Paper 2018/1121

An Analysis of the ProtonMail Cryptographic Architecture

Nadim Kobeissi

Abstract

ProtonMail is an online email service that claims to offer end-to-end encryption such that "even [ProtonMail] cannot read and decrypt [user] emails." The service, based in Switzerland, offers email access via webmail and smartphone applications to over five million users as of November 2018. In this work, we provide the first independent analysis of ProtonMail's cryptographic architecture. We find that for the majority of ProtonMail users, no end-to-end encryption guarantees have ever been provided by the ProtonMail service and that the "Zero-Knowledge Password Proofs" are negated by the service itself. We also find and document weaknesses in ProtonMail's "Encrypt-to-Outside" feature. We justify our findings against well-defined security goals and conclude with recommendations.

Note: This revision improves the clarity of the fonts used to render the PDF.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
public-key cryptographypgp
Contact author(s)
nadim @ symbolic software
History
2021-09-17: last of 5 revisions
2018-11-20: received
See all versions
Short URL
https://ia.cr/2018/1121
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2018/1121,
      author = {Nadim Kobeissi},
      title = {An Analysis of the {ProtonMail} Cryptographic Architecture},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1121},
      year = {2018},
      url = {https://eprint.iacr.org/2018/1121}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.