Aionda Mail Security Whitepaper – How We Protect Your Emails

Why We Published This Whitepaper

Trust in an email provider should not be based on promises. It should be based on verifiable architecture. That is why Aionda GmbH has published the Aionda Mail Security Whitepaper – a detailed technical document explaining exactly how Aionda Mail protects email data, who has access to what, and why the system is designed so that even the operator cannot read stored messages.

The goal is transparency. Every claim made about encryption, authentication, and data protection in Aionda Mail is documented, explained, and open to scrutiny.

What Is Aionda Mail?

Aionda Mail is a zero-knowledge encrypted email service developed by Aionda GmbH, based in Stuttgart, Germany. It provides disposable and permanent email addresses with full end-to-end encryption, designed for users and organizations that require genuine privacy – not just compliance checkboxes.

All infrastructure is operated under German and European data protection law (GDPR), with servers located exclusively in Germany.

Key Highlights from the Whitepaper

Zero-Knowledge Architecture

All encryption and decryption happens exclusively in the browser. The server stores only encrypted data and never has access to plaintext email content, attachments, or private keys. Even Aionda GmbH, as the operator, cannot read stored emails. This is not a policy decision – it is a technical impossibility enforced by the architecture.

Post-Quantum Cryptography

Aionda Mail implements ML-KEM-1024 (formerly CRYSTALS-Kyber), a post-quantum key encapsulation mechanism standardized by NIST. This protects encrypted data against future attacks by quantum computers – including retroactive decryption of data captured today (“harvest now, decrypt later” attacks).

OPAQUE Authentication

The login process uses the OPAQUE protocol, an asymmetric password-authenticated key exchange. The password never leaves the browser – not even as a hash. The server participates in authentication without ever learning the password. This eliminates an entire class of server-side credential theft attacks.

Shamir Secret Sharing

Each mailbox is protected by three cryptographic keys distributed using Shamir’s Secret Sharing scheme. Any two of the three key shares are sufficient to unlock the mailbox. This design provides redundancy while maintaining security – no single point of failure can compromise access.

No Password Reset

Aionda Mail does not offer a password reset function. The reasoning is straightforward: if the operator could reset a password, the operator could access the data. The absence of password reset is not a missing feature – it is a security guarantee. It is the proof that zero-knowledge is real, not marketing.

Guardian – Cryptographic Server Verification

The Guardian is a browser extension that cryptographically verifies every response from the Aionda Mail server. It detects unauthorized code changes, man-in-the-middle attacks, and compromised server responses before they reach the application. Users do not have to trust that the server delivers the correct code – Guardian verifies it independently.

GoBD-Compliant Email Archive

For enterprise use, Aionda Mail includes a tamper-evident email archive based on blockchain-style hash chaining. Each archived email is linked to the previous one through cryptographic hashes, making retroactive manipulation detectable. This satisfies the requirements of the German GoBD regulations for audit-proof digital archiving.

Download the Whitepaper

The Aionda Mail Security Whitepaper is available in four languages:

• English: Download PDF
• German (Deutsch): Download PDF
• French (Français): Download PDF
• Spanish (Español): Download PDF

For a broader overview of the security architecture, visit the Aionda Mail Security Page.

Feedback Welcome

The whitepaper is intended as a living document. Security researchers, cryptographers, IT professionals, and privacy advocates are invited to read it, challenge it, and provide feedback. Transparent security only works when it is subjected to external review.

Aionda Mail is available at mail.aionda.com.