Apparently it's an implementation of
this paper.
As I understand it:
- You print (or they sell you) a one-time-pad (OTP) sheet. In the bottom-right is the seed used to generate the rest of the noise in the OTP.
- You enter the OTP seed into Electrum, so that Electrum knows what the OTP sheet looks like.
- Electrum generates a 2D image spelling out your mnemonic, and then ~XORs each pixel of that image with the OTP. The result is a sheet which looks like noise. You print this out.
- When you overlay the OTP sheet with the encoded-mnemonic sheet, this performs another ~XOR operation, and you see the mnemonic spelled out.
Both sheets need to be compromised to get your mnemonic. Though note that when Electrum generates the encoded-mnemonic sheet, it needs to know the OTP sheet at least temporarily.
It's an interesting trick, and it should be perfectly secure if done right. However:
- It's insecure to use the same OTP sheet for two different mnemonics.
- When you print the mnemonic sheet, how do you ensure that it's scaled exactly the same as the OTP sheet?
- If you buy the OTP sheet, then there's an opportunity for them to record it and get one of your 2 factors. If you print it yourself, then it may be more difficult to shine light through (since their OTP sheets are made out of transparent plastic), but maybe it's still possible.