Burstcoin wallets are user interfaces that interact with Burstcoin’s public ledger to facilitate the on-chain movement of Burstcoin and other information from one account to another.  The software is available for personal computers as well as mobile devices.  Installation packages are available for Windows, macOS, Linux, Docker, iOS, and Android.

Burstcoin wallets do not contain Burstcoin.  Burstcoin exists only on the distributed public ledger and is independent of any specific software installation.  If equipment fails, access to an account is restorable with a fresh software installation as long as the passphrase is known.  For this reason, maintain a record of passphrases in some form external to the equipment on which the software is installed.

The most secure and private way to interact with Burstcoin is to install the full node version of the software on a local computer that is secure from intrusion.  The full node version, BRS, downloads and validates a complete copy of the blockchain, enforces all network protocols, and contributes to security and decentralization whenever it is running.  Light node versions, those that do not maintain a copy of the blockchain, operate by connecting to a full node remotely.

Only use Burstcoin’s official software.  Burstcoin’s official software is open-source under a GPL license, protected by a multi-signature signing process, and frequently upgraded to make the features of the Burstcoin network more fully accessible.

In general, do not use online wallets.  These are not official, even if they use official software.  Third parties control them, and for this reason, do not conform to Burstcoin’s vision for a fully decentralized and ‘trustless’ system.  They require you to enter a passphrase into an online form.  There is no way to know that the passphrase is not being recorded.  They can be useful in certain circumstances, but only for low-value accounts or in read-only mode.  To use any software in read-only mode, enter an account address rather than a passphrase.

Do not use an online wallet . . .

• to access a high-value account or any that may have a high value in the future.
• to access local software as the local software’s security would be permanently compromised.
• that does not have a valid SSL certificate.  Account information could be third-party intercepted.

Additional Information:

For additional security, transactions can be signed on a disconnected device so that passphrases are never exposed to the internet.  For more information, see Offline Transaction Signing.

Passphrases are not included when a transaction is broadcast to the network.  Only a single-use digital signature is included.  Using cryptography, it can be derived from this signature that the transaction was authorized by the owner of the account that created it.  However, the actual passphrase cannot be derived from the signature.

Although Burstcoin is not technically a privacy coin or platform, it is inherently private.  There are no records that relate a public address to a particular account holder in a personally identifiable way.  Personal information is only disclosed if an account holder chooses to disclose it in the ordinary course of business, such as when ordering a product and providing a shipping address.  One way to enhance privacy is to maintain separate accounts for different purposes.

To reserve a Burstcoin account, follow the prompts in your chosen software.  The process will automatically generate a secure passphrase.  This passphrase is the only detail that controls access to the account.  If this passphrase is lost, the associated account will no longer have value because it cannot be accessed without the associated passphrase.  It is the responsibility of the account holder to protect the passphrase.

Any string of characters can serve as a passphrase, but a long random passphrase is the best way to protect an account.  BRS Core automatically generates randomized passphrases that provide sufficient protection.  Do not change the automatically generated passphrase without a complete understanding of entropy and cryptography.  Without this understanding, a self-composed passphrase may only appear to be sufficient.  In reality, it may be easily discoverable.

Passphrases are immutable after completing the account setup process.

Account ID and address are derived from a permanent and immutable cryptographic hash of an account’s passphrase.

Elliptic-curve cryptography (ECC) is used to generate a public key, a private key (for signing transactions), and a so-called agreement key (for message encryption) from an account’s passphrase.  It is not necessary to understand these keys precisely as they are only used programmatically.  It is an account’s passphrase that allows interaction with the blockchain for making transactions.

• A passphrase can be any string of characters.  Burstcoin uses 12 random selections from a collection of English words.
• A private key is a cryptographic hash of an account’s passphrase.
• A public key is a cryptographic hash with the private key as a seed.  It decodes as two interchangeable public addresses; an almost unique number ( account id ) and the more commonly used Reed-Solomon formatted address.
• Although the public key, numeric account id, and RS address are all derived from the cryptographic hash of an account’s passphrase, the passphrase is not derivable from any of these.

For more information, see Burstcoin Security.