World Quantum Day – is the internet ready for the "biggest security threat of all time"?

"Quantum computers will become a reality in about 5 to 15 years. But we've seen recently with the release of Amazon's Ocelot, Microsoft's Majorana-1, and Google's Willow that big tech companies are currently investing a lot into quantum technology. Each of them wants to be the first one to have a quantum computer.

So, a lot of money goes into making quantum computers a reality. And while experts estimate it could take five to ten years before a quantum computer exists, it could also be much faster. I wouldn't be surprised if one of the big techs makes a breakthrough in less time.

This is why we need to invest in quantum-resistant encryption today. Because once quantum computers exist, they can break currently used algorithms to encrypt emails or chat messages. Only post-quantum algorithms can fully protect our data."

"Yes, we started working on PQMail in 2020. This was a research project to find out how post-quantum encryption could work, and we released a prototype one year later. The prototype was able to encrypt and decrypt emails in a hybrid protocol that included quantum-safe algorithms.

What followed then was PQDrive, a research project together with the University of Wuppertal with a "KMU-innovativ" grant from the German government. This project aims to build post-quantum encrypted file sharing. So, the final goal will be a Drive feature in addition to Tuta Mail and Tuta Calendar.

Last year, we were able to release TutaCrypt into the mail client. This is the first quantum-resistant encryption protocol for email. We are quite proud that Tuta Mail is currently the only email provider that can encrypt emails in a quantum-safe way. But I'm sure other providers will follow in the coming years because the quantum threat is getting more pressing by the day."

"The hardest part of quantum-resistant cryptography is not so much the algorithms used but making everything work fast and frictionless. It still needs to perform, and especially on mobile devices, this is tough. You don't want your mailbox to take minutes to load.

When you load your Gmail mailbox on your phone, it's just the data that needs to be loaded, so it's quicker. But when you load your encrypted mailbox, this data also needs to be decrypted on your phone. This requires processing power, which uses time. So, you need to make this process as efficient as possible.

That's the biggest challenge, especially with quantum-resistant encryption, because then you need to have a hybrid protocol. This basically means that you need to encrypt the data twice: once with traditional algorithms and once with quantum-safe ones – and still you want your mailbox to load within a few seconds."

"As I said, a lot is going on in quantum computing research. Huge amounts of money are being invested by big tech companies because everyone wants to be the first to have a working quantum computer.

In my opinion, quantum computing will be the next big thing. We are currently seeing a downward trend for artificial intelligence, and quantum computing will be the next hot topic that everyone will be talking about.

I believe the progress we can expect in the coming years is huge, and it will not be linear. At some point, there will be a breakthrough, and then all of a sudden, we will have quantum computing. We should not underestimate this fact. And we at Tuta are fully aware of this threat. As a secure email provider, we need to prepare for the quantum world today, not tomorrow!

And then there's also the threat of "Harvest now, decrypt later". This is a huge threat because data that you share today that should be safe also in ten years needs to be encrypted with quantum-resistant algorithms already today. Otherwise you can not consider this data as safely protected."

"I think – given the advances in quantum computers and the immense threat we face – we should all be in the middle of the transitioning phase. But honestly, I wouldn't say we are at a good point already because there are not too many services that haven't even started transitioning yet.

Everything relies on encryption – online banking, when you connect with your health insurance online, everything is encrypted. All web traffic uses HTTPs and TLS, and all of these protocols need to be made quantum-safe as well, and we are definitely not there yet. Maybe we are at an early starting point, but definitely a lot more needs to be invested to make our internet and our infrastructure safe.

I mean, it's not just banking apps; it's also our country's infrastructure. If you think about power plants and the power grid, all of this is connected via the internet as well, and of course, all of this needs to be protected with quantum-safe encryption.

Right now, the encryption they use is traditional encryption. Once we have quantum computers that can break the traditional encryption, this basically means they have no encryption at all. They will have no protection anymore. And given the threats that we see also on a national level, we need to make sure our infrastructure is resilient and strong – and encryption is a basic necessity for that."

"One reason is definitely that the NIST just published the final post-quantum algorithms in August last year. Of course, some companies probably waited until the finalists were announced because they didn't want to invest time and effort into implementing quantum-resistant encryption, and then if the algorithm changed, they would have to do it all over again.

Yet, now that the finalists are there, cryptography experts have reviewed them and agreed that this is the best option for quantum-resistant encryption, more companies need to start implementing these algorithms.

Security is always a slow road, unfortunately. Because in a first step, it does not bring any money. As long as there has not been an attack, the need for security is not really visible. Why should you invest in DDoS protection if there's never been an attack? But the thinking is wrong: If there is an attack, investing in protection is too late. You need to be prepared before an attack can happen!"

"I'd like to say start now because as we have seen from our TutaCrypt project, it took us four years from kick-off of the research project until actually had working post-quantum encryption in Tuta Mail.

Of course, now that the finalist (ML-KEM) has been announced, a lot of research has already been done. It could now take only two years, maybe if you're really quick, only one year. But it takes time to transition to quantum-safe encryption.

You can't do it in a day or in a month, so you need to start now if you want to be safe in, let's say, three years from now. And in my opinion, this is the absolute minimum. Because with the estimation of quantum computers being there in 5 to 10 years, we must be quantum-safe in three years. This is the absolute minimum requirement."

Definitely. Quantum computing brings a lot of advantages, no doubt about that, but it is also brings the biggest security threat of all time: breaking encryption.

This is one of the biggest threats that we are currently facing, and as I've already explained, our entire infrastructure relies on encryption. If quantum computers can break that, we are basically back to when the Internet started, where we didn't even have HTTPs or TL,S and nothing was encrypted or protected.