Why Your VPN Might Already Be Fighting a Threat That Doesn't Exist YetTechnology
2 hours ago· 3

Why Your VPN Might Already Be Fighting a Threat That Doesn't Exist Yet

Cybersecurity experts say quantum computers could crack today's VPN encryption within 10 to 20 years, and providers like NordVPN, ExpressVPN and Mullvad are already offering a post-quantum encryption feature to guard against it.

The math that protects almost every VPN connection today, RSA and ECC, is considered essentially unbreakable by ordinary computers. But cybersecurity experts are increasingly vocal about a coming moment they call "Q-Day", the point somewhere in the next 10 to 20 years when quantum computers finally gain enough raw processing power to tear through that same math in a fraction of the time it would take a conventional machine. Post-quantum encryption, or PQE, is the VPN industry's early answer to that threat, built around mathematical puzzles so complex that even a quantum computer struggles to solve them quickly. NordVPN, ExpressVPN, Mullvad and a handful of other providers already let subscribers switch it on with a single tap, years before Q-Day is expected to actually arrive.

What Q-Day means for the encryption you rely on

RSA and ECC are the current gold standard for VPN encryption, protecting everything from your browsing history to your banking logins. The problem is that both were designed to resist attacks from classical computers, machines that would need centuries to brute-force their way through the underlying math. Quantum computers work on entirely different principles, and once they cross a certain threshold of processing power, security researchers expect them to crack RSA and ECC far faster than any traditional supercomputer could. That crossover point is what the industry has nicknamed Q-Day, and while most estimates put it 10 to 20 years out, the uncertainty around exactly when it will happen is itself part of the problem.

Also read

How your VPN's encryption actually works right now

When you connect through a VPN tunnel, your traffic gets scrambled into unreadable code that can only be unlocked with a cipher key. That key is transmitted to your device securely through what's known as a VPN handshake. Anyone without access to that key, including your internet service provider, sees nothing but noise instead of your actual browsing activity or data usage. The entire system works only because attackers currently lack the hardware needed to decrypt that scrambled data without holding the key itself. Quantum computing is evolving quickly enough that security researchers now believe it will eventually become powerful enough to decipher encrypted traffic even without ever touching the key.

Why attackers are not waiting for Q-Day to arrive

Q-Day is not a distant, abstract threat that can be ignored until it actually happens. Attackers are already running what are known as "harvest now, decrypt later", or HNDL, attacks, quietly collecting and storing encrypted network data today with the plan to decrypt it the moment quantum hardware becomes capable enough. That means the instant quantum computers cross the necessary power threshold, whoever has been hoarding that data suddenly gains access to years of private communications, financial records, and personal information, all encrypted under the assumption that nobody would ever be able to crack it. For anyone handling long-lived sensitive data today, that risk is already active, not hypothetical.

NIST's answer: three algorithms designed to outlast quantum attacks

In August 2024, the National Institute of Standards and Technology finalized a set of new encryption algorithms after running an open competition that stretched on for years, inviting cryptographers worldwide to try to break each candidate. Three models survived that process and were judged complex enough to resist quantum computer attacks: ML-KEM, also known as Kyber, which handles key exchange, along with ML-DSA and SLH-DSA, both used for digital signatures. Those three algorithms now form the technical backbone that VPN providers are building their post-quantum encryption features around.

Who genuinely needs to worry about this today

Post-quantum encryption is worth investigating seriously if your work involves sensitive data, if you regularly handle high-value financial transactions, or if you operate in a regulated industry with strict compliance requirements. Its availability is still limited, offered by only a handful of VPN providers and sometimes restricted to specific pricing tiers, but for security-conscious businesses and professionals in sensitive fields, it is a genuinely useful protection rather than a marketing gimmick. That distinction matters because plenty of companies now use the phrase "quantum-safe" in their marketing copy without actually offering PQE as a standard, testable VPN feature. Right now, NordVPN, ExpressVPN, and Mullvad are the three mainstream providers that offer real post-quantum encryption as an opt-in option across several of their plans.

NordVPN's post-quantum toggle

NordVPN rolled out post-quantum encryption inside its Linux app in 2024, before extending it to Windows, Android, and Apple's operating systems. The feature runs on the NordLynx protocol, with the ML-KEM algorithm layered on top of the existing WireGuard encryption that NordLynx is built on. That also means PQE will not work if you are using a dedicated IP address, the Meshnet feature, or the older OpenVPN protocol instead of NordLynx. Because the feature is available to every NordLynx user, there is no need for a premium subscription tier or paid add-on, whether you are on NordVPN's Basic plan or its Prime plan. On Windows, open the app and go to Settings, then Connections, and toggle on Post-quantum encryption. On macOS, open the app, go to Settings, then the General tab, and switch on the same toggle. On iOS, Android, tvOS, or Android TV, tap the profile icon to find the Post-quantum encryption toggle. On Linux, the feature is turned on through the terminal by running the command nordvpn set pq on.

