Bitcoin Technical Glossary

When nodes switch to a longer valid chain, orphaning previously accepted blocks. Occurs naturally due to near-simultaneous block discovery or maliciously via 51% attacks. Transactions in orphaned blocks return to mempool (if still valid).

The 100-block waiting period before coinbase outputs can be spent. Prevents issues from chain reorganizations where a miner's reward could disappear if their block becomes stale.

The set of rules that all nodes must follow to validate blocks and transactions. Include block size limits, signature verification, coin issuance schedule, and script execution. Changes require coordinated network upgrades. Violations result in rejection.

A backwards-incompatible consensus rule change where new rules are looser than old rules. Old nodes reject blocks from new nodes. Creates a permanent chain split unless all nodes upgrade. Bitcoin has avoided hard forks; BCH, BSV were contentious hard forks.

A backwards-compatible consensus rule change where new rules are stricter than old rules. Old nodes still accept blocks from new nodes. Examples: SegWit, Taproot, P2SH. Requires miner majority for activation but doesn't split the network if old nodes remain.

A cryptographic technique where a signature is created in an 'incomplete' form that can only be completed by learning a secret value (the adaptor). Once the adapted signature is published, the secret is revealed. Enables atomic swaps, PTLCs, and other trustless protocols without hash preimages.

A cryptographic proof that the holder of a private key authorized a transaction. Bitcoin uses ECDSA on secp256k1 curve for legacy transactions and Schnorr signatures for Taproot. Signatures are included in transaction inputs to unlock spent UTXOs.

A digital cash system invented by David Chaum using blind signatures to create untraceable tokens. The mint signs tokens without seeing their content; tokens can be verified as valid without linking to issuance. Used in Fedimint and Cashu.

A threshold signature scheme allowing t-of-n signing where any t participants can produce a valid Schnorr signature without revealing the combined private key. Unlike MuSig which requires all parties, FROST enables flexible quorums. The resulting signature is indistinguishable from single-sig Taproot spends.

A cryptographic function producing a fixed-size output (digest) from arbitrary input. Bitcoin uses SHA-256 extensively: double-SHA256 for block headers and transaction IDs, SHA-256 in address derivation, HMAC-SHA512 for HD key derivation. Properties: deterministic, fast, collision-resistant, preimage-resistant, avalanche effect.

A highly optimized C library for elliptic curve operations on the secp256k1 curve. Developed by Bitcoin Core, used for all signing and verification operations. Designed for constant-time execution to prevent side-channel attacks.

A binary tree structure where each leaf node is a transaction hash, and each non-leaf node is a hash of its children. The root hash summarizes all transactions in a block, included in the block header. Enables efficient proof that a transaction is in a block without downloading all transactions.

A library for efficient set reconciliation between two parties who each have a set of elements. Used in Erlay for bandwidth-efficient transaction relay by computing and transmitting only set differences.

A Schnorr-based multi-signature scheme enabling n-of-n key aggregation into a single public key and signature indistinguishable from a regular single-sig. MuSig2 is the practical variant requiring only 2 rounds of communication (vs 3 in MuSig1), making it suitable for interactive signing. Produces 64-byte signatures regardless of participant count. Requires careful nonce handling to prevent key extraction attacks.

The original input to a hash function that produces a specific output. In HTLCs, the payment secret that when revealed allows claiming funds. Finding preimages for SHA-256 without the original is computationally infeasible.

A 256-bit secret number that controls access to bitcoin. Used to create digital signatures proving ownership. Must be kept secret; anyone with the private key can spend the associated funds. Generated randomly or derived from a seed phrase using BIP-32.

A point on the secp256k1 elliptic curve derived from the private key using one-way multiplication. Can be shared publicly to receive payments. Compressed format is 33 bytes (02/03 prefix + x-coordinate). Used to verify signatures and derive addresses.

A digital signature scheme activated with Taproot (BIP-340). Offers smaller signatures (64 bytes fixed), native key aggregation (MuSig2), and batch verification efficiency. Simpler security proofs than ECDSA. Enables advanced protocols like PTLCs.

A cryptographic hash function producing a 256-bit (32-byte) output. Bitcoin uses double-SHA256 (SHA256d) for block headers, transaction IDs, and merkle trees. Mining is essentially a SHA256d lottery to find hashes below target.

A cryptographic method allowing one party to prove knowledge of a secret or validity of a statement without revealing the secret itself. Used in validity rollups, privacy protocols, and proposed Bitcoin applications like client-side validation.

A string of characters representing a destination for bitcoin payments. Derived from public keys through hashing. Different address types exist: Legacy (1...), SegWit (3... or bc1q...), Taproot (bc1p...). Addresses should ideally be used only once for privacy.

Government regulations requiring financial institutions and exchanges to monitor transactions, report suspicious activity, and verify customer identities. In Bitcoin, AML rules force exchanges to implement KYC and transaction surveillance, conflicting with Bitcoin's privacy and permissionless ethos.

A decentralized digital currency and payment network launched in 2009 by the pseudonymous Satoshi Nakamoto. Uses proof-of-work mining for consensus, cryptographic signatures for ownership, and a blockchain for transaction history. Fixed supply of 21 million coins makes it a deflationary asset.

An exchange-traded fund that provides exposure to bitcoin's price through traditional brokerage accounts. Spot ETFs hold actual bitcoin; futures ETFs hold derivatives. Approved in the US in January 2024, enabling institutional investment without direct custody.

A batch of validated transactions bundled together and added to the blockchain. Contains a header (with proof-of-work solution) and a list of transactions. New blocks are created approximately every 10 minutes by miners who earn the block reward.

