ExpressVPN upgrades to post-quantum encryption NIST standards

Popular VPN provider, ExpressVPN, has just taken a step further in its post-quantum transition, integrating the latest future-proof encryption technology across all its apps.

ML-KEM, one of the three quantum-resistant encryption standards released by the National Institute of Standards and Technology (NIST) in August last year, has replaced the Kyber algorithm on ExpressVPN's proprietary Lightway VPN protocol.

This move further consolidates the company's commitment to securing users' data against new threats posed by quantum computing. Already one of the best VPN services on the market, ExpressVPN was among the first to add post-quantum protection in October 2023. The new release now makes ExpressVPN an early adopter of the industry standard of post-quantum encryption.

From Kyber to ML-KEM: what's changed?

"Encryption is always evolving, and so are we. When Kyber emerged as a trusted frontrunner in the race to secure the post-quantum world, we integrated it into Lightway to ensure your data stayed ahead of potential threats. Now, with ML-KEM – the newly minted NIST standard – we’re taking that protection even further," said Pete Membrey, Chief Research Officer at ExpressVPN, in the official announcement.

Membrey explains that ML-KEM is built on Kyber's foundation and is now the standard for cryptographic key exchanges, meaning exchanging information across a public network, like VPNs.

The new algorithm results from years of work, designed to defend against future quantum threats. ML-KEM has also managed to amass the consensus of leading cryptographers worldwide during this time. The most important, perhaps, its design integrates seamlessly into Lightway, with ExpressVPN promising that speed and reliability won't be affected.

"Lightway is built to evolve, and ML-KEM represents the next step in its journey," said Membrey, adding that the VPN protocol now uses NIST Security Level 5 key sizes for both TCP and UDP, "ensuring your connection is harder to break."

Upgrading to ML-KEM wasn't the only change for ExpressVPN and, well, its Lightway protocol.

ExpressVPN also decided to migrate from the Open Quantum Safe (OQS) team’s implementation of Kyber/ML-KEM to WolfSSL. For the less techie out there, WolfSSL is an open-source library used to secure digital communications between devices, among other things.

WolfSSL introduced a few advantages. For starters, it implements ML-KEM perfectly, Membrey explains, allowing Lightway to deliver solid performances across all platforms. It's also optimized for speed and power efficiency thanks to a lighter and simpler infrastructure. This will enable Lightway to keep delivering low-latency and high-speed connections

"Unlike experimental libraries, WolfSSL provides enterprise-grade support and regular updates, making it the perfect fit for Lightway’s ongoing evolution," Membrey added.

You can now benefit from ExpressVPN's new post-quantum protections simply by upgrading to the latest version of the VPN app. The update has already been rolled out across all major platforms.

The need for quantum-proof VPNs

With quantum computers believed to become fully operational as early as 2030, it's just a matter of time before current encryption methods become obsolete.

Today, VPNs often use RSA-based key exchanges to ensure that your connections remain private between you and the receiver. Quantum computers, however, can process computations that today's computers can't handle within minutes, potentially breaking current encryption protections.

This is where the NIST's quantum-safe standards come in. This work is crucial to support VPN providers, but also messaging apps, encrypted email, and any other tech company integrating some forms of encryption into their products.

While most VPN providers are still figuring out how to implement quantum-resistant algorithms into their software without losing performance, some services like ExpressVPN already offer such protection.

These are Mullvad VPN, Windscribe, and PureVPN. These providers are also in the process of replacing their current quantum-resistant protection with the new NIST standard.