Episode Transcript
[00:00:00] So it creates a key with a blind oracle that combines with a key that is created locally on your Jade that is needed to actually unlock the recovery phrase activated by your pin. So what that means is, is that even if an attacker gets your physical Jade device, the unencrypted Bitcoin key isn't even on the device and you need a partial remote key just to get into it that exist in an entirely different place. It's kind of like the benefit of multisig without ever having to reveal anything about you, your wallet or any sort of privacy concern. And even crazier is that you can run this Oracle system yourself.
[00:00:46] The best in Bitcoin made Audible I am Guy Swan and this is Bitcoin Audible Foreign what is up guys? Welcome back to Bitcoin Audible I am Guy Swan, the guy who has read more about Bitcoin than anybody else you know. This show is brought to you by the BitKit non custodial on Chain and Lightning Mobile Wallet. I love the UX of this wallet and their design is honestly one of the best of mobile wallets that I know of. And speaking of mobile, when you are holding a substantial amount and it's not just a normal spending wallet that you want to do with Lightning, you need to get yourself a good hardware wallet and specifically a hardware wallet that operates with mobile really well. Jade has always been that. But I am so stoked about the Jade Plus. I set myself up an affiliate link which is right down there in the show notes and that helps to support this show. So if you would please use that link when you grab your Jade plus, it's a great free way to help out the show, but also because I tend to just I like to deep dive into all the things. That's why I read the cold card security and I've read some stuff on the bitbox, I've read some stuff on general hardware. In fact, one I've been meaning to get to is actually the bit key, but I don't have that one yet. But I know they have a very different model for their hardware wallets. But because I just got my Jade Plus, I've been kind of doing a little deep dive on the Blockstream website for how the security model works, what the features are. Because honestly I'm being impatient and the Jade plus is not here yet. It's been like a whole three days since I ordered it and it's not at my door. But Blockstream well, Jade specifically has a really interesting Oracle system and so I just kind of wanted to brainstorm and talk about how it works and think about what the implications of something like this are. Because I also just the idea of Oracle enforced kind of protection or security is a really interesting concept and this is something that's along the lines of bitkey though bitkey I think has a much larger trade off than the Blockstream model I think they have. They've done so good with Green light and the idea of someone else hosting your lightning node but you still holding the keys, spinning up a node in literally an instant, and a lot of other really unique little things that they have done with their stack. This just always interested me and I've been slowly moving toward using and exploring a lot more of their tools more and more. And then with the push they've done recently with Jade, it's just kind of got me back down the rabbit hole. So we're going to read about the Oracle enforced protect PIN protection that they have, how it works, and then I just kind of want to riff a little bit on a lot of my thoughts about it. So with that let's not waste any more time and we will get into our read and it's titled the Blockstream Jades Oracle Enforced PIN Protection Blockstream Jade uses Oracle enforced PIN protection to encrypt your Jades recovery phrase. This unique security model functions as a virtual secure element to provide extra protection for your funds and comes with several key benefits.
[00:04:26] The security model explained during the Jade initialization process, users will be asked to create a unique pin. This PIN is used in combination with a blind Oracle managed by blockstream to encrypt Jade's key material, at which point there becomes three secrets needed to decrypt your recovery phrase and spend the user generated unique PIN the Jade Secret and the Oracle Secret. When users are ready to unlock Jade, they will be prompted to enter their pin. The companion app. For example, Green Wallet will then establish an encrypted channel with the blind Oracle, allowing for the server secret to be sent to Jade, thus decrypting Jade's secret and allowing you to spend Bitcoin. The blind Oracle is truly blind. It does not know anything about you or your wallet data and it can be accessed over Tor. It doesn't even know your actual pin. To learn more about how this process works, you can dig into our faq. Note that Jade is only unlocked successfully if the correct PIN is entered to prevent against brute forcing. The Oracle and Jade will delete their keys if the wrong PIN is entered three times. At this point, users will need to restore Jade with their recovery phrase Benefits of Oracle Enforced Pin Protection Due to the process described above, your recovery phrase is very strongly encrypted on your device. This comes with some powerful benefits. Attackers with access to your Jade cannot steal your funds, as they would need to compromise both your local encrypted flash and the remote pin Oracle. Jade remains fully open source by not requiring a secure element and utilizing a pin Oracle instead. However, this model is not without tradeoffs as well as users may need communication with Blockstream's blind Oracle. To avoid needing communication with Blockstream's Oracle, users can run their own Pin Oracle or unlock Jade using their recovery phrase directly by scanning a seed qr, for example Encryption process.
