Your private keys (derived from your recovery phrase) require strong randomness to avoid loss of funds. Attackers can grind private keys and search for weakly generated ones, hoping to steal funds that land on the corresponding addresses.
Jade uses a multi-faceted approach to ensure your private keys have sufficient randomness to prevent this type of attack.
Entropy Sources
While Jade is running, entropy is generated from various independent sources and sensors:
- User input
- CPU counters
- Battery state
- Ambient temperature
- Multiple images taken with camera during boot
- Built-in cryptographic-strength hardware number generator
- Entropy from the Blockstream companion app
The built-in hardware cryptographic random number generator (CRNG) derives entropy from various sources, one of which is the included radio (used for Bluetooth). If you disable radio with the optional “No-Radio” firmware, the CRNG loses that source and, therefore, has reduced entropy. To mitigate this, we use an ESP32 API call named “bootloader_random_enable()” to sample raw radio noise only during boot, which is then added to the entropy pool along with the sources mentioned above.
Recovery Phrase Generation
When starting your Jade, it uses an accumulator, similar to the one Bitcoin Core uses. This accumulator stores a 32-byte state, generated by a SHA512 hashing of its previous state along with the entropy sources provided above.
The result of the SHA512 is split in two:
- Half becomes the new 32-byte state
- Half is provided as the entropy requested and fed to the standard BIP39 entropy to recovery phrase function.
The hashing function is called each time entropy is requested as well as any time you touch a button or the wheel.