The quantum era is no longer a distant thought experiment. Quantum computers — advanced computing systems designed to solve complex problems that classical computers cannot — are not yet capable of breaking the encryption that protects email today. But the risk is real enough that security teams, standards bodies, and technology providers are already preparing for what comes next by adopting post-quantum encryption.
Post-quantum protection is now an optional upgrade in Proton Mail, available on all plans including free. Once enabled, Proton Mail can generate and use post-quantum-ready keys for new encrypted emails to protect your personal messages and business communications against today’s threats and a future where current public-key cryptography may no longer be enough.
Don’t use Proton Mail yet? Create a free account.
What’s changing in Proton Mail
Proton Mail has long used OpenPGP with ECC (Elliptic Curve Cryptography) and RSA (Rivest-Shamir-Adleman) keys to protect encrypted email, which remain secure against the computers of today. But large-scale quantum computers could break those schemes using algorithms such as Shor’s algorithm, a quantum computing technique designed to solve the kinds of mathematical problems that make RSA and ECC secure.
To prepare for that future, Proton Mail now supports encryption keys that withstand post-quantum cryptography (PQC). Find out how to enable post-quantum protection in Proton Mail with just a few simple steps.
Enabling PQC helps protect new encrypted emails going forward. It does not retroactively re-encrypt the emails already in your mailbox, for now. As with existing keys, PQC keys can still be managed in familiar ways. You can generate more PQC keys later, and those keys can be marked obsolete or compromised just like RSA or ECC keys.
As part of this work, we are also adding support for OpenPGP v6, the newer framework that enables modern algorithm support, including post-quantum cryptography.
We are also standardizing quantum-safe encrypted email across the open email ecosystem, including with projects such as Thunderbird, so these protections can work between providers — not just within Proton — and help people stay safe no matter which email service they use.
Why prepare now for post-quantum attacks?
The quantum era may not be here yet, but an attacker can collect encrypted data today and keep it for the future, hoping to decrypt it once quantum capabilities improve and proliferate. That is one reason the migration has already started across the industry, even before practical quantum attacks exist.
The most important security transitions usually start before the wider public is paying attention. By the time they become obvious to everyone, the organizations that waited are already behind.
With post-quantum cryptography support in Proton Mail, we are taking a proactive step to help protect encrypted email against the threats of tomorrow, without compromising the privacy guarantees that matter today.
Don’t use Proton Mail yet? Create a free account.
