NordVPN has integrated post-quantum cryptography into its Linux application, marking an early adoption of this technology in the consumer VPN market.
This move addresses growing concerns about the potential for future quantum computers to break current encryption standards, potentially compromising sensitive data.
The update, released in late September, introduces post-quantum cryptography to NordVPN’s Nordlynx protocol. It aligns with the latest National Institute of Standards and Technology (NIST) guidelines for quantum-resistant encryption. While quantum computers capable of breaking current encryption are likely years away, this update represents a proactive step in cybersecurity.
The Linux app serves as a testbed for NordVPN, allowing the company to gather data on how post-quantum cryptography affects connection times and speeds. This information will inform the eventual implementation across NordVPN’s entire application suite.
For context, quantum computing already shows the potential to far surpass today’s fastest systems by harnessing the principles of quantum mechanics to perform calculations. That is why it is predicted that quantum computers will be used to model molecules to help cure diseases like cancer, advance space exploration, and potentially break modern encryption protocols.
However, such superior processing powers can inevitably bring more significant risks than we face today with digital computers. Therefore, the cybersecurity industry’s challenge is figuring out how to outrun quantum computing’s enormous decryption abilities.
“To put it in perspective, today’s encryption methods, like RSA, can take traditional computers hundreds of years to crack, while quantum computers could bypass them in mere seconds,” NordVPN said, adding that such capabilities pose a serious threat to individuals, businesses and governments.
So much so that, according to Marijus Briedis, CTO at NordVPN, “cybercriminals may already be intensifying what is known as ‘harvest now, decrypt later’ attacks”. In simple terms, bad actors are trying to accumulate vast quantities of encrypted data and decrypt them once quantum technology is developed.
While NordVPN is among the first consumer VPN providers to implement post-quantum cryptography, it’s part of a broader trend. Major tech companies and government agencies also invest in quantum-resistant technologies, recognizing the need to prepare for future cryptographic challenges.
The move towards post-quantum cryptography is about more than just immediate security and adaptability. As Briedis puts it, “This launch initiates our transition to new-generation encryption, focusing on long-term security for our users.”
“With this launch, we start a major transition to new-generation encryption of all our applications, providing long-term security for our users,” Briedi explained. However, implementing post-quantum encryption is challenging.
The process is complex and resource-intensive, often requiring larger key sizes and signatures that can increase computational overhead. This could potentially impact VPN speed and performance, especially in high-throughput environments.
“These technical challenges are the reason for the gradual implementation,” Briedis noted. “We want to ensure the highest level of user experience in terms of connection time and speed during the transition.”
As the cryptographic landscape evolves, NordVPN is focusing on crypto-agility – the ability to swiftly adapt to new cryptographic standards. The company aims to position itself at the forefront of providing seamless and secure quantum-resistant VPN connections when necessary.
See also: US examines security risks posed by China Telecom and China Mobile’s operations
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.