QuantumLink: Reinventing Secure Wireless Communication

Posted on January 23, 2025 - 9:17 am by amy

When we set out to create Passport Prime, we knew we had to do more than just build a new operating system. We needed to address a long-standing issue: how to combine the convenience of wireless communication with the airgap-level security that defines our current devices. That’s why, from the ground up, we reinvented Bluetooth with a brand-new protocol called QuantumLink.

For years, Bluetooth has been the easiest way to connect devices. It’s convenient, familiar, and just about everywhere. But there’s always been that underlying discomfort. Many of us worry about what’s happening behind the scenes, what if attackers can eavesdrop or attempt to tamper with sensitive data? Or what if they insert unwanted additional commands? In our first and second-generation Passport, we answered that concern by using a QR code-based airgap. No wireless communications, and thus fewer avenues for attackers. It worked, but it reduces convenience, steepens the learning curve for newer users, and makes real-time updates and interactions impossible.

With Passport Prime, we refused to settle. We sought the security of an airgap combined with the freedom of wireless communication. We worked with the Blockchain Commons team to design a new protocol that would solve this problem once and for all. The result is QuantumLink, a system that offers the best of both worlds: it’s wireless, but it’s built to be almost as secure as an airgapped connection.

Here’s how it works. Passport Prime houses a dedicated Bluetooth chip, entirely separate from the security processor which runs KeyOS. All data that enters or exits the Bluetooth chip is already encrypted using a quantum-resistant encryption scheme.

What is Quantum Resistance?

Regular computers use bits that are like coins that must be either heads or tails. Quantum computers use qubits that, through the strange rules of quantum mechanics, can be in a special state that’s sort of like having the coin spinning – it has some probability of being heads and some probability of being tails until it’s measured. This ability to be in multiple states at once is what gives quantum computers their unique capabilities.

Today’s encryption is like having a huge combination lock that would take regular computers millions of years to crack by trying every possible combination. But quantum computers could potentially solve these combinations much faster using specialized quantum algorithms like Shor’s algorithm, which exploits quantum properties to find hidden patterns in numbers.

We achieve the quantum resistance via the following main properties:

The private/public keypair is generated randomly on each Passport Prime device just before you start the onboarding process
The private/public keypair is based on CRYSTALS-Kyber rather than ECC to gain quantum resistance for the main keys
The public key is provided to Envoy out of band via a QR code, which means the Bluetooth chip cannot see the value
Every message sent over QuantumLink from that point on uses a unique ChaCha20-Poly1305 encryption key (ChaCha20-Poly1305 is considered quantum-resistant)
This symmetric encryption key is, itself, encrypted using the recipient’s public key and an ephemeral public key from the sender.

The CRYSTALS-Kyber Key Exchange Mechanism is the most important part of QuantumLink’s quantum resistance properties. CRYSTALS-Kyber uses math problems that are hard even for quantum computers to solve – specifically, it relies on the difficulty of finding particular patterns in multidimensional lattices (think of trying to find a specific point in a vast, complex crystal structure). Even if a powerful quantum computer came along, it wouldn’t be able to crack CRYSTALS-Kyber’s mathematical puzzle any better than a regular computer.

This means the Bluetooth chip cannot understand any of the information it relays. It can only receive and send already-encrypted messages, and KeyOS will only accept properly signed messages. All other messages, regardless of who sends them are instantly ignored and dropped.

Even if the Bluetooth chip was malicious, it would not be able to extract any usable data nor insert any malicious commands.

Setting up Passport Prime with QuantumLink is as simple as scanning the QR code shown on Passport Prime’s screen during initial setup. This QR code contains Passport Prime’s public key.

Once scanned from Envoy, it sends its public key (encrypted) to Passport Prime over QuantumLink, and a fully encrypted tunnel is created.

From that point on, every message flowing through QuantumLink remains under lock and key, making it impossible for an attacker listening in over the air or a malicious Bluetooth chip to decipher communications.

The result is a Bluetooth-based protocol that provides a comparable level of security you’d expect from an airgap, all while offering the real-time convenience and flexibility. With QuantumLink, you can comfortably use wireless connections to interact with your phone, update KeyOS, and explore a world of new features all without compromising on security.

In addition, KeyOS offers a quick way to turn QuantumLink on and off, completely powering down the Bluetooth chip, making any communication impossible.

We’re excited to share QuantumLink with you as part of Passport Prime. It’s a bold step forward, one that redefines what you should expect from wireless communication. We’ve built it from the ground up to solve a problem that has nagged at us for too long: how to combine convenience and rock-solid security.

