cryptnox-logo
Shop Now

Cryptnox Dual Generation Mode

Dual Card Generation — Two Cards, One Secure Seed

1. What Is Dual Generation Mode?

Two factory-linked Cryptnox cards cooperate through an interactive ECDH exchange to create an identical, non-extractable master seed. The seed is never exposed in the clear and cannot be exported — guaranteed by each Secure Element


Dual Generation Mode lets two specific Cryptnox cards jointly create the same master seed while guaranteeing that:


  • The seed was never in the clear at any point

  • The seed cannot be extracted from either Secure Element

  • Only these two factory-bound cards can complete the protocol

Why it is secure:


  • Each pair of cards is cryptographically bound by a factory-installed Dual Basic Group Secret and performs an interactive, mutually authenticated ECDH exchange,
for the generation of random identical seed
  • The result is two physical cards that act as an identical hardware (same addresses, same keys) 

  • They can never be exported or revealed secret material to the host or any third party

2. How Does Dual Generation Mode Work?

Dual Generation is an interactive, three-step card-to-card exchange that enforces mutual authentication and message integrity

Card A and Card B are a factory-linked pair (they share the pair-specific Group Secret burned into each Secure Element)

Cryptnox Dual Generation Mode

Result :

•    MasterSeed = SHA-256 (ECDH_shared)
•    Stored non-exportable on both cards — identical seed on Card A and Card B

Only this specific pair can complete this protocol (pair-bound by Group Secret)

3. Why does Dual Seed Generation Guarantee Security?

  • The generated Seed is NEVER in the clear: it is computed inside the Secure Element and written to secure EEPROM; at no step is the seed output or serialized in cleartext to the host
  • Non-extractability: Private values, ECDH shared secret and the stored Seed are protected by the SE’s hardware controls (non-exportable objects, tamper resistance). Extraction via software or APDU is impossible
  • Pair exclusivity: The Group Secret is unique to the manufactured pair — you cannot mix-and-match cards from different pairs. Any attempt to do so fails the group-signature checks
  • MITM and replay protection: All exchanges are encrypted, integrity-checked (CMAC), signed, and use fresh nonces/salts, preventing interception, injection or replay attacks
  • No external dependency: No cloud or third-party oracle is required — the cryptographic proof and derivation happen offline inside the chips