AMA - Blockstream Jade Team Enables Air-Gapped Transactions \ stacker news ~bitcoin

pull down to refresh

AMA - Blockstream Jade Team Enables Air-Gapped Transactions

13.6k sats \ 46 comments \ @blockstream_official 14 Nov 2022 bitcoin freebie

Hey everyone! This is the Blockstream Jade team and we’re here to answer questions about the latest firmware upgrade that brings air-gapped transaction capability to Jade.

Blockstream Jade’s camera has been dormant since its release in early 2021, but firmware version 0.1.41 brings some powerful new functionality to Jade by fully enabling the camera for use. Jade users can now access their device and communicate with companion apps solely using QR codes - no USB or Bluetooth required. This includes importing a wallet, verifying receive addresses, and signing bitcoin transactions.

Jade has become even more versatile with this upgrade, specifically by allowing for additional compatibility with mobile wallet apps such as BlueWallet and Nunchuk. However Jade can also now be used in an air-gapped manner with popular desktop apps, such as Sparrow and Specter.

We hope everyone enjoys this feature as much as we’ve enjoyed building it. AMA!

Get a Jade here (coupon code “wencamera” for 10% off): https://store.blockstream.com/product/blockstream-jade-hardware-wallet/

view all related items

521 sats \ 1 reply \ @adam3us 14 Nov 2022 freebie

demo video of jade QR code and seed QR https://twitter.com/Blockstream/status/1591831525418573824?s=20&t=GJ5_HQ5m7KXQOElIyJ6Xug

11 sats \ 0 replies \ @kr 14 Nov 2022

welcome to SN!

239 sats \ 1 reply \ @theinstagibbs 14 Nov 2022 freebie

What is the biggest attack vector for QR code based communication?

Is the firmware for camera open source? Audited?

12 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

Probably the bcur and qrparsing libraries. We have done some level and review and modifications to ensure security, however we do not have a third party auditing that we commissioned. The libraries are indeed open source, as well as the esp32 camera library (however the esp32 doesn't load the camera firmware)

238 sats \ 1 reply \ @trdr4 14 Nov 2022 freebie

Are there any plans for a second (upgraded) version of Jade??

0 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

We have a couple ideas of what this could look like, but probably not coming any time soon

321 sats \ 4 replies \ @kr 14 Nov 2022

if you had to rank the security of the various connection methods that hardware wallets use today, how would you rank the following?

bluetooth
nfc
usb
microSD
camera

187 sats \ 3 replies \ @blockstream_official OP 14 Nov 2022

MicroSD
Camera
USB
NFC
Bluetooth

7 sats \ 0 replies \ @dtonon 15 Nov 2022

Why is the MicroSD safer than the Camera? Isn't the autorun* ability of the card an attack vector?

[*] Is it still a thing on Windows?

18 sats \ 1 reply \ @blockstream_official OP 14 Nov 2022

It's debatable if the USB driver is worse than QR and bcur decoders

94 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

Camera is likely better - since it allows you to communicate with your companion app only when you choose for it to. Less likely to be attacked

202 sats \ 1 reply \ @ncryppt 14 Nov 2022

Curious, is the blocklstream jade compatible with chrome os (chromebooks?). Looking to buy a friend a hardware wallet but he only has chromebook and an iphone. Cheers.

1 sat \ 0 replies \ @blockstream_official OP 14 Nov 2022

We haven't tested specifically with Chrome OS, however Jade can be used with three different mobile apps on iOS including Blockstream Green, BlueWallet, and Nunchuk if you'd like to recommend he try Jade with one of those

201 sats \ 1 reply \ @litago 14 Nov 2022

How does the wallet protect ageinst qr codes containing malicious payloads in the case where there is a vulnerability in the hardware?

Is there any difference in the way you need to protect ageinst these when using qr compared to other solutions?

2 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

We only accept a very small list of certain UR messages and other specific payload types (eg. SeedQR). We then apply strict checks to the format of that payload to ensure it is valid and is what we think it is (for example our PSBT parser can be quite strict in what it accepts). Then after that, we still have the checks and validations we run on the payload (eg. the txn data) regardless of which transport it was received from.

201 sats \ 2 replies \ @shyfire 14 Nov 2022

What are the primary differentiators of the Jade when compared to the Foundation Passport?

101 sats \ 1 reply \ @blockstream_official OP 14 Nov 2022

Jade doesn't have an SD card option, although it is offered for a much lower price

40 sats \ 0 replies \ @joko 14 Nov 2022

I think there's a good bit more. Passport has/is: -physical secure element -much bigger screen -removable battery -much higher price

While Jade has: -Anti-Klepto -way lower price

201 sats \ 1 reply \ @chris 14 Nov 2022

Hi Blockstream Jade team!