An 80-byte structure containing block metadata: version (4 bytes), previous block hash (32 bytes), merkle root (32 bytes), timestamp (4 bytes), difficulty target (4 bytes), and nonce (4 bytes). The double-SHA256 hash of the header must be below the target for a valid proof-of-work.

The sequential number of a block in the blockchain, counting from the genesis block (height 0). Used to reference specific points in Bitcoin's history. Current height indicates how many blocks have been mined since Bitcoin's inception.

Unix timestamp in block header. Must be greater than median of past 11 blocks, less than 2 hours in future. Used for difficulty adjustment, timelocks, and ordering. Miners have ~2 hour flexibility.

An append-only data structure linking blocks of transactions using cryptographic hashes. Each block contains a hash of the previous block, creating an immutable chain. In Bitcoin, blocks are added through proof-of-work mining, making history modification computationally infeasible.

A measure of how deeply a transaction is buried in the blockchain. One confirmation means included in a block. Each subsequent block adds another confirmation. More confirmations = higher security against reversal. Six confirmations is the traditional standard for irreversibility.

Digital assets using cryptography for security and typically operating on decentralized networks. Bitcoin was the first cryptocurrency. The term now encompasses thousands of projects, most lacking Bitcoin's decentralization, security, or monetary properties.

A movement of activists advocating cryptography and privacy-enhancing technologies as tools for social change. Active since the 1990s via the Cypherpunk mailing list. Contributed to PGP, anonymous remailers, digital cash concepts, and ultimately Bitcoin.

An investment strategy of buying a fixed dollar amount of bitcoin at regular intervals regardless of price. Reduces impact of volatility and removes emotional timing decisions. Simple long-term accumulation strategy for consistent savers.

The first block in the Bitcoin blockchain, mined by Satoshi Nakamoto on January 3, 2009. Block height 0. Contains an unspendable 50 BTC reward due to a quirk in the code. The coinbase includes the famous Times headline about bank bailouts.

Slang for holding bitcoin long-term rather than trading. Originated from a 2013 Bitcoin forum post with a typo ('I AM HODLING'). Represents the strategy of accumulating and not selling despite price volatility, based on long-term conviction.

Identity verification requirements imposed on financial services, including Bitcoin exchanges. Requires submitting personal documents, creating privacy and security risks. Bitcoin acquired without KYC (peer-to-peer, mining) preserves financial privacy.

A two-dimensional barcode encoding data as a pattern of squares. Widely used in Bitcoin to encode addresses, payment requests (BIP-21 URIs), and Lightning invoices. Enables easy scanning with mobile devices for payments.

The smallest unit of bitcoin, equal to 0.00000001 BTC (one hundred millionth). Named after Bitcoin's creator. Commonly used for pricing small transactions and Lightning payments. With Bitcoin at $100k, 1 sat ≈ $0.001.

The pseudonymous creator of Bitcoin who published the whitepaper in October 2008 and launched the network in January 2009. Disappeared from public communication in 2011. Identity remains unknown. Early mined coins (~1M BTC) have never moved.

A dedicated cryptographic device for enterprise key management and signing. Provides physical security, access controls, and audit logging. Used by exchanges and custodians for securing large Bitcoin holdings.

A tamper-resistant hardware component designed to securely store cryptographic keys and execute sensitive operations. Used in hardware wallets to protect private keys from physical and software attacks.

A Layer 2 protocol enabling off-chain payments through virtual UTXOs (vTXOs) managed by an Ark Service Provider (ASP). Users join periodic 'rounds' where the ASP creates shared UTXOs, with atomic swaps ensuring non-custodial guarantees.

A proposed soft fork enabling hashrate-secured sidechains. BIP-300 defines the deposit/withdrawal mechanism using blind merge mining. BIP-301 enables miners to collect sidechain fees without running sidechain software.

A routing privacy technique where the receiver provides encrypted route hints to their node. Senders can reach the destination without learning the final node's identity or location in the network graph.

A Lightning Network protocol for static, reusable payment requests (offers) that don't expire. Offers encode payment parameters; payers fetch invoices on-demand via onion messages. Enables subscriptions, donations, and improved payment UX.

A free and open-source Chaumian eCash protocol for Bitcoin, enabling private and near-instant transactions. Unlike Fedimint, Cashu mints are typically single-operator, trading trust distribution for simplicity and interoperability.

A construction enabling multiple Lightning channels to share a single on-chain UTXO. Participants in the factory can open, close, and rebalance channels between each other without on-chain transactions, improving capital efficiency.

A proposed Lightning channel construction using SIGHASH_ANYPREVOUT enabling symmetric state updates. Any later state can replace any earlier state without penalty transactions, simplifying channel logic and enabling multiparty channels.

A federated Chaumian eCash mint built on Bitcoin, enabling private, scalable payments within a trust-minimized custodial framework. A federation of guardians holds Bitcoin and issues blinded eCash tokens redeemable for on-chain or Lightning payments.

A conditional payment requiring the recipient to provide a secret preimage matching a hash before a timeout. If not claimed in time, funds return to sender. Used in Lightning Network for trustless multi-hop payments and in atomic swaps.

A technique where Lightning channels are opened on-demand when a payment arrives for a user without sufficient inbound liquidity. The LSP opens a channel funded with the incoming payment amount, often using zero-conf.

Protocols built on top of Bitcoin's base layer to enable faster, cheaper, or more private transactions while inheriting Bitcoin's security. The Lightning Network is the primary Layer 2. Others: Liquid (federated sidechain), RGB, Ark.

A layer 2 payment protocol enabling instant, low-fee Bitcoin transactions through a network of bidirectional payment channels. Payments route through multiple channels using HTLCs. Only channel open/close transactions are recorded on-chain.

