Connect with us


ProtonMail now offers elliptic curve cryptography for advanced security and faster speeds – ProtonMail Blog

ProtonMail now offers elliptic curve cryptography for advanced security and faster speeds – ProtonMail Blog

Elliptic curve cryptography is the most advanced cryptographic system available. Now ProtonMail is making this technology available to all users.

For several months, we have been working to implement support for new cryptographic methods in ProtonMail that give users a faster experience with equal or better security. Today, we’re excited to announce that elliptic curve cryptography is now available in all our applications for web, mobile, and desktop.

For reasons we explain below, elliptic curves are rapidly replacing RSA as the gold standard for public key cryptography. You may already be using it in other services, such as WhatsApp; Chrome, Firefox, and Opera browsers; and Tor. In March 2018, we released elliptic curve cryptography in OpenPGPjs, the open-source encryption library we maintain, allowing hundreds of apps to take advantage of next-generation cryptography. In August, OpenPGPjs passed an independent security audit, paving the way for implementation in ProtonMail.

Why switch to elliptic curve cryptography?

For decades, RSA was the only game in town, rooted in a powerful mathematical concept: multiplying large prime numbers is easy, but factoring the product is hard. But as computers get faster, RSA encryption requires bigger and bigger numbers to stay secure. Large numbers slow things down, especially on mobile devices with less computing power.  

So, over the last few years, more products and protocols have been implementing a more efficient cryptographic system called elliptic curve cryptography. ECC also relies on a mathematical equation, but it requires much smaller numbers to accomplish the same level of security. For a more detailed explanation of how this kind of cryptography works, Ars Technica has published a useful summary.

Using elliptic curve cryptography, the processes of key generation, encryption, and decryption become dramatically faster. That saves processing power (allowing you to log in and load emails faster), memory (freeing up space for other apps to work), and energy (giving you longer battery life).

Elliptic curve cryptography is very secure

Public key cryptography — both high-bit RSA and elliptic curves — is extremely safe. As with any encrypted system, the only practical way to backdoor it is to exploit weaknesses in its implementation, not the math itself. With ECC, there are only two known attacks, one that takes advantage of random number generators and another that exploits things like device power consumption to glean clues about the keys. Both of these are well understood and were mitigated years ago.

We have chosen a particular elliptic curve system known as X25519, which is fast, secure, and particularly resistant to timing attacks. It’s simple to implement and, for what it’s worth, isn’t the subject of any patent claims.

Some users may also be curious about quantum computers, which will be insanely fast and promise to upend existing encryption systems. Elliptic curve cryptography in its current form would not stand a chance against a quantum computer. But such technology is still at least several years away, and just as ProtonMail has adapted to the new ECC standard, we will continue to evolve alongside new challenges. There is active research today into quantum-resistant encryption algorithms which we are following closely.

How to use the new keys in ProtonMail

Over time, ECC keys will become the default for all new addresses in ProtonMail. If you already have a ProtonMail account, you can upgrade your RSA keys for each email address by logging in to your account at, clicking on Settings, and opening the Keys page. Click on the “Add New Key” button and select the address for which you want to add ECC keys.

Then select:

State-of-the-art X25519 (Modern, fastest, secure)

And click on “Generate Keys”. You will be asked to enter your account password.

Next, click on the arrow next to your email address to reveal the key details. In the ECC key row, click on the dropdown menu and select “Make Primary.” This will make your new ECC the default key for this email address.

It is extremely important that you DO NOT DELETE YOUR OLD RSA KEYS. If you do, you will lose the ability to decrypt all your existing emails. Simply leave your old keys active; they will be used to decrypt old messages.

If you wish to continue using RSA encryption, your emails will still be safe, but your mailbox might move slower, especially on mobile devices. For the vast majority of users, ECC is the better method. (Some advanced users who receive PGP emails from non-ProtonMail users may decide to stay with RSA keys for a particular email address.)

We are excited to give you access to the latest advances in cryptography, and we look forward to hearing your feedback. You can find us on Twitter or engage with our community on our subreddit. For help with your account, our support team is always available.

Best Regards,The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.


Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Register Lecture: Hidden heroes of Alan Turing’s Enigma

Live code-breaking and beer A curse follows Enigma, the cryptography device deployed by Adolf Hitler’s military during the WWII to protect their Morse communications from the Allies. That curse? Invisibility. Alan Turing has – now – become intrinsically linked with cracking Enigma, a machine of fiendish complexity capable of 159 million, million, million (1.59×1020) settings…

Register Lecture: Hidden heroes of Alan Turing’s Enigma

Live code-breaking and beer

A curse follows Enigma, the cryptography device deployed by Adolf Hitler’s military during the WWII to protect their Morse communications from the Allies. That curse? Invisibility.

Alan Turing has – now – become intrinsically linked with cracking Enigma, a machine of fiendish complexity capable of 159 million, million, million (1.59×1020) settings that demanded the perfect marriage of mathematics and engineering to break. Turing’s work would blow open secrets that helped alter the war – for example, alerting the RAF to Luftwaffe raids during the Battle of Britain. And yet, Turing received little by way of the recognition he deserved for decades – quite the opposite, in fact.

But Turing is not the only one to have suffered Enigma’s curse of invisibility. Join The National Museum of Computing on June 26 for a special Register lecture journey back 80 years to the eve of the Second World War, to hear the stories of those behind Turing.

