- Surfshak has integrated post-quantum cryptography (PQC) into WireGuard
- PQC protection is enabled by default on macOS, Linux, and Android
- Surfshark warns that Only 8% of popular apps are quantum safe
Surshark has integrated post-quantum cryptography (PQC) into its WireGuard protocol for the first time, aiming to improve the protection of user data against potential future breaches of quantum computers.
With this move, the cybersecurity company strengthens one of the best VPNs on the market by adding an additional layer of security to WireGuard’s current elliptic curve-based encryption with a next-generation method that can guarantee data protection even against quantum computers.
Additional defense comes enabled by default with WireGuard on macOS, Linux, and Android, and Surfshark plans to expand to iOS and Windows soon.
How does it work?
Surfshark CTO Donatas Budvytis explains to TechRadar that the new implementation does not replace the original WireGuard cryptography, but instead adds a quantum layer on top, which operates inside the VPN tunnel using an additional custom service.
Since WireGuard’s initial handshake is not protected by PQC, the process involves a two-step handshake: first, traditional Curve25519 encryption, followed by PQC using the latest lattice-based ML-KEM algorithm. “The system obtains a final encryption key by combining secrets from both layers,” Budvytis notes.
Surfshark did not modify the WireGuard protocol because it already had the original pre-shared key (PSK) mechanism to authenticate data. The integration ensures backward compatibility, ensuring secure data transmission through the use of secure keys generated during the handshake phase.
While past sessions cannot be protected, future sessions remain hardened even if a quantum computer attacks them later. “Users can feel more secure knowing that their VPN sessions are future-proofed, and even if encryption keys are stolen, they cannot be used to decrypt past traffic,” adds Budvytis.
Preparation in the post-quantum world
As it continues to strengthen its encryption system, Surfshark is also urging companies and governments to increase their preparedness by stepping up training and implementing advanced security measures in an increasingly imminent post-quantum world.
While the capabilities of quantum computers are still limited, the company warns that they could soon become powerful enough to breach current encryption systems, taking just a few hours to crack codes that would take traditional computers years to crack.
The big risk? Hackers who steal large amounts of encrypted data today could easily unlock and access it when quantum computers become available. So-called ‘Harvest now, decrypt later’ attacks can expose the same data you think is safe today as a latent threat in the future.
The push comes after a recent study by Surfshark analyzed 40 of the most popular apps in the banking, shopping, social media and messaging sectors and found that only 8% are currently quantum resistant.
About 65% of the apps analyzed have no public information about their PQC adoption plans, while only 30% of the app developers analyzed are conducting research or planning to become quantum-resistant.
This is a particular problem since updating your VPN security only solves half the problem. “Imagine someone making a bank transfer. Even if you use a VPN with post-quantum protection that encrypts the entire process, your data is still vulnerable if the bank itself lacks similar protection,” explains Budvytis. “This can lead to large financial losses for both the individual and the bank.”
TikTok was found to be the only quantum-resistant social media app. Messaging apps are the best-prepared category, and Google, owner of Google Messages, and Meta, owner of WhatsApp and Messenger, are already pushing proactive measures to protect against quantum threats.
Surfshark joins other VPN services that have already implemented quantum-secure encryption, including Mullvad, Express VPN, and NordVPN; the latter recently announced its continued efforts to implement quantum protection in its login phase. A new era in VPN security is emerging.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
