What is SATSCHIP?

Think of it as a Bitcoin private key an artist can embed into a work of art! The piece carries that private key and it can never be seperated from the artwork, nor used by the artist after the art is sold.

In most respects, it operates exactly like a TAPSIGNER® except:

  • the PIN always comes as 123456 fom the factory (but can be changed)
  • the private key backup feature is disabled
  • it's smaller, flexible and very thin (but also available as a PVC plastic card)
  • when tapped with a phone, it comes to this web site. A preview image and related meta data can be uploaded by the owner: example art here

What's the motivation for SATSCHIP?

SATSCHIP's purpose is to allow artist to embed Bitcoin value into their works.

Any passer-by can verify the originality of the work using a simple tap of their phone. The owner of the work can use the private key to sign message to verify their ownership and control of the work at any time.

Can I use a SATSCHIP to sign a message?

Yes, a SATSCHIP can sign arbitrary text messages. It's the same as signing a Bitcoin transaction.

The PIN code is required, and access to the artwork containg the specific SATSCHIP (via a tap).

This is a great way to prove you control a particular original work.

What is the PIN code for my new SATSCHIP?

It comes from the factory with 123456 as the PIN code.

Artists: Be sure to change the PIN from the default before selling your piece, and be sure to tell your customer the new PIN code.

Do I need this paper envelope it came in?

Probably not. That's a special radio frequency (RF) blocking sleeve. It prevents unwanted access by RF readers with bad intentions.

But we expect the SATSCHIP to be embedded into artworks directly and they will be scannable by any passer-by. This is okay because the PIN code is secret and known only to the owner.

Anyone can verify the artwork, but only the owner (PIN holder) can transact with it.

Is the private key unique and secret?

Yes. SATSCHIP comes without a private key. The setup process combines the artist's entropy (random bits) with secret entropy picked by the card.

The artist can be sure the provided entropy was used, and yet cannot change or control the ultimate private key... it never leaves the SATSCHIP.

How do I know a SATSCHIP is genuine?

There are a number of ways to verify it:

  • Tap with your phone. SATSCHIP opens a webpage verifying the card logic and public key/private key relationship.
  • Check it with any TAPSIGNER-ready mobile wallet.
  • Use our cktap command-line software.

Can I store data on the SATSCHIP?

No. The SATSCHIP cannot hold arbitrary data.

However, we do offer a service to host an image and related artwork metadata on this site. Contact us for more details.

How long will a SATSCHIP last?

Like most electronic devices, if stored properly, it should last decades.

Can't the phone just grab the private key and use it later?

No, the private key (XPRV) that never leaves the SATSCHIP.

What if someone takes my SATSCHIP?

If you changed the PIN code, they gain nothing except some wonderful artwork. If the PIN code is known to the thief, then they have complete control of the SATSCHIP.

Can I use it on an untrusted computer?

The private key is generated inside and never leaves the SATSCHIP, regardless of any malware and keyloggers that may be present on a connected computer or phone.

However, the wallet you paired with the SATSCHIP can ask the SATSCHIP to sign any transaction. You can't verify what you're signing since the SATSCHIP does not have a screen and, therefore, cannot display transaction information. We recommend the COLDCARD if this is a concern.

What's the seed phrase (BIP-39)?

SATSCHIP is BIP-32 based and does not use BIP-39 seed phrases (mnemonics).

How do I back up a SATSCHIP?

It's not possible to back-up a SATSCHIP's private key. In this case possession is 10-10th's of the law.

How do I know the verification link is genuine?

A different random nonce (short for "number once," a single-use numerical value used in cryptography) is signed each time you tap the card on your phone to receive the URL over NFC. Our server verifies the signature and uniqueness of the nonce.

You can also tap again to get a new nonce and corresponding signature.

cktap can do additional verification over the NFC interface that is not possible via the single NFC tap to webpage method. All verification code is open source Python.

Is this a centralized service?

No. It is never necessary to use a centralized service with SATSCHIP. Our protocol is fully open and the card itself stores the private keys.

SATSCHIP works with any Bitcoin wallet that uses our NFC protocol.

All verification code is open source Python.

How do I know the manufacturer doesn't know the private key?

When setting up your SATSCHIP for the first time, the artist provides a 32-byte chain code for entropy purposes. That chain code plus the private key picked by the SATSCHIP are combined using the BIP-32 standard to derive the XPRV.

Because the artist provided the chain code, and the SATSCHIP shares the public part of its key, you can derive any payment address and confirm that it matches the address given by the card.

Effectively this means you know the XPUB, the card knows the XPRV, and it's easy to prove the two correspond.

Could SATSCHIP be generating private keys that look random but aren't?

No. Each artist provides their own chain code for entropy. The artist can verify SATSCHIP incorporated the chain code entropy when it generated the private key.

What if I make a fake SATSCHIP?

Each SATSCHIP made by Coinkite carries a certificate, signed by our factory. Like the X.509 certificate chain for OPENDIME®, it can be traced back and verified in the field.

The Python code in cktap will always verify the certificate chain when speaking to SATSCHIP, and mobile wallets should be able to do the same.

What about an active MiTM attack or relay attack over NFC?

A man-in-the-middle can't change what you're doing with the SATSCHIP. ECDH (Elliptic-curve Diffie-Hellman) is used to encrypt key values like the card verification code (CVC) required to modify the card or view keys. Similarly, all key activities, such as signing a transaction, are ECDH-encrypted and require the CVC.

Still have questions? Contact support: [email protected]

Does "tapping" reveal its public key?

When you tap the SATSCHIP with a phone it provides a URL for verification purposes, which contains a signature. The URL will take you to satschip.com/start which decodes it and shows a verification message if it all checks out. This lets you know that a real SATSCHIP (not a generic NFC sticker) is being used, and helps to on-board new users by providing useful links to suitable wallet and verification apps.

That URL does not contain any part of the SATSCHIP's public key (or XPUB) and cannot be linked to any of on-chain activity. The unique "card identifier" which is itself a public key is revealed on every tap.

Can I use SATSCHIP for multisig co-signing?

Absolutely! SATSCHIP works perfectly for multisig transactions.

Can I use SATSCHIP with a computer (desktop, laptop)?

Yes! You need a USB NFC card reader and the cktap command-line software. Or any desktop wallet that uses our open protocol.

Card Specifications

  • Card size: ID-1: 85.6 × 53.98mm
  • Temperature limits: -15℃ ~ 50℃
  • There are no magnetic or gravity constraints.
  • The presumed operational lifespan is 10 years.
  • Communications by NFC via ISO-7816, specifically ISO/IEC 7816-4:2020 and/or ISO/IEC 14443-A.

Still have questions? Contact support: [email protected]