Is your VPN keeping you safe for the future?

A concept image of a phone against a bright blue circuit board with 'VPN' in a shield on the phone's screen
(Image credit: Getty Images)

A virtual private network (VPN) is currently one of the strongest security measures you can use while you’re online. This is because it encrypts your data so that it can’t be deciphered by third parties, like advertisers, government bodies, or cybercriminals. 

However, even the best VPNs might not always give you the security you need, thanks to the invention of quantum computers. These powerful machines use quantum physics to make their computations more efficient. Currently, they’re not widely available and are usually only found in research centers, such as universities, supercomputer centers, and science labs.

But when (and it is when, not if) quantum computers become stronger and more widely available, they could be used to break many of the encryption algorithms currently being used to protect online data. This could make many VPNs unable to hide your data, which would in turn compromise your privacy. The day that this happens is already being dubbed as Q-day and it’s been predicted to happen at some point in the next five years.

Luckily, there is already post-quantum cryptography that aims to create encryption algorithms that can’t be broken by quantum computers. There are even some VPNs that come with post-quantum encryption to offer maximum data protection, even after Q-day. 

In this guide, we’ll explain Q-day in much more detail as well as recommend VPNs that can offer the strongest protection against quantum computers.

A futuristic circuit board on a dark blue background.

(Image credit: Getty Images)

What is Q-day?

Q-day refers to the day when quantum computers advance to the point where they can start successfully breaking the encryption algorithms that protect the majority of data on the internet. Predicted to happen at some point in the next five years, it’s a day that most in cybersecurity are dreading because of the damage it could do.

As it stands, traditional supercomputers would take millions of years to crack the encryption algorithms used to protect most online data. However, a quantum computer has the processing power to crack these algorithms quickly and easily. This will render our existing encryption methods completely obsolete

Once quantum computers can successfully decrypt these algorithms, pretty much all sensitive online information could be up for grabs. This would include everything from private emails, photos, and documents, to medical records, bank details, and social media accounts.

As you might imagine, the ramifications of this could be catastrophic, potentially leading to leaks of government documents and highly sensitive business information. This would almost certainly have huge social, financial, and political repercussions that would have a hugely detrimental impact on our society. 

On top of this, incidents of fraud and identity theft would rise dramatically. Phishing scams would also become a lot more sophisticated, as scammers would be able to use personal information to more effectively trick unsuspecting users.

Thankfully, experts are working on more sophisticated encryption algorithms that are too strong for quantum computers to crack. These post-quantum encryption algorithms are likely to be the key to safeguarding online data before Q-day happens and some VPN services already have this level of encryption baked into some of its protocols. More on that a bit further down.

A digital concept image of data being transmitted

(Image credit: Getty Images)

What is post-quantum encryption?

Post-quantum encryption is being developed to future-proof data protection ahead of Q-day. This will happen when quantum computers are powerful enough to break the encryption algorithms currently being used to protect most of the world’s internet data, leaving everyone’s sensitive information exposed and vulnerable to being hacked.

Therefore, post-quantum encryption will be vital to protecting our data before Q-day happens. Its use isn’t widespread yet, thanks to technology-related restrictions. But it’s already being offered by a select number of VPN providers, which we’ll talk about in the next section.

As it stands, there are four types of post-quantum encryption, each of which should be secure enough to protect against the processing power and algorithm-breaking capabilities of quantum computers. Here we’ll talk you through them in a bit more detail to help you understand the difference between them:

Lattice-based post-quantum encryption

Lattice-based post-quantum encryption is one of the most promising forms of this type of encryption. It relies on the computational difficulty of solving lattice problems and the crypto-scheme it’s built on uses the mathematical problems of lattices. A lattice is a geometric structure that’s made up of an infinite set of points arranged in a periodic pattern. 

It’s resistant to quantum attacks because the computationally intensive operations utilized in lattice-based encryption are believed to be tough, although not impossible, to decipher efficiently by quantum computers.

