BSSC Specification Glossary

Editor
Chaals Nevile(BSSC)
Former Editor
John Kemp (BSSC)
Contributors
Britton Ballard (Figment), Logan Ballinger (Figment), Michael Benich (Kraken), Michal Bajor (Kraken), Piotr Cielas (Halborn), Max Courchesne-Mackie (Figment), Joe D'Annolfo (Coinbase), Sky Gul (Kraken), Joel Kerr (Coinbase), Michael Lewellen (OpenZeppelin), Yolanda Liu (Coinbase), Gabriela Melendez Quan (Coinbase), Mark Nesbitt (Turnkey), Chaals Nevile (BSSC), Matan Nevo (Fireblocks), Akshar Rawal (Coinbase), Uday Shanmugan (BitGo), Kishore Suri (Coinbase), Max Zinkus (Anchorage Digital)
Date
2025-05-13

Copyright ©2025 Blockchain Security Standards Council (BSSC) Inc. All Rights Reserved.

This is the common glossary used for Blockchain Security Standards Council documents and specifications. It is updated from time to time.

The BSSC requests feedback on this document.

Where there are multiple terms in common use for the same thing, the BSSC-preferred term is the one given as a heading, and others are provided at the end of definition.

51% Attack

A situation where a group of miners controls more than 50% of the network's mining power, enabling them to manipulate the blockchain, double-spend coins, and prevent new transactions from gaining confirmations.

Also called a majority attack

Authentication

A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data or that provides assurance of the identity of an entity interacting with a system. NIST SP 800-57, page 7

Blockchain

A blockchain is a tamper evident and tamper resistant digital ledger implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company or government). NISTIR 8202, page 1

Bridge Node

A node that participates in a crosschain operation, communicating with a Bridge Node on another blockchain, analogous to the way an Oracle can communicate outside the blockchain

Burn

The act of destroying a token, so it can no longer be held or transferred.

Byzantine Fault Tolerance (BFT)

A property of a system that can continue to operate correctly even if some of the nodes fail or act maliciously. In the context of blockchain, BFT ensures that the network reaches consensus despite the presence of malicious actors.

Consensus Algorithm

A mechanism used in blockchain networks to achieve agreement on a single data value or a single state of the network. Examples include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS).

Consensus Layer

The consensus layer is the part of the blockchain that manages the agreement among nodes on the state of the blockchain, ensuring that all nodes share the same view of the blockchain's history and validating new blocks.

Critical Action

Any action that affects the functioning of a smart contract, such as changing the code of an Upgradable Contract, or changing operational parameters that impact the users, including pausing the contract, revaluing Tokens, or the like. This includes many actions that implement decisions made according to a smart contract's defined Governance.

Cryptographic Hash Function

A mathematical algorithm that transforms data into a fixed-size string of characters, which appears random. Hash functions are fundamental to blockchain security as they ensure data integrity by producing a unique hash for each input.

Cryptographic Key

A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce, reverse or verify the operation while an entity without knowledge of the key cannot. NIST SP 800-57, page 9

Distributed Denial of Service (DDOS)

A type of attack where a blockchain network or node is overwhelmed with a flood of traffic, rendering it unable to process legitimate transactions and effectively paralyzing the network.

Distributed Ledger Technologies

Distributed ledger technologies (DLT) such as blockchain are a secure way of conducting and recording transfers of digital assets without the need for a central authority. DLTs are “distributed” because multiple participants share and synchronize copies of the ledger. New transactions are added in a manner that is cryptographically secured, permanent, and visible to all participants in near real time.

Double Signing

Double signing refers to the issue where a blockchain validator signs two different blocks at the same height in the blockchain. This can occur due to malicious intent (like attempting to execute a double-spend attack) or due to configuration errors (such as when a validator is accidentally running on multiple machines without proper coordination).

Double Spending

The risk that a digital currency can be spent twice. Blockchain technology prevents this through a consensus mechanism, ensuring each transaction is verified and recorded.

Eclipse Attack

An attack that involves isolating a specific node or group of nodes from the rest of the network by controlling its incoming and outgoing connections, thereby manipulating its view of the blockchain and disrupting its participation in the network.

Also called Isolation Attack or Network Partitioning

Execution Layer

The execution layer in a blockchain is responsible for executing transactions and smart contracts, handling the computation of state changes on the blockchain.

Full Node

A node that maintains a complete copy of the blockchain ledger, validates all transactions and blocks independently, and participates in the network's consensus process.

Governance

The process for taking and implementing decisions that cause changes to the blockchain or to a Set of Contracts. For example, where certain privileged accounts have the ability to invoke the Upgradability of a contract by e.g. changing the address to which a Proxy Contract routes calls, Governance refers to the mechanisms by which those accounts are operated.

Hard Fork

A significant change to a blockchain protocol that makes previously invalid blocks/transactions valid (or vice-versa). It requires all nodes or users to upgrade to the latest version of the protocol software.

Also called a Network Upgrade

Hardened Key

A deterministically derived child key, that has i > 2^31, as per [BIP-32]. Hardening a child Key makes it infeasible to derive the parent private key from the child key, and thus provides greater security.

Key Derivation

The process of deriving a key in a non-reversible manner from shared information, some of which is secret. NIST SP 800-152. There are two main classes of Key Derivation Function (KDF) that are relevant: "fast" and "slow". A fast KDF may be used to derive a set of keys from an existing strong source key, whereas a slow KDF is used to derive a more-secure key from something likely to have low entropy or be otherwise weak (such as a user-supplied password or PIN). A slow KDF is required for such case, because if a fast KDF is used with a low-entropy or otherwise weak source key, such as a password, it will be more feasible for an attacker to brute-force the input password by exhausting the output keyspace.

