- Surfshak has integrated post-quantum cryptography (PQC) into WireGuard
- PQC protection is enabled by default on macOS, Linux and Android
- Surfshark warns about it only 8% of popular apps are quantum secure
Surshark has integrated post-quantum cryptography (PQC) into its WireGuard protocol for the first time, aiming to improve users’ data protection against potential future breaches by quantum computers.
With the move, the cybersecurity company strengthens one of the best VPNs on the market by adding an extra layer of security to WireGuard’s current elliptic curve-based encryption with a next-generation method that can ensure data protection even against quantum computers.
The added defense comes enabled by default with WireGuard on macOS, Linux and Android, with Surfshark planning to expand to iOS and Windows soon.
How does it work?
Donatas Budvytis, CTO at Surfshark, explains to TechRadar that the new implementation does not replace the original WireGuard’s cryptography, but adds a quantum layer on top that operates inside the VPN tunnel using an additional custom service.
Since WireGuard’s initial handshake is not PQC protected, the process involves a two-step handshake: first traditional Curve25519 encryption, followed by PQC using the latest lattice-based ML-KEM algorithm. “The system derives a final encryption key by combining secrets from both layers,” notes Budvytis.
Surfshark did not change the WireGuard protocol because it already had the original PSK (Pre-Shared Key) mechanism for authenticating data. The integration guarantees backward compatibility, ensuring secure data transmission through the use of secure keys generated during the handshake phase.
While past sessions cannot be secured, future sessions remain fortified even if a quantum computer attacks them later. “Users can feel more secure knowing that their VPN sessions are future-proofed, and even if the encryption keys are stolen, they cannot be used to decrypt past traffic,” adds Budvytis.
Preparedness in the post-quantum world
As it continues to strengthen its encryption system, Surfshark is also urging businesses and governments to increase preparedness by stepping up education and implementing advanced security measures in an increasingly imminent post-quantum world.
While the capabilities of quantum computers are still limited, the company warns that they may soon become powerful enough to break current encryption systems, taking only a few hours to crack codes that would take traditional computers years to solve.
The big risk? Hackers who steal large amounts of encrypted data today can easily unlock and access it when quantum computers are available. So-called ‘Harvest Now, Decrypt Later’ attacks can reveal the very data you think is secure today as a latent threat in the future.
The push comes after a recent study by Surfshark analyzed 40 of the most popular apps in the banking, shopping, social media and messaging sectors and found that only 8% are currently quantum resistant.
About 65% of the analyzed apps have no public information about their PQC adoption plans, while only 30% of the analyzed app developers are conducting research or planning to become quantum resistant.
This is a particular problem, as upgrading the security of your VPN only solves half the problem. “Imagine someone making a bank transfer. Even if you use a VPN with post-quantum protection that encrypts the entire process, your data remains vulnerable if the bank itself lacks similar protection,” explains Budvytis. “This can lead to major financial losses for both the individual and the bank.”
TikTok turned out to be the only social media app that was quantum resistant. Messaging apps are the best-prepared category, with Google, owner of Google Messages, and Meta, owner of WhatsApp and Messenger, already ramping up proactive steps to protect themselves from quantum threats.
Surfshark joins other VPN services that have already implemented secure quantum encryption, including Mullvad, Express VPN and NordVPN – with the latter recently announcing its ongoing efforts to implement quantum protection in its login phase. A new era in VPN security is dawning.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
