Details about the upcoming COLDCARD Mk4, the new version of Canada-based Coinkite's Bitcoin hardware wallet that improves upon the popular COLDCARD Mk3.

The main features of the new model include a USB-C connector, no restrictions on Bitcoin transaction size, increased security with an extra secure element, NFC integration, a slide cover, a USB virtual disk mode, and an extensive "Trick PIN" optionality.

The front and back of Coinkites upcoming hardware wallet, the COLDCARD Mk4. Photo courtesy of Coinkite.

Near-Field Communication (NFC)

In the connections front, the user can opt into using NFC with the Mk4 by enabling it in the device's settings as the feature will come disabled by default. Once turned on, NFC will enable the COLDCARD to come near a compatible device to sign a transaction or a message, co-sign in a multisig setup, or share information from the device's MicroSD card like a payment address or an extended public key, a partially-signed Bitcoin transaction (PSBT), a text file, or a transaction file.

Coinkite founder NVK told Bitcoin Magazine that the goal with NFC is to lower cost, improve UX, and further adoption.

"Imagine hardware wallets being able to just tap-to-pay," he said.

Although QR codes have recently become popular in some hardware wallets, NVK said they haven't been adopted in the larger payment industries because they have extremely low data bandwidth, are more complex and not human readable, and require more expensive hardware.

"This feature was added to improve phone-wallet UX as all modern phones have NFC, free, already sitting unused," NVK said. "NFC will be available to all COLDCARD functions we are able to send or receive data, just like the SD card or USB cable."

In addition to requiring NFC to be turned on for usage, NVK told Bitcoin Magazine that the Mk4 will also enable the user to permanently disable the feature by scratching a PCB trace exposed on the MicroSD opening.

An Extra Secure Element

While previous versions of the COLDCARD had a single secure element (SE), Mk4 brings a second SE to establish a more robust security model for the user's private keys and suppress potential single points of failure. Moreover, the fact that the second SE is from a different vendor further protects the user from any unexpected bugs or issues with a specific SE design.

An attacker would need to fully compromise the two secure elements and the main microcontroller (MCU) before being able to extract seed words from the COLDCARD Mk4 as the device now distributes the encryption key among the three components. Additionally, even if all three components are compromised, the device's PIN code would still be required.

Trick PINs and Additional Improvements

Mk4 also allows the user to set up multiple "Trick PINs." While the actual PIN unlocks the device and enables wallet functions, Trick PIN codes can exert alternative functionality such as unlocking a duress wallet, triggering a long login delay, or bricking or blanking the COLDCARD.

These PINs are useful in different scenarios, but they can often come in handy in a physical attack where the user is coerced into unlocking their COLDCARD. For instance, the user can just use a Trick PIN for unlocking a duress wallet for plausible deniability. Alternatively, in a more extreme scenario, the user can type in a Trick PIN that wipes the COLDCARD clean and then bricks it, making it unusable.

Additional improvements brought by Mk4 over Mk3 include faster booting; a 120 Mhz CPU, up from 80 Mhz; maximum space for settingsnow 512 KB, up from 4 KB; more multisig wallet possibilities; firmware upgrade now takes 15 seconds, down from two minutes; 216 bytes of new secure storage alongside main seed phrase; a flashing light indicating when the USB connection is in use; a USB disk emulation for simple use with web browsers and other PSBT sources; and a doubled flash memory for firmware, among other updates.

Mk4's launch date is yet to be determined, but the device is available for pre-order at the Coinkite store.