To crack lattice-based post-quantum encryption, a quantum computer would need to use a brute force search of all possibilities to identify the private key that would crack its encryption. This would take an unrealistically long time to decipher, even for a quantum computer. 

As such, lattice-based encryption is renowned for its efficiency and its ability to be rolled out. It’s so far been successfully used in immensely complex protocols.

Code-based post-quantum encryption

Unlike traditional crypto schemes that use elliptic curves or number theory, code-based encryption relies on the principles of coding theory to provide a highly sophisticated level of encryption.

It uses the difficulty of deciphering linear error-correcting codes to protect data from being hacked. Essentially, it has a public key, which is derived from error-correcting code, as well as a private key that’s incredibly difficult to crack, even by a quantum computer. 

Multivariate polynomial-based post-quantum encryption

As the name suggests, multivariate encryption is founded on the difficulty of solving multivariate polynomial equations, which are a form of algebraic equations. 

In a nutshell, the public key is made from a system of multivariate equations, while the private key is based on being able to solve these equations efficiently. At the time of writing, that’s not something that quantum computers can do easily, so it can be an effective method of protecting data ahead of Q-day.

Hash-based post-quantum encryption

Sometimes referred to as one-time signatures or hash-based signatures. This type of digital signature encryption works by utilizing the properties of cryptographic hash functions.

Unlike number theory or elliptic curve schemes, hash-based encryption uses collision resistance and one-way properties to protect data against quantum attacks.

One of the benefits of using hash-based encryption is that it’s both simple and effective in keeping data secure. For one thing, the verification processes are pretty quick, particularly when compared to other types of post-quantum encryption. Additionally, hash-based signatures are usually fairly small, which means they can be used by most devices and apps without causing issues.

Isogeny-based post-quantum encryption

Supersingular elliptic curve isogeny cryptography (SIDH) is founded on the mathematics of elliptic curves and isogenies. It provides secure key exchange protocols that can withstand attacks from both classical and quantum computers.

This form of encryption is believed to be able to resist quantum algorithms, thereby making it an effective method of cryptography to use after Q-day. 

An abstract image of a mirrored tunnel in neon pink and blue

(Image credit: Getty Images)

How can a VPN protect your data from Q-day?

As it stands, not all VPNs as they are now will be strong enough to protect your data from quantum computers. In fact, the current encryption algorithms used by the majority of VPNs could be cracked by quantum computers, due to their superior processing power.

However, the good news is that some VPNs have post-quantum encryption to safeguard against hacks from quantum computers, as well as encryption that protects against classical computers. So these VPNs are futureproofed and will be able to protect your data against cyber attacks after Q-day.

It’s worth remembering that quantum computers aren’t a major cyber security risk at the moment, as they’re mostly used for research purposes. But there will come a day, likely in the next five years, when these machines are powerful and widely used enough to break into the algorithms that protect the majority of the world’s online data, including most VPN encryption.

So if you’re signing up for a VPN subscription, it’s important to check if it offers post-quantum encryption, particularly if you’re signing up for a long-term contract. That way, your data will remain secure, no matter when Q-day happens.

A digital image of a glowing sphere emitting data

(Image credit: Getty Images)

Which VPNs use post-quantum encryption?

We’ve pulled together a list of reputable VPNs that offer post-quantum encryption to help you decide which one to choose:


One of the most secure options available, ExpressVPN uses military-grade AES 256-bit encryption to protect against hacks from classical computers. But it has also created its own proprietary and open-source Lightway protocol, which uses post-quantum encryption that will keep your data safe, even after Q-day.

As if this wasn’t good enough, ExpressVPN’s Lightway protocol delivers fast speeds. In our most recent tests, its performance came in at 410 Mbps, making it more than sufficiently fast for streaming, online gaming, and video calls.

Last year, Cure53 independently audited ExpressVPN's Lightway protocol and found it to be extremely secure. This was its second successful audit in two years, so you can have peace of mind when using this protocol. As the other protocol offered by ExpressVPN is OpenVPN, which is over 20 years old, we’d definitely recommend opting for Lightway instead, as it’s a lot faster and more secure. 

