Encrypt your emails with an algorithm that even quantum computers can't break.
Features · How It Works · Architecture · Run Locally · Security
| Login | Home |
|---|---|
 |
 |
- 🔒 LWE post-quantum encryption — message body encrypted before it ever leaves your machine
- 📬 Gmail integration — send via SMTP, read via Gmail API OAuth 2.0
- 🧑💼 User accounts — sign up, log in, sessions managed securely
- 🛡 bcrypt password hashing — passwords never stored in plaintext
- 🗄 Zero-setup database — SQLite, no database server needed
- 🌑 Dark quantum UI — custom-built dark theme with animated grid background
- 📦 Portable — runs on any machine with Python 3.10+
Based on independent research into lattice-based cryptography and post-quantum security.
Every email you send with standard Gmail is encrypted in transit using RSA or Elliptic Curve Cryptography (ECC). These algorithms are secure today — but they have a fatal flaw: their security rests on how hard it is for a computer to factor large numbers or solve the discrete logarithm problem.
In 1994, mathematician Peter Shor proved that a sufficiently powerful quantum computer could solve both of these problems in polynomial time — making RSA and ECC completely breakable.
Classical computer attacking RSA-2048:
Time estimate: ~300 trillion years ✅ Safe
Quantum computer (Shor's algorithm) attacking RSA-2048:
Time estimate: ~hours ❌ Completely broken
QuantaMail uses a fundamentally different class of cryptography that remains hard even for quantum computers.
LWE is a lattice-based cryptographic primitive first formalised by Oded Regev in 2005. Its security is based on the hardness of a completely different problem — one that has no known quantum speedup.
The core idea: Given a system of linear equations with small random errors added to each result, it is computationally infeasible to recover the original secret — even with a quantum computer.
Without errors (easy to solve — just linear algebra):
a₁·s = b₁
a₂·s = b₂
a₃·s = b₃
With errors added (hard — this is LWE):
a₁·s + e₁ = b₁ where e₁ ∈ {0, 1}
a₂·s + e₂ = b₂ where e₂ ∈ {0, 1}
a₃·s + e₃ = b₃ where e₃ ∈ {0, 1}
The noise terms e are tiny, but they destroy the clean linear structure that would let an attacker solve the system. No known classical or quantum algorithm can efficiently recover s.
Key generation:
Parameters:
n = 1024 (vector dimension)
q = 65536 (modulus, 2¹⁶)
e ∈ {0, 1} (small error values)
1. Sample random public vector: a ← Zqⁿ
2. Sample secret key: s ← Zqⁿ
3. Sample error vector: e ← {0,1}ⁿ
4. Compute public key: b = (a·s + e) mod q
Encrypting one bit m (0 or 1):
1. Sample ephemeral vector: r ← {0,1}ⁿ
2. Compute ciphertext pair:
c₁ = r·a mod q
c₂ = r·b + m·(q/2) mod q
Decrypting:
1. Compute: v = c₂ - c₁·s mod q
2. Round: if |v - 0| < |v - q/2| → m = 0
else → m = 1
The rounding works because the error e is small relative to q/2. The noise shifts v slightly away from 0 or q/2, but not enough to push it past the halfway threshold — so we can always recover the correct bit.
For full messages, each character is encoded as 8 bits, each bit is encrypted independently, and messages longer than 128 characters are split into blocks:
"Hello, World!" (13 chars)
↓
104 bits (13 × 8)
↓
104 separate LWE encryptions
↓
c1[104], c2[104] — the ciphertext
↓
Transmitted as a Python dict string over email body
The reason LWE resists quantum attacks comes down to the geometry of high-dimensional lattices. Finding the secret s in an LWE instance is equivalent to solving the Shortest Vector Problem (SVP) in a lattice — finding the shortest non-zero vector in a high-dimensional grid.
Security comparison across attack models:
Algorithm Classical Attack Quantum Attack (Grover/Shor)
─────────────────────────────────────────────────────────────────
RSA-2048 ~2¹¹² ops ~polynomial ← BROKEN
ECC-256 ~2¹²⁸ ops ~polynomial ← BROKEN
AES-256 ~2²⁵⁶ ops ~2¹²⁸ ops ✓ Still ok
LWE (n=1024) ~2¹⁰⁰ ops ~2¹⁰⁰ ops ✓ Quantum-safe
─────────────────────────────────────────────────────────────────
For LWE, the best known quantum algorithm offers no asymptotic advantage over classical attacks — the hardness of the lattice problem is preserved.
Encryption is more expensive than RSA for short messages, but scales predictably. Here's the approximate cost per character on a standard laptop CPU:
Encryption time vs message length (approx, Python, n=1024):
10 chars | ████░░░░░░░░░░░░░░░░ ~0.3s
50 chars | ████████░░░░░░░░░░░░ ~1.4s
100 chars | ████████████░░░░░░░░ ~2.8s
200 chars | ████████████████░░░░ ~5.5s (crosses block boundary)
500 chars | ████████████████████ ~14s
Note: This implementation is pure Python for transparency/education.
A production system (e.g. CRYSTALS-Kyber in C) runs ~1000× faster.
