Tuta Mail adds new quantum-resistant encryption to protect email

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks.
Tuta Mail is an open-source end-to-end encrypted email service with ten million users.
Its creator, Tuta, is based in Germany, where it's involved in developing post-quantum secure cloud storage and file-sharing solutions for the government.
Today, Tuta announced the launch of TutaCrypt, a new protocol designed to protect currently exchanged communications from 'harvest now, decrypt later' attacks.
Harvest now, decrypt later attacks are the act of collecting encrypted data that cannot be currently decrypted to save for the future when more powerful decryption methods become available.
TutaCrypt combines CRYSTALS-Kyber for post-quantum key encapsulation and X25519 for the Elliptic-Curve-Diffie-Hellmann key exchange.
Like others in the field, including Signal and Apple, Tuta has opted for a hybrid model approach, combining state-of-the-art quantum-safe algorithms with traditional algorithms to offer complete protection against current and future threats.
TutaCrypt encryption generates two key pairs for Tuta Mail accounts: an X25519 key pair for the ECDH and a Kyber-1024 key pair for key encapsulation.
These keys, which now replace the old RSA key pairs, are securely stored and encrypted on Tuta's Germany-based servers and are accessible across user devices.
For authenticated encryption, TutaCrypt employs AES-256 in CBC mode with HMAC-SHA-256.
The protocol derives long-term AES-256 keys to encrypt data stored on the server from the user's password using Argon2.
TutaCrypt uses a combination of these algorithms to exchange a cryptographic key, which is then used to encrypt and decrypt the entire message, including its body, subject, and attachments.
The process combines two ECDH-derived shared secrets and a third from Kyber key encapsulation.
These secrets feed into a key derivation function, creating a secure message key for encryption and decryption.
Compromise of the long-term identity keys is a risk point.
Cryptographically guaranteed authentication and various improvements in the protocol itself are part of Tuta's plans.
New Tuta Mail accounts will get TutaCrypt upon creation, and existing users will get the superior protocol through a gradual key rotation that will take place over the next period.
No user action is required when migrating to the new encryption algorithm.
Apple adds PQ3 quantum-resistant encryption to iMessage.
DuckDuckGo browser gets end-to-end encrypted sync feature.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 11 Mar 2024 21:25:11 +0000


Cyber News related to Tuta Mail adds new quantum-resistant encryption to protect email

Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
2 months ago Aws.amazon.com
Tuta Mail adds new quantum-resistant encryption to protect email - Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. Tuta Mail is an open-source end-to-end encrypted email service with ten million users. Its creator, ...
9 months ago Bleepingcomputer.com
Quantum computing: The data security conundrum - One of the biggest challenges of digital technology today is around security systems and data. While this has proven successful, advancements in quantum computing - which utilises quantum mechanics to solve complex problems faster than conventional ...
10 months ago Itsecurityguru.org
IBM Heron Quantum Chip, Quantum System Two - Next generation quantum processor dubbed 'Heron', and the modular IBM Quantum System Two unveiled by Big Blue. IBM has unveiled two new quantum developments, with a new series of utility-scale processors housed within a modular quantum system. At its ...
1 year ago Silicon.co.uk
Quantum computing will enable a safer, more secure world - Today's media narrative around quantum computing's role in cybersecurity is overwhelmingly negative, because quantum computers will render today's encryption standards redundant, leaving much of our data at risk of being decoded. First, it's ...
11 months ago Cybersecurity-insiders.com
What Is Encryption? Definition, How it Works, & Examples - To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security. Symmetric encryption will typically be ...
1 year ago Esecurityplanet.com
Getting your organisation post-quantum ready - While quantum computing is still very much in its early stages, it's important that companies are already thinking about this evolving technology - and more importantly implementing and stress testing much needed solutions suitable for a post-quantum ...
1 year ago Cybersecurity-insiders.com
Strong Encryption Explained: 6 Encryption Best Practices - Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. Even the strongest ...
11 months ago Esecurityplanet.com
It's time to bolster defenses for an AI / Quantum Future - The rapid advances we are seeing in emerging technologies like AI, ML and quantum computing will have a devastating impact on organizations not prepared and who have not considered updating existing modes of asymmetric data encryption. Quantum is ...
10 months ago Cybersecurity-insiders.com
Types of Encryption, Methods & Use Cases - Encryption category types will explain the overarching and basic categories of classification for encryption, including the two most important: symmetric and asymmetric encryption. Encryption tool types will discuss the major classifications of ...
1 year ago Esecurityplanet.com
DORA and your quantum-safe cryptography migration - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. New requirements for financial entities in the EU. DORA lays out a set of requirements across ICT risk management, incident ...
10 months ago Securityintelligence.com
Business Data Encryption: Protecting Sensitive Information - In addition to implementing encryption technologies and policies, organizations should prioritize employee training on data encryption. By selecting the appropriate encryption technologies, implementing strong encryption policies, and training ...
10 months ago Securityzap.com
Safeguard Your Network in a Post-Quantum World - There is an imminent threat to existing cryptography with the advent of quantum computers. A quantum computer works with qubits, which can exist in multiple states simultaneously, based on the quantum mechanical principle of superposition. Thus, a ...
10 months ago Feedpress.me
Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach - Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. Symmetric and asymmetric encryption as ways of ...
5 months ago Cybersecurity-insiders.com
Post-Quantum Cryptography Alliance Launches to Advance Post-Quantum Cryptography - PRESS RELEASE. SAN FRANCISCO, Feb. 6, 2024 /PRNewswire/ - The Linux Foundation is excited to announce the launch of the Post-Quantum Cryptography Alliance, an open and collaborative initiative to drive the advancement and adoption of post-quantum ...
10 months ago Darkreading.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
Encrypting Data Using Asymmetric Encryption - Asymmetric encryption, commonly known as public-key encryption, is an important technique for safeguarding data transport and storage. Asymmetric encryption's multi-step process involving key generation, encryption, transmission, decryption, and key ...
11 months ago Feeds.dzone.com
What You Need to Know to Embrace the Imminent Quantum Shift for Your Cryptography Future - Cryptography has long been essential in ensuring the protection of data and communication networks. Remaining reliant on outdated cryptographic standards certainly adds to the dangers of compromise. As we usher in an era of cloud-scaling and quantum ...
9 months ago Cyberdefensemagazine.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
The 6 Best Encryption Software - Though encryption could still be broken or cracked, strong encryption is nearly impenetrable. Top encryption software: Comparison table Top encryption software BitLocker: Best for Windows environments. It's an excellent choice for encryption software ...
7 months ago Techrepublic.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
2 months ago Esecurityplanet.com
Breakthrough promises secure quantum computing at home - The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies, thanks to a breakthrough by scientists at Oxford University Physics guaranteeing security and privacy. This advance promises to ...
8 months ago Sciencedaily.com
China plans to take 'hack-proof' quantum satellite technology to new heights - China is planning new, cutting-edge quantum communications satellites. China launched the first dedicated quantum communications satellite, named Micius, in 2016, and has been quietly working on followup missions in the years since. "Low Earth orbit ...
1 year ago Space.com
Tech Giants Form Post-Quantum Cryptography Alliance - The Linux Foundation today announced the launch of the Post-Quantum Cryptography Alliance, an initiative to advance and drive the adoption of post-quantum cryptography. Founded by AWS, Cisco, IBM, IntellectEU, Nvidia, QuSecure, SandboxAQ, and the ...
10 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)