Clever. Like say it takes less time this means it’s a shorter word, if it takes more time then it’s a long one, and from there randomness is reduced significantly.

But you still have to brute force after that, no?

Also, isn’t transaction signing typically done offline? How can a hacker monitor the time of a chip they can’t even see.