A service providing Lightning Network infrastructure including channel management, liquidity, and routing services. LSPs abstract the complexity of running a Lightning node, enabling non-custodial mobile wallets with good UX.

A statechain implementation enabling off-chain Bitcoin transfers with blinded server operation. The server facilitates transfers but cannot identify users or link transfers, providing strong privacy while maintaining non-custodial properties.

A protocol enabling applications to request Lightning payments through Nostr relays. Users connect wallets once; apps send payment requests without direct wallet access. Enables seamless zaps and payments in Nostr clients.

Transactions or data stored outside the Bitcoin blockchain. Includes Lightning payments, sidechain transactions, and Layer 2 activity. Reduces on-chain congestion and fees while leveraging Bitcoin's security for final settlement.

A two-party arrangement enabling unlimited off-chain transactions by locking funds in a multisig output. Only the opening and closing transactions appear on-chain. Lightning Network is a network of interconnected payment channels enabling multi-hop payments.

A Lightning Network payment primitive using adaptor signatures instead of hash preimages. Provides better privacy than HTLCs because each hop uses a different adaptor point, preventing correlation of payment hops. Requires Taproot and Schnorr signatures.

A separate blockchain pegged to Bitcoin, allowing BTC to move between chains. Enables experimentation with new features without changing Bitcoin's base layer. Examples: Liquid (federated), proposed Drivechains (BIP-300/301).

A Layer 2 protocol transferring UTXO ownership off-chain by passing the private key and updating a state entity. The state entity co-signs all transactions but cannot spend unilaterally. Mercury Layer is the primary implementation.

A Lightning routing delegation scheme where lightweight nodes outsource pathfinding to trampoline nodes. The sender specifies high-level waypoints; trampoline nodes compute detailed routes between them.

A Layer 2 scaling approach where execution happens off-chain but validity is proven on-chain using zero-knowledge proofs. Would enable massive scaling while inheriting Bitcoin's security, but requires new opcodes.

Lightning channels considered usable immediately after broadcast without waiting for confirmations. Requires trusting the channel opener not to double-spend the funding transaction. Common for LSP-to-user channels.

The standard cooling method for mining hardware using fans to move air across heatsinks attached to ASIC chips. Simple and inexpensive but limited in heat dissipation capacity. Most consumer and small-scale mining operations use air cooling.

Application-Specific Integrated Circuit designed solely for Bitcoin mining (SHA-256d hashing). Orders of magnitude more efficient than CPUs, GPUs, or FPGAs for mining. Modern ASICs achieve ~100+ TH/s while consuming ~3000W. Dominant mining hardware since 2013.

The total compensation miners receive for successfully mining a block: the block subsidy (newly created bitcoin) plus all transaction fees from included transactions. The primary economic incentive driving Bitcoin's security.

The newly minted bitcoin awarded to miners in each block, separate from transaction fees. Started at 50 BTC, halves every 210,000 blocks. The mechanism by which new bitcoin enters circulation, following a predictable disinflationary schedule.

A candidate block prepared by a miner or pool containing selected transactions, coinbase, and header fields ready for hash attempts. Template generation determines transaction inclusion and ordering.

Purchasing mining capacity from a remote data center operator who owns and manages the hardware. User pays upfront or ongoing fees; operator handles hardware, electricity, and maintenance. Historically rife with scams and almost never profitable for customers.

The first transaction in every block, created by the miner to claim the block reward (subsidy + fees). Has no inputs in the traditional sense; instead contains a 'coinbase' field where miners can include arbitrary data (up to 100 bytes). Outputs are unspendable for 100 blocks (coinbase maturity).

Voluntarily reducing mining power consumption during periods of high electricity prices or grid stress. Miners with flexible power contracts can profit by selling their reserved electricity back to the grid. Makes mining operations grid-friendly and increases profitability.

A measure of how hard it is to find a valid proof-of-work hash. Automatically adjusts every 2016 blocks (~2 weeks) to maintain the 10-minute average block time target. If blocks are too fast, difficulty increases; too slow, it decreases.

A theoretical attack or event causing mining difficulty to spike or remain artificially high, making mining unprofitable and potentially stalling the chain. Bitcoin's difficulty adjustment (max 4× per epoch) and natural hashrate mobility make this unlikely.

The 2016-block period (~2 weeks) after which Bitcoin's mining difficulty adjusts. If blocks were mined faster than 10 minutes on average, difficulty increases; if slower, it decreases. Ensures consistent block times regardless of hashrate changes.

Additional nonce space in the coinbase transaction used when the 32-bit header nonce is exhausted. Changing extra nonce changes the Merkle root, effectively providing unlimited nonce space.

Using Field-Programmable Gate Arrays for Bitcoin mining, prevalent in 2011-2012 between the GPU and ASIC eras. FPGAs offered better efficiency than GPUs but were quickly obsoleted by purpose-built ASICs. Rarely used for Bitcoin mining today.

Using graphics processing units to mine Bitcoin, prevalent from 2010-2013 before ASIC dominance. GPUs offered significant speedup over CPUs due to parallel processing. Now obsolete for Bitcoin as ASICs are millions of times more efficient.

A programmed event every 210,000 blocks (~4 years) where the block subsidy is cut in half. Started at 50 BTC in 2009; after four halvings it's 3.125 BTC (2024). Creates predictable monetary policy with decreasing inflation, approaching the 21 million coin limit.

A circuit board containing multiple ASIC chips that performs the actual SHA-256 hashing in a mining rig. Enterprise miners (S19, M50) typically contain 3-4 hash boards. Hash boards are the most valuable and failure-prone components in mining hardware.

