What is Apex Node in digital custody?

The sovereign root device in a digital trust hierarchy that reports to nothing above it — the point where delegation ends and absolute authority begins.

What is The Monolith in digital custody?

CLAVI’s stationary vault: an always-on secure intelligence server running local nodes and offline AI, storing no sensitive data persistently.

What is The Rune in digital custody?

CLAVI’s portable biometrically gated secure storage ("physical key") that holds private keys and requires fingerprint, gesture, or PIN to sign transactions.

What is ClavOS in digital custody?

CLAVI’s custom zero-knowledge operating system built on a customised Yocto Linux kernel, ensuring zero remote access by design.

What is Sovereign Root of Trust in digital custody?

The foundational element in a security architecture from which all trust derives and which itself trusts nothing external — owned entirely by the user.

What is Merkle Tree in digital custody?

A hash-based tree structure enabling tamper-evident verification of large data sets — change one byte and the root hash changes irrecoverably.

What is Byzantine Fault Tolerance in digital custody?

A distributed system property ensuring correct operation even when some participants are malicious or unreliable.

What is Proof of Reserves in digital custody?

A cryptographic audit proving a custodian holds assets matching deposits — a need eliminated entirely by self-sovereign custody.

What is Time-Locked Transaction in digital custody?

A transaction locked until a specified time or block height — enabling inheritance plans, escrow, and dead-man switches in custody design.

What is Air-Gapped Computation in digital custody?

The complete physical severance of electronic connection between a secure system and any external network — a moat that cannot be bridged by software.

What is Threshold Signing in digital custody?

A cryptographic protocol distributing signing authority across multiple devices, requiring a defined quorum to authorize transactions and eliminating single points of failure.

What is Zero-Knowledge Architecture in digital custody?

A system design where the platform operator has zero access to user data or keys — not a promise, but a mathematical impossibility.

What is Single Point of Failure in digital custody?

Any single element whose compromise causes total system failure — the vulnerability that CLAVI’s distributed Rune architecture is engineered to eliminate.

What is Distributed Authority in digital custody?

The principle that cryptographic signing power should be physically separated across multiple devices, locations, and custodians so that coercion at any single point is insufficient.

What is Seed Phrase in digital custody?

A 12 or 24‑word sequence encoding a wallet’s master private key — a single point of failure made optional by CLAVI’s threshold architecture.

What is Key Ceremony in digital custody?

A formal auditable process for generating or distributing cryptographic keys under controlled conditions — transformed by CLAVI into distributed sovereign key governance.

What is Entropy Generation in digital custody?

The creation of true randomness by the user’s own hardware for cryptographic operations — the raw material of cryptographic independence.

What is Threshold Cryptography in digital custody?

Cryptography distributing secrets across parties so a defined threshold must cooperate — the mathematical foundation of CLAVI's Rune architecture.

What is Hardware Security Module (HSM) in digital custody?

A tamper-resistant physical device for managing cryptographic keys and operations — the institutional standard CLAVI extends with air-gapped sovereignty.

What is Multi-Signature Wallet in digital custody?

A wallet requiring multiple private keys (M-of-N) to authorise transactions — an approach CLAVI transcends with threshold signing for greater privacy.

What is Shamir's Secret Sharing in digital custody?

An algorithm dividing a secret into N shares where any K suffice to reconstruct it — possessing fewer than K reveals nothing.

What is Elliptic Curve Cryptography (ECC) in digital custody?

Public-key cryptography using elliptic curves for equivalent security with smaller keys — the cryptographic substrate of digital asset systems.

What is Key Derivation Function (KDF) in digital custody?

A function deriving child keys from a master seed — the mechanism generating unlimited wallets from a single root whose security depends on sovereign entropy.

What is Sovereignty in digital custody?

The structural capacity to exist without permission — where your data, keys, and identity are governed by architecture you control, not terms of service you accept.

What is Digital Sovereignty in digital custody?

The extension of sovereign authority into the digital realm — controlling the full stack from hardware and keys to jurisdiction and data residency.

What is The Physics of Trust in digital custody?

CLAVI’s founding principle: a system that physically cannot transmit data or reveal keys offers guarantees rooted in physics, not promises.

What is Trust Hierarchy in digital custody?

The chain of authority in a digital system where each component reports to the entity above it — a chain the Apex Node is designed to terminate.

What is Legacy Custodians in digital custody?

Centralized institutions that hold digital assets on behalf of users, creating a permissioned relationship with one’s own wealth — architecturally incompatible with sovereignty.

What is Self-Sovereign Identity (SSI) in digital custody?

An identity model where the individual owns and controls their credentials without centralised issuers — the natural extension of key sovereignty.

What is Trustless System in digital custody?

A system where trust is placed in mathematics and protocol design rather than human actors — the principle CLAVI extends to hardware.

Glossary of Sovereignty

The lexicon of sovereign hardware custody — each term defined with the precision and permanence its subject demands.

The Architecture of Trust

Apex Node #: The sovereign root of a digital trust hierarchy — the single device in an architecture that reports to nothing above it. Where every conventional device defers upward to a cloud provider, an operating system vendor, or a custodian, the Apex Node terminates the chain. It is the point at which delegation ends and absolute authority begins. In the CLAVI ecosystem, the user is the Apex Node, replacing the centralized server.
The Monolith #: CLAVI’s stationary vault — an always-on home or office secure intelligence server and private validator. It runs pruned Bitcoin and Ethereum nodes locally (validating transactions without trusting third parties), hosts CLAVI’s offline AI for private analysis and decision support, powers docked Runes, and stores no sensitive data persistently. It is the architectural foundation upon which sovereign custody is built: not a server, not a node in someone else’s network, but a self-contained citadel of computation.
The Rune #: A portable biometrically gated secure storage device, or "physical key", that distributes cryptographic authority. Secured by a capacitive fingerprint scanner which doubles as a gesture input system, and PIN codes, it holds and is the signer with your private keys. The Rune is dock-powered with no internal battery to minimise attack surfaces. Unlike seed phrases that concentrate all power, Runes implement threshold signing — requiring multiple devices to authorize any action.
ClavOS #: CLAVI’s custom operating system with zero-knowledge architecture, built on a customised Yocto Linux kernel: minimalist and fully auditable. Every line of code that does not serve the user’s sovereignty has been removed. Clavi has zero remote access to your devices, their software, data, or wealth by design. ClavOS is the bedrock that ensures your assets aren’t just yours in philosophy but mathematically and physically.
Sovereign Root of Trust #: The foundational element in a security architecture from which all other trust derives — and which itself trusts nothing external. In conventional computing, the root of trust is typically a manufacturer’s firmware or a cloud provider’s certificate authority. A sovereign root of trust is one owned and controlled entirely by the user. CLAVI’s thesis: the sovereign root of trust for the next century of digital existence is inevitable. We are building it.
Merkle Tree #: A cryptographic data structure in which every leaf node is labelled with a hash of its data and every non-leaf node is labelled with the hash of its children. The Merkle tree allows efficient, tamper-evident verification of large data sets: change a single byte anywhere in the structure and the root hash changes irrecoverably. In blockchain systems, Merkle trees are the mechanism by which a lightweight client can verify that a transaction exists without downloading the entire chain.
Byzantine Fault Tolerance #: The property of a distributed system that can continue to operate correctly even when some participants behave maliciously or fail arbitrarily. Named after the Byzantine Generals Problem, BFT consensus mechanisms ensure that honest nodes reach agreement despite unreliable or adversarial peers. In the context of sovereign custody, BFT principles underpin threshold signing quorums: the system functions correctly even if a minority of signing devices are compromised.
Proof of Reserves #: A cryptographic audit mechanism by which a custodian demonstrates it holds sufficient assets to cover all customer deposits — without revealing individual account balances. Proof of Reserves typically employs Merkle trees to allow independent verification. The need for such proofs is itself an indictment of custodial models: a self-sovereign architecture like CLAVI eliminates the concept entirely, because the user is the custodian.
Time-Locked Transaction #: A transaction that cannot be spent or executed until a specified block height or timestamp has been reached. Time-locks are a native Bitcoin feature (CheckLockTimeVerify, CheckSequenceVerify) that enables sophisticated custody arrangements: inheritance plans that activate after a period of inactivity, escrow agreements with automatic release, and dead-man switches that redistribute authority if a custodian becomes unreachable. Time is weaponised as a security parameter.

Cryptographic Authority

Air-Gapped Computation #: The physical absence of any electronic pathway between a secure system and any external network. Not a firewall. Not encryption. Not a VPN. An air gap is the complete severance of electromagnetic connection — the architectural equivalent of a moat that cannot be bridged by software. In CLAVI’s design, the air gap ensures that the most sensitive operations occur in a realm no remote attacker can reach.
Threshold Signing #: A cryptographic protocol that distributes signing authority across multiple devices or custodians, requiring a defined quorum (e.g., 3‑of‑5) to authorize any transaction. Threshold signing eliminates the single point of failure inherent in traditional seed-phrase custody. In CLAVI’s architecture, Runes serve as the distributed signing nodes — each one insufficient alone, collectively sovereign.
Zero-Knowledge Architecture #: A system design in which the platform operator possesses zero access to user data, keys, or operational intelligence. Not a promise — a mathematical impossibility. When a system is architected with zero knowledge, no court order, no subpoena, no breach can extract what the system itself does not hold. CLAVI cannot surrender what CLAVI does not possess.
Single Point of Failure #: Any element in a system whose individual compromise, loss, or destruction causes the entire system to fail. In conventional cryptocurrency custody, the 24‑word seed phrase is the canonical single point of failure: lose it, and the assets are irrecoverable. CLAVI’s distributed Rune architecture exists specifically to eliminate this fragility — no single device, no single phrase, no single person holds total authority.
Distributed Authority #: The principle that cryptographic power should never concentrate in a single device, location, or individual. Distributed authority means that signing capability is physically separated — a Rune in a London residence, another in a Swiss bank vault, a third with an estate attorney. Coercion at any single point is mathematically insufficient. Authority is preserved precisely because it is dispersed.
Seed Phrase #: A sequence of 12 or 24 words (BIP‑39 standard) that encodes the master private key for a cryptocurrency wallet. While elegant in its simplicity, the seed phrase is the canonical single point of failure in digital asset custody. CLAVI’s threshold signing architecture makes seed phrases entirely optional — distributing authority so that no single artifact can be lost, stolen, or compelled. For users who prefer one, it can be securely accessed via the Runes to be copied down.
Key Ceremony #: A formal, auditable process for generating, distributing, or rotating cryptographic keys under controlled conditions. In institutional custody, key ceremonies involve multiple witnesses, air-gapped environments, and documented chain-of-custody procedures. CLAVI’s distributed Rune architecture transforms what was once a singular, high-stakes ritual into a distributed, ongoing practice of sovereign key governance.
Entropy Generation #: The process of creating true randomness for cryptographic operations. Sovereignty requires that entropy be generated by the user’s own hardware — not a pre-seed value from a factory, not a pseudo-random number from a software library whose source code you cannot audit. True entropy is the raw material of cryptographic independence: without it, every key, every signature, every secret is built on someone else’s foundation.
Threshold Cryptography #: A branch of cryptography concerned with distributing a secret or cryptographic capability across multiple parties such that a defined subset (the threshold) must cooperate to reconstruct or exercise it. Threshold cryptography generalises the principles behind threshold signing to key generation, decryption, and other operations. It is the mathematical foundation upon which CLAVI's distributed Rune architecture is built — ensuring that no single device ever possesses complete authority.
Hardware Security Module (HSM) #: A dedicated physical computing device that safeguards and manages cryptographic keys, performs encryption and signing operations, and enforces access policies — all within a tamper-resistant boundary. HSMs are the institutional standard for key management in banking, certificate authorities, and government systems. While consumer hardware wallets borrow concepts from HSMs, CLAVI's Monolith extends the model by combining HSM-grade key isolation with air-gapped computation and offline AI processing.
Multi-Signature Wallet #: A cryptocurrency wallet that requires multiple private keys to authorise a transaction, typically expressed as M-of-N (e.g., 2-of-3). Unlike single-key wallets where one compromised key means total loss, multi-sig distributes authority. However, multi-sig has protocol-level limitations: it is chain-specific, reveals the signing structure on-chain, and requires all participants to use the same protocol. Threshold signing — as implemented in CLAVI — achieves similar security goals with greater privacy and cross-chain flexibility.
Shamir's Secret Sharing #: A cryptographic algorithm invented by Adi Shamir in 1979 that divides a secret into N shares, any K of which (the threshold) suffice to reconstruct it. Shamir's scheme is information-theoretically secure: possessing fewer than K shares reveals zero information about the secret. It is the mathematical ancestor of modern threshold cryptography and the basis for standards like SLIP-39 used in seed phrase backup systems.
Elliptic Curve Cryptography (ECC) #: A public-key cryptography system based on the algebraic structure of elliptic curves over finite fields. ECC provides equivalent security to RSA with dramatically smaller key sizes — a 256-bit elliptic curve key provides security comparable to a 3,072-bit RSA key. Bitcoin and most digital asset systems use the secp256k1 curve. ECC is the cryptographic substrate upon which private keys, public addresses, and digital signatures in the sovereignty stack are built.
Key Derivation Function (KDF) #: A cryptographic function that derives one or more secret keys from an initial key material — typically a master seed. In the context of cryptocurrency wallets, hierarchical deterministic (HD) key derivation (defined by BIP-32 and BIP-44) generates an unlimited tree of child keys from a single master seed, each path representing a different account, chain, or asset. The security of the entire tree depends on the entropy of the root seed — which is why sovereign entropy generation is non-negotiable.

