Encryption is always evolving, and so are we. When Kyber emerged as a trusted frontrunner in the race to secure the post-quantum world, we integrated it into Lightway to ensure your data stayed ahead of potential threats. Now, with ML-KEM—the newly minted NIST standard—we’re taking that protection even further. Built on Kyber’s foundation, ML-KEM delivers stronger, future-proof encryption to keep you secure against the challenges of tomorrow.
With ML-KEM integrated into Lightway, your data is protected with the same speed and reliability you’ve come to trust from ExpressVPN.
The transition to ML-KEM: What it means for you
Quantum computing may feel like science fiction, but its potential to disrupt encryption is very real. That’s why we’ve upgraded Lightway to use ML-KEM, the newly finalized NIST standard for post-quantum encryption. This ensures your connection is secured by encryption designed not just for today’s threats but for the quantum-powered challenges of the future.
Why ML-KEM?
ML-KEM wasn’t chosen by accident. NIST spent years putting post-quantum encryption algorithms through their paces, stress-testing them against potential quantum-level attacks. After this exhaustive process, ML-KEM emerged as the standard—demonstrated to be both resilient and reliable. Here’s what you need to know about it:
- State of the art: ML-KEM is designed to defend against future quantum threats, keeping your data secure for the long term.
- Has global backing: As the official NIST standard, ML-KEM is the result of global consensus among leading cryptographers.
- Doesn’t sacrifice performance: Despite its advanced design, ML-KEM integrates seamlessly into Lightway. Paired with our hybrid cryptography approach, which combines classical and quantum-safe algorithms, you can rest assured that Lightway delivers unmatched speed and reliability while protecting you against future threats.
And the best part? You won’t notice a thing—Lightway continues to deliver the same low-latency, high-performance experience you rely on, with no trade-offs.
From Kyber to ML-KEM: Lightway’s next leap
Lightway is built to evolve, and ML-KEM represents the next step in its journey. This is what the upgrade from Kyber to ML-KEM means for Lightway:
Stronger keys, better protection
Lightway now uses NIST Security Level 5 key sizes for both TCP and UDP, ensuring your connection is harder to break—no matter the protocol. These larger key sizes are specifically designed to resist advanced cryptographic attacks, ensuring your connection stays private.
Smarter encryption
ML-KEM takes Kyber’s solid foundation and refines it with small but meaningful improvements, keeping you ahead of quantum-level threats.
Read more: ExpressVPN launches post-quantum protection to defend users against threats of the future
Why we switched to WolfSSL’s implementation for Post-Quantum
Upgrading to ML-KEM wasn’t the only step forward for Lightway—we also made the decision to migrate from the Open Quantum Safe (OQS) team’s implementation of Kyber/ML-KEM to WolfSSL. While OQS’s liboqs library played an important role in helping us pioneer post-quantum protection, this next phase called for a more production-ready solution, and WolfSSL was the clear choice.
So, what makes WolfSSL stand out?
- Production-grade implementation: WolfSSL integrates ML-KEM with precision, aligning perfectly with NIST’s finalized standards. It’s designed with real-world applications in mind, ensuring that Lightway’s encryption doesn’t just meet theoretical benchmarks but delivers rock-solid performance you can rely on.
- Smaller, faster, simpler builds: WolfSSL allows us to streamline how Lightway is built and maintained. By reducing file sizes and simplifying development, we can deliver updates faster and with greater efficiency—so you’re always protected by the latest technology.
- Optimized performance: WolfSSL is highly optimized for speed and power efficiency, meaning Lightway continues to deliver low-latency, high-speed connections without compromising on security.
- Reliable long-term support: Unlike experimental libraries, WolfSSL provides enterprise-grade support and regular updates, making it the perfect fit for Lightway’s ongoing evolution.
“We’re grateful to the OQS team for their incredible work on liboqs, which helped us pave the way for post-quantum encryption in Lightway. But as we look ahead, WolfSSL offers the ideal foundation to keep Lightway—and your data—secure.”
How to access ML-KEM on ExpressVPN
Getting the benefits of ML-KEM’s advanced post-quantum encryption is simple: all you need to do is make sure you’re using the latest version of the ExpressVPN app. We’ve rolled out updates across all major platforms, so you’re covered no matter how you connect.
To ensure you’re up to date, just open the app, head to settings, and check for updates—it only takes a few taps or clicks to ensure you’re protected by the latest post-quantum security.
Don’t have ExpressVPN yet? Sign up and enjoy the security of Lightway, our VPN protocol that we built from the ground up.
A new chapter in online security
As the world of encryption evolves, so do we—quietly integrating the most advanced technologies so that you can browse, stream, and communicate without worrying about what’s happening behind the scenes. ML-KEM is just the latest step in a journey that’s far from over.
With Lightway as your trusted companion, you’ll have assurance that your online activity is protected amid the advancements in post-quantum computing. It’s one less thing for you to think about, and one more reason to trust ExpressVPN to deliver the privacy you deserve.
Privacy should be a choice. Choose ExpressVPN.
30-day money-back guarantee
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
