Jade uses oracle-enforced PIN protection to encrypt your Jade's recovery phrase. This unique security model functions as a virtual secure element to provide extra protection for your funds while offering several key benefits.
Oracle-enforced PIN Protection Explained
During the Jade initialization process, you will be asked to create a unique PIN. This PIN is used in combination with a blind oracle, managed by Blockstream, to encrypt Jade's key material - at which point it will need three secrets to decrypt your recovery phrase and spend funds:
- User-generated unique PIN
- Jade secret
- Oracle secret
When you are ready to unlock Jade, you will be prompted to enter your PIN. The companion app (e.g. Blockstream app) will then establish an encrypted channel with the blind oracle, allowing for the server secret to be sent to Jade - thus decrypting Jade's secret and allowing you to spend bitcoin.
The blind oracle is truly blind. Your Jade device itself does not communicate with it. It does not know anything about you or your wallet data, and you can access it over Tor. It doesn't even know your actual PIN!
To learn more about how this process works, visit our FAQ.
Note: Jade only unlocks successfully if you enter the correct PIN. To prevent against brute-forcing, the oracle and Jade will delete their keys if you enter the wrong PIN three times. At this point, you must restore Jade with the recovery phrase.
Benefits & Tradeoffs of Oracle-Enforced PIN Protection
Thanks to Jade's security model, the recovery phrase's strong encryption on on your device comes with some powerful benefits:
- Attackers with access to your Jade cannot steal your funds, as they would need to compromise both your local encrypted flash and the remote PIN oracle. The seed is encrypted with random keys split between the Jade device and a lock-out oracle.
- By not requiring a secure element and utilizing a PIN oracle instead, Jade is fully open-source.
With all things Bitcoin, however, this model does not come without tradeoffs, as you may need communication with Blockstream's blind oracle.
To avoid needing communication with Blockstream's oracle, you can:
- run your own PIN oracle.
- unlock Jade using your recovery phrase directly (by scanning a SeedQR, for example).
The Details Matter
Once you choose your PIN, an ephemeral Elliptic Curve Diffie Hellman exchange (ECDH) exchange occurs with the remote oracle. An ECDH key exchange allows two separate entities with no previous knowledge of each other to generate a shared secret over public insecure channels. Using a known public key of the blind PIN oracle, an ECDH key exchange occurs, and the communications channel can be fully encrypted. Once the encrypted channel is established, the Jade and the remote oracle work together to create an AES256 key.
When creating a recovery phrase for a new wallet, entropy is gathered from the pool, and it encrypts the resulting key material for the recovery phrase using the AES256 key. This data can only be decrypted when you input the correct PIN on the Jade and establish a connection with the remote PIN oracle, mediated by the companion app. Since the oracle only has a part of the AES256 key, it is blinded to any of your wallet’s keys and PIN. All data at rest is encrypted on the oracle.
Remember: If you enter the PIN incorrectly three times, the oracle and Jade both delete the secret, requiring you to restore your wallet using the recovery phrase.
The newly-encrypted key material is then stored on the encrypted off-chip flash of the Jade and protected by Secure Boot. Secure Boot is a technology that prevents unsigned boot firmware from running on your Jade, such as a compromised firmware image from an attacker. It ensures that only firmware you intend to run is used to boot the device.
Your Blockstream Jade now has a robust encrypted recovery phrase.