Now, with QuantumLink, the answer is finally here.

Building KeyOS!

Posted on December 19, 2024 - 11:34 am by amy

Building a Secure OS from the Ground Up: KeyOS

Creating a secure operating system from scratch is no small feat, but it’s precisely what we set out to do with KeyOS, the operating system powering our new Personal Security Platform, Passport Prime. During two years of intensive work, our engineering team built KeyOS to redefine what’s possible for secure, modular, and open-platform devices.

Here’s the KeyOS journey:

KeyOS is a next-generation microkernel operating system written in Rust. It’s a major leap forward from legacy operating systems like Ledger’s BOLOS, which runs in a closed-source smart card environment.

So, what’s a microkernel, and why does it matter?

A microkernel is a highly efficient and modular foundation for a secure operating system. Unlike monolithic kernels, microkernels focus on running only the most essential functions, while everything else operates in isolated “user space.” This design provides key advantages for a Personal Security Platform like Passport Prime:

1. Enhanced resilient and modularity: Each process is self-contained, reducing the risk of system-wide vulnerabilities.

2. Process isolation: Apps run in their own secure sandboxes, ensuring that even malicious or buggy apps can’t compromise other parts of the system.

3. Message-passing communication: Processes interact only through secure, managed message-passing, reducing attack surfaces.

This architecture allows Passport Prime to securely support multiple apps running side-by-side while KeyOS manages permissions and ensures airtight security.

Building KeyOS: A Two-Year Journey

KeyOS is completely open source and built on the kernel of the remarkable Xous project, from which we also incorporate their ‘avalanche noise source’ technology directly into our Passport hardware wallet. For those unfamiliar, Xous was created by hardware hacker Bunnie and his collaborator Xobs as part of the Precursor and Betrusted initiative, a crowdfunded effort to build an open-source, secure communications platform with a microkernel OS written in Rust.

We started with the Xous kernel and a few key services and ported it from RISC-V to ARM architecture, customized it for Passport Prime, and implemented drivers for every component of the device. Our team also added modern graphics support and developed core apps that leverage the power of KeyOS, and we are proud to be ranked as the #5 and #6 contributors to Xous on GitHub. Think of KeyOS vs. Xous the same way as Ubuntu vs. Linux kernel. KeyOS is essentially the first distro of Xous.

Breaking the Performance Barrier

Most security devices force users to compromise. You either get:

1. Modern hardware with high-resolution, color touchscreens, or

2. Secure hardware with subpar performance

KeyOS breaks this trade-off. Running on a 500 MHz security processor, Passport Prime delivers smartphone-like responsiveness in a highly secure environment.

Unlike other devices, which rely on slow, off-the-shelf components and bloated software and operating systems (like Android), we built everything in-house:

1. The operating system

2. The drivers

3. The apps

This bare-metal, vertically integrated approach unlocks unparalleled speed and ease of use on Passport Prime. It’s a true breakthrough for security hardware.

Enabling Third-Party Apps

One of the most exciting aspects of KeyOS is its potential as a developer platform. Developers will be able to permissionlessly create and distribute apps for Passport Prime.

We’re building an SDK, comprehensive documentation, and an app catalog to make this process as seamless as possible. Our first integration is with Cake Wallet, the popular privacy wallet.

Why this is game-changing

1. Flexibility: Developers can bypass the restrictive APIs of other devices and build apps that match their vision. They can bring their logo and familiar UI right into KeyOS.

2. Security: All apps are sand-boxed with hardened, derived child seeds, ensuring your funds are always safe even if an app is compromised.

3. Transparency: Apps distributed through our Envoy app catalog must be open source and have reproducible builds, so users can verify what they’re running on Passport Prime.

With the Cake Wallet app, Passport Prime will support privacy wallets, offering a best-in-class cold storage experience. Users of Monero will finally have a great experience securing their assets in cold storage.

Join the Developer Community

We’re inviting all Bitcoin, privacy, security, and cryptocurrency developers to build apps for Passport Prime. Passport Prime offers an open, flexible platform to bring your ideas to life.

Interested developers can sign up on our website to get started. Apps will be distributed through the Envoy app and a dedicated app catalog, making installation and updates effortless. Developers can also distribute apps directly to their users if desired.

The Future of Passport Prime

KeyOS represents a new standard in security, performance, and expandability for hardware wallets. By combining a cutting-edge microkernel design with open-source principles, we’re not just building a secure device but creating a platform for innovation.

