L3S of Leibniz University and Tutanota launch research project to secure emails against quantum computer attacks.

PQmail is a research project with the goal to implement quantum computer resistant cryptography usable for everyone in the freely available email application Tutanota.

2020-05-20
We are happy to announce that we are working together with the L3S Research Institute of the Leibniz University of Hanover on PQmail - a research project with the goal to implement quantum computer resistant cryptography available for everyone in Tutanota.
SIGN UP

All currently encrypted emails are vulnerable

This is necessary because, as soon as quantum computers exist, all currently encrypted emails can be decrypted afterwards.

"We expect, as do other cryptography experts, that in a few years quantum computers can be built that can break widely used encryption algorithms. As a result, even data that is intercepted and stored today could possibly be easily decrypted in 10-15 years," explains Prof. Sascha Fahl of L3S.

Protect emails against future attacks

Since we know that, for instance, secret services copy and store large amounts of data, it is essential to secure confidential information from future attack vectors such as quantum computers.

So far, there are very few applications that use quantum-safe encryption and there is no implementation for emails yet. Since emails in particular are so important for professional, confidential communication, it is crucial that we find a secure solution here as quickly as possible. More and more business emails are encrypted end-to-end. This confidential communication must remain confidential in the future.

The particular challenge of the project is that the encryption algorithms must be secure but also perform well. Encryption must be performant in the browser, in desktop clients as well as on mobile devices via Android and iOS App, so that even older devices with low memory and computing power can perform the encryption and decryption.

Funded by the EU

The PQmail project - "Development of a post-quantum encryption for secure email communication" - is supported by EU funding. Together with the team USEC around Prof. Sascha Fahl we plan to integrate the quantum secure encryption into the email client Tutanota to get a usable prototype of quantum secure email ready for the public.

With the introduction of post-quantum encryption in Tutanota, emails can be encrypted in such a way that they cannot be decrypted by quantum computers in the future. This means that confidential communication cannot be read by third parties in the future either. This is also important for companies who want to protect their emails against industrial espionage or malicious attacks.

The project comprises several steps before quantum computer resistant encryption algorithms can be used in Tutanota:

  • Evaluation of various post-quantum algorithms that are currently being tested for standardization by the National Institute of Standards and Technology (NIST).
  • Design of a hybrid communication protocol that supports Perfect Forward Secrecy and can be integrated into Tutanota. For this purpose, common Perfect Forward Secrecy protocols are currently being evaluated and adapted. In the hybrid protocol, the chosen post-quantum algorithms are combined with established algorithms, so that the security of the communication is guaranteed as long as at least the pre- or post-quantum algorithms are secure. This is important because post-quantum cryptography is currently still in the evaluation phase and new attacks against methods that are currently still considered secure could be found at any time.
  • Security reviews of the hybrid communication protocol.
  • Development of a prototype and integration into Tutanota for test and evaluation purposes.
  • Introduction of quantum computer resistant encryption in Tutanota.

As soon as the quantum secure encryption is implemented in Tutanota, anyone can use it for free. This will increase email security enormously in the long run.

Here is more information on why we need quantum-resistant cryptography now.

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Report on April Availability Issues for Android/Desktop Users
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate