A FrostCard has no seed phrase. No twelve words to write down. Instead, it makes its own secret — inside a sealed chip, in about 27 milliseconds, faster than you can blink. Here is exactly what happens in that instant, and why the secret can never leave.
Watch the moment ↓That chip is called a secure element — the same class of tamper-resistant silicon used in passports, SIM cards, and bank cards. It's built so that the secret it holds can be used but never read out. Not by the app. Not by your phone. Not by us.
A key is only as safe as the randomness behind it. If an attacker can guess how your randomness was made, they can rebuild your key. Ordinary software randomness can be predicted — it comes from a formula. FrostCard does not use it.
The first thing that happens in the key's life: the TRNG produces 32 bytes of pure physical chance. Tap below to mint 32 random bytes in your browser — then read the note underneath, because it matters.
There is no extra step. That random number, all by itself, is your private key — a single enormous whole number. (Technically it's a number below a fixed limit set by secp256k1, the elliptic curve Kaspa uses. The chip checks it falls in range; if not, it simply rolls again.)
How enormous? 32 bytes is 256 bits — that's this many possible keys:
People imagine this takes "about a second." It doesn't. On this class of chip the entire cryptographic birth measures around 27 milliseconds — faster than a blink — and nearly all of that time is spent on a single piece of math: deriving the public key. Everything else is near-instant.
Here is the exact sequence the card runs, straight from FrostCard's open-source applet code:
Every line of code that touches your key is public. The birth sequence above is the generateKey() method of FrostCard's JavaCard applet — you can read it, line by line, yourself.
generateKey() routine: TRNG → seal → derive public twin → atomic commit → wipe → one-time lock.