I just wondered, how does the security of air-gap transaction by QR code compare to the other forms of air-gapped transactions? For example, the Coldcard using a microSD, or Ledger Nano X or Jade using Bluetooth, or using NFC methods (does that count as air-gapped)?

I guess there are pros and cons to each method, but how would you say QR stands up overall, compared to the other ways?

Love your work at Blockstream, by the way! :-)

1 sat \ 0 replies \ @blockstream_official OP 14 Nov 2022

Thanks for the kind words! SD cards should be safe. NFC depends on the stack/security of each part. Bluetooth also depends on stack/security of each part. QR relies on the QR parsers and all the bcur dependencies, as well as PSBT parsing dependencies.

201 sats \ 1 reply \ @Randomguy 14 Nov 2022

Since jade supports seedQR, is it on the roadmap to operate stateless similar to how seedsigner works?

1 sat \ 0 replies \ @blockstream_official OP 14 Nov 2022

This is actually exactly how a fully air-gapped workflow with Jade works today. Users simply scan a SeedQR with Recovery Phrase Login, and the wallet is forgotten as soon as the device is rebooted. Users can also use Jade as a "stateless" device for USB and Bluetooth communications as well.

201 sats \ 1 reply \ @kr 14 Nov 2022

what were the most difficult design trade-offs you had to consider when building Jade?

142 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

One of the most difficult tradeoffs was the choice between using a remote PIN server and a secure element. We decided to choose the PIN server route to maintain DIY possibilities, and also to keep the design fully open-source

185 sats \ 1 reply \ @trdr4 14 Nov 2022 freebie

Are we able to do air-gapped transactions for Liquid assets?

0 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

This will not currently work for Liquid txs (PSET) however it is something we are exploring

185 sats \ 6 replies \ @bitcoingraffiti 14 Nov 2022

Favy Sci-Fi novel?

2 sats \ 5 replies \ @blockstream_official OP 14 Nov 2022

Foundation

2 sats \ 1 reply \ @blockstream_official OP 14 Nov 2022

From another team member:

(At least some of) Ian M. Banks 'Culture' novels. Peter F. Hamilton's 'Night's Dawn' trilogy. Stephen Donaldson's 'The Gap'. Dune, of course. Anything by Larry Niven.

0 sats \ 0 replies \ @bitcoingraffiti 14 Nov 2022

Thanks. That's a lot of author's I don't know yet.

0 sats \ 2 replies \ @bitcoingraffiti 14 Nov 2022

@adam3us what's yours? You read cyberpunk?

32 sats \ 1 reply \ @adam3us 14 Nov 2022

snow crash by neal stephenson

0 sats \ 0 replies \ @bitcoingraffiti 14 Nov 2022

Mr. Lee's Hong Kong Citadels ;)

185 sats \ 1 reply \ @liquid 14 Nov 2022 freebie

Is the new air-gapped feature compatible with Liquid? If not, are there plans to?

0 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

This will not currently work for Liquid txs (PSET) however it is something we are exploring

0 sats \ 1 reply \ @TheBTCManual 15 Nov 2022

I've really been enjoying using my Jade, I really only picked one up because I wanted to use L-BTC but it's really become a favourite wallet of mine and with these new firmware upgrades its only getting better.

Definitely considering picking up a few more for friends and family

0 sats \ 0 replies \ @blockstream_official OP 15 Nov 2022

Love to hear it, thanks for the feedback!

0 sats \ 0 replies \ @BlokchainB 15 Nov 2022

Big fan happy customer here thank for the AMA

0 sats \ 1 reply \ @gd 14 Nov 2022

Weird boring question— What is the current delivery lead time to the UK for a Jade?

3 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

Hard to give an exact answer, typically under two weeks

0 sats \ 1 reply \ @k00b 14 Nov 2022

Under what circumstance would you recommend someone switch to Jade walllet from another hardware wallet?

306 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

Makes sense to switch if your manufacturer has a poor security track record and/or stops providing support/upgrades for a device.

Speaking of Jade specifically: Jade is highly versatile device with three communication methods and you can use both with remote PIN server or statelessly. Jade is supported by a large range of apps, a libwally stack with no external dependencies, and we still have a lot more planned.

Also offers some unique security features you can't find many other places, such as anti-exfil

0 sats \ 0 replies \ @rijndael 14 Nov 2022

very cool! love to see new features come to jade!

0 sats \ 0 replies \ @lpop4254 14 Nov 2022

What is ur hardware wallet spac

0 sats \ 1 reply \ @0335225260 14 Nov 2022

What are the principles that guide the building of your products?

10 sats \ 0 replies \ @blockstream_official OP 14 Nov 2022

Security, privacy, FOSS, ease-of-use