ExpressVPN, the consumer privacy and security company, has launched post-quantum protection on its next-generation VPN (Virtual Private Network) protocol, Lightway. In doing so, ExpressVPN is at the forefront of its sector, representing one of the very first in the VPN industry to apply such advanced protections, according to a statement from the company.
The addition of post-quantum protection acknowledges the evolving threats from quantum computers. Current users can shield themselves against potential attacks by ensuring their ExpressVPN apps are updated to the newest version, across a range of platforms including Android, iOS, Linux, Mac, and Windows.
ExpressVPN's Chief Engineering Officer, Pete Membrey, outlined the company’s commitment towards mitigating future risks and further improving user security. He expressed, “We believe that by playing an active role in the transition to a quantum-safe world, we can future-proof ourselves and our users. We are proud to be innovators who are helping to lead the charge for a quantum-safe future in the VPN industry.”
The increasing power and capabilities of quantum computers could pose significant risks to privacy and security. Conventional encryption algorithms that are presently considered secure could, in theory, be breached by quantum computers. For instance, a traditional computer could take approximately 300 trillion years to crack a standard RSA-2048 bit encryption key, while a sufficiently advanced quantum computer may accomplish the same feat in days.
Among the most pernicious threats that quantum computing heralds is the potential for 'Store Now, Decrypt Later' (SNDL) attacks. These involve cyber criminals stockpiling encrypted data with the intention of decrypting it with quantum-powered computers in the future.
Due to this increasing danger, a law was enacted by United States President Joe Biden in December 2022. Known as the Quantum Computing Cybersecurity Preparedness Act, the legislation encourages federal agencies to adopt technologies that safeguard against quantum computing attacks.
Membrey emphasised ExpressVPN's resolve in reassuring users and maintaining the edge over cyber threats, saying: “ExpressVPN's goal is to protect our users and help them take control of their internet experience. This is why it’s important for us to deploy post-quantum cryptography as early as possible, so that we can help our users stay ahead in the ever-evolving landscape of cyber threats.”
ExpressVPN’s provision of post-quantum protection is leveraged through integrating wolfSSL with the Open Quantum Safe team's liboqs, applying P256_KYBER_LEVEL1 for UDP and P521_KYBER_LEVEL5 for TCP.
ExpressVPN is known for its consumer VPN service is backed by its open-source VPN protocol Lightway, delivering user privacy. ExpressVPN’s Keys password manager and Aircove router are designed to make digital privacy and security easy and accessible for all.