In the context of Blockchain systems, the Fast Key Derivation Function specified in [BIP-32] has become standard, however it is possible for wallets, wallet providers and custodians to implement cryptographically secure key derivation mechanisms other than the one used in Hierarchical Deterministic Wallets.

Lightweight Node

A node that can participate in the Consensus Layer and/or the Execution Layer, but does not hold a full copy of the history of blockchain state.

Merkle Tree

A data structure used in blockchain to efficiently and securely verify the integrity of data. It enables quick verification of transactions in a block, ensuring data integrity.

Multi-Signature

A security feature that requires signatures from some defined subset (from any one key, to all of them) of a listed group of keys to authorize a transaction. This is used to increase security by ensuring that more than one party must approve a transaction before it can be executed.

Multisig

A family of techniques that as well as "pure" Multi-Signature signing requirements includes for example multi-party computing [WP-MPC]. The key feature is that the techniques are designed to ensure that multiple individuals have to collaborate to produce an outcome, such as a signature authorizing some action. The term comes from an abbreviation of Multi-Signature, but is often used with the wider meaning given here.

Node

A computer system that participates in the blockchain network by validating and relaying transactions. Nodes typically maintain a copy of the entire blockchain and help keep the network secure and decentralized.

Oracle

External data sources that provide necessary information to smart contracts on the blockchain, allowing them to interact with data outside the blockchain environment.

Private Key Material

Any sequence of bits used as cryptographic private keys and secret parameters, such as initialization vectors and other domain parameters used in a cryptographic algorithm. Examples include the cryptographic private key value itself, MPC key shares, a share of a key split with Shamir's secret sharing, or secret mathematical values such as the private key point on an elliptic curve. Key metadata such as the cryptoperiod are not considered as part of private key material.

Privileged Role

Any role that can perform a Critical Action in a smart contract. This can include direct authorization of a specific user account, designation through a management system such as RBAC applied to a smart contract, or even be applicable to any user (generally a bad idea, as exemplified by the "I accidentally killed it" incident in 2017).

Proxy Contract

A smart contract that acts as a stable calling address, but that routes calls to it through another Smart Contract, and can change the address to which it routes those calls. Used to enable Upgradability.

Read-only Reentrancy Attack

A type of Reentrancy Attack that only relies on a calling contract reading a state that results from an unexpected change, thus providing it with misleading information. This can be used to craft an attack on the calling contract.

Reentrancy Attack

An attack that occurs when a smart contract makes an external call to another contract before resolving its internal state. This can allow an attacker to, for example, repeatedly withdraw funds by recursively calling the contract, or to perform "infinite minting" of a token.

Remote Signer

A remote signer is a service that allows for the secure signing of blockchain operations without the private keys being present on the same machine as the validator client. For example, [EIP-3030] describes an HTTP remote signer API for Ethereum. This can be used for enhancing security in a network whose physical security is not managed by the Key Owner, such as for a validator client in a cloud environment.

Replay Attack

A type of attack where a malicious user duplicates a legitimate transaction and broadcasts it again to deceive the network or double-spend. Blockchains often include replay protection to prevent this.

Routing Attack

An attack targeting the underlying Internet infrastructure, where an adversary intercepts or delays blockchain data by manipulating routing protocols, potentially leading to transaction delays, splits, or reorganization of the blockchain.

Stablecoin

A Token whose value is intended to stay stable relative to some other reference, whether another token, a specific fiat currency or weighted basket of currencies, or a commodity or service.

Sybil Attack

An attack in which a single adversary creates multiple fake identities or nodes to gain disproportionate influence over the network, potentially disrupting consensus or overwhelming the network with false information.

Timejacking Attack

A type of attack that involves manipulating the network time of nodes by sending incorrect timestamps, potentially causing inconsistencies in block acceptance and enabling double-spending or other malicious activities.

Token

A unit of value on a blockchain. The functionality of a Token is defined by one or more smart contracts that can manage Token balances associated with specific user accounts, enable blockchain users to transfer tokens to other users possibly in exchange for some payment, create (or "mint") and destroy or Burn Tokens. A very well-known standard that defines some kinds of Token for Ethereum is [ERC-20]. A Token can be defined by an immutable Token Contract that operates completely autonomously, or it can be managed in various ways by a Token Project.

Token Contract

The Smart Contact(s) that manage a Token, on a particular blockchain.

Token Project

An entity that creates, and unless the Token Contract is immutable and has no Privileged Roles, manages a Token. This can be an anonymous or identified individual, or a collective of individuals whether organised into a body such as a DAO or company or not.

Upgradability

A smart contract's code is not easy to change, and a normal expectation is that it will never change. However, there are various techniques that enable the creation of a Smart Contract, or Set of Contracts, such that it is possible to change the code that is executed. One common approach uses a Proxy Contract to maintain a stable address for calling, while routing the call to an address that can be changed, effectively upgrading the code that is executed.

Zero-Knowledge Proof

A cryptographic method by which one party can prove to another that they know a value without revealing any specific information about that value. It is used for enhancing privacy on blockchain networks.

Commonly abbreviated as ZKP.

References

[BIP32]
"Hierarchical Deterministic Wallets", Peter Wuille, Bitcoin 2012: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#specification-key-derivation
[EIP-3030]
"BLS Remote Signer API", Herman Junge. Ethereum Foundation 2020: https://eips.ethereum.org/EIPS/eip-3030
[ERC-20]
"ERC-20: Token Standard", F. Vogelsteller and V. Buterin, Ethereum Improvement Proposals 2015. https://eips.ethereum.org/EIPS/eip-20
[WP-MPC]
"Secure Multi-party Computation", WikiPedia. https://en.wikipedia.org/wiki/Secure_multi-party_computation