The computational power being applied to mining, measured in hashes per second. Network hashrate is estimated from block frequency and difficulty. Higher hashrate means more security (costlier to attack) but also more energy consumption. Current Bitcoin network: ~500-600 EH/s (exahashes/second).

A mining cooling technique where ASICs are submerged in non-conductive dielectric fluid that absorbs and dissipates heat more efficiently than air. Enables higher hashrate through overclocking, extends hardware lifespan, reduces noise, and allows heat recapture for secondary uses.

Simultaneously mining multiple cryptocurrencies that use the same hashing algorithm without additional computational cost. The parent chain's proof-of-work is embedded in the child chain's blocks. Bitcoin miners can merge-mine Namecoin, RSK, and others.

A network participant who expends computational resources to find valid proof-of-work solutions, creating new blocks and earning rewards. Miners validate transactions, order them into blocks, and compete to extend the blockchain. They are economically incentivized to follow consensus rules.

A self-contained, transportable mining unit built in a shipping container with ASICs, power distribution, cooling, and network connectivity. Can be rapidly deployed to locations with cheap energy. Common for stranded energy monetization and flexible operations.

Software running on ASIC miners controlling chip operation, pool communication, and monitoring. Stock firmware from manufacturers can be replaced with custom firmware offering features like autotuning, better efficiency, SSH access, and Stratum V2 support.

The ratio of expected blocks to actual blocks found by a miner or pool over a period. 100% luck means finding exactly the expected number of blocks. Luck varies significantly over short periods but converges to 100% over time. Pools smooth out individual miner luck.

A cooperative of miners who combine hashrate and share block rewards proportionally. Reduces variance: instead of rare large rewards, miners receive frequent small payments. Pool operator constructs block templates and distributes work to participants.

Mining pool designs where block rewards pay directly to miners' addresses without custodial risk. Implementations include OCEAN (using BOLT12) and proposed designs using Stratum V2 job declaration.

A 32-bit field in the block header that miners increment to find a valid proof-of-work hash. 'Number used once.' When the nonce space is exhausted, miners modify the extranonce in the coinbase transaction or use timestamp/version rolling.

Transaction fees paid directly to miners outside the normal transaction fee mechanism. Used for: accelerator services, private transaction submission, and circumventing mempool fee requirements.

Adjusting ASIC operating frequency and voltage beyond or below factory specifications. Overclocking increases hashrate but consumes more power and generates more heat. Underclocking reduces power consumption, useful when electricity costs are high or cooling is limited.

A strategy of switching between mining pools to exploit their reward systems, historically profitable against proportional-payout pools. Hopper mines at pool start (when shares are worth more) and leaves before payout. Modern payout schemes (PPLNS, PPS) are resistant.

A consensus mechanism requiring miners to expend computational resources to find a valid block hash. The hash must be below a target determined by difficulty. Provides Sybil resistance, fair issuance, and immutable history by making block production costly.

A proof of work submitted by a miner to a pool that meets a lower difficulty target than the network requires. Shares demonstrate the miner is working and are used to calculate reward distribution. Occasionally a share also meets the full network difficulty and becomes a valid block.

Mining independently without joining a pool, keeping the entire block reward if successful. Extremely high variance for small miners—may never find a block. Only practical with significant hashrate. Solo miners construct their own block templates.

Energy resources that cannot be economically transmitted to consumers due to remote location or lack of grid infrastructure. Bitcoin mining can monetize stranded energy—flared natural gas, remote hydro, excess renewables—by converting it to bitcoin on-site.

The dominant communication protocol between mining pools and miners. Stratum (v1) replaced the inefficient getwork protocol in 2012. Pools send job assignments; miners return shares (partial proofs of work). Being superseded by Stratum V2 for security and decentralization.

A major upgrade to mining pool communication protocol adding encryption, authentication, and decentralized block template construction. Miners can choose transaction selection, reducing pool-level censorship power.

Newly mined bitcoin that has never been transferred, having no transaction history beyond the coinbase. Sometimes valued at a premium due to their clean provenance. Regulatory uncertainty creates perverse incentives around 'clean' vs 'tainted' coins.

A feature enabling near-instant node startup by loading a pre-generated UTXO set snapshot. The node validates transactions immediately using the snapshot while downloading and verifying historical blocks in the background.

A sync optimization skipping script verification for historical blocks below a checkpoint. Trusts that signatures in old blocks are valid (checksummed by PoW), dramatically speeding initial sync while maintaining UTXO set integrity.

A protocol upgrade enabling encrypted and authenticated peer-to-peer communication between Bitcoin nodes. Prevents ISPs and network observers from detecting Bitcoin traffic or tampering with messages.

A connection mode where nodes only exchange blocks, not transactions or addresses. Reduces bandwidth and attack surface. Bitcoin Core maintains several block-only outbound connections for resilience.

Private test networks using signet's signed block mechanism but with custom block signers. Enables teams to run controlled test environments with predictable block production and specific testing scenarios.

A P2P message indicating a connection will not relay transactions. Enables explicit block-only connections, reducing resource usage and preventing certain classes of attacks.

A proposed transaction relay protocol using set reconciliation to reduce bandwidth by ~40%. Instead of announcing all transactions to all peers, nodes periodically reconcile transaction sets, sending only differences.

Short-lived connections made periodically to test if addresses in the address manager are reachable. Helps maintain a healthy list of potential peers and prevents eclipse attacks.

The set of valid unconfirmed transactions waiting to be included in a block. Each node maintains its own mempool with configurable size limits. Miners select transactions from the mempool based on fee rates. Transactions may be evicted if mempool fills up.

