a PIN of up to twelve digits – cleverly split in two, with the prefix generating a pair of confirmation words that can be used to ensure that the device has not been tampered with after it has been set up. enter the second half.
After you have confirmed the PIN and recorded it on the recovery card, you can set up the wallet yourself. You have two options here: importing an existing wallet from BIP39-Seed, Extended Private Key (XPRV) or a backup file from an existing coldcard or creating a new wallet. If you choose the latter, the private key will be generated and stored entirely in the STM32’s secure enclave – but be prepared to poke the keyboard for a while as you’ll have to scroll through a full 24-word seed in order to record it on the then re-enter each word one at a time in random order to make sure you haven’t made a mistake.
Breakdown in the matrix
Unfortunately, even at this point in time, using the coldcard is not as easy as it could be. The keyboard is extremely problematic: sometimes it suffers from debouncing by registering two keystrokes where only one should be; sometimes it suffers from a lack of sensitivity and completely ignores your presses; sometimes it registered phantom pressures and often scrolled to the bottom of the menu even if it was not held.
The firmware running on the device is also unreliable: In several places during the test, the coldcard did not respond completely, so that it had to be disconnected from the power source and then reconnected before it responded either to keyboard entries or the control via a connected PC. It remains to be seen whether this will be fixed in future firmware updates.
Issues and signature
Interestingly, the cold card has two modes of operation: online and offline. In online mode, the device is connected to a PC via a micro USB cable and controlled by compatible software – currently only Electrum 3.2.3 or higher. In offline mode, a wallet JSON file is created by the coldcard and written to a micro SD card without its private key, which can then be imported into Electrum. Electrum can then write transactions back to the micro SD, which are transferred to the coldcard for signing before they are brought back into Electrum for transfer to the blockchain – a tedious process that still offers maximum protection for the private key.
In the cheaper online mode, the cold card is used both to encrypt the Electrum wallet and to sign transactions. It has one major limitation, however: while it supports technically segregated witness wallets (segwit), it only works with the newer Bech32 P2WPKH address format – which is still not supported by most wallet clients and exchanges. Legacy P2PKH non-Segwit wallets can also be generated for compatibility reasons – however, it is impossible to use the widely used P2WPKH-P2SH format which combines some of the advantages of Segwit with a legacy compatible address.
The actual process of signing a transaction is simple: generate an issue transaction in Electrum as usual, and the unlocked coldcard will display a confirmation prompt with the details of the transaction. Once verified, a simple tap on the tickpad – which is referred to as “Y” or “OK” in various places in the software – signs the transaction and sends it back to Electrum for transmission.
verdict
The coldcard has some great features: it’s compact, offline mode is a bonus even if it’s cumbersome to use, and it supports both Bitcoin and Litecoin on mainnets and testnets. The lack of support outside of Electrum is a problem, however, and software bugs coupled with a tricky keyboard make active use uncomfortable.
The main selling point of the Coldcard, however, is its price: At 69.99 US dollars (approx. 46 GBP excluding VAT and shipping), the Coldcard is significantly cheaper than its competitors. Assuming the software bugs can be fixed in a future firmware update, the device itself gets wider support outside of the Electrum wallet, and the keyboard problems can be solved in software, making it a cheap alternative to more powerful devices like the Ledger Nano S ( 69.99 € including VAT) or Trezor One (74.15 € including VAT).
Comments are closed.