March 11, 2024 at 05:28PM
Tuta Mail introduced TutaCrypt, a novel post-quantum encryption protocol to safeguard communications from anticipated decryption attacks. This open-source email service, with ten million users, is based in Germany and involved in developing secure cloud storage and file-sharing solutions for the government. TutaCrypt combines quantum-safe algorithms with traditional ones to ensure comprehensive protection against current and future threats.
Based on the meeting notes, the key takeaways are:
1. Tuta Mail has announced the launch of TutaCrypt, a new post-quantum encryption protocol designed to secure communications from powerful decryption attacks, such as ‘harvest now, decrypt later’ attacks.
2. TutaCrypt combines CRYSTALS-Kyber and X25519 algorithms to provide a hybrid model approach for enhanced security against current and future threats.
3. The AES 256/Argon2 cryptography remains in place to protect exchanged messages against current threats.
4. TutaCrypt encryption generates two key pairs for Tuta Mail accounts: X25519 key pair for the ECDH and a Kyber-1024 key pair for key encapsulation.
5. TutaCrypt employs AES-256 in CBC mode with HMAC-SHA-256 for authenticated encryption and derives long-term AES-256 keys from the user’s password using Argon2.
6. The key exchange process combines ECDH-derived shared secrets and a third from Kyber key encapsulation, which feed into a key derivation function to create a secure message key for encryption and decryption.
7. TutaCrypt’s current limitations include concerns about guaranteeing the integrity and authenticity of exchanged messages, and the risk point regarding compromise of the long-term identity keys. Tuta plans to address these issues with improvements in the protocol.
8. New Tuta Mail accounts will automatically have TutaCrypt upon creation, and existing users will gradually receive the superior protocol through a key rotation process.
I hope this summary captures the essential details from the meeting notes! Let me know if there is anything else you would like to add.