Software that validates all Bitcoin protocol rules, maintains a complete copy of the blockchain, and relays transactions and blocks to peers. Full nodes enforce consensus without trusting third parties. Anyone can run a node to verify their own transactions independently.

A network architecture where participants communicate directly without central servers. Bitcoin nodes form a P2P network to propagate transactions and blocks. Also refers to trading bitcoin directly between individuals without exchanges.

A lightweight verification method where clients download only block headers (~80 bytes each) instead of full blocks. Can verify that a transaction is included in a block using Merkle proofs. Enables mobile wallets without storing the full blockchain.

Alternative Bitcoin networks for testing and development. Testnet coins have no value; anyone can mine. Signet uses centralized block signing for predictable block production. Developers use these to test applications without risking real funds.

A protocol for reusable payment codes enabling multiple payments to a static identifier without address reuse. Uses a notification transaction to establish a shared secret, from which unique addresses are derived for subsequent payments.

Techniques for de-anonymizing Bitcoin transactions by analyzing the public blockchain. Heuristics include common-input-ownership, change detection, address reuse, and timing correlation. Used by law enforcement and compliance firms. Privacy tools aim to defeat these methods.

A privacy technique where multiple users combine their transactions into one, making it difficult to determine which inputs paid which outputs. All participants sign; no trust or custody required. Effective when outputs are equal-sized. Implementations: Whirlpool, JoinMarket, Wasabi.

A privacy protocol enabling users to swap coins with others atomically, breaking transaction graph analysis. Unlike CoinJoin which uses a single transaction, CoinSwap uses separate transactions that appear unrelated on-chain.

A transaction propagation protocol improving sender privacy. Transactions first travel through a random path ('stem phase') before broadcasting widely ('fluff phase'), making transaction origin harder to determine.

A service or protocol that combines multiple users' coins to break the transaction graph and improve privacy. Centralized mixers require trust and have been targets of law enforcement. Decentralized alternatives like CoinJoin eliminate custody risk.

A privacy technique where both sender and receiver contribute inputs to a transaction, breaking the common-input-ownership heuristic used by chain analysis. The receiver adds their own UTXO and receives both payment and change, making the payment amount ambiguous.

An identity layer built on BIP-47 payment codes, providing human-friendly identifiers (robot avatars) for reusable payment addresses. Primarily implemented by Samourai and Sparrow wallets.

An assumption that if a transaction has exactly two outputs where one type matches the input type (e.g., all P2WPKH), the matching output is likely change. Used by chain analysis; broken by deliberate output type matching.

A protocol enabling static payment addresses that generate unique on-chain addresses for each transaction without sender-receiver interaction. The sender uses their input keys combined with the receiver's static address to derive a unique output address only the receiver can spend.

Change outputs that degrade privacy if spent alongside other UTXOs, linking previously separate coins. Can result from receiving tainted coins, breaking coinjoin anonymity, or other poor UTXO management.

Techniques to identify which wallet software created a transaction based on idiosyncratic behaviors. Used by chain analysis to cluster transactions. Privacy-conscious wallets work to minimize distinguishing characteristics.

A CoinJoin implementation by Samourai Wallet using ZeroLink framework for maximum entropy mixing. Uses fixed denomination pools (0.001, 0.01, 0.05, 0.5 BTC) with unlimited free remixes. Coordinator cannot link inputs to outputs due to blind signature scheme.

A design document for introducing features or information to Bitcoin. BIPs go through a standardized process of drafting, review, and acceptance. Categories include consensus (hard/soft forks), peer services, API/RPC, and informational.

Standards for coordinating soft fork activation through miner signaling. BIP-9 uses version bits with timeout. BIP-8 adds mandatory activation option (LOT=true) ensuring activation even without majority miner signal.

A fungible token standard on Bitcoin using Ordinals inscriptions. Tokens are defined and transferred through JSON inscriptions in witness data. Created significant network activity and fee pressure in 2023.

A proposed feature enabling multiple inputs in a transaction to share a single aggregated signature. Would reduce transaction sizes significantly, especially for consolidations and coinjoins, improving privacy and efficiency.

A redesign of Bitcoin Core's mempool organizing transactions into clusters of related transactions. Enables better fee estimation, more efficient block building, and fixes RBF pinning vulnerabilities.

A proposal allowing zero-value outputs with anyone-can-spend scripts that must be spent in the same package. Enables fee-bumping without pre-allocated anchor values, improving Lightning commitment transaction efficiency.

A mempool policy accepting replacements for any unconfirmed transaction regardless of BIP-125 signaling. Enabled by default in Bitcoin Core 28.0+. Previously, only transactions signaling RBF could be replaced.

A proposed soft fork fixing various legacy consensus bugs and quirks in Bitcoin. Includes: 64-byte transaction ban (Merkle tree vulnerability), time warp fix, worst-case block validation improvement.

A proposed soft fork bundle combining OP_CHECKTEMPLATEVERIFY, OP_CHECKSIGFROMSTACK, and OP_INTERNALKEY. Designed to enable LN-Symmetry, vaults, and other improvements with minimal consensus changes.

A decentralized social protocol often used alongside Bitcoin. Uses public key identity, signed events, and simple relays. Integrated with Bitcoin through: zaps (Lightning tips), NWC (wallet connect), and ecash.

A package relay policy allowing submission of exactly one parent and one child transaction together. Enables fee bumping of transactions below minimum relay feerate through CPFP, critical for Lightning anchor outputs.

A Bitcoin script opcode that marks an output as provably unspendable, allowing embedding of up to 80 bytes of arbitrary data. Used for timestamping, proof-of-existence, token protocols, and metadata without bloating the UTXO set.