Stay tuned for more updates as we continue to expand the possibilities of KeyOS and Passport Prime. Whether you’re a user or a developer, we can’t wait to see what you’ll build.

Explore More:
Discover all the details about Passport Prime on our website, and watch our official launch keynote video to see our vision for secure, open-platform innovation in action.

Introducing Passport Prime!

Posted on December 18, 2024 - 12:30 pm by amy

We are beyond excited to introduce the newest member of the Foundation family: Passport Prime, the world’s first Personal Security Platform. Designed to secure not only your Bitcoin but your entire digital life. Passport Prime is more than just a hardware wallet – it’s a Swiss army knife for your personal security.

Need a quick 20-minute rundown of the announcement? Check out the recent keynote from our CEO, Zach, on our website.

Passport Prime empowers you to secure your entire digital life – with one device. We have much to cover, so let’s dive in and see what Prime can do!

FEATURES

Bitcoin Wallet

Passport Prime offers the same robust Bitcoin hardware wallet capabilities as our gen-2 Passport. It supports all of the popular Bitcoin software wallets you have come to know and love. Prime offers a best-in-class multisig experience alongside numerous power-user features like passphrases and temporary seeds.

Multi-Factor Authentication

With its 2FA Codes app, Prime enables you to store your most important 6-digit 2FA codes in a secure, offline environment. For even stronger multi-factor authentication, Passport Prime replaces all of your Yubikeys with the Security Keys app. You can create multiple security keys for use with NFC or USB.

Secure File Storage

Passport Prime also replaces your encrypted flash drive. With its 50 GB of included capacity, Prime can secure your most important files. A killer feature in the File Browser app is called Airlock – when you plug Passport Prime into your phone or computer, it will only provide access to the files in your Airlock, ensuring the privacy of your data.

Seed Vault

Passport Prime helps you organize and bring together all your seed words in one place – the Seed Vault app. You can instantly create new seeds, temporarily load seeds, and even store your existing seeds.

But wait, there’s more…

Those features are just the beginning, thanks to KeyOS, Passport Prime’s custom operating system, the possibilities for what you can achieve with Prime are practically endless.

KEYOS

What is KeyOS?

KeyOS is a next-gen microkernel operating system written in Rust. KeyOS offers a highly modular, yet locked-down environment where apps run side-by-side in their own sandboxes, while the OS manages permissions. This is how we are going to enable third party apps, and grow Passport Prime into a robust developer platform!

Developer Platform

From ~ mid-2025 developers will be able to build third party apps to run on KeyOS! But you won’t have to ask Foundation for permission. KeyOS will offer an open developer platform, meaning developers will be able to list their own apps in our App Catalog.

We are super excited to announce our friends at Cake Wallet will be producing the first ever third-party KeyOS app! Cake is a popular privacy-oriented cryptocurrency wallet with around 500,000 users and has support for Bitcoin, Monero and many others.

Do you have a favorite app you think could benefit from the extra security Passport Prime can offer? Help us spread the word! We’d love to work with other teams to bring enable your Prime to secure even more of your digital life.

SECURE, YET SIMPLE

Setting up Passport Prime with Envoy could not be easier. You’ll be guided every step of the way. Thanks to Passport Prime’s seamless communications with Envoy via our secure QuantumLink Bluetooth, you can go from zero to a secure digital life in minutes.

NFC Backups

KeyOS uses a 2-of-3 Shamir Secret Sharing configuration to split your seed into three pieces – two stored on cards, and the third stored on your Envoy mobile app. With our optional Magic Backups, your app data and settings are encrypted and sent to the Foundation servers via Envoy. No username, no passwords, no email address and crucially, no seed words ever leaving your device.

If you ever need to replace your Passport Prime, simply connect it to Envoy and tap one of your two KeyCards – that’s it!

QuantamLink Bluetooth

Passport Prime contains a dedicated Bluetooth chip, separate from the security processor running KeyOS. This Bluetooth chip can only send and receive messages that are already encrypted using quantum-resistant tech. Once connected, interactions with Envoy are effortless and happen almost instantly.

EXTRA DETAILS

Here’s a quick list of extra info you might be excited to learn:

1. Passport Prime ships in two beautiful colorways, Arctic Copper and Midnight Bronze

2. Passport Prime ships with everything you need in a single box.

3. Passport Prime hardware and software will be open source at launch.

4. Passport Prime is proudly assembled in the USA.

You can learn a lot about Passport Prime on our new product details page.