Digital Philosophy

Sovereignty #: The condition of answering to no authority above oneself. In digital terms, sovereignty means that your data, your keys, your computations, and your identity are governed by architecture you control — not by terms of service you accept. Sovereignty is not privacy alone; it is the structural capacity to exist without permission. CLAVI builds the hardware that makes this condition possible.
Digital Sovereignty #: The extension of sovereign authority into the digital realm. Where physical sovereignty concerns borders and law, digital sovereignty concerns keys, computation, and data residency. A digitally sovereign individual or institution controls the full stack of their digital existence: from the hardware that stores their keys to the jurisdiction that governs their data. It is not an aspiration — it is an architecture.
The Physics of Trust #: CLAVI’s founding principle. A paradigm shift from trusting people or policies — which can be rewritten, amended, reinterpreted, or broken — to trusting physics and mathematics, which are immutable. A system that physically cannot transmit data, that mathematically cannot reveal keys, that structurally cannot obey an order it has no mechanism to execute — that system’s guarantees are not promises. They are physics. This is the difference between a contract and a fortress.
Trust Hierarchy #: The chain of authority in any digital system — the sequence of entities that each component reports to, defers to, or depends upon. Your phone reports to Apple. Apple reports to its shareholders and regulators. Every conventional device exists within a hierarchy it did not choose. The purpose of the Apex Node is to sit at the summit of this hierarchy, answerable to its owner alone.
Legacy Custodians #: Centralized institutions — banks, exchanges, cloud providers — that hold digital assets on behalf of a user, creating a “permissioned” relationship with one’s own wealth. The legacy custodian model requires trust in third parties, compliance with their terms, and acceptance of their jurisdiction. CLAVI exists because this model is architecturally incompatible with sovereignty.
Self-Sovereign Identity (SSI) #: An identity model in which the individual owns, controls, and presents their own identity credentials without dependence on any centralised issuer or verifier. SSI leverages decentralised identifiers (DIDs) and verifiable credentials to shift the power of identity attestation from institutions to the individual. In CLAVI's framework, self-sovereign identity is the natural extension of key sovereignty: if you control your cryptographic keys, you control the proofs that constitute your digital self.
Trustless System #: A system designed so that no participant needs to trust any other participant for the system to function correctly. "Trustless" does not mean the absence of trust — it means that trust is placed in mathematics, cryptography, and protocol design rather than in the goodwill or competence of human actors. Bitcoin is the canonical trustless system. CLAVI extends this principle to hardware: trust is placed in physics and architecture, not in manufacturers, operators, or jurisdictions.
Censorship Resistance #: The property of a system that prevents any single entity from blocking, reversing, or interfering with legitimate operations. In financial systems, censorship resistance means that no government, bank, or intermediary can freeze assets, block transactions, or deplatform a user. Censorship resistance is not an ideological stance — it is an architectural property. A system is censorship-resistant when the cost of censoring exceeds the censor's capacity. Air-gapped, threshold-secured hardware makes censorship physically, not merely computationally, expensive.

