Breaking news
Read our blog to learn why privacy matters. And don't forget to get an encrypted mailbox yourself!

Tutanota published post-quantum secure encryption approach.

Our research project on implementing post-quantum secure algorithms into Tutanota has reached another milestone.

2021-06-29
Our approach to add post-quantum secure encryption to Tutanota has now been published. After having completed a working prototype, this is another milestone for the PQmail project! Now we are excited to hear feedback on our approach and to implement the new encryption protocol into Tutanota.

PQmail

Last year we have launched our research project in post-quantum secure email encryption together with Leibniz University Hanover. After completing a first prototype, our project has now reached a new milestone with the publication of our approach.

Protocol design

We have designed a hybrid variant of the Signal protocol, combining the established algorithms with post quantum secure variants.

Post-quantum secure ciphers are designed to withstand classical cryptanalysis as well as attacks using large-scale universal quantum computers. Even though such computers are still largely theoretical concepts today, it is important to prepare for such attacks already. This is why implementing quantum-resistant cryptography must happen now.

However, as the post-quantum secure algorithms are rather new they could still be proven to be insecure in the future. That is why we chose the hybrid approach. The post-quantum algorithms we are currently using, Kyber and Dilithium, are third round candidates of the NIST post quantum standardization process .

Additionally, we have based our new encryption approach on the Signal protocol, which will bring Forward and Future secrecy to Tutanota. Those properties ensure that an attacker that manages to compromise the encryption key for one message can still not read previous messages and cannot keep listening to a conversation for a long period of time.

Designing a hybrid protocol has not been a trivial task because the Signal protocol heavily relies on a cryptographic primitive, called Diffie-Hellman key-exchange, that has no equivalent in the post-quantum world that is on it's way to standardization. We, therefore, had to make some modifications to the original protocol.

Publication

We explain our approach in more detail here. We are hoping for lively feedback!

Integration into Tutanota

Afer having gathered ehough feedback, we plan to start integrating the new encryption into Tutanota.

The next steps are:

  • Get more feedback on our approach and improve if needed.
  • Address specific questions resulting from the characteristics of Tutanota (in comparison to Signal), e.g. data being stored on the server and not on the client.
  • Integrate into Tutanota.

The PQmail project has been a great achievement with intensive work being done by the Tutanota team and the team from the L3S at Leibniz University, Hanover. We would like to thank the colleagues at Leibniz University for the great collaboration and are looking forward to future project to improve security on the web and in Tutanota!

We are excited that with the PQmail project completed, we are able to bring post-quantum secure algorithms to Tutanota, which will immensely increase the security and privacy for all our users.

No comments available