Skip to main content

Tag: freedom.tech

QuantumLink: Reinventing Secure Wireless Communication

Posted on January 23, 2025 - 9:17 am by

When we set out to create Passport Prime, we knew we had to do more than just build a new operating system. We needed to address a long-standing issue: how to combine the convenience of wireless communication with the airgap-level security that defines our current devices. That’s why, from the ground up, we reinvented Bluetooth with a brand-new protocol called QuantumLink.

For years, Bluetooth has been the easiest way to connect devices. It’s convenient, familiar, and just about everywhere. But there’s always been that underlying discomfort. Many of us worry about what’s happening behind the scenes, what if attackers can eavesdrop or attempt to tamper with sensitive data? Or what if they insert unwanted additional commands? In our first and second-generation Passport, we answered that concern by using a QR code-based airgap. No wireless communications, and thus fewer avenues for attackers. It worked, but it reduces convenience, steepens the learning curve for newer users, and makes real-time updates and interactions impossible.

With Passport Prime, we refused to settle. We sought the security of an airgap combined with the freedom of wireless communication. We worked with the Blockchain Commons team to design a new protocol that would solve this problem once and for all. The result is QuantumLink, a system that offers the best of both worlds: it’s wireless, but it’s built to be almost as secure as an airgapped connection.

Here’s how it works. Passport Prime houses a dedicated Bluetooth chip, entirely separate from the security processor which runs KeyOS. All data that enters or exits the Bluetooth chip is already encrypted using a quantum-resistant encryption scheme.

What is Quantum Resistance?

Regular computers use bits that are like coins that must be either heads or tails. Quantum computers use qubits that, through the strange rules of quantum mechanics, can be in a special state that’s sort of like having the coin spinning – it has some probability of being heads and some probability of being tails until it’s measured. This ability to be in multiple states at once is what gives quantum computers their unique capabilities.

Today’s encryption is like having a huge combination lock that would take regular computers millions of years to crack by trying every possible combination. But quantum computers could potentially solve these combinations much faster using specialized quantum algorithms like Shor’s algorithm, which exploits quantum properties to find hidden patterns in numbers.

We achieve the quantum resistance via the following main properties:

  • The private/public keypair is generated randomly on each Passport Prime device just before you start the onboarding process
  • The private/public keypair is based on CRYSTALS-Kyber rather than ECC to gain quantum resistance for the main keys
  • The public key is provided to Envoy out of band via a QR code, which means the Bluetooth chip cannot see the value
  • Every message sent over QuantumLink from that point on uses a unique ChaCha20-Poly1305 encryption key (ChaCha20-Poly1305 is considered quantum-resistant)
  • This symmetric encryption key is, itself, encrypted using the recipient’s public key and an ephemeral public key from the sender.

The CRYSTALS-Kyber Key Exchange Mechanism is the most important part of QuantumLink’s quantum resistance properties. CRYSTALS-Kyber uses math problems that are hard even for quantum computers to solve – specifically, it relies on the difficulty of finding particular patterns in multidimensional lattices (think of trying to find a specific point in a vast, complex crystal structure). Even if a powerful quantum computer came along, it wouldn’t be able to crack CRYSTALS-Kyber’s mathematical puzzle any better than a regular computer.

This means the Bluetooth chip cannot understand any of the information it relays. It can only receive and send already-encrypted messages, and KeyOS will only accept properly signed messages. All other messages, regardless of who sends them are instantly ignored and dropped.

Even if the Bluetooth chip was malicious, it would not be able to extract any usable data nor insert any malicious commands.

Setting up Passport Prime with QuantumLink is as simple as scanning the QR code shown on Passport Prime’s screen during initial setup. This QR code contains Passport Prime’s public key.

Once scanned from Envoy, it sends its public key (encrypted) to Passport Prime over QuantumLink, and a fully encrypted tunnel is created.

From that point on, every message flowing through QuantumLink remains under lock and key, making it impossible for an attacker listening in over the air or a malicious Bluetooth chip to decipher communications.

