Post-quantum cryptography for e-mail

E-mails are as confidential as postcards. To prevent third parties from reading the content, e-mails must be encrypted. But is encrypted e-mail communication permanently safe from prying eyes? Prof. Dr. Sascha Fahl from the L3S Research Centre at Leibniz Universität Hannover is sceptical: “Like other cryptography experts, we expect that in a few years it will be possible to build quantum computers that can break widely used encryption algorithms. As a result, even data that is intercepted and stored today could possibly be easily decrypted in ten to 15 years”. Prof. Fahl and his team are therefore working on a solution with the Hanover-based e-mail provider Tutanota: They want to implement quantum computer-resistant cryptography in a freely available e-mail application. The NBank supports the cooperation project “PQmail – Development of a Post-Quantum Encryption for Secure E-Mail Communication” with funds from the European Union.

All currently encrypted e-mails are vulnerable

“So far, there are very few applications that use quantum-safe encryption – and no implementation for e-mail yet,” says Matthias Pfau of Tutanota. “Since confidential e-mails in particular are so important for professional communication, it is crucial that we find a secure solution here as quickly as possible. More and more business e-mails are encrypted end-to-end. This communication must remain confidential in the future.”

The particular challenge of the project is that the encryption algorithms must be secure, but also perform well. This means that the encryption must work so well in the browser, in desktop clients and on mobile devices via Android and iOS apps that even older devices with little memory and less computing capacity can perform the encryption and decryption.

Protection against industrial espionage

With the help of L3S, the developers of Tutanota want to integrate quantum-safe encryption into their e-mail client of the same name in an exemplary way, so that confidential communication cannot be read by third parties in the future either. This is also important for companies that want to secure their e-mails against industrial espionage or hacker attacks.

Before quantum computer-resistant encryption algorithms can be used in Tutanota, the project participants still have to complete a number of tasks: First of all, they have to evaluate various post-quantum algorithms, the standardization of which is currently being examined by the American National Institute of Standards and Technology (NIST). The researchers are also designing a hybrid communication protocol that supports Perfect Forwards Secrecy and can be integrated into Tutanota. Perfect Forward Secrecy means that part of an encryption system automatically and frequently changes the keys. The sense of the whole thing: If the last key used is compromised, only a small part of the data can be decrypted. In the hybrid protocol, the selected post-quantum algorithms are combined with established algorithms. The security of the communication is therefore guaranteed as long as at least the pre- or post-quantum algorithms are secure. This is important because post-quantum cryptography is currently still in the evaluation phase and new attacks against methods that are currently still considered secure could be found at any time.

Further steps in the project are security reviews of the hybrid communication protocol, the development of a prototype and the integration into Tutanota for testing and evaluation purposes – and finally the introduction of quantum computer resistant encryption in Tutanota, which can then be used by anyone free of charge. In the long term, e-mail security will increase enormously as a result.