[00:06:45] During initialization, Jade prompts the user to choose a unique pin. This pin is used in combination with a blind pin Oracle to encrypt your Jade's key material. The companion app you connect your jade to then passes messages between Jade and the pin Oracle, but it is blind to the data communicated. Since it is encrypted, the jade itself does not communicate with the blind pin oracle. To prevent physical attacks on a stolen jade from extracting or stealing coins, the seed is encrypted with random keys split between the Jade device and a lockout Oracle to describe this process in more detail. Once the pin is chosen, an ephemeral elliptic curve Diffie Hellman exchange or ECDH exchange occurs with the remote Oracle. An ECDH key exchange allows two separate entities with no previous knowledge of each other to generate a shared secret over public insecure channels. Using a known public key of the blind Pin Oracle, an ECDH key exchange occurs and the communications channel can be fully encrypted. Once the encrypted channel is established, the Jade and the remote Oracle work together to create an AES256 key. When creating a new wallet recovery phrase, entropy is gathered from the pool and the resulting key material used for the recovery phrase is encrypted using the AES256 key. This data can only be decrypted when the user inputs the correct PIN on the jade and establishes a connection with the remote pin Oracle mediated by the companion app, again the example being Blockstream Green. Since the Oracle only has a part of the AES256 key, it is blinded to any of your wallet's keys and the pin used on the jade. All data at rest is encrypted on the Oracle. If the pin is incorrectly entered three times, the Oracle and Jade both delete the secret, requiring a restore of the recovery phrase. The newly Encrypted key material is then stored on the encrypted off chip flash of the Jade and protected by Secure Boot. Secure Boot is a technology that prevents unsigned boot firmware from running on your Jade, such as a compromised firmware image from an attacker. It ensures that only firmware you intend to run is used to boot the device. Your blockstream jade now has a strongly encrypted recovery phrase. An attacker would need to compromise both the local encrypted flash on the Jade and the remote PIN Oracle in order to access the recovery phrase. All right, like I said, this one was really short, but there are a couple things that I wanted to point out about why this is really interesting, especially for a mobile device and especially for a fully open source and open firmware hardware device. So when we dug into this about the cold card and we broke down how there were essentially three different chips, there was the RAM and then two different, two different brands of secure element that were not open source. So there's a secure open source firmware plus the secure element closed source, and then an additional secure element closed source, and that each one of them holds one key and this is all within the device. This is like hardware inside the cold card and that they each separate these little secrets. And so any individual one, like if the firmware got compromised, not only does it like brick your device, someone trying to get in from a bunch of different ways, but without being able to get into each of the individual secure elements, or if there is any limitation or vulnerability in one of the secure elements, or a backdoor built in with one of the brands or something. Well, each thing only holds one third of the key or one third of what is needed to unlock the key. Now, if you have, because Jade is totally open source, it's kind of like that open source firmware and RAM chip in the cold card in the sense that there is this. Okay, well, what if it gets compromised? What if you have your Jade itself, Somebody gets a hold of the physical hardware wallet, and because they have, you know, access to it and they're trying to get into that device, how do you make sure that they can't get your recovery phrase from the Jade wallet? And what's really interesting about this setup, there's a. There's two things that stood out to me while I was kind of digging into. This is one, this essentially gives a almost pseudo multisig with a physical separation between your devices by creating a shared key separate from your recovery phrase with an Oracle server and then encrypting it locally on the jade. So no information that you can get off the jade will actually get you back to the recovery phrase. It needs a multisig unlock. It needs a key that is broken up into two places. So the recovery phrase is encrypted by a key that is broken up into two different keys in two different places. One is on your jade and one is on the Oracle, the pin protection Oracle. And then the local secret on the jade is also encrypted with the pin. And if you punch in the pin wrong three times, and this is something that everybody needs to be aware of, is if you're punching in the wrong pin, you're going to have a bad time. So be careful about punching in your pin the wrong pin a bunch of times, because you're likely to have to go back to your recovery phrase. But you punch in the pin to decrypt the jade. That allows you to then establish an encrypted connection. It unlocks what's needed to establish the encrypted connection with the Oracle, which identifies that you have had you have the right pin. And then that allows you to request the other half of the secret whenever you you sign a transaction, in order to sign and then send and broadcast a transaction. Which importantly means that the Oracle does not know your pin. It does not know your recovery phrase, it does not have your recovery phrase. And because you connect over Tor, it doesn't, I don't know anything else useful about you either. All it has is a half of a randomly generated secret key generated with your jade to encrypt the key locally on your jade. So it's like there's a little two key vault inside of your jade that allows you to get the key to sign a Bitcoin transaction. And if you type the pin in wrong too many times, it just burns the whole vault and everything in it. And you need your backup recovery phrase in order to do it, because otherwise somebody can just break into the device and try to try to empty the vault. But to actually get access to the recovery phrase, you not only need your pin, but your PIN is the access that lets you have a encrypted channel so that you can get a key from the Oracle, because it takes two different keys to unlock it and get your recovery phrase. And the other really cool thing that stood out when I was reading into this that I didn't realize is the whole Oracle system is also open source. Now the software, there's another thing that it links to that I started reading into because this is beta right now and only should be attempted by those who are confident of their wallet recovery process. But you can run your own Oracle, like you can be your own Oracle and the software they have, which like I said, this is, this is beta. So you know, be careful if you're setting this up, I mean just, just make sure you have your recovery phrase. But you can do this yourself and you can run it on an umbrel, you can run it on your own Bitcoin node. And this is another one of those things like these sorts of systems because one of the things that I've been thinking about with Pear Drive and pubkey and Nostr and like how we can separate and start delegating trust and splitting up keys between different devices in order to make sure you get the optimum of security with as few trade offs as possible. The idea that you could use this Oracle system with some of your own devices. Like if I was using this with my own devices, let's say I'm using something like something that's peer to peer like pair drive or a pub key or something and I have this installed, I have some sort of a, basically a two factor. This is, this is how this is behaving, right? Is the Oracle is behaving like a two factor authentication that disallow, that basically traps any attacker from being able to get to the key without getting the secondary factor from a blind oracle from somebody who is not actually at risk or posing a risk to your actual keys themselves or a privacy risk or anything like that. Well now imagine that you could run this in parallel with you know, five of your devices or your best friend's device or your parents computer, something that you basically already know and trust to some degree. And so that at least if at least one of these devices is on, you can basically set up your own little Oracle system that syncs between your devices. Now this, that's not what this is right now. But it just immediately got me thinking down that road of like how do you utilize this? Because some of the really cool things about this is that there are real technical problems here and technical solutions that can go to simplifying the security and kind of hand holding of someone else's setup opposing as little risk as possible to the actual person as far as trade offs go. Like so going back to the bitkey which I mentioned at the very beginning, which is something that I kind of want to dig into, I actually have an article on the BitKey security model but theirs is basically like a multi sig sort of setup. But as I understand it. And again, I haven't dug into this. I could be completely wrong. This was pulled entirely from conversation on Twitter or Nostr. Who knows where it was, but just people generally talking about the bitkey. But as I understand it, the square. Who, who is the company? I mean it's one of Jack Dorsey's companies that makes the bit key. I think it's Block. It's Block. But Block actually is a privacy trade off, if I am not mistaken, because it is explicitly a bitcoin key that is involved as a secondary. Like we won't sign if everything doesn't look perfectly up to standard with what we expect. So anything that potentially poses a risk or looks suspicious, they refuse to sign. And the bit key is basically there to give the environment of provability of like, okay, well if everything looks good on this side, we've built this device to make it very, very hard to fake this setup. So that comes with a lot of trade offs. But it's also just a really interesting model because key protection and the idea, the level of security and attention to detail in protecting keys and thinking about how to access key is a service. Like it is a, a legitimate problem to solve and something to be taught and something to be leveraged as a service in the new economy. I don't, I do not see how that does not have a massive underlying value in the coming, in a coming bitcoin world. And it is not because everybody is stupid. It is simply because of the amount of time and attention that any one person has to has available to deal with any particular thing. And this also kind of alludes back to our conversation we've had with miniscript and how you can take advantage of cascading keys and building really simple key structures where you know, you have a two of three with a blind oracle and then everything reverts back after like six months of no response or nobody can sign or somebody signs and tries to get rid of it or tries to empty your wallet and it wasn't actually authorized, is that there's a