[messaging] An Analysis of the ProtonMail Cryptographic Architecture

Nadim Kobeissi nadim at nadim.computer
Tue Nov 20 00:45:39 PST 2018

Dear esteemed peers and colleagues,

I have recently written an analysis of ProtonMail's cryptographic
architecture. ProtonMail is the world's largest encrypted email provider
with over five million users.

ProtonMail is an online email service that claims to offer end-to-end
encryption such that "even [ProtonMail] cannot read and decrypt [user]
emails." The service, based in Switzerland, offers email access via webmail
and smartphone applications to over five million users as of November 2018.
In this work, we provide the first independent analysis of ProtonMail's
cryptographic architecture. We find that for the majority of ProtonMail
users, no end-to-end encryption guarantees have ever been provided by the
ProtonMail service and that the "Zero-Knowledge Password Proofs" are
negated by the service itself. We also find and document weaknesses in
ProtonMail's "Encrypt-to-Outside" feature. We justify our findings against
well-defined security goals and conclude with recommendations.

Paper available on IACR ePrint:

I welcome your readership and your feedback.

Kind regards,

Sent from my computer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20181120/9311e12a/attachment.html>

More information about the Messaging mailing list