Think, for a second, about what is kept on your phone. There’s log-in information, financial data, and even your biometrics — all of which are critical. If your phone gets hacked, everything could be compromised. Of course, security solutions are quickly evolving, but hacking strategies are evolving as well. In fact, quantum computers that can shut down existing security systems with their exceptional computational speed are currently being developed, and they are almost certain to become publicly available at some point in the future. This is not baseless speculation: The global risk institute (GRI) has surveyed leading experts and found that a ‘disruptive quantum threat’ has a 33-54% likelihood of occurring in the next 15 years, with the implication being that ‘many organizations may already be facing an intolerable level of risk requiring urgent action.’1 Since we know this looming threat will eventually become a reality, preventative action needs to start being taken now, and it needs to be based on technological innovation. In response, Samsung System LSI has developed S3SSE2A, the industry’s first security chip equipped with hardware post-quantum cryptography (PQC). With S3SSE2A, the critical data on your phone can be protected from quantum computing threats.
Advanced Computing Brings Advanced Threats
As technology advances, so do the threats. Quantum computers, which are expected to become commercially available after 2030, utilize quantum mechanical phenomena to solve complex problems much more quickly. While the commercialization of quantum computers will eventually make life easier in a number of ways, the existing security systems based on public-key cryptography will be susceptible, because they will no longer be difficult to decrypt. Even without going all the way to 2030, assuming the fastest development of quantum computers, existing security systems and algorithms could be rendered powerless as early as 2028, just three years from now.
To illustrate this possibility, let’s consider qubits, the fundamental unit used to measure quantum computer performance. Assuming the number of qubits doubles every 7 to 9 months, a 1M-qubit quantum computer could be achieved by 2028, consisting of 10 modules with 10k qubits each. With this capability, the RSA-2048 algorithm could potentially be decrypted in approximately 160 hours.2 However, this does not mean that it is acceptable to start preparing for quantum computer security threats three years from now. Harvest now, decrypt later (HNDL) attacks, in which hackers collect data and decrypt it once they have access to quantum computers, are a current threat, even if hackers are not able to decrypt stolen information right now. The fact that user data may already be exposed to quantum threats like this underscores the immediate need for PQC.
Two ‘Wares With One Stone
Being ready for the future means you need to have put in the necessary work in the past. Samsung System LSI has built on years of expertise in security technology since launching S3K250AF, its first SE turnkey solution for mobile devices, in 2020. With S3SSE2A, the industry’s first solution to be equipped with hardware PQC, it is further solidifying its position in the mobile security market.
S3SSE2A provides a safer security environment regardless of the application processor (AP) because it features hardware PQC and enables independent security processing and information storage. The existing solution S3K250AF is nearly a secure form of non-volatile memory (NVM) because it conducts security operations/processing in the AP’s security block and stores key information internally. However, S3SSE2A is truly secure because it performs both security processing and information storage, sending only the results to the AP. Samsung System LSI has completed the development of this remarkable product and samples are now available to be shipped.
And S3SSE2A is uniquely equipped to handle PQC operations, too. The National Institute of Standards and Technology (NIST) has announced three standards — Federal Information Processing Standards (FIPS) 203, 204, and 205 — that specify key establishment and digital signature schemes designed to resist future attacks by quantum computers, which already threaten the security of current standards.
To its hardware, S3SSE2A implements FIPS 204 operations, a digital signature standard that adopts a module-lattice-based algorithm. The advantage of this is that by combining hardware and software for PQC operations, computation can be made approximately 17 times faster3 than when only implementing PQC operations in software.4
A module-lattice-based algorithm is a branch of lattice-based cryptography that provides cryptographic techniques resistant to large-scale quantum computers. A mathematical structure known as a numerical lattice serves as its basis, and it takes on an enhanced form that improves efficiency and scalability, making it a module lattice.
Lattice-based cryptography relies on the hardness of two problems: the shortest vector problem (SVP) and the closest vector problem (CVP), to ensure security. SVP involves finding the vector closest to the origin within a lattice, while CVP involves finding the lattice point closest to a given point. These problems are difficult to solve efficiently, not just for classical computers but for quantum computers, as well. Therefore, utilizing these two problems can help prepare for future security threats.
S3SSE2A Covers Your Six
As highlighted earlier, S3SSE2A is more than just a single chip; it’s a secure element (SE) turnkey solution that encompasses both hardware and software. An integrated solution like this is necessary because hacking attempts target both of them for extraction of user information. One example is side channel attacks, which steal electronic signature encryption keys by analyzing power consumption, electromagnetic signals when an electronic signature algorithm for user authentication is performed on IoT devices, and electronic passports with built-in integrated circuits (ICs). In a hardware reverse attack, the hacker will deconstruct hardware to gain an understanding of its design, functionality, and structure, with the goal of gaining access to sensitive information like encryption keys, proprietary algorithms, or paths to back-end servers. Fault injection attacks are another current threat, and these are performed by intentionally causing an error in a system to disrupt its intended behavior. They cause transient errors like bit flips, operation skips, or repetition, and are used to bypass security features to corrupt data that is used to enforce security.
The fact that all of these types of attacks are out there may be alarming, but Samsung System LSI's proprietary defense systems like Active Shield and S-Laser are designed to block such attacks.
In 2024, our smartphones have become extensions of who we are, and in some ways, they know more about us than we do — Can you remember what you texted your friend three weeks ago, where you went that day, or what you did on your phone? Of course, access to this level of personal information already makes security a key concern. But as the world grows more connected and even more parts of daily life become digital, security will only increase in importance. More sophisticated attacks based on AI, quantum computing, and other unforeseen advancements are unfortunately inevitable, which means that companies have the responsibility to stay ahead of hackers and keep your phone secure. With S3SSE2A, Samsung System LSI continues to push the boundaries of mobile security innovation.
* All images shown are provided for illustrative purposes only and may not be an exact representation of the product. All images are digitally edited, modified, or enhanced.
* All product specifications reflect internal test results and are subject to variations by user's system configurations. Actual performance may vary depending on use conditions an environment.
1) Quantum Threat Timeline Report 2023 (Jan. 2024), Global Risk Institute (GRI). Available at: https://globalriskinstitute.org/mp-files/executive-summary-quantum-threat-timeline-report-2023.pdf/
2) In the Common Criteria (CC) certification, an international security standard, the minimum attack resistance time required for IC security certification (EAL 4+ or above) is specified as one week (168 hours), and failure to meet this requirement indicates non-compliance with the security certification level.
3) Based on ML_DSA65 signature of FIPS 204, with software only being 335.97ms and hardware and software being 19.02ms (200MHz).
4) Denisa O. C. Greconici, Matthias J. Kannwischer, and Amber Sprenkels. 2021. Compact Dilithium implementations on Cortex-M3 and Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1):1–24, Dec. 2020.
Global
