At ExpressVPN, we’re always innovating to protect our users against even the most sophisticated attacks. This is why we integrated the Kyber encryption algorithm into our Lightway protocol long before its recent recognition as the gold standard for post-quantum cryptography by the National Institute of Standards and Technology (NIST). We made this choice after carefully evaluating the technology and leveraging the state-of-the-art implementation provided by the Open Quantum Safe (liboqs) project.
The quantum threat and our early adoption of Kyber
As the potential of quantum computing looms larger, its promise is matched by a significant threat: the ability to break the encryption methods that keep our digital lives secure. Recognizing this, NIST embarked on a multi-year effort to identify and standardize encryption algorithms that could withstand quantum attacks. Among the top contenders, Kyber emerged as the leading solution for key exchange—an essential function for maintaining secure communications.
Although we respect the thoroughness of NIST’s approach, we knew we could not wait for the dust to settle on this competition. Post-quantum encryption was just too important. In our analysis, it was clear that Kyber was a strong candidate, backed by industry leaders, so we chose to align ourselves with it, integrating Kyber into our Lightway protocol early on.
Kyber’s victory validates our approach
On Aug. 13, 2024, NIST officially announced that Kyber had been selected as the primary standard for key exchange in the post-quantum era. This decision was based on years of rigorous analysis and testing by the world’s leading cryptographers, affirming Kyber’s robustness and reliability in protecting data against quantum computing threats.
For us at ExpressVPN, this announcement isn’t just a validation of Kyber but also our proactive approach to security. We’ve built our teams to look forward, and we expect them to maintain a comprehensive understanding of the security landscape. This allowed us to confidently choose Kyber long before it became the industry standard, so we could put it to work protecting our users.
The strength of Lightway: A hybrid approach to security
While Kyber’s selection is a significant milestone, we’ve always recognized that no single solution can offer absolute security. That’s why our Lightway protocol employs a hybrid approach, combining Kyber’s post-quantum encryption with the classical state-of-the-art P521 encryption. This dual-layered defense ensures that even if one layer is compromised, the other continues to protect our users’ data.
This hybrid approach aligns with the best practices recommended by NIST and other leading experts in the field.
Read more: Ups and downs of post-quantum cryptography—and our hybrid solution
Looking ahead: Continuing to lead in post-quantum security
The journey to quantum-safe encryption is far from over, and the situation will continue to evolve as quantum computing technology advances. We remain committed to staying at the forefront of these developments, ensuring that our users are always protected by the most robust and up-to-date security measures available.
To support this commitment, the ExpressVPN team actively shares our knowledge and raises awareness about post-quantum encryption. For example, I recently presented my work and insights at forums like the Institution of Engineering and Technology (IET) in Hong Kong, Hanoi University of Science and Technology, and FOSSASIA. These engagements gave me the opportunity to discuss the importance of preparing for quantum threats and the steps we’ve taken, such as our early adoption of Kyber and the ongoing use of a hybrid approach in the Lightway protocol.
With Kyber now officially recognized as the standard for post-quantum encryption, our early adoption of this technology puts us—and our users—ahead of the curve. As we continue to monitor and adapt to the latest advancements, you can trust that ExpressVPN will remain your first line of defense, ensuring your data stays protected, now and in the future.
Protect your privacy with the best VPN
30-day money-back guarantee
Comments
Hi Pete – on my desktop and Android phone I have 3 options to choose: 1) Automatic, 2) Lightway – UDP and 3) Lightway- TCP.
Lightway – UDP says…”provides post-quantum support.”
The other two options do not mention post-quantum support.
Which of the 3 options should I select?
Hello, both Lightway UDP and TCP have post-quantum support. The wording is misleading; thanks for helping to alert us to that.
In most cases, users who choose “Automatic” will be using Lightway. So feel free to always choose “Automatic”, which is what the app thinks is the best choice for your device.
If you want to be sure you are using Lightway, then go for Lightway – UDP.