A compromised hardware wallet can slowly leak the user’s private key(s) through the signatures it creates, even if those keys were generated with strong randomness. Jade implements Anti-Exfil to mitigate against this kind of attack.
To fully understand how this attack works and how to mitigate it, first let's briefly discuss how signatures work in Bitcoin.
Bitcoin's Elliptic Curve Digital Signature Algorithm (ECDSA) combines a random private key with a nonce (a one-time value intended to add randomness to the signature) to produce a transaction signature that other Bitcoin full nodes can validate. Anyone can guess your private key based on your signatures without this random nonce, which would quickly lead to a loss of funds.
Compromised hardware wallets could create a nonce that appears random but is not. The nonces could be known to an attacker ahead of time. Even worse, the hardware wallet could leak parts of the user’s master private key into individual nonces, which would allow the attacker to guess every private key attributed to a person's wallet given a sufficient number of signatures.
Anti-Exfil uses “sign-to-contract” to ask Jade to use its signature nonce while cryptographically committing to some random data proposed by the (assumed uncompromised) host computer. The random data’s hash is then combined with the signature nonce to produce the signature.
By adding this host-provided randomness into the nonce via sign-to-contract, Anti-Exfil ensures that the nonce is re-randomized, preventing malicious leakage.