Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Encryption Cellphones Privacy Security

Quantum Security Goes Live With Samsung Galaxy (threatpost.com) 51

Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation (RNG) chipset. It's the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum encryption's chances of going mainstream. Threatpost reports: Quantum encryption in general has been touted as being "unhackable" because it generates random numbers and secure keys that cannot be predicted, via particles that can't be intercepted, eavesdropped upon or spoofed. The very laws of physics themselves prevent successful cracking, the theory goes. However, researchers have proven more than once that this isn't the case -- though hacks so far have required sustained physical access to a device.

In any event, the Samsung phone will provide an interesting test case for the technology -- though details are scant in terms of how the chipset actually works. The Galaxy will use quantum security in a few different scenarios, according to an SK press release (translated with Google Translate). These include logging into carrier accounts on the device; securely storing personal documents via a blockchain-enabled "Quantum Wallet" and for biometric-based mobile payments at retail stores. Online payment protection is also on the roadmap. SK Telecom also plans to roll out open APIs for developers to begin incorporating the technology on an OEM and application basis.

This discussion has been archived. No new comments can be posted.

Quantum Security Goes Live With Samsung Galaxy

Comments Filter:
  • Who wants to bet it just reads noise from a radio antenna and is therefore massively vulnerable to certain patterns of external RF interference?

    • by ceoyoyo ( 59147 )

      It probably reads noise from some specially engineered noisy silicon circuit. Variations in leakage current in a transistor or something. Which would still make it massively vulnerable to RF interference.

      • by Casandro ( 751346 ) on Saturday May 16, 2020 @12:48AM (#60066460)

        "Which would still make it massively vulnerable to RF interference."
        Well yes, but you never take the raw output of an RNG, you condense it first. The idea behind that is the more general version of the "take the least significant bit" approach. You have a pool of entropy, then you XOR your RNG data into it, and stir that data with some pseudo RNG function. The important thing is that you keep track about how much entropy is in your pool. For this you make assumptions on how random your hardware RNG data is. Each time you mix in a word from your RNG you add its assumed entropy to the entropy counter. Each time you take out random data from that pool, you decrease the entropy counter.

        So if you use a 16 Bit soundcard, but you only trust one bit to be completely random, you mix in the full 16 Bit values, but only increase the entropy counter by one. Now even if your soundcard has the LSB stuck at 0 or 1, you still get your random data as the other data is still extremely like to have more than one bit of entropy per sample.

      • A spot of radioactive material and a click counter would be quite isolated from outside interference.

        • by ceoyoyo ( 59147 )

          True. I suspect that would be one hell of a lot of regulatory pain in the ass for a marketing tag on your phone though.

          • They could use naturally radioactive material instead of reactor created Americium or some such. There are places where "ordinary" sand contains a lot of Thorium.

      • That's what all the "quantum" RNGs I've seen do, they just sample some noisy physical phenomenon. We have several different ones at work, they're just insanely expensive noise-based RNGs sold to things like casinos and banks with more money than sense.

        Also, this has absolutely nothing to do with quantum cryptography or whatever you want to call it. It's a noise-based RNG marked with the magic buzzword "quantum", which causes people's thought processes to close and their wallets to open.

        If anyone wants to

    • Lots of RNGs use RF noise for entropy.
    • I was thinking of a tunnel diode or something like it
    • Is it really worth the price.
      If you made a random seed based on a good set of data. Such as Mac Address, Serial Number, Last Power on Date time, the amount of mm your finger has tracks left the amount of mm your finger has tracked right. Coding additional elements for seed calculation should be able to give an uncrackable random key.

  • When did they start keeping qubits in chips at room temperature? Or are they just using a CMOS chip to detect photons and calling it quantum for marketing purposes?

    Sorry to say, there is nothing special about this, nothing is entangled, no qubits to find. Just a camera chip in a package which hopefully generates random numbers because the CMB is random. I'm sure if you shine a microwave generator at the phone, you may be able to get more predictable numbers.

  • bullshit (Score:5, Informative)

    by bloodhawk ( 813939 ) on Friday May 15, 2020 @09:21PM (#60066154)
    It always pisses me off when they call this quantum encryption. It is bog standard encryption, just the key is more strongly randomised, not that even normal random keys have are weak. The encryption itself is in no way stronger or more protected.
    • by ceoyoyo ( 59147 )

      All quantum encryption is really just quantum key exchange followed by regular encryption.

      • by quenda ( 644621 )

        All quantum encryption is really just quantum key exchange followed by regular encryption.

        But the key exchange does use actual quantum encryption. There is none here.

        Key generation from quantum events is nothing new. You can use a minuscule radioactive source and sensor.
        A microscopic spec of americium 241 on the chip?

        • by AmiMoJo ( 196126 )

          If you want to argue the point then many devices already use quantum random number generators because a basic thermal noise or PN junction noise one is based on quantum physics.

