ExpressVPN launches post-quantum protection to defend users against threats of the future

Every day, billions of people around the world rely on cryptography and encryption to keep their data safe. Every time you do something online—whether it’s sending a work email, internet shopping, or using a VPN—they all rely on cryptography and encryption to establish secure communication channels and protect sensitive data.

As the field of quantum technology and computing progresses, it has the potential to rapidly solve ultra-complex problems. But these advances could also undermine today’s cryptography, making it possible for today’s encrypted information to be decrypted in the future. 

To mitigate this threat against security and privacy, we are unveiling our own post-quantum secure VPN. Starting from today, Lightway will include post-quantum protection by default. We believe that by playing an active role in the transition to a quantum-safe world, we can future-proof ourselves and our users.

This makes ExpressVPN one of the earliest VPNs to deploy post-quantum protections. It is a significant milestone that underscores our commitment to protect our users—while staying ahead in the ever-evolving landscape of cyber threats.

Quantum computers and their impact on privacy and security

Quantum computers are powerful machines that operate differently than the standard computers we use today. 

Standard computers struggle with certain problems, including the current cryptography that protects our data with an unbelievably difficult mathematical equation—which makes today’s encryption and data protection technologies possible. 

While classical computers use binary bits, which can be either one or zero, a quantum computer uses quantum bits or qubits, which can be one, zero, or both at the same time. This means that quantum computers can process exponentially more data and more complex problems in comparison to classical computers.

As quantum computers continue to evolve and become more powerful, they will eventually be able to crack encryption algorithms that are currently deemed secure. Experts estimate that it would take a classical computer around 300 trillion years to break a standard RSA-2048 bit encryption key, while a quantum computer with enough qubits could crack it in days.

One of the most insidious threats posed by quantum computing is the Store Now, Decrypt Later (SNDL) attack. SNDL is a cryptographic technique that involves storing encrypted data for an extended period before decrypting it. Threat actors are already swiping up lots of encrypted information, often the kind with a long shelf life, and stockpiling it until quantum computers can crack it open for them in the future. 

The potential risks of quantum computers are so threatening that in December 2022, U.S. President Joe Biden signed into law H.R.7535, the Quantum Computing Cybersecurity Preparedness Act, which encourages “federal government agencies to adopt technology that will protect against quantum computing attacks.”

ExpressVPN’s solution for a post-quantum future

ExpressVPN’s goal is to protect our users and help them take control of their internet experience. This is where the importance of post-quantum cryptography comes into play. It is designed to withstand the computational power of both classical and quantum computers. 

Today, we are happy to share that we have successfully implemented post-quantum support based on wolfSSL’s integration with the Open Quantum Safe team’s liboqs. We will be utilizing P256_KYBER_LEVEL1 for UDP and P521_KYBER_LEVEL5 for TCP. Kyber was chosen by the National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle cyber attacks posed by the advent of quantum computing.

Post-quantum protection is now available via the latest version of the ExpressVPN apps for Android, iOS, Linux, Mac, and Windows. ExpressVPN users just have to go to their app settings, followed by the protocol page, and make sure that they are using Automatic or Lightway UDP/TCP. With that, users can be easily protected against attackers with access to both classical and quantum computers.

Since Lightway’s core code is open-sourced, anyone can also scrutinize our code and make use of the latest updates on Lightway if they wish.

We are one of the early pioneers in the VPN industry to implement post-quantum protections. By integrating post-quantum support with DTLS 1.3, we are fortifying our VPN service to remain secure even in the face of quantum computing advancements.

“The Open Quantum Safe team is excited to see the use of our open-source software in work by wolfSSL and ExpressVPN to provide quantum-resistant cryptography in the Lightway protocol,” said Douglas Stebila, leader of the Open Quantum Safe project. “The OQS team has been monitoring and participating in the NIST post-quantum cryptography standardization effort along with many other industry and academic institutions. After an open process, the Kyber algorithm was selected from among several competitors for standardization, and the academic community has high confidence in its security.”

Our collaborative approach to post-quantum

We acknowledge that post-quantum cryptography algorithms, while promising, are still relatively uncharted waters, especially when compared with classical cryptographic algorithms that have enjoyed decades of extensive scrutiny and real-world testing. The novelty factor makes post-quantum cryptography algorithms somewhat unpredictable, especially as the landscape continues to evolve.

Here’s why these are not a cause for concern in our unique use case:

• Using liboqs for post-quantum cryptography only: liboqs only provides post-quantum cryptography, while all of the actual TLS handshake and classical cryptography is still provided by wolfSSL. By doing so, we’ve ensured that our security strategy doesn’t solely rely on post-quantum algorithms. This not only fortifies our existing security measures but also actively contributes to the development and scrutiny of post-quantum cryptography.
• Leveraging wolfSSL for classical cryptography: At ExpressVPN, we partner and work closely with wolfSSL, a certified TLS library celebrated for its robust security. Our core cryptographic protocols and communication channels continue to also be safeguarded by classical encryption methods and strong security foundations.
• Hybrid mode in harmony: We’ve adopted hybrid cryptography, seamlessly blending classical cryptography, such as ECDHE, with post-quantum cryptography from liboqs. This approach provides a formidable defense and aligns with recommendations from NIST, which is driving the evaluation and standardization of post-quantum cryptography. This hybrid approach means that we are safe from attacks by classical computers, and we have the best chance we know of today of being safe from attacks by quantum computers.
• Precision through isolation: We’ve isolated our use of liboqs to the Kyber component, assuring that any unforeseen issues pertaining to Kyber do not compromise the integrity of our broader cryptographic infrastructure.

That said, the quantum computing space is rapidly progressing, and we will keep a close eye on it so that we can proactively keep our users safe, both in the present and well into the future.

Our collaboration with wolfSSL (and liboqs) to implement post-quantum cryptography isn’t just about meeting security standards—it’s about setting new ones. We are proud to be innovators who are helping to lead the charge for a quantum-safe future in the VPN industry.

“Here at wolfSSL, we really like it when our customers get to put out leading-edge products by using our best-tested cryptographic and protocol library. To our knowledge, this will be the first and currently only deployment of not only DTLS 1.3 but also with the use of hybrid post-quantum key exchange! To get to this point, development has been done the right way in the light of day with open-source best practices for liboqs, the wolfSSL library, and the Lightway protocol!” said Todd A. Ouska, CTO and Co-Founder of wolfSSL Inc.