Privacy News Tuta Mail adds new quantum-resistant encryption to protect email


Level 28
Thread author
Honorary Member
Top Poster
Jun 14, 2011
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks.

Tuta Mail is an open-source end-to-end encrypted email service with ten million users. Its creator, Tuta, is based in Germany, where it's involved in developing post-quantum secure cloud storage and file-sharing solutions for the government.

Today, Tuta announced the launch of TutaCrypt, a new protocol designed to protect currently exchanged communications from 'harvest now, decrypt later' attacks.

Harvest now, decrypt later attacks are the act of collecting encrypted data that cannot be currently decrypted to save for the future when more powerful decryption methods become available.

TutaCrypt combines CRYSTALS-Kyber for post-quantum key encapsulation and X25519 for the Elliptic-Curve-Diffie-Hellmann key exchange.

Like others in the field, including Signal and Apple (iMessage), Tuta has opted for a hybrid model approach, combining state-of-the-art quantum-safe algorithms with traditional algorithms to offer complete protection against current and future threats.

The AES 256/Argon2 cryptography remains in place, protecting exchanged messages against current threats.

"With TutaCrypt we are revolutionizing the security of emails. For the first time, people can now send and receive emails that are encrypted so strongly that not even quantum computers will be able to break the encryption and decipher the messages," stated Tuta's CEO, Arne Möhle

"And the best thing about Tuta Mail: This unique encryption can be used to send emails end-to-end encrypted to anyone in the world, regardless of their email provider, with a simple password exchange!"

TutaCrypt details​

TutaCrypt encryption generates two key pairs for Tuta Mail accounts: an X25519 key pair for the ECDH and a Kyber-1024 key pair for key encapsulation.

These keys, which now replace the old RSA key pairs, are securely stored and encrypted on Tuta's Germany-based servers and are accessible across user devices.

For authenticated encryption, TutaCrypt employs AES-256 in CBC mode with HMAC-SHA-256.

The protocol derives long-term AES-256 keys to encrypt data stored on the server from the user's password using Argon2. Symmetric keys are derived using HKDF-SHA-256.

TutaCrypt uses a combination of these algorithms to exchange a cryptographic key, which is then used to encrypt and decrypt the entire message, including its body, subject, and attachments.

The process combines two ECDH-derived shared secrets (DHI and DHE) and a third from Kyber key encapsulation (SSPQ).

These secrets feed into a key derivation function, creating a secure message key for encryption and decryption.

Key exchange

TutaCrypt key exchange (Tuta)

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.