Why every VPN should use post-quantum encryption

A digital concept image of security, a padlock against a green background
(Image credit: Getty Images)

At the moment, a virtual private network (VPN) is a great way to protect your data from hackers. It offers sophisticated encryption that will keep your data hidden from third parties, including cyber criminals, government bodies, and advertisers.

However, not even all the best VPNs offer protection that’s future-proofed. You may not be aware of them yet, but there are already highly sophisticated quantum computers that use quantum physics to render their computations significantly more efficient than those performed by classical computers. Because of their superior processing power, these quantum computers have the ability to break encryption methods used to protect most of the data on the internet, including the algorithms used by a lot of VPNs.

There’s no need to panic just yet, as quantum computers are currently only being used for research purposes, meaning they can only be found in universities, science labs, and supercomputer centers. But once they become more widely available and powerful enough to break encryption, there will be catastrophic consequences for cyber security across the globe. This day is referred to as Q-day and experts predict it’s likely to happen in the next five years.

Luckily, some VPNs are already offering post-quantum encryption to protect your data now and in the future. But the ones that don’t offer this will become vulnerable to attack once Q-day happens. Therefore, it’s vital that all VPNs start investing in post-quantum cryptography to give their users the best level of protection possible.

In this guide, we’ll explain the threat of quantum computers in a lot more detail and recommend VPNs with post-quantum encryption.

A digital concept image of a circuit board in blue

(Image credit: Getty Images)

What is post-quantum encryption?

Post-quantum encryption is a type of cryptography that’s been specifically designed to withstand attacks from quantum computers. Although quantum computers are only being used in research labs at the moment, there will come a day when they start being used to break the traditional encryption methods that currently protect most online data. This is referred to as Q-day and is predicted to happen at some point in the next five years.

As we don’t know exactly when this will happen, it’s best to prepare for it ahead of time so that your data isn’t compromised by quantum computers. There are already some encryption algorithms that are resistant to quantum attacks. The good news is that some VPNs are already utilizing some of these methods to offer robust post-quantum protection.

There are currently a few different forms of post-quantum cryptography that will keep your data safe long past Q-day. We’ll talk you through how they work to help you decide which one might be the best option for you.

Lattice-based post-quantum encryption

One of the more frequently used types of quantum-resistant cryptography, lattice-based post-quantum algorithms take advantage of the computational problem of solving lattices. Its crypto-scheme uses the lattice as a geometrical structure made up of infinite points.

This makes it able to withstand attacks from post-quantum computers thanks to the incredibly intensive operations used in this type of encryption. It’s considered to be very difficult, although perhaps not completely impossible, for a quantum computer to crack.

To decipher this type of encryption, a quantum computer would need to execute a brute force search of all possibilities to find the private key needed to break its algorithm. This would take an extremely long time, even for a quantum computer, and therefore wouldn’t be practical to attempt.

So far, lattice-based encryption has been successfully integrated into highly complex protocols and has already been renowned for its scalability and efficiency.

Code-based post-quantum encryption

While most traditional crypto schemes use number theory or elliptic curves, code-based post-quantum encryption is founded on the principles of coding theory.

It uses a public key, which comes from error-correcting code, along with a private key that is highly unlikely to be deciphered by a quantum computer. The difficulty posed by linear error-correcting codes makes this a very robust form of protection now and long into the future.

Multivariate polynomial-based post-quantum encryption

Multivariate encryption is based on the difficulty found in solving a form of algebraic equations, known as multivariate polynomial equations. It works by using a public key created by a system of these equations, alongside a private key that’s based on the ability to solve these equations correctly and quickly.

This isn’t something that a quantum computer is currently capable of managing efficiently, thereby making it a strong form of protection against post-quantum attacks.

Hash-based post-quantum encryption

Similar to code-based encryption, hash-based algorithms don’t use number theory or elliptic curve schemes. Instead, they utilize collision resistance combined with one-way properties to guard against quantum computer hacks.

Often referred to as hash-based signatures or one-time signatures, hash-based cryptography can be rolled out easily. This is because its signatures are usually small enough to be used by the majority of apps and devices without causing any problems. It’s a pretty simple but effective solution, with a fast verification process, particularly when compared to other forms of post-quantum encryption.

Isogeny-based post-quantum encryption

Based on the mathematics of isogenies and elliptic curves, supersingular elliptic curve isogeny cryptography (SIDH) uses secure key exchange protocols. It’s considered to be strong enough to withstand attacks from quantum computers, as well as traditional ones, making it a solid choice if you want to future-proof your cyber security.

A Futuristic circuit board on a dark blue background.

(Image credit: Getty Images)

Why should VPNs use post-quantum encryption?

All VPN providers should be looking to use post-quantum encryption to protect customer data against quantum computers. Once Q-day happens and quantum computers are strong enough and widespread enough to crack traditional forms of encryption, most of the world’s data will be vulnerable to attack. This includes any data protected by VPNs that don't offer post-quantum cryptography, 

Frustratingly, the majority of VPN providers don’t currently offer this level of encryption, meaning that most of them could be rendered completely obsolete once Q-day arrives. 

But it doesn’t have to be that way. Some VPNs are already integrating post-quantum encryption into their protocols to protect user data for years to come. All VPN providers should start looking into investing in post-quantum cryptography if they haven’t already because they will be able to offer long-term protection to their customers. This will also help to future-proof the VPNs they’re offering so that they won’t go out of business after Q-day.

If you’re looking to sign up for a VPN that will provide you with robust protection for years to come, it’s vital you check that the VPN you’re signing up for offers post-quantum encryption. This is especially important if you’re planning to sign up for a long-term contract.

Luckily, while it’s not yet the norm, there are a few providers that have already incorporated post-quantum algorithms into their protocols to keep your data secure. We’ll provide you with our top five recommendations in the next section.