Sovereign Infrastructure

Hardware Custody #: The practice of securing digital assets through dedicated physical devices rather than software wallets or cloud-based custodians. Hardware custody moves the trust boundary from code running on general-purpose computers — vulnerable to malware, supply chain attacks, and remote exploitation — to purpose-built silicon that performs cryptographic operations in physical isolation.
Secure Element #: A tamper-resistant hardware chip designed to perform cryptographic operations in isolation from the main processor. Secure Elements ensure that private keys never leave the chip boundary, even if the host device is fully compromised. In consumer hardware wallets, the Secure Element is the last line of defense. In CLAVI’s architecture, it is one layer among many in a defense-in-depth design.
Cold Storage #: The practice of keeping cryptographic keys entirely offline — disconnected from any network, at all times. Cold storage is the inverse of hot wallets, which maintain constant internet connectivity for convenience. In institutional custody, cold storage represents the highest tier of security, trading accessibility for imperviousness. CLAVI’s Monolith operates in permanent cold storage by architectural design, not by user discipline.
JOTUP #: CLAVI’s offline artificial intelligence concierge — a powerful tag-based RAG (retrieval augmented generation) engine developed by Research Semantics. It runs entirely locally on the Monolith with no cloud dependency, no API calls, no logging, and no tracking. JOTUP prioritises accuracy over generation for insights into blockchain interactions and news, acting as a fully private oracle for decision-making without hallucination risks.
Defense in Depth #: A security philosophy that layers multiple independent protections so that the compromise of any single layer does not breach the system. In CLAVI’s design, defense in depth means air-gapped hardware, biometric authentication, threshold signing, a zero-knowledge operating system, and Swiss jurisdictional protection — each layer complete in itself, collectively forming an architecture that no single vector can penetrate.
Hot Wallet #: A cryptocurrency wallet that maintains a persistent connection to the internet, enabling instant transaction execution at the cost of continuous exposure to network-based attack vectors. Hot wallets are the operational counterpart to cold storage — optimised for convenience and speed in active trading. In institutional custody, hot wallets hold only the minimum operational balance while the majority of assets remain in cold storage. CLAVI's architecture eliminates the hot/cold dichotomy entirely: all operations occur in air-gapped isolation.
Custodial Wallet #: A wallet in which a third party — an exchange, a bank, a fintech provider — holds the private keys on behalf of the user. The user has an account, not ownership. Custodial wallets reintroduce the trust hierarchy that sovereignty seeks to eliminate: the custodian can freeze funds, comply with seizure orders, or suffer a breach that loses everything. The mantra "not your keys, not your coins" captures the fundamental sovereignty deficit of custodial models.
Non-Custodial Wallet #: A wallet in which the user exclusively controls the private keys. No third party can access, freeze, or move the user's assets. Non-custodial wallets represent the minimum viable sovereignty in digital asset management — you hold your keys, you hold your coins. CLAVI takes this principle further: not only are keys non-custodial, they are distributed across multiple hardware devices via threshold cryptography, eliminating the single-point-of-failure inherent in conventional non-custodial designs.
Smart Contract Wallet #: A wallet implemented as a smart contract on a programmable blockchain, enabling custom access control logic: social recovery, spending limits, time delays, and multi-party approvals encoded directly in on-chain logic. Smart contract wallets offer programmable flexibility that externally owned accounts (EOAs) lack. However, they introduce smart contract risk — bugs in the code can lock funds permanently — and remain chain-specific. CLAVI's hardware-based approach achieves comparable flexibility through off-chain threshold signing, avoiding smart contract risk entirely.
Secure Enclave #: A hardware-isolated subsystem within a processor that provides a protected execution environment for sensitive operations. Apple's Secure Enclave, ARM TrustZone, and Intel SGX are implementations of this concept. While secure enclaves protect keys from software-level attacks on the host device, they remain under the manufacturer's control — firmware updates, side-channel vulnerabilities, and undisclosed backdoors are trust assumptions the user cannot verify. CLAVI's dedicated hardware eliminates the manufacturer-trust dependency by using purpose-built, auditable silicon.
Tamper-Evident Design #: A physical security approach ensuring that any attempt to open, modify, or compromise a device leaves irreversible, visible evidence. Tamper-evident design does not prevent attacks — it ensures they cannot go undetected. Techniques include epoxy-sealed enclosures, holographic security labels, mesh sensors that erase keys upon breach detection, and unique per-device serial patterns. In sovereign hardware, tamper evidence transforms physical security from a trust assumption into a verifiable property.

