Popular VPN provider, ExpressVPN, has just taken a step further in its post-quantum transition, integrating the latest future-proof encryption technology across all its apps.
ML-KEM, one of the three quantum-resistant encryption standards released by the National Institute of Standards and Technology (NIST) in August last year, has replaced the Kyber algorithm on ExpressVPN's proprietary Lightway VPN protocol.
This move further consolidates the company's commitment to securing users' data against new threats posed by quantum computing. Already one of the best VPN services on the market, ExpressVPN was among the first to add post-quantum protection in October 2023. The new release now makes ExpressVPN an early adopter of the industry standard of post-quantum encryption.
From Kyber to ML-KEM: what's changed?
"Encryption is always evolving, and so are we. When Kyber emerged as a trusted frontrunner in the race to secure the post-quantum world, we integrated it into Lightway to ensure your data stayed ahead of potential threats. Now, with ML-KEM – the newly minted NIST standard – we’re taking that protection even further," said Pete Membrey, Chief Research Officer at ExpressVPN, in the official announcement.
Membrey explains that ML-KEM is built on Kyber's foundation and is now the standard for cryptographic key exchanges, meaning exchanging information across a public network, like VPNs.
The new algorithm results from years of work, designed to defend against future quantum threats. ML-KEM has also managed to amass the consensus of leading cryptographers worldwide during this time. The most important, perhaps, its design integrates seamlessly into Lightway, with ExpressVPN promising that speed and reliability won't be affected.
"Lightway is built to evolve, and ML-KEM represents the next step in its journey," said Membrey, adding that the VPN protocol now uses NIST Security Level 5 key sizes for both TCP and UDP, "ensuring your connection is harder to break."
The next time you read about quantum computing being a threat to cybersecurity in the future, just know that we’ve got your back today and every day after. Find out more about Lightway's upgrade to ML-KEM: https://t.co/JsvvSZnqNr pic.twitter.com/ONSwqV2eRzJanuary 15, 2025
Upgrading to ML-KEM wasn't the only change for ExpressVPN and, well, its Lightway protocol.
ExpressVPN also decided to migrate from the Open Quantum Safe (OQS) team’s implementation of Kyber/ML-KEM to WolfSSL. For the less techie out there, WolfSSL is an open-source library used to secure digital communications between devices, among other things.
WolfSSL introduced a few advantages. For starters, it implements ML-KEM perfectly, Membrey explains, allowing Lightway to deliver solid performances across all platforms. It's also optimized for speed and power efficiency thanks to a lighter and simpler infrastructure. This will enable Lightway to keep delivering low-latency and high-speed connections
"Unlike experimental libraries, WolfSSL provides enterprise-grade support and regular updates, making it the perfect fit for Lightway’s ongoing evolution," Membrey added.
You can now benefit from ExpressVPN's new post-quantum protections simply by upgrading to the latest version of the VPN app. The update has already been rolled out across all major platforms.
The need for quantum-proof VPNs
With quantum computers believed to become fully operational as early as 2030, it's just a matter of time before current encryption methods become obsolete.
Today, VPNs often use RSA-based key exchanges to ensure that your connections remain private between you and the receiver. Quantum computers, however, can process computations that today's computers can't handle within minutes, potentially breaking current encryption protections.
This is where the NIST's quantum-safe standards come in. This work is crucial to support VPN providers, but also messaging apps, encrypted email, and any other tech company integrating some forms of encryption into their products.
While most VPN providers are still figuring out how to implement quantum-resistant algorithms into their software without losing performance, some services like ExpressVPN already offer such protection.
These are Mullvad VPN, Windscribe, and PureVPN. These providers are also in the process of replacing their current quantum-resistant protection with the new NIST standard.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