Security margin vs key size:
LWE Dimension (n) | Security Level | Used In
───────────────────────────────────────────────────────
256 | ~80-bit | Lightweight IoT
512 | ~100-bit | General use
1024 ◄ours | ~128-bit | QuantaMail
2048 | ~192-bit | CRYSTALS-Kyber (NIST)
4096 | ~256-bit | High-security applications
In 2022, NIST completed a 6-year evaluation of post-quantum cryptographic algorithms. The primary encryption standard they selected was CRYSTALS-Kyber — a Key Encapsulation Mechanism (KEM) built directly on top of LWE (specifically a variant called Module-LWE).
NIST PQC Standards (2024):
Encryption/KEM:
✅ CRYSTALS-Kyber (ML-KEM) ← Module-LWE — same family as QuantaMail
Digital Signatures:
✅ CRYSTALS-Dilithium (ML-DSA)
✅ FALCON (FN-DSA)
✅ SPHINCS+ (SLH-DSA)
Evaluated but not selected:
✗ NTRU (lattice, different problem)
✗ Classic McEliece (code-based)
✗ SIKE (isogeny-based, later broken)
QuantaMail's algorithm.py implements the foundational LWE scheme that underpins the NIST standard — built from scratch to demonstrate understanding of the underlying mathematics.
┌─────────────────────────────────────────────────────────────┐
│ Browser / Client │
└─────────────────────────┬───────────────────────────────────┘
│ HTTP
┌─────────────────────────▼───────────────────────────────────┐
│ Flask (app.py) │
│ │
│ GET / → login.html │
│ POST /login → verify_user() → session │
│ GET /dashboard → fetch + decrypt → dashboard.html │
│ POST /send_mail→ encrypt → SMTP send │
│ GET /logout → session.clear() │
└──────┬──────────────────┬──────────────────┬───────────────┘
│ │ │
┌──────▼──────┐ ┌────────▼───────┐ ┌──────▼──────────────┐
│ database.py │ │ algorithm.py │ │ gmail_service.py │
│ │ │ │ │ │
│ SQLite │ │ LWE Encrypt │ │ Gmail OAuth 2.0 │
│ bcrypt │ │ LWE Decrypt │ │ Token caching │
│ users table │ │ Block chunking │ │ Message parsing │
└─────────────┘ └────────┬───────┘ └──────────────────── ┘
│
┌────────▼───────┐
│ smtp.py │
│ │
│ Gmail SMTP │
│ .env creds │
└────────────────┘
File structure:
quantamail/
├── app.py ← Flask app, all routes
├── algorithm.py ← LWE post-quantum encryption
├── database.py ← SQLite + bcrypt user management
├── gmail_service.py ← Gmail API OAuth wrapper
├── smtp.py ← Email sending via SMTP
├── requirements.txt ← Python dependencies
├── .env.example ← Secrets template (copy → .env)
├── .gitignore
├── templates/
│ ├── login.html
│ ├── signup.html
│ └── dashboard.html
└── static/
├── style.css ← Auth pages (dark theme)
├── dashboard.css ← Dashboard layout
└── 2.jpeg ← Logo
- Python 3.10+
- A Gmail account with a Gmail App Password
git clone https://github.com/YOUR_USERNAME/quantamail.git
cd quantamail
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activatepip install -r requirements.txtcp .env.example .envOpen .env and fill in:
SECRET_KEY=any-long-random-string
SMTP_USER=your-gmail@gmail.com
SMTP_PASSWORD=your-app-passwordpython app.pyVisit http://localhost:8000
To read encrypted emails in the inbox tab, you need a Gmail API credential:
- Go to Google Cloud Console → create a project
- Enable the Gmail API
- Create OAuth 2.0 credentials → download as
credentials.json - Place
credentials.jsonin the project root - On first inbox load, a browser window will open to authenticate — after that, the token is cached
| Layer | Implementation |
|---|---|
| Message encryption | LWE (Learning With Errors), n=1024, q=2¹⁶ |
| Password storage | bcrypt (cost factor 12) |
| Session management | Flask server-side sessions with secret key |
| SMTP credentials | Environment variables via .env, never hardcoded |
| Gmail OAuth | Token cached in token.pickle, excluded from Git |
.gitignore |
Excludes .env, credentials.json, token.pickle, venv/ |
Note on the LWE parameters: The parameters n=1024, q=65536 provide approximately 128-bit classical security. This implementation is written in pure Python for readability and demonstration. A production deployment would use a compiled library like liboqs implementing CRYSTALS-Kyber.
| Layer | Technology |
|---|---|
| Language | Python 3.10+ |
| Web framework | Flask 3.0 |
| Cryptography | Custom LWE (algorithm.py) |
| Database | SQLite via sqlite3 |
| Password hashing | bcrypt |
| Email send | smtplib (Gmail SMTP) |
| Email read | Google Gmail API v1 (OAuth 2.0) |
| HTML parsing | BeautifulSoup4 |
| Frontend | HTML5, CSS3 (custom dark theme) |
| Secrets management | python-dotenv |
MIT — see LICENSE
Built to explore post-quantum cryptography applied to real-world communication. The encryption algorithm in this project belongs to the same mathematical family as the 2024 NIST post-quantum standard.