The result is a Bluetooth-based protocol that provides a comparable level of security you’d expect from an airgap, all while offering the real-time convenience and flexibility. With QuantumLink, you can comfortably use wireless connections to interact with your phone, update KeyOS, and explore a world of new features all without compromising on security.

In addition, KeyOS offers a quick way to turn QuantumLink on and off, completely powering down the Bluetooth chip, making any communication impossible.

We’re excited to share QuantumLink with you as part of Passport Prime. It’s a bold step forward, one that redefines what you should expect from wireless communication. We’ve built it from the ground up to solve a problem that has nagged at us for too long: how to combine convenience and rock-solid security.

Now, with QuantumLink, the answer is finally here.

Say Hello to Freedom.Tech

Posted on October 9, 2023 - 2:11 pm by

Freedom.Tech is a global hub championing Bitcoin builders, open-source developers, educators, and privacy tech pioneers, and we see it as an invaluable addition to the Foundation family.

We’ve been working hard behind the scenes over the past few months to launch a new content hub that lets you find content on the bleeding edge of technology, learn how you can take actionable steps in the fight for freedom, and amplify your own voice by writing unique content.

Freedom.Tech gives us a place to broaden our educational efforts that still aligns closely with what we’ve been doing on the Foundation blog, with our “This Month in Sovereignty” newsletter, and with the “Journey to Sovereignty” podcast. As such, we’ve gone ahead and added our existing email subscribers to the Freedom.Tech email list, as a good portion of our existing content will now flow to Freedom.Tech.

Don’t want to get emails about Freedom.Tech? Feel free to reply to an email and let us know, or simply unsubscribe once you get the first email from Freedom.Tech.

What is the “Freedom Tech” Movement?

From the earliest days of the Internet, an ongoing struggle has existed between those who would use the immense potential of this new technology to control or suppress human freedom, and those who would use it to empower the individual and promote human flourishing. This struggle has taken many forms over the decades, starting with the cryptoanarchists in the 1980’s and the cypherpunks of the 1990’s, both of which shared a common goal of enabling individual freedom through the use of cutting-edge technology.

Founders of the Cypherpunk movement: Timothy C. May (author of The Crypto Anarchist Manifesto), Eric Hughes (author of A Cypherpunk’s Manifesto), and John Gilmore (co-founder of the EFF). Source

Just as us humans strive for freedom, information in the digital age “longs to be free.” The “freedom tech” movement is a burgeoning grassroots movement that aims to encourage the optimistic, untethered development and use of technologies by people from all backgrounds, languages, and cultures across the globe. Freedom tech allows us to slow a rise in authoritarianism, fight back against encroaching surveillance capitalism, and empower journalists, dissidents, and activists everywhere.

We believe that the freedom tech movement closely aligns with that of the open source movement, and we hold the ideals of free and open-source software closely. While the freedom tech movement has no central authority or leader to dictate its aims, we have laid out the aspects of technology we consider vital to the movement below. Freedom tech should be:

✅ Free and open source

✅ Without usage restrictions

✅ Privacy-preserving

✅ Resistant to censorship

Quite simply, “freedom tech” is technology that empowers you.

What does this mean for Foundation content?

As Freedom.Tech gives us an excellent platform to focus content efforts outside of our products, we’ll be splitting our existing “This Month in Sovereignty” newsletter. Company updates, firmware releases, and similar posts will be packaged concisely in a new “Foundation Updates” monthly newsletter, while broader content around FOSS, freedom tech, and important news in the space will migrate to a monthly Freedom.Tech newsletter.

Similarly, we’ll be broadening the scope of our “Journey to Sovereignty” podcast and relaunching with a set of fantastic guests, covering a much wider variety of freedom tech topics as a result. We’re still in the process of revamping the podcast, so keep an eye out for more announcements there in the near future.

Learn more

With this launch we’ve included a few original blog posts, and are working hard to get some of the best writers in the space involved and amplifying their content on Freedom.Tech. We’ll be running some fun competitions (including giving away a free Passport!) over the next few weeks as a part of this launch, so be sure to follow us on X and/or Nostr as well: