Tuta Mail introduces TutaCrypt, a groundbreaking post-quantum encryption protocol aimed at safeguarding email communications against anticipated decryption attacks. Utilizing state-of-the-art algorithms like CRYSTALS-Kyber and X25519, TutaCrypt defends against ‘harvest now, decrypt later’ threats, ensuring end-to-end encryption across email exchanges, independent of recipients’ providers. CEO Arne Möhle underscores the significance of TutaCrypt in revolutionizing email security, offering robust protection even against potential future quantum computing threats, with seamless integration for users worldwide.
TutaCrypt’s architecture involves the generation of two key pairs per Tuta Mail account: X25519 for ECDH and Kyber-1024 for key encapsulation, replacing old RSA key pairs. These keys are securely stored on Tuta’s Germany-based servers and accessed across user devices. Authenticated encryption utilizes AES-256 in CBC mode with HMAC-SHA-256, with long-term AES-256 keys derived from user passwords using Argon2. Despite current limitations regarding message integrity and authenticity assurance, Tuta plans to address these concerns through cryptographic authentication enhancements. New accounts will receive TutaCrypt by default, while existing users will undergo gradual key rotation for seamless adoption of the superior encryption protocol.
