Man vs machine: a secure email firm aim to bring post-quantum cryptography to the cloud

With quantum computing paving the way for the next tech revolution, secure email provider Tutanota prepares to be ahead of the cryptography game.

Quantum computers will soon be able to solve complex problems considered unsolvable right now such as breaking current forms of encryption. If the current forms are encryption are cracked, VPN services and encrypted messaging apps will be at risk as third parties could access users’ sensitive information. You can say goodbye to online banking too.

It’s not just the data privacy and security of individuals and businesses that’s at stake. But at least for cloud computing, Tutanota just launched PQDrive: a new project seeking to make cloud storage post-quantum proof.

The urge for quantum-resistant cryptography

“Post-quantum secure encryption is the next level of security—one that is urgently needed with the advancements in quantum computing. We at Tutanota will make sure that we are always one step ahead to secure data now and in the future,” Matthias Pfau, co-founder of Tutanota, told TechRadar.

Quantum computing solutions might be a few years away to be fully implemented, but the stakes for people’s privacy are already high. And, when it comes to new developments in the cryptography field, these usually take a lot of time to be fully up and running.

Quantum computing arms race

>  The Riken research institute in Japan plans to connect its first quantum computer in 2025

> IBM said to be on track to deliver the 1,121-qubit Condor processor sometime this year. In 2025, a three-system processor is planned to reach 4,158 qubits.

> China has the most quantum computing patents in the world (2,700), followed by the US with 2,200 and Japan (885).


What’s certain now is that the current methods of encryption are going to one day be obsolete. 

When this happens people’s every-day lives will be affected in many different ways: from governments breaching citizens’ data confidentiality to cybercriminals stealing finance and other ultra-sensitive details for their financial gain.

Worryingly, we might not even be safe now as bad actors are intensifying what’s known as “harvest now, decrypt later” attacks. 

This means there’s a real need to protect the encrypted data now to prevent third parties exploiting the lack of security in the future.

Experts at Tutanota aren’t the only ones to be alarmed. The U.S. National Institute for Standards and Technology (NIST) began work towards quantum-resistant algorithms standardization in 2016 and some virtual private network (VPN) providers, including NordVPN, are currently evaluating ways to make their services quantum-safe.

Tutanota PQDrive: the full sovereignty of local storage, with the benefits of the cloud

In an effort to fight against the privacy and security risks that quantum computing brings, Hannover-based Tutanota just secured a grant of €1.5 million from the German government and joined forces with The University of Wuppertal to carry out its new project: PQDrive.

The idea is simple, “to create the first end-to-end encrypted cloud solution that will allow data to be stored and exchanged securely, even in the wake of quantum computers,” Pfau explained us.

Experts have been warning for quite a while about the risks to cloud computing, but now threats are growing faster than ever. About 90% of cybersecurity professionals are concerned about data loss, leakage, privacy and confidentiality breaches. That’s why Tutanota seeks to build a secure drive solution that can deliver the full sovereignty of local storage together with all the benefits of the cloud.

TutaDrive is the end-product that aims to do just this. And, while it’s impossible to establish a timeframe for the launch right now, the team plans to unveil a beta version so that it can be tested prior to a full release. Tutanota users will then be able to do their part, suggesting improvements according to their needs.

See more

“While quantum computers will soon be able to decrypt ‘normally’ encrypted data quite easily, they will cut their teeth on post-quantum secure encryption,” said Pfau.

Tutanota’s plan is using a hybrid encryption approach—at first, at least. All data will be encrypted using both classical and the new post-quantum proof algorithms. This double protection will make sure that the new algorithms have time to prove themselves as actually safe.

PQDrive is the last step into Tutanota’s post-quantum challenge. The company started its mission three years ago with PQMail to make both their email and calendar apps both post-quantum resistant. The team has already begun to add the new algorithms into the software, which should be fully updated for all its 10 million users by 2024.

Pfau is very happy that the algorithms the team chose to work with years ago (CRYSTALS-Kyber and CRYSTALS-Dilithium) were awarded among the best choice of secure post-quantum encryption by the National Institute of Standards and Technology (NIST).

Despite these initial victories, PQDrive is expected to be a way bigger challenge considering the files to secure are much larger. He said: “This will be a huge challenge as we need to find the most performant solution so that files can be securely encrypted and decrypted, also on mobile devices with less computing power.” 

Security padlock in circuit board, digital encryption concept

(Image credit: Getty Images)

While the day for storing files on a fully secure and post-quantum resistant cloud is still far from us, along the path Tutanota’s PQDrive project is expected to create about 30 new jobs in Hannover over the next three years.

The company plans to fully invest in its employee growth, too, so that it can develop innovative tech solutions able to really face tomorrow’s security threats.

“We are, so to say, in a fight between man versus machine,” said Pfau. “We need the brightest minds to integrate quantum-safe encryption into our cloud solution TutaDrive in such a way that everybody can use it quite easily—while quantum computers cut their teeth on the technology and can’t get at the data.”

This might be a man versus machine fight but it’s still very much a cat and mouse game between hackers and security experts. The after this technology is released it won’t be long before further advances are made on both sides of the fight.

Go to Source