          I actually built a couple myself for fun a few years ago.

        • by ceoyoyo ( 59147 )

          Yeah, this seems like a marketing trick.

          Quantum "encryption" is a bit of a misnomer though. Quantum encryption would be better described as key exchange with quantum eavesdropping detection.

    • It's necessary to include the word 'quantum' to complete the tech journalism buzzword-soup:

      5G
      biometric-based
      blockchain-enabled
      encryption
      mobile payments
      open APIs
      quantum
      unhackable

      The linked article's been deleted, but there's another version here that explains How does ID Quantique’s QRNG chip work? [sammobile.com]. They base their assumption that Samsung's secret chip is an ID Quantique, or a spinoff of IDQ’s existing Quantis QRNG chip since SKT made a $65 million investment in ID Quantique more than
    • Real quantum encryption would be a chip where they are trillion of entangles partials so each partial randomness matches only one device (owning particle). Thus sending encrypted data only the other device can pickup and decode, as each device has its own random number that is in sync.

  • by jcochran ( 309950 ) on Friday May 15, 2020 @09:33PM (#60066178)

    Virtually any hardware true random number generator uses quantum effects to generate their numbers, the source being thermal noise, shot effects from reversed biased transistors, etc. So they have a nice RNG. But in no way are they using quantum encryption, or quantum key exchange. Merely a simple RNG to use for keying material for conventional encryption. As for the misleading part of the article, can't tell if it's deliberate on the part of the phone manufacturer, or if it's a simple case of a reporter not understanding what they read. After all, reporters are trained in how to write clear understandable prose. But they're not training in actually understand in technology they all too often write clear, easily understandable, yet totally wrong information about.

    • by dargaud ( 518470 )
      Yes. Hasn't there been thermal noise random generators on Intel chips for something like a decade ? I don't keep up with assembly language anymore, but I remember that from reading specs a long time ago. I'd expect it to be standard now. Isn't it the case ? You don't need a high-throughput entropy just to generate a key. A few bytes/s is enough.
  • by quanminoan ( 812306 ) on Friday May 15, 2020 @09:38PM (#60066192)

    It's the first commercialization of quantum technology for mobile phones

    Ignoring all the quantum effects necessary to make transistors work? MEMs that rely on quantum effects? What about LCDs that polarize light etc? What makes this special other than marketing?

    • by Vadim Makarov ( 529622 ) <makarov@vad1.com> on Saturday May 16, 2020 @04:14AM (#60066706) Homepage

      While the classical information processing (all the examples you mention) is based on underlying quantum effects, they are used collectively and the information being processed is classical. There is no superposition, qubits, etc.

      Quantum computing and quantum cryptography, on the other hand, are processing quantum information.

      Now we can argue where the optical QRNG falls. It can be considered as the next incremental step in improving the quality of the physical RNGs, or it can be considered a rudimentary quantum information processing device. There is no clear definition in my opinion, but it's definitely a step in the quantum direction. So the hype is not completely unfounded.

      Disclaimer: we have analysed [arxiv.org] the previous generation of ID Quantique QRNGs, which were too large for phones. We haven't got our hands on this device, and it is quite different from what we have analysed.

      • I suppose that would make it novel if it is what they say it is, thanks for sharing - and thanks for the paper very interesting.

  • by Kyogreex ( 2700775 ) on Friday May 15, 2020 @09:42PM (#60066204)

    We can’t seem to find the page you’re looking for.

    Looks like the article was such crap that they removed it.

    • If you are trying to find bullshit just read the summary, there's more than enough there.
    • by sjames ( 1099 )

      Well, they were pushing their luck. They started with a crazy claim to be the first to use a quantum effect to generate random numbers. That's some pretty heavy bullshit. Then they lumped in quantum cryptography, itself dense with bullshit. Then they added a completely inappropriate use of blockchain and that pushed it over the limit. by attempting to merge 3 masses of bullshit so dense they collapse to neutronium on their own, they formed a black hole of bullshit. We'll be smelling the Hawking radiation fr

  • This is a truly wonderous advancement and I'm looking forward to seeing something similar in my Huawei handset any day now.
    • Heck the Huawei will have an extra level of quantum, and doubly encrypted data. One set goes to where your connected to, and the other set goes to China, for "Quality Support" purposes.

  • But reviewers agree that the charm it exhibits could send this bottom phone straight to the top.

  • Bwahahaha crown sterling was funny
  • by ugen ( 93902 ) on Friday May 15, 2020 @11:40PM (#60066372)

    http://www.koreaherald.com/view.php?ud=20180226000517

    "The Swiss company acquired by SKT is IDQ, which announced the world’s first quantum random number generator in 2002 and launched the first quantum key distribution service in 2006."