A protocol assigning serial numbers to individual satoshis based on their order of creation, enabling NFT-like functionality on Bitcoin. Inscriptions embed arbitrary data (images, text, code) in witness data of Taproot transactions, permanently stored on-chain.

A protocol enabling submission and relay of transaction packages (parent + children) together. Allows child transactions to pay fees for parents below minimum relay feerate, fixing CPFP limitations for presigned transactions.

Individual satoshis considered collectible based on their ordinal properties: position in block, halving epoch, difficulty adjustment, etc. Part of Ordinals theory assigning significance to specific sats.

A fungible token protocol for Bitcoin using OP_RETURN outputs to define token operations. Designed as a more efficient alternative to BRC-20, avoiding the 'junk' UTXO creation problem. Created by Casey Rodarmor (Ordinals creator).

A 2017 soft fork (BIP-141) that separates signature data ('witness') from transactions. Fixes transaction malleability, enables Lightning Network, and increases effective block capacity by ~1.7x. Native SegWit addresses start with bc1q.

A proposed sighash flag that excludes the input's outpoint from the signature hash, allowing signatures to be valid for any UTXO with matching script. Enables Eltoo-style channel updates and more efficient Layer 2 protocols.

A soft fork activation mechanism used for Taproot. Fast activation if 90% miner signal achieved, quick failure otherwise. Provides rapid signal without forcing contentious activation.

A 2021 soft fork enabling Schnorr signatures and MAST (Merkelized Abstract Syntax Trees). Makes complex spending conditions (multisig, timelocks) indistinguishable from simple payments. Improves privacy, efficiency, and smart contract capabilities.

A dynamic hash-based accumulator for UTXO set compression. Instead of storing all UTXOs (~10GB), nodes store only accumulator roots (~1KB). Proofs of UTXO existence are attached to transactions by bridge nodes.

A policy for transactions with nVersion=3 enabling opt-in to stricter relay rules designed for Layer 2 protocols. Limits unconfirmed chains to 1 parent + 1 child, with child limited to 1000 vbytes, enabling efficient CPFP while preventing pinning.

A SegWit feature giving witness data (signatures) 75% less weight than other transaction data. Incentivizes SegWit adoption and enables larger effective blocks while maintaining the 1 MB base block limit for non-upgraded nodes.

A physical coercion attack where an attacker uses threats or violence to force a victim to reveal private keys or transfer bitcoin. Named after the XKCD comic showing that cryptography is irrelevant if someone hits you with a $5 wrench until you comply.

An attack where an entity controlling majority hashrate can reverse recent transactions by mining an alternative chain and orphaning honest blocks. Can enable double-spending. Extremely expensive against Bitcoin due to massive hashrate.

Sending tiny amounts of bitcoin to many addresses to: track spending patterns when dust is consolidated, identify wallet clusters, or plant attacker-controlled addresses in transaction history hoping victims accidentally reuse them.

A signing protocol preventing hardware wallets from leaking private key data through biased signature nonces. Host and device jointly contribute randomness, ensuring neither can unilaterally control the nonce.

An attack on internet routing where an attacker announces ownership of IP prefixes they don't control, redirecting Bitcoin node traffic. Can enable partition attacks, MITM, or eclipse attacks at network scale.

A pool sabotage attack where a miner submits valid shares but withholds any shares that would qualify as actual blocks. The pool pays for shares but never receives block rewards from the attacker. Difficult to detect since valid shares look normal.

Malware that monitors the clipboard for bitcoin addresses and replaces them with attacker-controlled addresses. Exploits copy-paste workflow when sending transactions. Victim sends bitcoin to attacker instead of intended recipient.

An attack recovering encryption keys from RAM by exploiting data remanence—memory retains data briefly after power loss, longer when cooled. Attacker quickly reboots or transfers RAM modules to read residual key material.

Storing bitcoin private keys on a device that has never connected to the internet. Provides maximum security against remote attacks. Hardware wallets, air-gapped computers, and paper wallets are common forms. Transactions are signed offline, then broadcast separately.

Removing the protective packaging from an integrated circuit to expose the silicon die for analysis or attack. Enables visual inspection, probing, laser fault injection, and focused ion beam (FIB) modification. First step in many advanced hardware attacks.

An attack attempting to spend the same bitcoin twice. Bitcoin's proof-of-work consensus prevents this: only one version can be included in the canonical chain. Unconfirmed transactions are vulnerable; confirmations provide exponentially increasing security.

A secondary wallet with a small balance designed to be surrendered under coercion while protecting the main holdings. Can be implemented via BIP-39 passphrases (different passphrase = different wallet) or separate seed phrases.

An attack isolating a node from the honest network by monopolizing all its peer connections. The eclipsed node only sees attacker-controlled data, enabling double-spends, selfish mining amplification, and other attacks.

A physical attack where an adversary with brief unsupervised access to a device (like a hotel maid) installs malware, hardware keyloggers, or modified firmware. Can compromise hardware wallets, laptops, or air-gapped signing devices without the owner's knowledge.

A double-spend attack named after Hal Finney. Attacker pre-mines a block containing a transaction to themselves, then makes a conflicting payment to a merchant. When merchant accepts zero-conf, attacker broadcasts pre-mined block, invalidating the payment.

Attempts to manipulate Bitcoin mechanisms by iterating through variations to find favorable outcomes. Examples: vanity address generation, timelock grinding in contracts, signature malleation.

A sophisticated hardware attack using focused laser beams to induce targeted bit flips in silicon, bypassing security mechanisms. Can defeat secure elements by precisely targeting transistors during sensitive operations. Requires decapping the chip first.