key, there's a fallback key that can enforce it, or a fallback key is one that's not active for six months. So you have to publish and broadcast a transaction and not until six months does that actually, does that transaction actually go through. And in the meantime the blind oracle and you and your jade or your mobile wallet can all sign in order to revoke or cancel that transaction. Or basically I guess you would default eliminate the key from the setup if you were countering it. As if it had been compromised. So this kind of references or it makes me think back to our conversation with future Paul and what they have shifted, what the team at Mutiny has shifted over to starting working on with the open secret project. This is like very similar in concept to this whole blind Oracle thing. He's how do you make it so that someone can log in verifiably use some piece of software or some process on a external machine that allows them access to a key that that machine cannot get to and that that machine does not know anything about and it gives a simple expected onboarding process for the user with a level of protection that they aren't even aware of or I guess that it's not even that they're aware that they aren't aware of, it's that they don't have to fully understand to get the benefits of. Because what they are trying to do and like what I'm really excited about their project for is the ability to host Noster keys in a completely secure server, but have what appears to be or what behaves like a normal setup and create an account sort of process for Nostr. And with these sorts of things being open source, it's one of those things that allows you to leverage multiple devices and multiple, even service providers in order to obscure away the keys and treat the keys as the security of a subset of devices. And I really think, I really think there's something genius and intuitive about that model and it could just allow for so much versatility in where and how users can recover their keys and where some other service or company or wallet provider or financial institution, you know, whatever it is, can essentially give them some peace of mind in that process and protect them from both an attacker and, and both from the kind of disaster scenario key recovery with as few possible trade offs in privacy and user control. And I'm just always interested in reading about and digging into how new models or new interesting little tweaks of security are being implemented and how all of these various companies are going about it. Because literally everybody's doing something like a little bit different. There's a lot of the same things theme and intuition about what to do about these things because to some degree there's always limitation like a hardware device is always going to be subject to some degree of risk and open source potentially has even greater risk. Well, at least in one type of thinking because essentially there are enough eyes on it that if somebody figures out a way there's not really anything that can be done in hindsight, if there's some way to get into the RAM or. Or alter the firmware or something like that. This, I think, is why the idea of cold card using a proprietary secure element inside their machine, as well as in the case of Jade, using a blind Oracle remote secure element as part of what is needed to unlock the key internally to the Jade. And that's just kind of the default or the base framing on top of all the different advanced things that you can do with a lot of these hardware wallets. Like, for instance, one thing that I didn't even realize you could do with Jade until I was digging into all of this is that you can use it as a stateless, stateless signing device. So you can use it like the seed signer is where every time you turn on the seed signer, there's no key. It's just completely and totally wiped of all data. And then you use something like a seed QR in order to just scan. And then, boom, you have your key on there, and then you sign, and then you turn the device off and it's all gone again. It's all just completely wiped. And so that seed QR is actually where your seed is actually living. That's actually your key. And the device doesn't pose any risk at all. Somebody can steal your device and break into it. It doesn't matter. You can just use it as a completely ephemeral signing device that literally import the key and then sign, and then it's all. It's all wiped and clear again. And, you know, that's something else is that I. I'm really curious about the whole seed QR stuff because I love the idea of, like, I did one manually with just like, straight marker with the seed signer while I was at the Atlanta Bitcoin conference. I was actually when I got my first seed signer. And as much as I don't use that, just because I have my ritual that I do, and you know what? I'll take this opportunity to go ahead and tell you. Get a ritual. Get a backup ritual. Write down your recovery phrase every single time you start a wallet. Put it in the exact same place, confirm it in the exact same way. Act like. I swear to God, pretend and act like you're a freaking OCD secret agent. And this is your, you know, backup passport. And you need this secure. If you have to role play and literally pretend you're in a movie every time you do it, do it. But do the process. Make your ritual and do it every single time exactly the same way. And even if you think you want to change your process or do something more advanced or do some secure thing in another way, do your normal process first. Then start to think about how you could change it or make it better. Because far and away the biggest issue, the