    They finally found a way to tout this, though.

  • by Casandro ( 751346 ) on Saturday May 16, 2020 @12:15AM (#60066410)

    This story was clearly mangled by several layers of marketing. First of all, quantum encryption works on so-called photonic networks which are networks that are purely optical with no electronics in between. That's completely different to what a mobile phone can do. Quantum encryption requires (almost) all photons to arrive at the receiver. It cannot work in the typical mobile phone where you have losses in your radio link of tens of dB. (so only a tiny fraction of photons arrive, plus photon detectors working at radio frequencies are _much_ harder to do than at light frequencies)

    Then there is the part about a quantum random number generator. Well obviously it has one of those, after all it has a sophisticated microprocessor inside. Today virtually all of those include a decent physical random number generator. In the simplest case, you can just use a bunch of inverter loops to generate oscillators of ill-defined frequencies. Latch their outputs with your CPU clock and you have raw random data which you can condense to get cryptographically secure random data.

    Of course the blockchain stuff is extremely likely to be complete bullshit as virtually every project using blockchains is today. The hype has caused the bullshit project to outnumber the more or less sensible ones by far.

  • Here we go again... tech word of the day is being misrepresented by marketers to differentiate products in the ignorant sheeple minds... get ready for everything being marketed as powered by a quantum technology, from phones to toilet paper.

  • Saw the words "Swiss Quantum" in the SK press release. A search brought me to https://www.swissquantumhub.com/id-quantique-and-sk-telecom-announce-the-worlds-first-5g-smartphone-with-qrng/ [swissquantumhub.com] which says they're using the chip described here: https://www.idquantique.com/random-number-generation/products/quantis-qrng-chip/ [idquantique.com]. I saw a couple articles on LED based random number generation, this 2015 article that's paywalled [spiedigitallibrary.org] and this 2018 article that's available in full [frontiersin.org].
  • The Galaxy A Quantum 5G smartphone is placed under a box within a Faraday cage. If it happens that the phone's battery spontaneously catches fire ... Until such a time that the box is lifted and the phone observed, it can be considered to be both intact and destroyed ...

  • Galaxy A Quantum 5G smartphone

    ... he could only call random strangers.

  • Quantum? Really? It's only the random number generator... Don't expect some quantum ultra-private communications.
  • by vix86 ( 592763 ) on Saturday May 16, 2020 @05:12AM (#60066754)

    This is nothing more than a boondoggle that's meant to increase the price on the phone. This is not the type of quantum encryption technology or research that scientists are actually working on. Phones already have plenty of options to choose from to add entropy to your pseudo-random number gen, here is a whole list:
    * Cell Radio
    * Wifi Radio
    * Barometer
    * Ambient Temperature
    * Chip Temperatures
    * Humidity Sensor
    * Accelerometers
    * Microphones
    * Cameras
    * Ambient Light Sensors
    * Digital Compass
    * GPS
    * Screen Touches or Raw Capacitive Sensor readouts
    * The Clock
    * Uptime tick
    * And at least 2-3 more I can't even think of

    Pick any 4 of these, add them to the entropy pool, and you have a random number generator that is more than sufficient for all your encryption needs.

  • It has nothing to do with quantum encryption whatsoever.
    Any camera's noise is a "quantum" random number generator. Nokia cameras were used for this, a decade ago.

    And all it does is generate natural true random numbers, just like many other processes.
    That does not make it a quantum encryption system, which is a very special thing, requiring specialized cables to send and receive entangled photons. Something that is just plain physically impossible over standard phone or Internet networks.

    And for local encry

  • by gweihir ( 88907 ) on Saturday May 16, 2020 @06:24AM (#60066854)

    First, conventional electronic random number generators (PN junction in reverse at breakdown voltage) is quite enough and quite secure. Also, at about 5.6V nominal breakdown voltage you apparently get about half of Brownian (thermal) noise and about half of tunneling (quantum) noise:
            http://margo.student.utwente.n... [utwente.nl]
    This effect has been known for about half a century and using it is very cheap. If you need a lot of bandwidth, for example this circuit will do it:
          https://www.maximintegrated.co... [maximintegrated.com]
    If you just have regular needs, things get even cheaper:
          https://makezine.com/projects/... [makezine.com]

    Incidentally, quantum modulation (there is no quantum encryption) is completely different from quantum random number generation. The claimed physical security property that makes quantum modulation supposedly unbreakable has no effect for quantum random number generation.

    The whole thing is just marketing making grande claims that actually do not really mean anything. As usual.

  • As if the quantum BS wasn't enough...
    > securely storing personal documents via a blockchain-enabled "Quantum Wallet" and for biometric-based mobile payments

    Why the fuck would I need blockchain storage of my personal documents on my personal device? This makes no sense.

    I'm thinking this article was AI generated.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...