New technology means new opportunities for innovation, but it also enables malicious hackers to cook up new cyberattacks. We always have to be on the lookout for new threats, even if they’re still looming on the horizon. There's one day in particular that every security researcher has marked in their diary, however, and that's "Q-Day" – the moment when quantum computing becomes powerful enough to break current encryption standards.
Living in a “post-quantum future” might sound like something straight out of a sci-fi blockbuster, but it’s something that we all need to prepare for. Quantum computers are real, advancing fast, and could eventually upend the technologies we use to encrypt data. That includes VPNs, which rely heavily on current encryption standards to protect our internet traffic.
So, to mark World Quantum Day, we’re looking at how today's best VPNs are gearing up for the post-quantum era. Fortunately, there are already a few forward-thinking VPN providers out there that are laying the groundwork for a secure future.
The post-quantum conundrum
Quantum computers work in a fundamentally different way from the computers we’re familiar with today.
Classical computers process information by encoding data into binary. Each bit of a binary string can contain either 1 or 0, and all of the calculations a classical computer can do are performed by performing operations on these binary strings.
It’s (relatively!) easy to map these states to the voltage level of electricity flowing through a circuit, which is how classical computers encode information on a physical level.
However, quantum computers encode data in a completely different way. Instead of using bits, quantum computers store information in “qubits”, or quantum bits.
Quantum computers are great at tackling problems that classical computers are bad at solving – and vice versa
Whereas a bit can only contain one state at a time, and can only contain one of two states, qubits can exist in multiple states simultaneously. These qubits are encoded using extremely delicate quantum states, which are difficult to maintain, meaning that current quantum computers have access to an extremely small memory set compared to regular computers.
These differences make quantum computers great at tackling problems that classical computers are bad at solving – and vice versa. One of these problems is factoring prime numbers.
We rely on the fact that it’s extremely difficult to factor large prime numbers to power asymmetric encryption algorithms, including RSA, which is responsible for securing a large proportion of traffic that flows through the internet on a daily basis.
RSA is so hard to brute force that it would take billions of years for a single key to be broken using current computing standards.
For a quantum computer with a large enough set of qubits to work with, it’s theorized that this brute-force period goes down to a couple of hours. While we’re not quite there yet, quantum research teams across institutions like IBM and Microsoft are constantly improving the maximum qubit set that quantum computers have access to.
How are VPNs preparing?
Breaking modern encryption standards has huge implications for the secure internet, including VPNs. They’re built to create secure, encrypted tunnels between your device and the internet, shielding your information from prying eyes.
For the most secure VPNs, making sure they’re one step ahead of the quantum curve is absolutely vital.
Of course, the threat of technology that could break modern encryption is being taken very seriously.
The National Institute of Standards and Technology has held a series of competitions open to researchers and organisations throughout the world to gather proposed algorithms to replace our current encryption standards.
In August 2024, NIST released the strongest three algorithms that are expected to withstand quantum attacks.
Wondering how VPNs do their thing? Check out our guide to how VPNs work for all the (jargon-free) details.
That doesn’t mean the threat of Q-day is completely vanquished. It’s still going to take a lot of time for these algorithms to be widely implemented.
While many encryption projects, such as OpenSSL, have already rolled these quantum-resistant standards into their libraries, that’s only part of the solution. To be truly prepared against the threat of quantum computing, these quantum-resistant libraries need to be integrated into the software that we use daily.
That’s why post-quantum resistance isn’t just a marketing gimmick. It’s an essential part of data security going forward, so we’re happy to see that several VPN providers out there have already taken up the mantle.
Which VPNs are prepared for a post-quantum world?
Not every VPN is ready yet, but several major players are taking post-quantum security seriously:
- AdGuard VPN: Uses an optional hybrid quantum-resistant algorithm, much in the same way Google Chrome does. X25519 provides the underlying encryption, whereas ML-KEM768 adds quantum security on top. It’s implemented in all of Adguard’s VPN clients, but is disabled by default as it slightly slows down connections and increases battery consumption.
- ExpressVPN: Lightway, ExpressVPN’s proprietary VPN protocol, has wolfSSL libraries built into it, which use P256_KYBER_LEVEL1 for UDP and P521_KYBER_LEVEL5 for TCP. These protocols are built on top of the standard TLS encryption wolfSSL offers, ensuring that any potential flaw in these algorithms doesn’t affect the traditional encryption schemes used by Lightway. ExpressVPN’s quantum protection is enabled by default.
- NordVPN: Initially, NordVPN rolled out quantum-resistant algorithms for its WireGuard-based protocol, NordLynx, back in 2024 for Linux clients only. As of 2025, this upgrade has been rolled out on Windows, iOS, Android, and macOS clients, too. It’s currently optional, as its post-quantum encryption doesn’t work with certain key NordVPN features, including MeshNet.
- NymVPN: While NymVPN does not currently implement post-quantum encryption, it intends to roll out quantum-resistant key exchange across the entirety of its technology stack during 2025, protecting both the Nym blockchain and individual VPN connections from advances in quantum computing.
- Mullvad: After some initial experiments with post-quantum encryption support, Mullvad has rolled out quantum resistance by default on its Windows app whenever you connect with WireGuard. It uses ML-KEM to protect your data against quantum attacks, which is one of the standards proposed by NIST.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.