highest risk of any and all of your setups is you writing it down wrong, saving your PIN number wrong, putting your recovery phrase in a place that you do not remember or do not or accidentally got thrown away. That is why you should do the exact same one every single time. And it does not matter how, how ephemeral you think or I'm not even going to use it. The wallet is like, let's say you take, you click on the link and you add me as a contact in BitKit and you just want to kind of like play around with BitKit for a minute. And so you create a wallet and you like, oh, it's a recovery phrase. Screw it. I'm not gonna, I'm not gonna mess with this one right now. I'm not gonna do my ritual. And then you get it, you kind of play around with it. You're like, okay, well this is kind of cool. And you go back to it because it's got a little widget with your bitcoin price. I mean, that's one of the big things I open it with is like, I, if I want to check the bitcoin price, I kind of just use my BitKit wallet. Let's say you want to play off with lightning and so you kind of start getting into it. Then you forget that you didn't do your backup phrase. And now you've been using the wallet for a few months and now you're like, this is actually a really great wallet. And so you put like a thousand dollars into it so that you can use it as your daily driver. And seven months goes by and then you drop your frickin phone in the water and you're like, well, I'm gonna go back to my backup because obviously I use this wallet all the time. Of course I did a backup. Oh shit, I have lost Bitcoin this way. As someone who does so many different wallets and is always trying stuff out and always trying to figure out how the next thing works and, and wants to test out multisig and you know, the best lightning wallet and the crappiest lightning wallet, or somebody who just has questions for me about something that I haven't used, and so I boot it up, send a, you know, 100,000 sats to it just to play around with it and see how it works so I can maybe help this person sort through their problem. Get a backup ritual, because you do not know what the future of your experience with that wallet will be and you will forget to go back to do it. I promise you, if you do not, if you're unwilling to do it right when you set it up, you won't do it three months down the road after you've been using it way more than you thought you would. So little tangent there, but I think it's really important to hit that home every single time I have the opportunity. So going back, seed signer, or excuse me, seed QR with the seed signer. This is actually a really cool thing, especially when you're trying to use ephemeral keys. And I constantly wonder if there might be some sort of really interesting way to take advantage of that. But the only limitation, there's actually a benefit and a limitation. So one of the benefits of a seed QR setup is that if you punch in that information wrong when you make a QR code, like you just kind of follow, it's like, okay, you have to put it in this. Fill in this square. This square. This square. Well, if you punch it in wrong, you can actually get all of it back. Like, you have to get it really, really wrong. If you have a recovery phrase and you're writing down 24 words and you write one word out of order, or you skip one and you aren't numbering them, or you're not on a piece of paper that has numbers on them and so you don't realize it, or you literally just write one wrong. Like one of them says captain, and you thought it said capital or something like that, and you just don't know. Well, the interesting thing about a seed QR is that there's like 15% error correction built into, like a standard one. And you aren't writing down a word like it's pulling a recovery phrase. Well, actually, I guess it's not pulling a recovery phrase. I guess it's just pulling the key itself. But because of that, that kind of human readable mistake can actually be corrected. Because a lot, you know, sections of the QR code are actually a checksum. They're a verify and recovery information in order to. If you put a square in the wrong place or you do something wrong, you can actually get it back without having to worry about that extreme attention to essentially the fidelity of the information. So if you make the equivalent of a mistake of capital versus Captain, the seed QR isn't going to make that mistake, the seed QR is actually going to recognize the private key because you've got additional information that just distinguishes that. If you wrote down capital well, there's a checksum that basically says that's an error in the math. Let's recreate this. Okay. No, it was in fact, Captain. Now the drawback to that is that it's really awkward. It's weird to be sitting down and drawing out a whole QR code and then another. What I think of as limitation is just in the idea of a stateless device is that you're constantly bringing that out and kind of exposing it potentially. And so it wouldn't be something that you obviously wouldn't be something that you carry around or that you use in a day to day unless you are in a quote unquote secure environment. Like if I'm like in my studio, well then it's totally fine for me to break out my seed signer and play around with it and use a bunch of seeds and have some bitcoin on it. But the seed qr, the whole QR code as your seed backup thing is something that I really feel like I need to explore more because there's some really interesting opportunities there, I feel like. And that error correction, that element of error correction in backing up your seed I think is really underappreciated. By the