Jurisdictional Sovereignty

Jurisdictional Hardening #: The strategic placement of physical infrastructure and legal entities in neutral, non-aligned territories to maximize privacy protections and minimize exposure to overreaching data-access frameworks. CLAVI is domiciled in Schaffhausen, Switzerland — outside the European Union, outside the Five Eyes intelligence-sharing alliance. This is not evasion; it is the sovereign selection of the legal environment most aligned with the principle that privacy is a fundamental human right.
Swiss Jurisdiction #: The legal framework under which CLAVI operates. Switzerland’s Federal Constitution (Article 13) treats privacy as a fundamental human right. The revised Federal Act on Data Protection (revFADP) provides some of the world’s strongest data sovereignty protections. Combined with CLAVI’s zero-knowledge architecture, Swiss jurisdiction means that no government or court can compel CLAVI to surrender keys it does not possess.
Five Eyes #: The intelligence-sharing alliance comprising the United States, United Kingdom, Canada, Australia, and New Zealand. Member nations share signals intelligence and have established mutual legal assistance treaties that facilitate cross-border data access. Switzerland is not a member. CLAVI’s Swiss domicile places it outside the reach of this alliance’s surveillance and data-sharing infrastructure.
Data Residency #: The physical location where data is stored and processed, and the legal jurisdiction that consequently governs it. Data residency is not a technical detail — it is a sovereignty decision. Data stored on a US cloud provider is subject to US law regardless of the user’s nationality. CLAVI eliminates this concern entirely: data resides on the user’s own hardware, in the user’s own jurisdiction, under the user’s own authority.
Swiss Federal Act on Data Protection (revFADP) #: Switzerland's revised Federal Act on Data Protection, effective September 2023, replacing the 1992 original. The revFADP strengthens individual rights over personal data, introduces mandatory data breach notification, requires data protection impact assessments, and imposes personal criminal liability on responsible officers. Unlike GDPR, the revFADP applies based on data processing effects in Switzerland, not establishment. For CLAVI, the revFADP provides the legal framework complementing its technical zero-knowledge guarantees.
GDPR vs revFADP #: The European Union's General Data Protection Regulation (GDPR) and Switzerland's revised Federal Act on Data Protection (revFADP) share common ancestry but diverge in critical ways. GDPR applies to any entity processing EU residents' data, regardless of location; revFADP applies based on effects in Switzerland. GDPR imposes fines on organisations (up to 4% of global revenue); revFADP imposes criminal penalties on responsible individuals (up to CHF 250,000). GDPR requires a Data Protection Officer; revFADP does not. Switzerland's framework offers comparable protection without subordination to EU regulatory authority.
Data Localization #: Legal requirements mandating that certain data be stored and processed within specific national borders. Data localization laws are proliferating globally — Russia, China, India, and others require sensitive data to remain on domestic servers. For individuals and institutions, data localization creates a sovereignty paradox: your data's legal protections depend on where it physically resides. CLAVI resolves this by localizing data to the user's own hardware — making the user's physical jurisdiction the data's legal jurisdiction.
Crypto Asset Regulation #: The evolving body of laws governing the issuance, custody, transfer, and taxation of digital assets. Regulatory approaches vary dramatically by jurisdiction: the EU's MiCA framework mandates licensing for custodians, the US applies securities law on a case-by-case basis, and Switzerland's DLT Act provides a technology-neutral framework. For sovereign individuals, understanding the regulatory landscape is essential — not to seek permission, but to architect custody arrangements that comply with applicable law while preserving maximum autonomy.

