If you're using a VPN, how your data is encrypted is vitally important. All reliable and secure VPNs send your information through encrypted tunnels, protecting it from hackers and third-parties.
As computing develops, so does encryption but also the ability to crack it. It is therefore essential that the best VPN providers continue to update the encryption methods of their products.
ExpressVPN, the best VPN for beginners, has done just that by upgrading its Lightway protocol to ML-KEM, the new industry standard in post-quantum encryption. But what does that mean, and how does it help you?
Industry leading
ExpressVPN has become the first leading VPN provider to introduce ML-KEM encryption after it was announced as one of three quantum-resistant standards by the National Institute of Standards and Technology (NIST) last year.
ML-KEM has been integrated into ExpressVPN's existing protocol, Lightway, meaning your data is protected with the same speed and reliability already established. The new encryption comes in an update for ExpressVPN and is available on all major platforms. Make sure you check for, and install, any updates on your devices running the VPN to ensure you're best protected.
In ExpressVPN's official announcement Pete Membrey, Chief Engineering Officer, said: "Encryption is always evolving, and so are we. When Kyber emerged as a trusted frontrunner in the race to secure the post-quantum world, we integrated it into Lightway to ensure your data stayed ahead of potential threats."
"Now, with ML-KEM – the newly minted NIST standard – we're taking that protection even further. Built on Kyber's foundations, ML-KEM delivers stronger, future-proof encryption to keep you secure against the challenges of tomorrow.
Kyber acts as a solid foundation for ML-KEM, with the new encryption refining it with small but meaningful improvements.
Lightway now uses NIST Security Level 5 key sizes for both TCP and UDP protocols. These are larger key sizes and ensure your connection is harder to break, regardless of your protocol. They are specifically designed to resist advanced cryptographic attacks, meaning your data remains private and secure.
Why does post-quantum encryption matter?
You may, or may not, have heard of quantum computers – they represent the next level in computing. Whilst they're not currently available on the consumer market, they are expected to become more common as the decade progresses and we could see them having an impact as early as 5 years time.
There will be a time when these computers can break the encryption currently being used to protect most of the world's data, and this event will be known as Q-Day. Once this day arrives, all existing encryption will effectively be made redundant and will be left vulnerable to cracking.
Post-quantum encryption is the term used to describe encryption that can protect against quantum computers. Whilst quantum computers aren't here yet, it is vital post-quantum encryption is in place and ready to defend against threats.
ExpressVPN is leading the way for VPNs adopting post-quantum encryption, but others are on the way to fully implementing it. NordVPN currently offers post-quantum encryption on its Linux app, with plans to roll it out on all platforms in 2025.
IPVanish is another VPN working on implementing post-quantum encryption. In an interview with Tom's Guide last year, CCO Subbu Sthanu said it was in testing and planning to be released in 2025.
Tried and tested
ML-KEM emerged as the new industry standard after years of testing and it was found to be resilient and reliable. It is designed to defend against future quantum threats so you can rest assured your data will be safe in the long term.
Despite ML-KEM's advanced profile, it integrates seamlessly with Lightway. ExpressVPN's hybrid cryptography approach combines classical and quantum-safe algorithms meaning Lightway and ML-KEM deliver excellent levels of speed and protection.
Even better for users, you shouldn't see any dip in VPN performance. Lightway will still deliver the same low-latency and high-performance we have come to expect, without compromising on security.
There's more?
As well as upgrading to ML-KEM, Lightway has migrated to WolfSSL and sees a departure from Open Quantum Safe (OQS). WolfSSL and OQS are open-source libraries which secure digital communications.
According to Membrey's announcement, WolfSSL integrates ML-KEM with precision and delivers rock-solid performance, aligning with NIST's standards. It also allows ExpressVPN to streamline how Lightway is built and maintained.
Membrey said: "By reducing file sizes and simplifying development, we can deliver updates faster and with greater efficiency – so you're always protected by the latest technology."
WolfSSL's speed and power was also highlighted by Membrey and he went on to say that "unlike experimental libraries, WolfSSL provides enterprise-grade support and regular updates, making it the perfect fit for Lightway's ongoing evolution."
