Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
You can't intercept it now, you can't decrypt it later: Tuta has introduced a new super-secure protocol.
German company Tuta, developer of the secure email service Tuta Mail with more than 10 million users, has introduced a new quantum-resistant encryption protocol — TutaCrypt. The development will protect correspondence from potential cryptanalytic attacks from powerful quantum computers of the future.
TutaCrypt was the answer to one of the main threats of modern cryptography — attacks like "harvest now, decrypt later (intercept now, decrypt later). Attackers can collect and store encrypted data in order to decode it later with more advanced methods when the computing power increases significantly.
The new hybrid protocol combines two algorithms: CRYSTALS-Kyber for post-quantum key encryption and X25519 for key exchange along the elliptic Diffie-Hellman curve. Tuta has joined giants such as Signal and Apple in using a hybrid approach to maximize resistance to current and upcoming quantum attacks.
For authenticated encryption, TutaCrypt uses a combination of AES-256 in CBC mode with HMAC-SHA-256, which provides protection against hacking. Long AES-256 keys for encoding data on the server are derived from the user's password using the Argon2 algorithm.
The protocol is based on the exchange of cryptographic codes derived from three shared secrets: two obtained by the Diffie-Hellman method, and the third-from the Kyber key encapsulation procedure. This session key is then used to encode and decode messages, their topics, attachments, and metadata.
"With TutaCrypt, we are revolutionizing email security," said Tuta CEO Arne Mehle. — For the first time, people can exchange messages encrypted so securely that even quantum computers can't decipher them. And the best thing about Tuta Mail: this unique cryptographic protection can be used to send end-to-end encrypted emails to anyone in the world, regardless of the mail provider, simply by exchanging passwords."
So far, TutaCrypt has two major limitations. First, the integrity and authenticity of messages are guaranteed by conventional, rather than quantum-resistant algorithms. Secondly, there is a risk of hacking long-term user keys. But Tuta plans to solve these problems by implementing quantum-strong authentication and improving the protocol itself.
New Tuta Mail accounts will be created immediately with TutaCrypt, and existing accounts will have a smooth transition through gradual key rotation. No additional actions are required from users.
German company Tuta, developer of the secure email service Tuta Mail with more than 10 million users, has introduced a new quantum-resistant encryption protocol — TutaCrypt. The development will protect correspondence from potential cryptanalytic attacks from powerful quantum computers of the future.
TutaCrypt was the answer to one of the main threats of modern cryptography — attacks like "harvest now, decrypt later (intercept now, decrypt later). Attackers can collect and store encrypted data in order to decode it later with more advanced methods when the computing power increases significantly.
The new hybrid protocol combines two algorithms: CRYSTALS-Kyber for post-quantum key encryption and X25519 for key exchange along the elliptic Diffie-Hellman curve. Tuta has joined giants such as Signal and Apple in using a hybrid approach to maximize resistance to current and upcoming quantum attacks.
For authenticated encryption, TutaCrypt uses a combination of AES-256 in CBC mode with HMAC-SHA-256, which provides protection against hacking. Long AES-256 keys for encoding data on the server are derived from the user's password using the Argon2 algorithm.
The protocol is based on the exchange of cryptographic codes derived from three shared secrets: two obtained by the Diffie-Hellman method, and the third-from the Kyber key encapsulation procedure. This session key is then used to encode and decode messages, their topics, attachments, and metadata.
"With TutaCrypt, we are revolutionizing email security," said Tuta CEO Arne Mehle. — For the first time, people can exchange messages encrypted so securely that even quantum computers can't decipher them. And the best thing about Tuta Mail: this unique cryptographic protection can be used to send end-to-end encrypted emails to anyone in the world, regardless of the mail provider, simply by exchanging passwords."
So far, TutaCrypt has two major limitations. First, the integrity and authenticity of messages are guaranteed by conventional, rather than quantum-resistant algorithms. Secondly, there is a risk of hacking long-term user keys. But Tuta plans to solve these problems by implementing quantum-strong authentication and improving the protocol itself.
New Tuta Mail accounts will be created immediately with TutaCrypt, and existing accounts will have a smooth transition through gradual key rotation. No additional actions are required from users.