Elsewhere, ExpressVPN is an excellent choice of provider, as it’s easy to use, has plenty of servers to choose from, and comes with several sophisticated security features. You’ll also get access to helpful 24/7 customer support, as well as the ability to unblock a huge range of region-restricted content from around the world. You can try it out before committing thanks to its 30-day money-back guarantee.


QSTVPN bills itself as a post-quantum VPN thanks to its post-quantum algorithms used to secure its VPN connections. It’s fast, too, so you shouldn’t notice it running when you connect to one of its servers. It will also provide you with security that will protect your data now and long into the future.

On top of this, it comes with plenty of strong security options, including connection mode, two-factor authentication, and automatic connection when you go online.


QAL VPN uses a range of highly sophisticated algorithms to offer post-quantum protection against data hacks. Three of its algorithms are based on lattice-based encryption, while its SPHINCS+ algorithm uses hash functions. Both of these are too strong to be broken by a quantum computer.

It’s worth noting that this VPN is designed to address the needs of large businesses and organizations, so it’s not a great choice for individuals. However, if you’re looking for a VPN that’s capable of protecting your business from the impact of Q-day, it’s a good idea to get a quote from QAL VPN.


Mullvad offers a quantum-resistant tunnels feature that can be easily enabled for all WireGuard tunnels in its desktop app. This means that, when you’re using Windows, Mac, or Linux, your data will be protected against quantum computer attacks. It has also promised to roll this out on its Android and iOS apps in the future.

Mullvad uses a WireGuard tunnel to share a secret in a way that a quantum computer isn’t able to understand, even if it were able to access the network traffic. Once this is done, Mullvad then disconnects and starts a new WireGuard tunnel that specifies the new shared secret with WireGuard’s pre-shared key option. To do this, it uses the Classic McEliece and Kyber post-quantum algorithms.

In short, Mullvad is a great choice because it offers strong security against both classical and post-quantum computer attacks. It also allows total anonymity by enabling you to sign up for an account without giving away any of your personal details. It has a responsive email ticketing system as its customer support offering and it also provides fast speeds that won’t slow down your browsing.


As with Mullvad, Windscribe also uses the WireGuard protocol to offer post-quantum data protection. It does this by generating a unique pre-shared key for each user. 

This is on top of the standard public/private keys that WireGuard uses, thereby adding a crucial additional layer of security, which makes the tunnels quantum resistant. This is because, even if a quantum computer were able to crack the keys, it still wouldn’t be able to decrypt the traffic, so your data would remain hidden.

If you want extra reasons to opt for Windscribe, it offers some of the fastest speeds around, along with the ability to unblock plenty of location-restricted content. You also get 24/7 live chat support if you have any issues.

A futurisic data chip with light emitting from it

(Image credit: Getty Images)

Q-Day FAQs

What is Q-day?

Q-day refers to the day when quantum computers are strong enough and widely available enough to crack the encryption codes used to protect most of the data on the internet. Predicted to happen at some point in the next five years, Q-day could compromise the security of private emails, photos, and documents, as well as government communications, medical records, and business strategies.

Luckily, there are already some types of encryption available that are quantum-resistant, meaning that they should be able to withstand attacks from quantum computers.

What is post-quantum encryption?

Post-quantum encryption refers to algorithms that are being developed that can’t be cracked by quantum computers. This will ensure your data remains secure, even once quantum computers become able to break the encryption used by classical computers. There are several different types already being used but the most popular is currently lattice-based encryption. 

Do quantum computers pose a threat to VPNs and encryption?

Potentially, yes. But only if the VPN you’re using doesn’t offer post-quantum encryption or resistance. Luckily, some of the best providers, including ExpressVPN, Mullvad, and Windscribe, come with protocols that offer post-quantum resistance that should be sufficient to protect you from quantum computer attacks.

Olivia Powell
Tech Software Commissioning Editor

Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.

With contributions from