way, actually I will link to the blind Oracle, not the Umbrel version because the Umbrel version is the one that's beta software that I was talking about. But if you want to run your own Oracle software, you can actually run it on your own machine or you can run it in the cloud. So if you have like let's say you have BTCPay on Luna node or I guess Voltage, I don't know, I'm not sure if what level of control I guess, I guess obviously they would. Yeah, you'd be able to install it on voltage. Anyway, if you have any sort of cloud server or web hosting anything, you can actually host your own blind Oracle. If you don't want to use block streams for some reason and there's a simple set of instructions is like five like just set up a install, you know, Python, build it and, and then run it with Docker. I have not personally done this yet and you actually have to factory reset your jade. So it might be something that I do with the jade plus when I get it, but it shows you how to connect it and use it with your jade. So if you're a nerd like me and you really just want to try all this stuff out and install it. And Tynker, this would be a really, really cool one I think to do because it gives you this leverage, an entirely additional device or a cloud server in order to up your security on your local hardware wallet. I don't know, just pretty. It's a really cool little model to tinker around with, I feel like. But with that I think we can close this one out. There were just some really cool things that I wanted to hit as I've been digging into the Jade and impatiently awaiting for it. The Jade plus to arrive at my house. I'm really stoked about trying this stuff out and like I said, if you want to follow me on Nostr and Twitter, I'll be doing some videos about it and setting it up and stuff. I've been trying to get a lot better about keeping up with video work. Not only just because, I don't know, people seem to enjoy it, but also I've just been trying to move my setup that way just because there are a lot of productions and ideas that I have in the future and the more, the more concrete and kind of self running I can get my setup and my workflow and you know, align my producer and editor, which I used to do all of this stuff myself. And it just is never just so such a slog. And it's been really, really difficult for me to let that go. But I am trying to at the impatience of my producer who, you know, puts up with me. I'm trying to let that go and let somebody else do most of the editing and I'll just like kind of lay out the idea and the main, main things that I see in my head in the pictures and I'll try to get some of the footage and stuff, but just trying not to do all of the busy work and just staying on top of doing more video work and I think that's really going to help streamline it and I'll be able to do more videos like, you know, show you stuff on hardware, wallets and yeah, I know BTC Sessions does a fantastic job, but I don't know, Bitcoin only stuff like good bitcoin content still has a low selection on YouTube and in kind of the video world. I feel like it's kind of like simply bitcoin and BTC Sessions. Maybe I'm. Maybe I'm missing somebody and if there's somebody out there who's listening to this, I'm sorry if I forgot you, but honestly those are the two that come to mind and everybody else is a shitcoiner or just like a normal finance bro who's interested in crypto. And I just feel some sort of obligation to put my foot a little bit more in that door. Not only just because I love video work and, you know, it's place that I started at, but also just because I feel like there's a bit of a need in being able to easily and simply explain stuff and do kind of the short version of all of these things. That's, that's what I intend to do. You know, BTC Sessions does like deep dives into all of these products and how to set it up. And I think probably a decent complimentary set of videos to him would be kind of like the 5 minute version of how to set up your jade, how to use your cold card in this way. My favorite way to utilize Nunchuck and which wallets do I use and what's my favorite simple and easy to recover and you know, lowest risk for, you know, onboarding someone. Things like that you could probably hit in four or five minutes if you're really concise and explain it really well. So stay tuned. Don't forget to subscribe, don't forget to link and follow me on the socials. And specifically this show spreads by word of mouth. If you have someone else that you know who would be interested in this or is looking at getting a jade and wants to know about this or would be interested, is a nerd, loves Bitcoin or is trying to get into bitcoin, share them. An episode of Bitcoin Audible. There is an endless list of things that we have covered, ideas, basics, which actually I need to get back to the basic series because there's a couple of things that I never actually hit with that one and some things that could be refreshed. So you guys sharing it out is actually a massive, massive help. And of course I have affiliate links for a lot of the services that I love, that are my favorite services and ones that I am using constantly in this space. So check them out, they're right down in the show notes. A shout out to the BitKit wallet for supporting this show, my work and I will catch you on the next episode of Bitcoin Audible. And until then, everybody take it easy guys.
[00:36:50] The joyous of life comes from our encounters with new experiences. And hence there is no greater joy than to have an endlessly changing horizon for each day to have a new and different sun.
[00:37:06] John Krakauer into the Wild.
