Tutanota has received a grant of €1,500,000 ($1,635,000) from the German government to develop a post-quantum secure cloud storage and file-sharing solution named ‘PQDrive.’
Tutanota is a German software company developing privacy tools, like a secure end-to-end encrypted email service built on a robust zero-knowledge design, and using an open-source client that is open to scrutiny. The firm does not require new registrants to provide data that may be used to identify them, such as secondary emails or phone numbers, hence being one of the few webmail providers to offer truly anonymous sign-up.
The PQDrive project aims to provide a secure data hosting and transmission service for the country’s most critical organizations to use. The financial support for this new platform is provided in the context of the ‘KMU-innovativ funding,’ which also supports the University of Wuppertal with another €600,000 ($654,000) that is going to cooperate with Tutanota to help develop PQDrive.
The idea behind PQDrive is to anticipate the future threat of quantum computers, which will be able to easily crack today’s encryption and build a cloud storage service that remains secure even when the threat materializes. Tutanota’s engineers and the researchers at the University of Wuppertal are expected to create a service that will remain resilient to quantum computing power regardless of the advancements made in that field.
Tutanota says that PQDrive will result in the development of a new product called TutaDrive, which will be fully integrated into its portfolio, enabling over 10 million users to store, send, or receive files securely. We see similar developments with Proton Mail and its development of Proton Drive.
Tutanota’s Hybrid Encryption
The concept will adopt a strategy akin to the one employed by Tutanota for its ongoing development of a quantum-resistant email service, PQMail, which is to utilize dual encryption. First, it leverages classical algorithms like RSA, (EC)DSA, and (EC)DH, widely recognized and used for data protection today. Concurrently, it employs algorithms that have received the National Institute of Standards and Technology (NIST) approval, denoting their robustness against the formidable computational capabilities of quantum computers.
NIST-approved algorithms for quantum encryption resistance are “FALCON,” “SPHINGS+,” “CRYSTALS-Kyber” (for key establishment), and “CRYSTALS-Dilithium” (for digital signatures), which are considered fast and have a relatively low resource impact while providing robust data encryption. Tutanota has said it will attempt to implement the first two algorithms in the PQDrive prototype.
In conclusion, Tutanota highlights the importance of using strong encryption on the cloud, as data hosting services are responsible for the majority of breaches and data leaks that impact organizations and consumers today.
According to a study by the German Federal Office for Information Security (BSI), secrets encrypted with 2048-bit RSA can be broken in 100 days using a quantum computer with 1 million qubits of power. That number is far from IBM’s record-holding quantum computing system, which currently achieves 433 quantum bits. However, IBM recently announced plans to build a 100,000 qubit system by the end of the decade, so we will soon reach the scale needed to call this threat real and tangible. Sooner or later, quantum computers will quickly conquer poorly secured data silos, so the race between data protection and encryption cracking is already on.
LockBit Ransomware Demands $70M Payment from CPU Giant TSMC
They are as trustworthy as gmail right now.
Hi Heinrich,
What a great story!
The government funding to Tutanota is a small amount for the German Govt but it could do well to drive innovation in their economy. I wish their was more of it directed towards OS and privacy initiatives.
Excuse me for not having numbers at hand but the economic costs of breaches and data insecurity are mind-boggling; for the individual businesses and economies. If you just take the individual, their time, stress, loss of quality of life and reduction in work place productivity that is an economic cost – then multiply that by the affected individuals and you end up with a big number – these are the terms government seem to understand.
What governments don’t seem to understand is what to do about it, or how to go about it.
Yet here Germany seems to be taking a step in the right direction, put small amounts of money into innovation.
Great article!
When done Tutanota, University of Wuppertal and Germany,
Do you feel this large financial investment from the DE government will endanger Tutanota’s ability to continue providing the privacy they are known for?
Tutanota is now beholden to the german govt.
Great post! thank you so much Heinrich. I discovered Tutanota thanks to this blog. They are trustworthy
No they are not. A German court literally forced tutanota to reverse engineer their encryption. The threatened to jail the ceo when he refused (Erzwingungshaft or Beugehaft). Do your proper research. Germany’s laws are worded especially broad which means that the courts do what they want ( and Germany also has ‘freiw. beweiswürdigung which means that the judges are not 100 percent bound to law as per the constitution). They also forced quad 9 ,a dns provider, to censor something because of Sony (and quad 9 openly states that they have to censor worldwide). F*** Germany and its laws and never trust anyone who states otherwise. DO YOUR RESEARCH (I recommend German news log heise)
Well glad to know Germany is f****ed wonder who’s next :/
Perfectly explained and stated, no Government is giving you subsidies for nothing.