Key Standards & Protocols

BIP-39 (Mnemonic Seed Phrase Standard) #: Bitcoin Improvement Proposal 39, the standard that defines how a cryptographic seed is encoded as a human-readable sequence of 12 or 24 words selected from a 2,048-word dictionary. BIP-39 made key backup accessible to non-technical users — and simultaneously created the canonical single point of failure in cryptocurrency custody. The mnemonic phrase is both the greatest usability innovation and the most dangerous fragility in the self-custody ecosystem. CLAVI's threshold architecture transcends this fragility by distributing authority beyond any single mnemonic.
BIP-44 (HD Wallet Derivation Paths) #: Bitcoin Improvement Proposal 44, building on BIP-32's hierarchical deterministic key derivation, defines a standardised path structure for deriving keys: m/purpose'/coin_type'/account'/change/index. This path convention enables a single master seed to generate separate key trees for every supported cryptocurrency, with distinct accounts and change addresses. BIP-44 is the reason a single 24-word phrase can control Bitcoin, Ethereum, and hundreds of other assets simultaneously — concentrating power that CLAVI's distributed architecture deliberately disperses.
UTXO (Unspent Transaction Output) #: The accounting model used by Bitcoin and derived protocols, where each transaction consumes previous unspent outputs and creates new ones. Unlike Ethereum's account-based model, UTXO-based systems have no persistent "balance" — your wealth is the sum of all unspent outputs your keys can sign. The UTXO model has profound privacy and security implications: it naturally supports CoinJoin mixing, enables granular coin control, and makes the relationship between transactions explicit. Understanding UTXO management is essential for sophisticated custody operations.
Passphrase Extension (25th Word) #: An optional additional word or phrase appended to a BIP-39 mnemonic to derive a completely different set of keys. The passphrase creates plausible deniability: the base 24-word phrase opens a decoy wallet with minimal funds, while the passphrase-extended version opens the actual vault. This feature enables duress protection — an attacker who extracts the seed phrase accesses only the decoy. However, the passphrase itself becomes another single point of failure. CLAVI's threshold model provides superior duress protection through physical distribution rather than secret memorisation.
SLIP-39 (Shamir Backup Standard) #: Satoshi Labs Improvement Proposal 39, a standard for splitting a wallet's master secret into multiple mnemonic shares using Shamir's Secret Sharing. Unlike BIP-39's single seed phrase, SLIP-39 distributes the secret across N shares of which any K are required for reconstruction. Each share is encoded as a sequence of 20 or 33 words. SLIP-39 addresses the single-point-of-failure problem at the backup level, but reconstruction still requires assembling shares in a single location — a vulnerability that CLAVI's threshold signing eliminates by never reconstituting the full key at all.