Coin Flip and Dice Roll Entropy Collection
The sequence most wallets use to generate your secret recovery phrase is to collect entropy from your device's random number generator (RNG), then turn this entropy into secret recovery phrases, often represented as 12 or 24 words. For example:
joke alien raccoon team planet throw frame utility acid rich tobacco setup earth oven solid audit because category play orange slide nut purse ahead
This procedure appears uncomplicated, but there is an underlying security concern here. The problem is that it is not verifiable how most RNG chips work. There is no way to tell whether the output of those chips is truly random or if it outputs a predefined sequences that appears random, but can be reconstructed by the device manufacturer.
We've been aware of this issue with random number generators since the first release of AirGap. As a result, before creating a secret, we collect additional entropy from the camera, microphone, accelerometer and touch input to decrease the attack vector from a compromised RNG. The resulting secret recovery phrase will include both the RNG output and the inputs from the users. If someone wants to compromise and recalculate the secret, he must know both inputs, therefore a compromised RNG is no longer sufficient to steal your secret recovery phrase in AirGap.
To take security further and eliminate any flaws from the RNG, we introduced the dice roll and coin flip feature. Instead of relying on the device to give you random numbers to generate the secret recovery phrase, the users have to provide those random numbers themselves using either dice or a coins.
Advantages of Coin Flip and Dice Roll Entropy Collection
Elimination of RNG failureSince the RNG is no longer involved when creating secret recovery phrase, the associated risks are no longer an issue.
Verifiable secret recovery phraseIt also solves the challenge of not trusting a software because the secret recovery phrase created from the coin flip and dice roll input is deterministic. As a result, a different wallet or software can confirm that the same input will always yield the proper output. The user can be confident that the secret he created on an AirGap was generated randomly and has not been tampered with.