COLDCARD Mk4 v5.4 & Q v1.3: XOR from Seed Vault, Optimizations & More
COLDCARD Mk4 is an affordable, ultra-secure, and verifiable hardware wallet for Bitcoin. COLDCARD Q is the higher-end COLDCARD that comes with a full QWERTY keyboard, a larger LCD screen, real QR scanner, and more.
- This release brings the ability to restore geographically distributed SeedXOR without physically bringing the parts together, improved side channel protection, speed improvements, and many bug fixes.
- COLDCARD Q now supports importing Seed XOR by scanning SeedQR parts, the ability to input backup password via QR scan, and BBQR file sharing of arbitrary files. Create an Airgapped Multisig Wallet now works with BBQRs, in addition to MicroSD cards.
What's new
- Seed XOR Changes:
- XOR from Seed Vault (select other parts of the XOR from seeds in the vault). This allows Restore of geographically distributed SeedXOR, without physically bringing the parts together.
- Q only: Seeds, for SeedXOR, can be scanned from SeedQR instead of typing them by hand.
- Multisig Changes:
- Now possible to disable BIP-67 compliance (sorted pubkeys) by importing a descriptor with
multi()clause. This needs to be enabled—opt-in only. BIP-67 has been the standard for almost 10 years, so we don’t expect many to use this feature. - JSON wrapped imports to provide custom
nameinstead of the filename. Most useful for USB and NFC imports which have no filename. - Descriptor checksum is no longer required on import. If provided, must be correct.
- Q only: Create an Airgapped Multisig Wallet (a.k.a using CC as multisig coordinator) now works with BBQRs, in addition to MicroSD cards.
- Now possible to disable BIP-67 compliance (sorted pubkeys) by importing a descriptor with
- Optimizations and Speed:
libsecp256k1bumped to latest version: 0.5.0 (point multiplication algorithm speed up, etc).- Speed improvements in our signature grinding for positive R.
- Update to
libsecp256k1, plus our optimizations, yield 30% improvement in signing speed over previous version. Improvement is 15% in overall signing speed, as signatures are only part of process (UTXO validation & change checks take time). - Security: Improve side-channel protection: libsecp256k1 context randomization now happens before each signing session.
- Bugfixes:
- Do not allow import of multisig wallet when same keys are shuffled.
- Do not read whole PSBT into memory when writing finalized transaction (performance).
- Prevent user from restoring Seed XOR when number of parts is smaller than 2.
- Fix display alignment of Seed Vault menu.
- Properly handle null data in
OP_RETURN. - Do not allow lateral scroll in Address Explorer when showing single address from custom path.
- Mk4 specific: Correct intermittent card inserted/not inserted detection error.
Q Specific changes
- New Feature: Seed XOR can be imported by scanning SeedQR parts.
- New Feature: Input backup password from QR scan.
- New Feature: (BB)QR file share of arbitrary files.
- New Feature:
Create Airgappednow works with BBQRs. - Change: Default brightness (on battery) adjusted from 80% to 95%.
- Bugfix: Properly clear LCD screen after BBQR is shown.
- Bugfix: Writing to empty slot B caused broken card reader.
- Bugfix: During Seed XOR import, display correct letter B if own seed already added to the mix.
- Bugfix: Stop re-wording UX stories using a regular expression.
- Bugfix: Fixed “easy exit” from quiz after split Seed XOR.
Upgrade your firmware here.
