ExpressVPN has integrated ML-KEM, the newly established NIST standard for post-quantum encryption, into its proprietary Lightway VPN protocol.
This move solidifies ExpressVPN’s commitment to future-proofing user data against the risks posed by quantum computers, which could render traditional encryption methods obsolete. The transition to ML-KEM follows the release of NIST’s first quantum-resistant encryption standards in August 2024, marking a critical milestone in cybersecurity.
Why post-quantum encryption matters
Quantum computers, with their unparalleled processing power, have the potential to break current cryptographic systems. While such machines are still in development, the threat of “harvest now, decrypt later” attacks is already prompting cybersecurity professionals to adopt quantum-resistant protocols. In these scenarios, attackers collect encrypted data today, intending to decrypt it once quantum capabilities become available.
By upgrading Lightway to support ML-KEM, ExpressVPN aims to ensure that user data remains secure, even as the computing paradigm shifts. ML-KEM (Module-Lattice Key-Encapsulation Mechanism), developed through years of rigorous testing by NIST, provides a robust defense against quantum-level attacks. This integration brings users stronger encryption keys, enhanced performance, and compatibility with evolving cryptographic needs.
The new standard employs NIST Security Level 5 key sizes, increasing cryptographic attack resistance. ExpressVPN users can continue to enjoy low-latency, high-speed VPN connections without noticing any performance trade-offs. The VPN provider states that, unlike previous incremental updates, this upgrade represents a significant leap forward in securing VPN traffic against future technological advancements.
VPN industry moving to a post-quantum future
ExpressVPN is not alone in its adoption of post-quantum encryption. NordVPN recently announced its implementation of ML-KEM on its Linux client, with plans to roll out the feature across all platforms by 2025. While NordVPN’s approach centers on gathering insights from a tech-savvy Linux user base, ExpressVPN’s implementation is immediately available across all supported devices on the latest version of its client app, reflecting different deployment strategies in the industry.
Both companies’ efforts highlight the growing importance of crypto-agility — the ability to adapt swiftly to new cryptographic standards as they emerge. This agility is crucial as the timeline for viable quantum computers remains uncertain but increasingly urgent.
More ExpressVPN changes
ExpressVPN also made a notable change in its implementation strategy, migrating from the Open Quantum Safe (OQS) library to WolfSSL. This shift prioritizes production readiness, performance optimization, and long-term support. According to ExpressVPN’s announcement, WolfSSL’s streamlined builds and enterprise-grade reliability make it a better fit for the demands of post-quantum encryption in a live environment.
If you’re interested in ExpressVPN, check out our in-depth review of the product, which features up-to-date testing results, streaming service compatibility insights, and customer service scores.
Critical Flaws in Widely Used Rsync Tool Puts Millions at Risk
Leave a Reply