Post-Quantum VPN: Windscribe Launches Next-Gen Encryption for Maximum Security
Announcements Features Technical

Post-Quantum VPN: Windscribe Launches Next-Gen Encryption for Maximum Security

Kailash "QAizen" Z.
Kailash "QAizen" Z.

The quantum threat is looming. Quantum computers are beginning to challenge time-tested classical encryption standards.

Brute-force attacks that take conventional hardware millions of years to crack might be solved by quantum computers of the not-so-distant future in mere hours. 

This possibility has huge implications for data protection. To get ahead of the threat, some VPN services (hint: Windscribe) are already offering Post-Quantum Encryption (PQE).

What Is Post-Quantum Encryption?

Classical encryption methods like AES work by performing complex mathematical operations to scramble information into gibberish strings of numbers and letters to anybody without the decryption key. This process is efficient to run, but extremely hard to reverse with current hardware, which is why AES has been reliable for decades.

Quantum computing changes the equation. Instead of processing bits one-by-one, quantum computers can evaluate multiple states simultaneously. This massive leap in speed means quantum computers could undo AES encryption much faster, potentially exposing decades of stored data.

Post-Quantum Encryption protects your VPN connection against potential quantum-computing attacks.

Windscribe is now Post-Quantum Resistant

Official WireGuard® documentation states that “the pre-shared key parameter can be used to add a layer of post-quantum secrecy” and that “the best bet for post-quantum security is to run a truly post-quantum handshake on top of WireGuard, and then insert that key into WireGuard's pre-shared key slot.”

From the day Windscribe offered WireGuard, we made use of the PresharedKey parameter (something most of our competitors did not do).

At the time, however, the PSK was still exchanged using classical encryption.

We are pleased to announce that Windscribe’s apps now support post-quantum WireGuard out of the box, starting with versions:

  • Desktop: 2.17.9
  • Android: 3.93.1835
  • iOS: 3.9.4

The PresharedKey is shared using a post-quantum-resistant encryption algorithm (TLS 1.3 using the hybrid key exchange mechanism X25519MLKEM768), meaning WireGuard connections are post-quantum resistant.

The PresharedKey is rotated each time you log in to the app.

Post-quantum primitives in use, validated with Wireshark

How to Enable Post-Quantum Encryption With Windscribe

To enable PQE, simply log out and log back in to the app and ensure your selected protocol is WireGuard.

Step 1:  Log Out and Log Back In

⚠️
If you are an existing user who was logged in before updating the app, please log out and log back in.
You MUST log out and log back in to enable Post-Quantum Encryption on WireGuard

This action only needs to be completed once, but must be done on each device you use with Windscribe.

Step 2: Select WireGuard protocol

Step 3: Choose your preferred location

Connect to a Windscribe server location as you normally would, and voila, post-quantum encryption is now set up successfully!

Don’t Sleep on Post-Quantum VPNs

Advancement in quantum computing is rapidly challenging the security classical encryption offers. While classical encryption is still secure, you may still be vulnerable to SNDL (Store Now, Decrypt Later - also known as Harvest Now, Decrypt Later) attacks wherein a malicious entity stores encrypted traffic now to decrypt it once quantum computers are adequately developed.

Secure your digital future today with Windscribe VPN, your shield against the evolving threats of quantum computing. Stay ahead of the curve and protect your privacy with cutting-edge, post-quantum-resistant encryption. Don't wait for tomorrow's vulnerabilities: fortify your online security now!

Get Windscribe For Free

"WireGuard" is a registered trademark of Jason A. Donenfeld. Open Source Software Attributions.

Kailash "QAizen" Z.
Kailash "QAizen" Z.