ExpressVPN introduces post-quantum security

ExpressVPN introduces post-quantum security:Its VPN technology, which draws inspiration from WireGuard, now incorporates safeguards against quantum computing.
Threats from quantum computing have prompted  top VPN service to increase its encryption, only one week after releasing a feature-rich update.

Post-quantum safeguards are now included by default in ExpressVPN’s quick and secure VPN protocol for all of its Android, iOS, Linux, Mac, and Windows apps. To take advantage of the extra layer of encryption, users only need to upgrade their applications to the most recent version.

Being a trailblazer in the VPN sector, the service aims to actively contribute to the shift towards a world that is secure from quantum computing. Pete Membrey, Chief Engineering Officer at Express, told me, “We are proud to be innovators who are helping to lead the charge for a quantum-safe future in the VPN industry.”

ExpressVPN’s safeguards against post-quantum

With the increasing availability of quantum computers, end-to-end encryption may eventually become outdated. This is due to the fact that quantum computing devices, such as those used to crack current encrypted layers, are capable of processing exponentially more complicated tasks in a fraction of the time required by classical computers.

It might yet be ten years from now. Nonetheless, people’s data is already at risk due to “harvest now, decrypt later” attacks. “We believe it is important to stay ahead of the clock and put in protections before quantum computing becomes an immediate threat,” Membrey stated.

Check on AMAZON

When he and his engineering team started working on the ExpressVPN Lightway protocol entirely internally in 2020, they were already aware of this. For those who are not familiar with this technology, a VPN protocol is the encryption technique used to safeguard your information.

Membrey’s team made the decision to stick with the standard implementations of datagram TLS (DTLS) and transport layer security (TLS), as they knew that the DTLS 1.3 update will bring about the necessary extension to handle more sophisticated things like post-quantum keys. Subsequently, they utilise the open-source WolfSSL cryptography package due to its faster performance, which is advantageous when including more intricate features.

Membrey informed me that upgrading to WolfSSL’s support for DTLS 1.3 and integration with the Open Quantum Safe library was rather easy. The true challenge, she said, was making sure all the capabilities were dependable and safe.

“To perfect their solution for our intensive use case, we worked closely with WolfSSL and put in hundreds of hours of testing and refinement. It was as easy as choosing to allow the feature to roll it out after we felt secure in our testing.”

Algorithms from the Open Quantum Safe team’s liboqs (P256_KYBER_LEVEL1 for UDP and P521_KYBER_LEVEL5 for TCP) are now implemented into Express’s WireGuard-inspired protocol. The National Institute of Standards and Technology (NIST) really selected Kyber as a contender for universal post-quantum encryption. Better yet, since the protocol is open-sourced, anyone can examine the updated code.

Compared to traditional cryptographic methods, post-quantum technology is still relatively young, less proven, and unpredictable. For the time being, the provider has chosen to combine the old and new encryption keys so that they can coexist peacefully in a hybrid mode.

Membrey stated: “A hybrid approach means that users are safe from attacks by classical computers without relying on post-quantum algorithms, and they also have the best chance we know of today of being safe from attacks by quantum computers.”

He reaffirmed the plan to maintain drawing on the open-source community to advance Express’ post-quantum solutions as computing technology advances. Notably, the liboqs project, WolfSSL’s cryptographic libraries, and the Lightway protocol of ExpressVPN are all open-sourced.

The race after quantum

Although ExpressVPN was among the first VPN services to use post-quantum cryptography, it’s not the only company offering security software that follows this path.

Encryption walls have already begun to rise for secure email providers. In July, Hannover-based Tutanota announced that it has secured funding and a collaboration with the University of Wuppertal to deliver post-quantum cryptography to the cloud.

We think it’s critical to keep ahead of the curve and implement safeguards before quantum computing poses a direct threat.

Pete Membrey, Chief Engineer at ExpressVPN

With its most recent upgrade, the well-known messaging software Signal added quantum-level encryption to its security framework about a month ago. In April 2022, PureVPN rolled quantum-resistant keys, ahead of several others.

The race to develop post-quantum encryption has officially started, and now more than ever, time is of the essence. By now, every cryptographer is undoubtedly racing against the clock to complete this task. However, Membrey thinks Express might offer a benefit over a lot of VPNs.

“Lightway was designed specifically to allow us to make such modifications in a simple and standard way,” he claims. “To enable post-quantum, other VPN protocols would require significant modifications. Though they are essentially workarounds or extensions of the current protocols, there are other solutions. None can provide the smooth assistance that Lightway provides.”

View the best ExpressVPN price available now.

The company behind homonymous VPN, email, and storage services, Proton, revealed this week that it is developing quantum-safe OpenPGP encryption methods. The company stated that anyone can utilise the open standard of encryption using the free and open-source libraries it maintains, like Gopenpgp and OpenPGP.js.


Leave a Comment