ExpressVPN's Lightway advantage

ExpressVPN was ahead of the curve even before the official NIST standardization, offering the Kyber algorithm through its own Lightway protocol as early as 2023. Once ML-KEM was formally standardized, ExpressVPN upgraded its platform to match the exact NIST specifications, along with several additional improvements. Unlike some competitors, ExpressVPN has post-quantum encryption switched on by default across every user plan, with one condition: it only works while you are connected using the Lightway protocol rather than a legacy option like OpenVPN. To confirm the feature is active, open the ExpressVPN app, make sure it is updated to the latest version, click into Settings, and go to the Protocol tab. If Automatic, Lightway UDP, or Lightway TCP is already selected, PQE is enabled. If not, choosing any one of those three options turns it on.

Mullvad's quantum-resistant tunnel

Mullvad has been experimenting with post-quantum protection longer than most, introducing a pilot version of its key exchange protocol back in 2017. That early experimental build was eventually replaced with a new version built on the Classic McEliece algorithm, layered on top of Mullvad's existing WireGuard servers. With the 2023.3 release of its desktop app, Mullvad stabilized the feature fully and extended support to its Android and iOS apps as well. Mullvad does not gate this behind a separate pricing tier, every paying customer already has access with no add-on purchase required. It is enabled by default on desktop unless you have specifically opted out, though smartphone apps require switching it on manually. On Windows, macOS, and Linux, go to Settings, then VPN settings, then WireGuard settings, and make sure the Quantum-resistant tunnel option is switched to On; once connected, the app displays a line of green text reading "QUANTUM SECURE CONNECTION." On Android and iOS, open the app, go to Settings, then VPN settings, and toggle on the Quantum-resistant tunnel option.

Is turning on PQE actually worth it right now

There is essentially no downside to enabling post-quantum encryption if your VPN provider already supports it on the plan you are already paying for. Enabling the feature on NordVPN and ExpressVPN comes with no meaningful drop in latency or connection speed, so it costs you nothing in day-to-day performance. Whether it is worth switching providers or upgrading plans purely to gain PQE access depends heavily on what your everyday workflow actually looks like. Even by the most generous estimates, quantum computers remain years away from being able to crack current protocols like RSA and ECC. That said, HNDL attacks are enough of a genuine security concern that anyone working in a sensitive industry or handling confidential information should be paying close attention now rather than waiting. For ordinary, everyday browsing, post-quantum encryption may well be overkill. But for financial transactions, healthcare portal logins, or sending information you genuinely cannot afford to have intercepted, it offers real additional peace of mind, today and years down the line.

Questions & Answers

What is Q-Day?
It's the estimated point, roughly 10 to 20 years away, when quantum computers become powerful enough to break current encryption technologies like RSA and ECC.
What does post-quantum encryption (PQE) protect against?
It's built on complex mathematical puzzles that even quantum computers struggle to solve, keeping your data safe even after RSA and ECC become breakable.
Which VPN providers currently offer PQE?
NordVPN, ExpressVPN, and Mullvad are currently the three mainstream providers offering it as an opt-in feature across several of their plans.
How do I turn on PQE in NordVPN?
Toggle it on under Settings > Connections on Windows, Settings > General on macOS, via the profile icon on mobile, or by running nordvpn set pq on in the terminal on Linux.
Is the feature already enabled by default on ExpressVPN?
Yes, it's on by default on every ExpressVPN plan as long as you're connected using the Lightway protocol rather than OpenVPN.
Does enabling PQE slow down my VPN connection?
Enabling it on NordVPN and ExpressVPN comes with no meaningful drop in latency or speed.
What is a 'harvest now, decrypt later' (HNDL) attack?
It's when attackers quietly collect and store today's encrypted data so they can decrypt it later once quantum computers become powerful enough.
Do I need to pay extra for post-quantum encryption?
No, on NordVPN, ExpressVPN, and Mullvad the feature is available on existing plans without any separate premium add-on.

Comments 0

No comments yet — be the first.

Citizen journalism

Become a TrendKia journalist

Voice of the people

Share news, photos and videos from your area with TrendKia and let your voice reach the nation. Every citizen a journalist.

Join now
CH 01 LIVE
TrendKia TV ON AIR