The Race Is On: Tutanota Launches Development of Post-Quantum Secure Cloud

With a grant of €1.5 million by the German government, Tutanota will develop the first post-quantum secure cloud storage and file sharing solution.

When storing and sharing large files online, the data must be secured with post-quantum secure encryption.
The whole world is talking about quantum computing. This innovative technology will revolutionize the tech sector even more than AI. The reason: with their almost unbelievable computing capacity, quantum computers will soon be able to solve computing problems that were previously considered unsolvable, including breaking currently used encryption. This threatens the entire security backbone of the internet - and only post-quantum secure encryption can help.

Since Snowden, we know how important it is to encrypt data securely end-to-end. With the advent of quantum computers, this security is gone, since quantum computers with their immense computing power will be able to break the asymmetric encryption in a very short time - something that has been unthinkable ten years ago.

All available solutions for email encryption or encrypted data exchange (file sharing) use asymmetric encryption. Once quantum computers are a reality, this encryption will be useless. It will be as if there is no end-to-end encryption of data. Just as before the release of PGP - but in a time when malicious attackers as well as secret services of many states, including autocracies, have become much more competent: Today, eavesdropping on and abuse of unencrypted data is standard practice for them; with the advent of quantum computers, the same will be true for encrypted data. A nightmare for every IT expert.

But now, we at Tutanota are taking on the challenge!

Supported with 1.5 million euros by KMU-innovativ funding, an SME grant from the German government, we are now launching the project "PQDrive - Development of a Post-Quantum Encrypted Online Storage": At the end of the project, the product TutaDrive will be released. TutaDrive will be the first end-to-end encrypted cloud solution that will allow data to be stored and exchanged securely, even in the wake of quantum computers. While quantum computers will soon be able to decrypt 'normally' encrypted data quite easily, they will cut their teeth on post-quantum secure encryption.

The problem today is not only that current encryption techniques are not fit for the future. It's also that still most people, but increasingly even companies, use unencrypted cloud services - just for the convenience of it. At Tutanota, we are changing this: Building on encrypted email and calendars, TutaDrive aims to create a fully encrypted cloud storage solution that automatically encrypts all files end-to-end in a quantum-resistant manner. It will be as easy to use as any other Drive solution, but with an unparalleled level of security.

This will be a milestone for the tech community - and for everybody's security and privacy.

Investment in people

The launch of PQDrive is expected to create 30 new jobs in Hannover over the next three years. The funding will be fully invested in our employee growth; after all, the IT market is highly competitive and we need qualified personnel to be able to develop the innovative solutions of tomorrow.

Huge computing capacities, as with quantum computers themselves, are not necessary for the project: "We are, so to say, in a fight man versus machine," explains Matthias Pfau, co-founder of Tutanota. "We need the brightest minds to integrate quantum-safe encryption into our cloud solution in such a way that everybody can use it quite easily - while quantum computers cut their teeth on the technology and can't get at the data."

Cooperation with University

We are implementing the PQDrive project in cooperation with the University of Wuppertal, which is funded with over € 600,000 as well. The university is taking on important research tasks from testing cryptographic algorithms to deduplicating encrypted data in order to conserve resources.

Prof. Dr. Tibor Jager says, "Quantum computers are often seen as a threat that may not really become relevant until 15 or 20 years from now. But they already pose a threat today, namely to data that should remain confidential for 15, 20 years or longer. For example, in the areas of healthcare data or e-government. Here, procedures should already be used today that can also withstand quantum computer attacks. This is what the PQDrive project is all about. Moreover, it is quite possible that quantum computers will come much faster than expected. Recent research indicates that the race is already on."

Post-quantum encryption

To realize post-quantum secure encryption we will be using a hybrid approach: All data is encrypted using both classical algorithms and, at the same time, new, innovative post-quantum-safe algorithms. While the new algorithms are currently being extensively tested in countless research projects, the hybrid encryption is mandatory. It can never be ruled out that an exploit of the new algorithms will not be found in the future, rendering them useless. That's why the data in TutaDrive is doubly protected for the time being - at least until the new algorithms have also proven themselves over time.