A digital concept image of a computer processing unit in black, gold and blue

(Image credit: Getty Images)

Which VPNs use post-quantum encryption?

As promised, we’ve pulled together a list of reputable VPNs with post-quantum encryption. We’ll talk you through what type of algorithms they use, as well as any other benefits to help you make the right decision:

ExpressVPN

Consistently appearing in our best VPN lists, ExpressVPN has always been a great option for anyone looking for a safe and reliable VPN. Plus, unlike a lot of its competitors, ExpressVPN offers post-quantum protection. As you’d expect, it has the as-yet unbreakable AES 256-bit encryption to protect against the vast majority of cyber threats around at the moment. But crucially, it also provides additional security to protect against the impact of Q-day.

It has achieved this through its own open-source proprietary Lightway protocol, which contains post-quantum algorithms that are strong enough to withstand attacks from quantum computers.

To make things even more secure, ExpressVPN’s Lightway protocol has now been independently audited twice in the past two years by Cure53. On both occasions, it was found to be incredibly secure, meaning that you can rest assured that your data will remain secure, even against quantum computer hacks.

Even though it has highly sophisticated security built in, the Lightway protocol is actually surprisingly fast. In our tests, we found that it delivered speeds of 410 Mbps, which will be more than sufficient for buffer-free streaming, video calling, and online gaming. When you compare it to ExpressVPN’s other protocol, OpenVPN, which is more than two decades old, Lightway is the clear winner.

Apart from its Lightway protocol, ExpressVPN still has plenty to offer, with an impressive fleet of strong servers from around the world. It’s ideal for unblocking region-restricted content. Plus, it’s wonderfully easy to use, with strong customer support, so it’s a great choice, even if you’ve never used a VPN before.

QSTVPN

QSTVPN’s main selling point is that it offers post-quantum encryption to ensure its VPN connections are strong enough to keep your data safe from attacks by both traditional and quantum computers. It’s a strong and secure provider that will keep your traffic completely hidden, even past Q-day.

Although it has implemented highly sophisticated security measures, it still provides fast speeds that won’t let you down while you’re browsing, streaming, or gaming.

QAL VPN

If you want an extremely robust option to keep your business safe long into the future, QAL VPN is a great choice. That’s because it uses a range of post-quantum algorithms to give you an additional layer of security. Three of its algorithms use lattice-based cryptography, while its SPHINCS+ encryption relies on hash-based functions to give you even stronger protection against quantum attacks.

As we mentioned, QAL VPN is first and foremost a VPN provider for large businesses, so it’s not a suitable choice for individuals. But if you’re looking to protect your company’s online data for a long time to come, it’s a good idea to get a quote from QAL VPN.

Mullvad

Mullvad is a great choice if you want post-quantum encryption on your desktop, as it currently has quantum-resistant tunnels available for all WireGuard protocols on the desktop app. So it’s ideal if you use Windows, Mac, or Linux.

But if you also want that level of protection for your other devices, Mullvad has promised to roll out the same level of protection on its Android and iOS apps. So if you sign up for a Mullvad subscription, you should have post-quantum protection across all your devices long before Q-day.

Mullvad has managed to integrate this level of cryptography into the WireGuard tunnel by using Kyber and Classic McEliece post-quantum algorithms. It works by sharing a secret in a manner that’s too sophisticated for a quantum computer to hack. After this secret has been shared, Mullvad will disconnect that tunnel and open a new one with the new shared secret.

Aside from the post-quantum protection, we also recommend Mullvad because it’s a strong solution with excellent customer support, and fast speeds, and it allows customers the ability to sign up for a subscription without giving any personal details.

Windscribe

Windscribe also makes use of the WireGuard protocol to deliver post-quantum protection by generating a pre-shared key that’s completely unique to each of its users.

It makes the most of the public and private keys that WireGuard uses to give an added layer of security. This means that, even if a quantum computer could decrypt the keys, it wouldn’t be able to decipher the traffic, so your data would remain hidden.

Windscribe often makes our list of recommendations thanks to its strong security, as well as its fast speeds, ability to unblock location-restricted content, and strong customer support offering.

A concept image of a phone against a bright blue circuit board with 'VPN' in a shield on the phone's screen

(Image credit: Getty Images)

Post-quantum encryption FAQs

What is Q-day?

Q-day is the day referred to by experts when quantum computers become powerful and widely available enough to break the encryption algorithms that are currently being used to protect the majority of sensitive online data. This includes everything from banking apps, emails, and cloud storage to government papers, business documents, and medical information.

Unsurprisingly, cyber security experts view Q-day as a potentially catastrophic global event that could have huge ramifications politically, financially, and socially. It’s predicted to take place sometime in the next five years.

But there’s no need to worry just yet, as there are already post-quantum algorithms that have been built to withstand attacks from quantum computers. They’re already available to the public through the use of VPNs that offer this level of encryption, such as ExpressVPN, Windscribe, and Mullvad.

What is post-quantum encryption?

Post-quantum encryption refers to any level of encryption that can’t be broken by a quantum computer. This includes lattice-based encryption, as well as hash-based signatures, code-based encryption, and isogeny-based encryption. There are a few VPNs on the market that offer this added layer of security, including ExpressVPN, Mullvad, and Windscribe

Do quantum computers pose a threat to VPNs and encryption?

Currently, the majority of VPNs don’t offer post-quantum encryption, therefore quantum computers currently pose a serious threat to VPNs and the data they protect. But there are already some VPN providers that offer this level of cryptography and, provided VPNs begin to implement these algorithms into their security protocols, they will be able to guard against attacks from quantum machines. 

Olivia Powell
Tech Software Commissioning Editor

Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.

With contributions from