"● Anti-exfiltration: Andrew Poelstra and Jonas Nick published a blog post about a security technique being implemented for the Shift Crypto BitBox02 and Blockstream Jade hardware wallets. The goal is to allow both a hardware wallet and the computer controlling it to each be assured that the nonce used to generate a signature is actually an unguessable value. This prevents malicious hardware wallet firmware from generating nonces known to the firmware author, which the author could combine with one of the device’s transaction signatures found onchain to derive its private keys, allowing them to spend any other bitcoins controlled by those keys. The post describes the technique used, which was previously mentioned in a mailing list thread about this subject almost a year ago (see Newsletters #87 and #88)."

https://bitcoinops.org/en/newsletters/2021/02/17/#anti-exfiltration