The following FAQs cover common misunderstandings and misconceptions about Blockstream Jade's security model options. If you have any further questions about Jade, please feel free to reach out here.
Does Jade send wallet information to a server?
No, Blockstream Jade does not send wallet information to a server. Jade offers two different security models, one of which strongly encrypts your wallet in combination with a blind oracle - while the other model allows Jade to be used statelessly without any blind oracle. Your seed phrase never leaves Jade and remains highly encrypted on your device.
What is a blind oracle?
A blind oracle functions as a virtual secure element. It holds the decryption mechanism to your wallet off-device, which makes Jade alone invulnerable to physical key extraction. This is unlike typical secure element devices which hold everything needed to extract your keys on the actual hardware device itself.
You can decrypt your wallet by entering your PIN correctly on Jade and allowing your companion app to give you the decryption key via an encrypted channel. Jade is never connected to the internet or communicating with a blind oracle directly, and this process can even be done air-gapped via QR codes.
Do all hardware wallets communicate with online companion apps?
Yes. Bitcoin runs on the internet and therefore its users are required to interact with the internet to send bitcoin transactions. Jade communicating with a companion app to retrieve the decryption key is no different than any other hardware wallet, who receive messages from an online app in order to fetch balances and show transaction details for confirmation on the device.
A benefit of hardware wallets (including Jade) is that they are not connected to the internet directly and instead rely on their companion app to do this for them.
Do I have to use a blind oracle? What happens if my oracle is not available?
No. If users want to unlock their Jade without using a companion app or blind oracle, they are free to do so by scanning a SeedQR for quick wallet access or by manually entering their recovery phrase.
What are the benefits of using a blind oracle?
Using a blind oracle to encrypt your wallet means there is nothing of value to steal from a locked Jade by itself. This is different than most other hardware wallets, which store everything needed to extract your private keys on the device itself. In this way, Jade is unique in that it does not offer a single point of failure and an attacker needs to hack two different entities (blind oracle and Jade) instead of just the hardware wallet alone.
What do blind oracles know about my Jade or wallet?
Nothing. Blind oracles do not know your bitcoin addresses, private keys, and they do not even know your actual PIN (they also work over Tor). The only information a blind oracle stores is a hash of your PIN plus a nonce, allowing them to function completely "blind". You can use Jade with your own blind oracle or one run by Blockstream.
What additional threat is added when using an oracle?
Using a blind oracle does not pose any additional threat to your funds, as it is fully blind and does not know anything about your wallet data. In order for wallet information to be extracted from Jade, an attacker would need to physically hack Jade and the blind oracle. Hacking or altering the blind oracle alone is not enough to extract any sensitive data.
Should I run my own blind oracle or use Blockstream's?
Whichever you prefer. Using Blockstream's blind oracle has the advantage of "decentralizing" your security without compromising any wallet information, however some users may still prefer to run their own blind oracle on a laptop or Raspberry Pi for example.
Why does Jade use a blind oracle and not a secure element?
Our unique security model using blind oracles was developed as a way to avoid needing a secure element for wallet protection, which allows Jade to be truly open-source, more accessible and easily DIY-able. Secure elements are typically covered by NDAs, are more expensive, and drastically increase the complexity of building a DIY device.
Does Jade have to be used with Blockstream Green?
No. Jade works as a standalone signing device with many popular wallet platforms.