“Post-quantum VPN” sounds like another marketing gimmick thrust upon us by a fanciful VPN marketing team. But the reality is that post-quantum VPNs are actually vital to our privacy, and almost certainly become a vital part of the future of computing.
It turns out, post-quantum encryption isn’t about speed, or price, or even today’s hackers. It’s about protecting your data from computers that don’t technically exist yet, but could one day destroy everything we rely on for online security.
While that all sounds a little out there and futuristic, quantum-computing developments in 2025 have already elevated those timelines, making quantum-safe services more important than previously thought. And when it comes to your privacy, you don’t want to take any chances.
Quantum computing will crack most encryption without thinking
And it won’t be limited to “the good guys”
You’ve probably seen headlines about quantum computers—massive machines that promise to solve problems regular computers can’t touch. Instead of using simple bits that are either 0 or 1, quantum computers use qubits, which can be 0 and 1 at the same time. That strange overlap means they can test countless possibilities at once.
The overlap also means that quantum computers can, in theory, crack most modern encryption algorithms in hours. Algorithms like RSA and ECC—the foundation of HTTPS, VPNs, and banking encryption—depend on math problems that are impossibly hard for normal computers. But quantum systems can rip through those equations effortlessly.
Currently, AES-256 and RSA-2056 are used in most secure applications. These so-called “military-grade” encryption standards that we currently use to protect our most important data could be swept aside with apparent ease. It’s a major change from current computing standards that would take thousands of years to crack a single encryption key.
There is another huge problem with quantum computing. It’s not just the future of data that’s vulnerable. It’s everything that has already come on the internet, too. Anything encrypted with those military grade encryption standards could be unencrypted, let alone anything using weaker standards.
What “post-quantum” encryption actually means for VPNs
Big changes are coming to encryption
So, the core of the problem facing everyone—not just VPNs—is the idea of quantum-resistant cryptography, or post-quantum encryption. It uses new mathematical structures that quantum computers struggle to solve, creating encryption that’s much harder to break even with futuristic hardware.
Now, this is a work in progress. In 2022, the U.S. National Institute of Standards and Technology (NIST) approved its first four quantum-resistant algorithms for testing: CRYSTALS‑Kyber (for key-encapsulation), and the signature schemes CRYSTALS‑Dilithium, FALCON, and SPHINCS+.
Then, in 2024, NIST whittled the process down to the final three:
- FIPS 203 (based on Kyber)
- FIPS 204 (based on Dilithium)
- FIPS 205 (based on SPHINCS+)
Each uses complex lattice-based problems that don’t fall apart under quantum attacks. In simple terms, they replace equations that quantum computers are good at with ones they struggled to break down, which is the bread-and-butter of an encryption algorithm.
In most cases, they use hybrid encryption. When your VPN connects, it performs two handshakes—one with traditional encryption (like RSA or ECC) and another with a post-quantum algorithm (like Kyber). Both generate secure session keys. To decrypt your data, an attacker would need to break both systems simultaneously—a task that’s nearly impossible even with advanced computing.
It’s this hybrid approach that should keep your VPNs (and other encryption-based services) safe once quantum computers really ramp up.
VPNs are already implementing post-quantum encryption
Well, some are
Of course, some VPNs are taking the threat of a post-quantum encryption world more seriously than others.
For example, ProtonVPN began testing a post-quantum version of the WireGuard VPN protocol back in 2023, significantly hardening the standards of ChaCha20-Poly1305 encryption. In 2025, ExpressVPN deployed its post-quantum version of WireGuard, with strengthened handshakes, dynamic IPs, short-lived encryption keys, hybrid key exchanges, and more.
Similarly, NordVPN revealed post-quantum cryptography would become available to all of its apps across 2025, upgrading its in-house NordLynx protocol, which is based on WireGuard.
It doesn’t immediately solve the somewhat surreal problem of post-quantum VPNs, but it puts many of the building blocks required into place. In that, many of the quantum-proof VPNs are creating stronger layers to protect against quantum computing. In short, if one layer fails, another should be able to take its place and protect your data.
The post-quantum world matters so much more than you think
When encryption is “defeated,” we’re all going to have a BAD time
It’s a very difficult security threat to comprehend, mind. VPN companies are protecting against a future threat that many of us can’t even comprehend at the current time.
The difficulty of understanding makes it tempting to shrug away the problem. After all, nobody’s decrypting your banking portal right now. Your Bitcoin wallet is still safe. But the reality is that some data needs to stay private for decades—think government communications, intellectual property, legal documents, or medical files.
That’s why the harvest-now-decrypt-later strategy is such a threat. Cybercriminals and state actors are already collecting encrypted information, betting that one day they’ll have the tools to read it. Post-quantum encryption is the only way that any of this stays safe.
Furthermore, it’s closer than many of us care to consider. While researching this article, Google revealed its Quantum Echoes algorithm, which is a huge step forward in quantum computing. It surpassed the fastest supercomputer by around 13,000x, and is likely the next step in quantum computing.
While real-world applications for this are likely years away, we need to build the protective blocks now—including your VPN.