Insider Brief
- Tuta Mail launched its a post-quantum encryption protocol.
- The protocol, called TutaCrypt, is designed to protect emails against potential quantum computer attacks.
- Tuta Mail reports they are the first email provider globally to integrate quantum-safe algorithms alongside traditional algorithms such as AES and ECC, ensuring enhanced security for email communication.
Tuta reported it launched its latest security feature, TutaCrypt, a post-quantum encryption protocol designed to protect emails against potential quantum computer attacks, according to a company blog post. Tuta Mail reports that it is the first email provider globally to integrate quantum-safe algorithms alongside traditional algorithms such as AES and ECC, ensuring enhanced security for email communication.
Arne Möhle, CEO of Tuta Mail said in the post: “With TutaCrypt we are revolutionizing the security of email. For the first time, people can now send and receive emails that are encrypted so strongly that not even quantum computers will be able to break the encryption and decipher the messages. At Tuta, we see ourselves as pioneers in secure communication. Back in 2014, we published Tutanota, the first automatically encrypted email service. Today, ten years later and ten million users more, we are delighted to be paving the way for quantum-safe emails! We want to help as many people as possible communicate easily and securely – now and in the future. With the release of TutaCrypt in Tuta Mail, we have now reached another milestone to future-proof the security of online communication.”
The introduction of TutaCrypt signifies a shift from the conventional asymmetric cryptography, RSA-2048, to a quantum-safe hybrid encryption protocol, according to the post. TutaCrypt employs a combination of CRYSTALS-Kyber, a post-quantum Key Encapsulation Mechanism, and an Elliptic-Curve-Diffie-Hellman key exchange (x25519) for encrypting emails, calendar sharing, sharing of contact lists and forthcoming file sharing services. This hybrid approach aims to fortify Tuta Mail’s encryption against the potential for quantum computers to hack current encryption schemes.
Since its inception in March 2014, Tuta Mail, initially known as Tutanota, has provided end-to-end encrypted email services. The platform has undergone several security enhancements over the years, transitioning from AES 128 to AES 256 encryption, which already secures all at-rest encryption against quantum attacks. Furthermore, Tuta Mail upgraded its password-based key derivation function from bcrypt to Argon2, bolstering the security of passwords and encryption keys.
Addressing the challenges of securing email communication in the quantum computing era, Tuta Mail has responded to the need for quantum-resistant asymmetric encryption and public key cryptography. The National Institute of Standards and Technology (NIST) has recognized the urgency of this issue, selecting CRYSTALS-KYBER for standardization in key establishment and CRYSTALS-Dilithium for digital signatures, according to the post.
In addition to upgrading its cryptographic protocols, Tuta Mail reports it is collaborating with the University of Wuppertal on a research project funded by the German government. This project focuses on developing post-quantum secure drive and file sharing services, further extending Tuta Mail’s commitment to quantum-resistant security solutions.
For users, enabling quantum-safe encryption requires no action other than updating to the latest version of the Tuta apps. This new protocol will be gradually introduced to all existing users, safeguarding their emails, calendars, and contact lists against both contemporary and future cryptographic threats. This initiative not only enhances the security of Tuta Mail’s services but also sets a precedent in the ongoing effort to protect digital communication in the quantum computing age. The project’s developments and implementations are available as open source, demonstrating Tuta Mail’s commitment to transparency and collaboration in enhancing digital privacy and security.
If you found this article to be informative, you can explore more current quantum news here, exclusives, interviews, and podcasts.