A spending condition requiring multiple private keys to authorize a transaction. Expressed as m-of-n (e.g., 2-of-3): m signatures required from n possible keys. Used for security (no single point of failure), shared custody, and organizational controls.

Social engineering attacks tricking users into revealing sensitive information or installing malware. Bitcoin-specific phishing includes: fake wallet websites, malicious browser extensions, fraudulent hardware wallet emails, and impersonation scams.

Attacks exploiting mempool policy to prevent confirmation of time-sensitive transactions. Attacker creates conflicting transactions that are difficult to fee-bump, potentially causing victims to lose funds in Lightning or other protocols.

A hardware attack that briefly disrupts a device's power supply to cause computational errors, potentially bypassing security checks or extracting secrets. Used against hardware wallets and secure elements to skip PIN verification or dump memory.

A double-spend attempt against zero-confirmation transactions by broadcasting two conflicting transactions simultaneously—one to the merchant, one to miners. Relies on the merchant's transaction not reaching miners first.

An attack where a valid transaction on one blockchain is rebroadcast on another chain sharing the same transaction format. Occurs after contentious hard forks if replay protection isn't implemented. Victim accidentally sends on both chains.

A euphemism for extracting cryptographic secrets through torture or coercion rather than mathematical attacks. Recognizes that human factors often represent the weakest link in security systems. Related to $5 wrench attack.

A mining strategy where a miner withholds found blocks to gain advantage over honest miners. By selectively releasing blocks, the attacker can orphan competitors' blocks and claim more than their fair share of rewards. Requires significant hashrate to be profitable.

Attacks extracting secret information by analyzing physical emanations during cryptographic operations: timing variations, power consumption, electromagnetic emissions, or acoustic signals. Can reveal private keys from hardware wallets or signing devices.

Compromising bitcoin security by tampering with hardware or software before it reaches the user. Includes: modified hardware wallets, backdoored firmware, malicious dependencies in software. Difficult to detect; requires verifying supply chain integrity.

A harassment attack where an adversary makes false emergency reports to law enforcement, triggering armed response (SWAT teams) against a bitcoin holder. Can result in property seizure, device confiscation, physical harm, or death. Targets identified through doxxing.

An attack where an adversary creates many fake identities or nodes to gain disproportionate influence in a network. In Bitcoin, used to facilitate eclipse attacks or manipulate peer discovery. Proof-of-work and identity-free design limit Sybil impact.

An attack exploiting the difficulty adjustment algorithm by manipulating block timestamps. Attacker alternates between past-dated and future-dated blocks to drastically reduce difficulty while maintaining apparent block times.

A stack-based programming language used to define spending conditions for UTXOs. Intentionally not Turing-complete (no loops) for security. Common scripts: P2PKH (pay to public key hash), P2SH (pay to script hash), P2WPKH (SegWit), P2TR (Taproot).

A computing paradigm enabling Turing-complete smart contracts on Bitcoin through optimistic execution and fraud proofs. The prover commits to program execution; if challenged, the dispute is resolved through a bisection protocol finding the first incorrect step.

Proposed Bitcoin script extensions allowing outputs to restrict how they can be spent in future transactions. Enable advanced applications like vaults, congestion control, and improved payment pools. Various proposals: CTV, APO, OP_VAULT, CAT+CSFS.

A smart contract protocol enabling conditional Bitcoin payments based on real-world events without revealing contract details on-chain. Uses oracle attestations with adaptor signatures so the oracle's signature on an outcome automatically enables spending the correct contract branch.

A proposed opcode enabling signature verification against arbitrary messages (not just the transaction). Would enable powerful smart contracts including covenants, delegation, and oracle-based contracts.

A proposed opcode computing hashes of transaction components. Would enable transaction introspection in Script, allowing covenants that constrain future spending based on transaction properties.

A proposed opcode enabling native vault functionality with secure recovery paths. Allows time-delayed withdrawals where funds can be clawed back to a recovery address if keys are compromised, without requiring pre-signed transactions.

A restriction preventing a transaction or output from being spent until a certain time or block height. Absolute timelocks (CLTV) set a specific unlock time. Relative timelocks (CSV) set time since the output was confirmed. Essential for Lightning, vaults, and inheritance planning.

A modular Rust library for building Bitcoin wallets. Provides descriptor-based wallet functionality with support for hardware wallets, various backends, and different database options.

The reference implementation of the Bitcoin protocol, descended from Satoshi's original code. Maintained by open-source contributors. Includes full node, wallet, and mining capabilities. Sets the de facto standard for consensus rules and network behavior.

A modular Lightning Network implementation by Blockstream, formerly c-lightning. Written in C with a plugin architecture enabling extensive customization. One of the three major LN implementations.

A Lightning Network implementation by ACINQ, written in Scala. Powers the Phoenix mobile wallet. Known for implementing cutting-edge features and maintaining high compatibility with the Lightning spec.

A Python library and CLI tool providing a standard interface for interacting with hardware wallets. Enables wallet software to support multiple hardware wallet models through a unified API.

A flexible Rust Lightning implementation designed for integration into existing applications. Unlike full node implementations, LDK provides components that applications wire together with their own storage, networking, and chain access.

A Rust library for Bitcoin data structures and operations. Provides types for transactions, blocks, addresses, scripts, and serialization. Foundation for many Rust-based Bitcoin projects.

A tool for creating and managing simulated Bitcoin networks for testing protocol changes, attacks, and network behavior. Enables researchers to test scenarios difficult to reproduce on mainnet or signet.

The effective feerate of a transaction including all its unconfirmed ancestors. Miners consider ancestor feerate when selecting transactions since parents must be included for children to be valid.

A trustless exchange of cryptocurrencies between different blockchains without intermediaries. Uses hash time-locked contracts (HTLCs) to ensure either both parties complete the trade or neither does. Enables decentralized cross-chain trading.

Combining multiple payments into a single transaction with multiple outputs. Reduces total fees by sharing transaction overhead across many payments. Commonly used by exchanges and payment processors to reduce costs and block space usage.

When a UTXO exceeds the payment amount, the excess (minus fee) is sent back to the sender as 'change'. Ideally sent to a fresh address in the wallet's internal chain. Poor change management is a major source of privacy leaks through change identification heuristics.

A fee bumping technique where a new transaction spending an unconfirmed output pays enough fees to incentivize miners to confirm both transactions. The child's high feerate raises the effective feerate of the package. Useful when you can't RBF the original transaction.

A transaction spending an output from an unconfirmed parent transaction. Forms dependency chains in the mempool. Mempool policies limit ancestor and descendant counts to prevent DoS.

A trading platform enabling peer-to-peer cryptocurrency exchange without centralized custody. Users retain control of private keys during trades. Bitcoin DEXs include Bisq, HodlHodl, and RoboSats. Trade-off: less liquidity, more complexity.

A UTXO so small that the fee to spend it exceeds its value. Creating dust is discouraged as it bloats the UTXO set. Bitcoin Core defines dust threshold based on output type and min relay feerate. Transactions creating dust outputs may not relay.

Increasing the effective fee of an unconfirmed transaction to speed confirmation. Methods include Replace-By-Fee (RBF) creating a new version, and Child-Pays-For-Parent (CPFP) adding high-fee child transaction.

Transactions recorded directly on the Bitcoin blockchain, broadcast to all nodes and included in blocks. Provides the highest security and finality. On-chain transactions pay fees and consume block space.

A standard format (BIP-174) for passing unsigned or partially signed transactions between wallets and devices. Enables workflows like multisig signing, hardware wallet interaction, and CoinJoin coordination without exposing private keys.

A mechanism allowing unconfirmed transactions to be replaced with new versions paying higher fees. Useful for fee bumping stuck transactions. BIP-125 defines opt-in RBF signaling via nSequence. Full RBF (default in Core 28.0+) allows replacing any unconfirmed transaction.

The standard fee rate unit for Bitcoin transactions. Total fee = feerate × transaction vsize. Higher rates get faster confirmation. Displayed by mempool explorers and used for fee estimation.

A signed message that transfers bitcoin by consuming existing UTXOs and creating new ones. Contains inputs (references to UTXOs being spent with signatures) and outputs (new UTXOs with locking scripts). Broadcast to the network, validated by nodes, and eventually mined into a block.

The difference between a transaction's inputs and outputs, paid to the miner who includes it in a block. Fees incentivize miners and prevent spam. Measured in satoshis per virtual byte (sat/vB). Higher fees = faster confirmation.

The fundamental unit of bitcoin ownership. Each UTXO represents a discrete amount of bitcoin locked to a specific script (usually a public key hash). Transactions consume UTXOs as inputs and create new UTXOs as outputs. Your balance is the sum of all UTXOs you can spend.

Transaction size measurement for fee calculation: (3 × base_size + total_size) / 4, rounded up. SegWit witness data counts as 1/4 weight. Fee = feerate × vsize. Replaced byte-based fee calculation post-SegWit.

The fundamental unit of block space measurement post-SegWit. Non-witness bytes count as 4 WU, witness bytes as 1 WU. Maximum block weight is 4,000,000 WU. vbytes = WU / 4.

A standard format for exporting and importing wallet labels. Enables preservation of address/transaction notes when migrating between wallets. Uses JSON lines format for incremental processing.

A 256-bit value used alongside keys in HD wallets (BIP-32) to enable deterministic child key derivation. The chain code adds entropy to the derivation process, ensuring that knowledge of a parent public key alone cannot derive child keys without also knowing the chain code.

A wallet architecture using output descriptors to define which scripts/addresses belong to the wallet. More flexible than traditional wallets, supporting arbitrary scripts, multisig, and complex policies through a standardized language.

The number of consecutive unused addresses a wallet scans before stopping discovery. Standard is 20. Prevents infinite scanning while allowing for skipped addresses. Important for wallet recovery and import.

A child key derivation method in HD wallets that uses the parent private key, creating an isolation barrier. If a child private key is compromised, the attacker cannot derive sibling keys or the parent key. Denoted by apostrophe or 'h' suffix in derivation paths (e.g., m/44'/0'/0').

A wallet connected to the internet for convenient transactions. More vulnerable to hacks and malware than cold storage. Best practice: keep only small amounts for daily use in hot wallets; bulk savings in cold storage.

Bitcoin software that verifies transactions without downloading the full blockchain. Trusts full nodes for block data while verifying proof-of-work and merkle proofs. Enables mobile wallets with limited storage and bandwidth.

A sequence of 12 or 24 words from a standardized 2048-word list (BIP-39) that encodes the master seed for an HD wallet. Can regenerate all private keys and addresses. Must be stored securely offline; compromise means total loss of funds.

A child key derivation method that can work from just the parent public key (xpub), enabling watch-only wallets to generate receiving addresses. However, if any child private key is leaked along with the xpub, the parent private key can be calculated, compromising all keys.

Software or hardware that manages private keys and facilitates sending/receiving bitcoin. Modern HD wallets derive unlimited keys from a single seed phrase. Wallets don't store bitcoin; they store the keys needed to sign transactions spending UTXOs.

A public key combined with chain code, enabling derivation of child public keys without the private key. Allows watch-only wallets and address generation on potentially compromised devices. Sharing xpub reveals all derived addresses (privacy implications).