Your private keys (derived from your recovery phrase) require strong randomness to avoid loss of funds. Attackers can grind private keys and search for weakly-generated ones, hoping to steal funds that land on the corresponding addresses. Jade uses a multi-faceted approach to ensure your private keys have sufficient randomness to prevent this type of attack.
Entropy Sources
While Jade is running, entropy is generated from various independent sources and sensors:
- User input
- CPU counters
- Battery state
- Ambient temperature
- Multiple images taken with camera during boot
- Built-in cryptographic-strength hardware number generator
- Entropy from the Blockstream Green companion app
The built-in hardware cryptographic random number generator (CRNG) derives entropy from various sources, one of which is the included radio (used for Bluetooth). When the radio is disabled with the optional “noradio” firmware (selectable in the Green companion app), the CRNG loses that source and, therefore, has reduced entropy. To mitigate this, we use an ESP32 API call named “bootloader_random_enable()” to sample raw radio noise only during boot, which is then added to the entropy pool along with the sources mentioned above.
Recovery Phrase Generation
When the Blockstream Jade is started, an accumulator similar to the one used by Bitcoin Core is used. This stores a 32 bytes state generated by a SHA512 hashing of its previous state along with the entropy sources provided above.
The result of the SHA512 is split in two:
- Half becomes the new 32 bytes state
- Half is provided as the entropy requested and fed to the standard BIP39 entropy to recovery phrase function.
The hashing function is called each time entropy is requested as well as any time a button or the wheel is touched.