"Currently, we are already implementing this hybrid encryption protocol into our Tutanota email clients," Pfau says. "This will soon allow 10 million Tutanota users to automatically send post-quantum encrypted emails. We are enormously excited to now bring this important project, which we started three years ago, to completion! Good news for us is also that the encryption algorithms we decided on years ago were recently named finalists by the National Institute of Standards and Technology (NIST) as standard algorithms for post-quantum secure encryption."

The PQMail project was also a government funded research project to develop an encrypted email prototype that can send emails with post-quantum secure encryption. During this project, the prototype PQMail was developed. The last challenge that we now have to tackle is to update the encryption algorithm in Tutanota so that millions of people can benefit from quantum secure encryption.

Aim of the PQDrive project

The core of PQDrive consists of an innovative, quantum computer-resistant and easy-to-use encryption protocol for sharing data. PQDrive will enable people to encrypt files for the first time in such a way that they cannot be decrypted by quantum computers in the future. This is particularly important for companies that want or need to secure their data against industrial espionage or attacks by organized crime or foreign intelligence services.

With the resulting product, TutaDrive, end users and companies gain two benefits at once: They retain full sovereignty over their data, which is currently only possible with local storage, and they can take full advantage of the benefits of cloud storage (accessibility, cost efficiency, automatic backup).

As a goal the following unique selling points have been identified:

  • High level of security in the long term thanks to a hybrid encryption method consisting of conventional and post-quantum cryptography
  • Easy usability, especially for users without encryption experience
  • Seamless integration into Tutanota's email and calendar applications after completion of the project

Another milestone for Tutanota ...

The team around Tutanota are innovation leaders when it comes to secure communication online. With Tutanota, we published the first fully encrypted email service that can encrypt every email end-to-end. We also published the first end-to-end encrypted calendar.

Now we are working on post-quantum secure encryption for our email clients so that all our users can send encrypted emails that are so secure that not even quantum computers can decrypt these messages.

It is only consequent that in a next step we will also enable people to store and share large files with post-quantum secure encryption. That's why we are now launching the development of PQDrive!

... and for the world!

Achieving post-quantum security is not only a milestone for Tutanota, but one for the entire tech community. With the advancement of quantum computers, many IT experts are looking for secure solutions to protect sensitive data - now and in the future!

According to studies, cloud security is an important issue for 90% of cybersecurity professionals: the biggest challenges are protecting against data loss and leakage (67%), privacy threats (61%), and confidentiality breaches (53%). The same trend is evident among consumers: They are increasingly concerned about data security. In all markets, cybersecurity is second only to product quality among decision makers.

One in four companies using Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS) have had data stolen. One in five companies' public cloud infrastructure has been attacked. For example, one of the most prominent recent security breaches was the malware attack at the University of Giessen. Cases like this force IT professionals to focus on data security and encryption.

The bottom line from all these studies is that once data is in the cloud, it is at risk. Enterprises as well as consumers - whether they have already moved their data to the cloud or are still considering it - need a more secure option than what is currently available.

Disruptive potential

Through innovative end-to-end encryption built on post-quantum cryptography, we will develop a product with disruptive potential. With TutaDrive, people and businesses will be able to store their data encrypted in the cloud without compromising on data sovereignty and security.

By enabling people, businesses and governments to store and manage their data securely in the cloud, TutaDrive will massively transform the market. The disruptive potential of TutaDrive has become especially clear since the Corona pandemic: The trend towards digitalization has accelerated dramatically since March 2020. The home office trend, which really took off in 2020, continues to this day, especially in the tech industry. Data needs to be secured in the cloud so that people can access it from wherever they are.

PQDrive is funded by:

BMBF logo