After solidifying its position as TechRadar’s #1 best VPN service following a successful new round of testing, NordVPN has just kicked off the post-quantum transition.
The provider has implemented quantum-safe encryption on its WireGuard-based NordLynx protocol for its Linux VPN app. This soft launch will allow Nord’s engineering team to gather essential performance data, such as the impact on connection times and speed, said the company. The team expects to roll out post-quantum support across all applications by March 2025 at the latest.
The need for post-quantum VPNs
The era of quantum computers may still be a few years away, but these machines are improving quickly, meaning it’s just a matter of time before traditional RSA encryption methods – like those used by VPNs – become obsolete.
This is because quantum computers are expected to process computations, that today’s computers can’t handle, within minutes. Worse still, cybercriminals are already tailoring their attacks with this in mind.
“Trends show that cybercriminals are intensifying what is known as ‘harvest now, decrypt later‘ attacks. Simply put, they are trying to accumulate huge quantities of encrypted data and decrypt them once quantum technology is developed,” said Marijus Briedis, CTO at NordVPN.
This is exactly why, according to Briedis, the VPN industry must now enter the PQ transition to protect users’ data against future quantum computing threats. He said: “With this launch, we start a major transition to new-generation encryption of all our applications providing long-term security for our users.”
The National Institute of Standards and Technology (NIST) officially released the first three quantum-resistant encryption standards on August 13, 2024, after over a decade of testing more than 80 algorithms and beginning a new era for VPN security in the process.
The team of engineers at NordVPN based their new PQ approach on the NIST’s standards. Specifically, they added the ML-KEM algorithm (formerly known as CRYSTALS-Kyber) to the NordLynx protocol. This is the primary standard for cryptographic key exchanges needed to protect the exchange of information across a public network like in the case of VPNs.
Being just the beginning of PQ cryptography, there is the risk these new algorithms may come with security vulnerabilities. This is why, like other providers, Nord opted for a hybrid approach that sees quantum-resistant algorithms working alongside classic encryption methods.
Explaining how this works in practice, Briedis told me: “Initially, we establish a standard WireGuard session and within this session, we perform a protocol-defined pre-shared key (PSK) exchange using ML-KEM. After the PSK exchange, both client and server use a non-zero-fill 32-byte PSK to add a quantum secure layer to session encryption.”
A VPN (virtual private network) uses encryption to secure all your internet connections. Put simply, it scrambles all the data leaving your device into an unreadable form to prevent third parties from intercepting the information in transit.
Implementing post-quantum encryption in today’s VPN software is anything but easy, though.
The main challenge is especially to find a balance between security and performance. That’s because PQ algorithms typically require much larger key sizes and signatures than traditional ones, which could negatively affect VPN speed and reliability.
This is exactly why, as mentioned earlier, NordVPN has only implemented quantum-safe encryption for its Linux VPN app at the time of writing. Briedis explains the team picked precisely this platform as its users tend to be more tech-savvy and proactive in flagging potential issues or aspects to improve.
“These insights will help us fine-tune the implementation of post-quantum cryptography and guide our future rollout across all platforms,” Briedis told me. “By starting with Linux, we’re laying the groundwork for a seamless transition to quantum-resistant encryption methods, ensuring long-term security for all our users.”
Wider PQ support is expected to be released in the first months of 2025.
NordVPN has now joined a small group of providers already offering quantum-safe protections. These include Windscribe, ExpressVPN, PureVPN, and Mullvad, which recently added post-quantum encryption also for iPhones.