Can I encrypt many different secrets for the same Revealer?

Yes, but should you? Revealer is a one time pad – it has perfect security as long as it’s used once. In possession of multiple secrets encrypted for the same Revealer it can be attacked. Depending on your threat model you might want to have more than one secret encrypted for the same Revealer. In this case, you need to make sure an adversary has no way of accessing two (or more) different secrets encrypted for the same Revealer.

Why should I trust you?

You should not. You can generate both shares yourself, no need to buy anything from us. If you do, it will in no case diminish your security – even if we were to be malicious or compromised – we never get to know your secret as you encrypt it locally on your own computer. Ultimately, by using a Revealer you add a layer of noise to your otherwise exposed backup. The code is open source and reviewed by the Electrum developers.

If I lose both cards, can you provide a replacement?

No. Each revealer is unique, we don’t keep logs or track which revealer is sent to whom.

Can I use it with my hardware wallet?

At the moment you can try the Beta version of the app for Ledger Nano S. See more info at https://github.com/LedgerHQ/bolos-app-revealer/

Can I encrypt other secret that is not an Electrum seed?

Yes, you can encrypt any alphanumerical secret. Use the ‘custom secret’ field at the encryption dialog of the software. BIP 39 seeds and aezeeds will fit on the card, but will have a smaller font size. The software will adjust the font size automatically after a certain amount of characters.

How is the noise generated?

The deterministic noise is generated with the provable secure HMAC_DRBG (SHA-512) seeded with 128 bit entropy from cryptographic secure /dev/urandom. In our set-up, the seed includes noise from a hardware RNG.

Why should I use it?

If your secrets are encrypted, they are invulnerable to physical access. This allows you to create redundant backups without reducing safety. Ultimately it adds a layer of noise to your seed or password. Encrypting it visually in two-factors has the benefit that requires no computer or expertise to decrypt.

How to reveal the secret?

Place your Revealer card precisely on top of the noise pattern.
Observing the marks on diagonally opposing corners and pressing the card slightly down will give you a good image.

What happens if I mistype the code?

the code includes a checksum so the software detects it and does not let you proceed.

What are the codes on the cards and in the seeds?

The first digit is a version number. The next 32 digits are 128 bits of entropy in hex format – it’s the random seed used to generate the pattern. The last three digits are used as a checksum.
The code printed on the encrypted seeds is a identifier, to facilitate identification of which revealer it was encrypted for. The number is ‘versionnumber_checksum’, and exposes nothing of your entropy.

Why two cards?

Think of them as keys. We decided to ship out two so you are free to store them in different places and even to lose one.

Why only 128 bits?

If you can break 128 bits you can break bitcoin directly and won’t bother breaking revealer.

I printed the pdf, but the noise paper is a lot smaller than the card..

make sure that you print your PDF with setting to 100% size, not ‘fit to paper’. The print and the card should be same size. If you still have difficulties to read your seed phrase, you might want to use the Printer Calibration tool.

What is printer calibration and how does it work?

Printer calibration allows you to generate a seed pdf that is adjusted to your printer/paper and will have exact size of your card. In this way you can achieve optimal precision. Each printer/paper will have (at least) a sub-milimiter difference in the size they print out. Revealer is a precision device, if those differences are big enough it might not be possible to read all the words at the same time, rather one line or a word a time depending on how big the size difference is.