Hear about who provided a critical leg-up to the struggling English in cracking Enigma and who helped build the Bombe – the device to mechanise the mathematics of code breaking. Eight decades after the start of the War, TNMOC will go inside the pioneering work of the Polish General Staff Cipher Bureau in Warsaw and shine a light on the roles of Gordon Welchman and Doc Keen, the long-overlooked Bombe engineering team lead, at Bletchley. Together, they helped put code-breaking at Bletchley Park on an industrial footing.

Your guide for this crypto history trip will be Paul Kellar MBE, a leading member of the Bombe Rebuild project – based at TNMOC as a working tribute to those who contributed to breaking the Enigma.

Starring with Paul will be a working Enigma to help demonstrate “knowing your enemy” and illustrate how the Bombe could attack and break the Enigma on a daily basis. You will get the opportunity, too, to participate in a live code-cracking exercise with Checking Machine – the last stage in recovering the Key of the Day after the Bombe had found the crucial settings.

Join fellow Reg readers with the TNMOC crypto historians and their machines at the Rugby Tavern, 19 Great James St, London, WC1N 3ES. Doors open at 18:30 BST with Paul taking the mic at 19:00. An audience question-and-answer session will follow a break to re-charge mind and grey matter. Get your ticket here. ®


Continue Reading


Breaking Up Facebook ‘Won’t Be Enough,’ Says Morgan Stanley Boss. Here’s His Proposal.

Breaking Up Facebook ‘Won’t Be Enough,’ Says Morgan Stanley Boss. Here’s His Proposal.

New York City’s just-concluded “blockchain week” was palpably more subdued than it has been in years past. (Or maybe I was just not invited back to the parties after my 2018 travelogue.)
In any case, I took a brief break from the madness of the Fortune 500 issue close to drop by the Consensus conference, the week’s marquee event, where I moderated a security-themed panel on Monday. My panelists were Tom Glocer, the lead board director of Morgan Stanley and former chief executive of Thomson Reuters, and Nadav Zafrir, the CEO of startup foundry Team8 and former head of the Israeli Defense Forces’ Cyber Command and Unit 8200, Israel’s equivalent of the U.S.’s National Security Agency. (For a recording, see video No. 15 here.)

Below are some soundbites from our conversation. I asked Glocer about a post he had published in the fall on his excellent personal blog in which he pondered who, or what, should own people’s data. His response imagined a world in which people might own their own information and where they would, using individual digital wallets, license the rights to corporations.

Rather than the current situation where we just weren’t paying attention and Google and Facebook, etc., built up huge caches of our private information, you would have the choice to sell Google your search history in return for a micropayment. Or you would sell Apple your photos in return for a micropayment, etc. I think it’s an interesting way of turning the current model on its head. But we’re not going to get there without some very significant government intervention along the lines of the debate that’s been raging about Facebook. Tech alone won’t achieve this jiu-jitsu move.

Since he brought it up, I asked Glocer for his thoughts on breaking up Facebook.

Just breaking up Instagram, Facebook, and WhatsApp won’t be enough. Facebook has over 2.5 billion folks. If you really wanted to go after them, I think you would have to go deeper and essentially declare a date by which they’d have to erase all of the data they’ve achieved to date and start fresh with what I’d call an informed consent and maybe, yes, micropayments. There’s no intrinsic reason why it’s awful that [Facebook] owns Instagram and WhatsApp…. If Mark [Zuckerberg] came out and just declared that on June 30th of next year we’re going to wipe out our histories—here’s your chance to download your own, in case you want to keep it, and here are the new rules of the road that you get to explicitly opt into—I would leave all those companies in his world.

The audience tended to agree. When I asked them whether Facebook should get the Sherman Anti-Trust treatment, only about a third of the crowd raised their hands.

Facebook, through the malicious hijacking of its targeted marketing machinery, has greatly contributed to an erosion of faith in traditional institutions. Nadav Zafrir summed up the predicament well. When I asked him what is the most pressing, most frightening threat the world faces, he replied without hesitation.

In one word: Trust. We are now in a world where it’s very hard for us to trust the simple things that, as my generation grew up, we were accustomed to trusting—our democracies. Our voting systems…. The irony is that the blockchain has a great potential to offer that [trust], yet it has become synonymous almost with the opposite…. At the end of the day attackers are human. They’re ROI [return on investment]-driven. They’re not super-ninjas or super-humans. They have their limitations. They have their vulnerabilities…. It’s an asymmetric battle when the attackers only need to find one single point of failure in the whole system and it’s game over. Hence, if we take that single point of failure and distribute it in a way where attackers need to hack everybody simultaneously and get everybody’s consensus, we’re flipping the asymmetry and taking control of the situation.

Of course, retaking control of the situation is no simple task, even with the advent of blockchain technology. Zuckerberg is, for his part, exploring how he might reestablish the foundations of his media empire on the footing of blockchains, cryptography, and private messaging. With all the consumer backlash and heat from regulators, it will no doubt take expert jiu-jitsu to pull off.
May the groundwork commence.
A version of this article first appeared in Cyber Saturday, the weekend edition of Fortune’s tech newsletter Data Sheet. Sign up here.


Continue Reading

Crypto Live Prices

  • USD
  • EUR
  • GPB
  • AUD
  • JPY


Copyright © 2018