After unveiling a feature-packed update just a week ago, TechRadar’s top VPN service decided to scale up encryption as the threats of quantum computing loom.
ExpressVPN’s fast and secure VPN protocol now includes standard post-quantum security for the Android, iOS, Linux, Mac, and Windows apps. Users just need to update their applications to the latest version to enjoy the extra layer of encryption.
The provider, an early pioneer in the VPN industry, wants to play an active role in the transition to a quantum-safe world. “We’re proud to be innovators leading the way for a quantum-safe future in the VPN industry,” said Pete Membrey, Chief Engineering Officer at Express.
ExpressVPN’s post-quantum protections
As quantum computers become widely accessible, end-to-end encryption is in danger of becoming obsolete. That’s because quantum computers can handle exponentially more complex processes in just a fraction of the time compared to classical computers, including breaking into today’s encrypted layers.
This could take another decade. Yet harvest now, decrypt later attacks are already threatening people’s data. “We believe it is important to stay ahead of the clock and provide protection before quantum computing becomes an immediate threat,” Membrey said.
He and his team of engineers knew this back in 2020 when they designed the ExpressVPN Lightway protocol entirely in-house. For those unfamiliar with this technology, a VPN protocol refers to the encryption method used to protect your data.
The Membrey team decided to keep the standard Transport Layer Security (TLS) and datagram TLS (DTLS) implementations, knowing that the DTLS 1.3 update would bring about the necessary expansion to support more advanced things like post-quantum keys. They then turn to the open-source WolfSSL cryptography library for its faster speeds, which could come in handy when adding more complex features.
“When WolfSSL added support for DTLS 1.3, and also integration with the Open Quantum Safe library, it was relatively easy for us to upgrade,” Membrey told me, adding that the real work instead was making sure all features were safe and were reliable.
“That ultimately took hundreds of hours of testing and refinement, and working closely with WolfSSL to perfect its implementation for our heavy-duty use case. Once we felt confident in our testing, rolling it out was as easy as deciding to feature to enable.”
Introducing our own post-quantum protection VPN, making us one of the early pioneers in the industry. This allows us to keep you safe online in light of developments and threats in the field of quantum computers. Now the new standard for all ExpressVPN users. pic.twitter.com/UtBDmKONtoOctober 23, 2023
Express’s WireGuard-inspired protocol now uses algorithms integrated from the Open the Quantum Safe team’s liboqs (P256_KYBER_LEVEL1 for UDP and P521_KYBER_LEVEL5 for TCP). Kyber was actually chosen as a candidate by the National Institute of Standards and Technology (NIST). general post-quantum encryption. Even better: because the protocol is open source, anyone can check the new code.
Post-quantum technology is still relatively new, less proven and unpredictable compared to classical cryptographic algorithms. That is why the provider has decided to combine both new and old encryption keys for the time being, so that they can work together in a hybrid mode.
Membrey said: “A hybrid approach means that users are safe from attacks by classical computers without relying on post-quantum algorithms, and they also have the best chance we know today of being safe from attacks by quantum computers.”
He confirmed his intention to continue to lean on the open source community – ExpressVPN’s Lightway protocol, WolfSSL’s cryptographic libraries and the liboqs project are all in fact open source – to continue developing Express’ post-quantum solutions as the computer room is progressing. .
The post-quantum race
ExpressVPN may be one of the first VPNs to implement post-quantum cryptography, but it’s certainly not the only security software provider moving in the same direction.
Secure email services have also started building their encryption walls. Hannover-based Tutanota announced in July its project to bring post-quantum cryptography to the cloud, securing a grant and partnership with the University of Wuppertal.
This week, Proton (the company behind the VPN, email and disk services of the same name) announced that it is working on quantum-safe encryption algorithms in OpenPGP. The company says its open standard for encryption is available to everyone through the free and open source libraries it maintains, such as OpenPGP.js and Gopenpgp.
About a month ago, popular messaging app Signal added quantum-level encryption to its security infrastructure with the latest update. PureVPN beat many to the punch by rolling out quantum-resistant keys in April 2022.
The race for post-quantum encryption has officially begun – and time has never been more crucial. Every cryptographer is probably fighting against time to solve this quest by now. Still, Membrey believes Express may have an advantage that many VPNs may not.
“Lightway is specifically designed to allow us to make such changes in a simple and standard way,” he says. “Other VPN protocols would require extensive changes to support post-quantum. There are options available, but they are essentially extensions or solutions to the existing protocols. None offer the seamless support that Lightway can provide.”
We test and assess VPN services in the context of legal recreational use. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protect your online security and strengthen your online privacy abroad. We do not support or tolerate the illegal or malicious use of VPN services. Consuming pirated, paid for content is not endorsed or condoned by Future Publishing.