L3S of Leibniz University and Tutanota launch research project to secure emails against quantum computer attacks.

PQmail is a research project with the goal to implement quantum computer resistant cryptography usable for everyone in the freely available email application Tutanota.

We are happy to announce that we are working together with the L3S Research Institute of the Leibniz University of Hanover on PQmail - a research project with the goal to implement quantum computer resistant cryptography available for everyone in Tutanota.


All currently encrypted emails are vulnerable

This is necessary because, as soon as quantum computers exist, all currently encrypted emails can be decrypted afterwards.

”We expect, as do other cryptography experts, that in a few years quantum computers can be built that can break widely used encryption algorithms. As a result, even data that is intercepted and stored today could possibly be easily decrypted in 10-15 years,” explains Prof. Sascha Fahl of L3S.

Protect emails against future attacks

Since we know that, for instance, secret services copy and store large amounts of data, it is essential to secure confidential information from future attack vectors such as quantum computers.

So far, there are very few applications that use quantum-safe encryption and there is no implementation for emails yet. Since emails in particular are so important for professional, confidential communication, it is crucial that we find a secure solution here as quickly as possible. More and more business emails are encrypted end-to-end. This confidential communication must remain confidential in the future.

The particular challenge of the project is that the encryption algorithms must be secure but also perform well. Encryption must be performant in the browser, in desktop clients as well as on mobile devices via Android and iOS App, so that even older devices with low memory and computing power can perform the encryption and decryption.

Funded by the EU

The PQmail project - “Development of a post-quantum encryption for secure email communication” - is supported by EU funding. Together with the team USEC around Prof. Sascha Fahl we plan to integrate the quantum secure encryption into the email client Tutanota to get a usable prototype of quantum secure email ready for the public.

With the introduction of post-quantum encryption in Tutanota, emails can be encrypted in such a way that they cannot be decrypted by quantum computers in the future. This means that confidential communication cannot be read by third parties in the future either. This is also important for companies who want to protect their emails against industrial espionage or malicious attacks.

The project comprises several steps before quantum computer resistant encryption algorithms can be used in Tutanota:

  • Evaluation of various post-quantum algorithms that are currently being tested for standardization by the National Institute of Standards and Technology (NIST).
  • Design of a hybrid communication protocol that supports Perfect Forward Secrecy and can be integrated into Tutanota. For this purpose, common Perfect Forward Secrecy protocols are currently being evaluated and adapted. In the hybrid protocol, the chosen post-quantum algorithms are combined with established algorithms, so that the security of the communication is guaranteed as long as at least the pre- or post-quantum algorithms are secure. This is important because post-quantum cryptography is currently still in the evaluation phase and new attacks against methods that are currently still considered secure could be found at any time.
  • Security reviews of the hybrid communication protocol.
  • Development of a prototype and integration into Tutanota for test and evaluation purposes.
  • Introduction of quantum computer resistant encryption in Tutanota.

As soon as the quantum secure encryption is implemented in Tutanota, anyone can use it for free. This will increase email security enormously in the long run.

Here is more information on why we need quantum-resistant cryptography now.