What can you do to protect yourself from Q-Day?

A woman with short dark hair looking seriously at a computer
(Image credit: Getty Images)

Quantum computers use quantum physics, which allows them to perform a huge amount of calculations simultaneously, making them multiple times more powerful than classical computers. This means they could break encryption schemes we currently use in just a few hours (or minutes), whereas it would take a traditional computer thousands and millions of years to do so.

While large-scale quantum computers are currently only used for research purposes in universities, supercomputer centers, and scientific labs, when they do become widely available and powerful enough, they would be able to break all public key schemes currently in use. This day, i.e., when quantum computers would "break the internet," is referred to as Q-Day.

However, all is not lost, as post-quantum encryption is being developed to future-proof the protection of our data ahead of Q-day. These algorithms would be strong enough to resist attacks by quantum computers, which would otherwise be able to break even the best VPNs if they don't employ quantum-resistant cryptography.

In this article, I'll shed more light on the justified concerns around Q-Day, what it really means, how post-quantum encryption can save us, and finally point you towards the top VPNs offering post-quantum encryption right now.

What is Q-day?

Q-day is the day when quantum computing advances to the point that a robust quantum computer would be able to “break the internet,” meaning it would crack encryption algorithms safeguarding almost all digital communication systems. It’s well worth noting that there isn’t a universally agreed-upon date for Q-day, but expert estimates say that it could be anywhere between 2030 and 2050.

Q-day poses a huge privacy risk to just about every single one of us, including governments and banks. The public encryption schemes that quantum computers will be able to crack are the foundation of modern-day industries – nearly all of them – including online banking, cryptocurrency transaction verification, medical research, patient records, e-commerce, power plants, sensitive B2B data, and loads more. 

Any nation-state or private group with a powerful quantum computer will be able to gain easy access to our pictures, documents, texts, emails, etc., which could be leaked causing political, social, governmental and business issues worldwide. It will be akin to a post-apocalyptic world where identity theft would rise dramatically, software authenticity would not be guaranteed, secret keys could be exposed, phishing schemes could be fine-tuned to contain personal information that no-one else could know previously, etc.

Quantum computers use the physics of subatomic particles and laws of quantum mechanics to perform a huge amount of calculations simultaneously. Classical computers use binary bits (zero or one), whereas quantum computers use quantum bits, also known as qubits. These can be zero, one, or both at the same time. 

In simple words, quantum computers could break encryption schemes in a matter of hours, if not minutes, whereas it would take a traditional computer an endless amount of years to do so. For example, a standard RSA-2048 bit encryption key could be broken by a classical computer in around 300 trillion years, as opposed to just a few days by a quantum computer. 

However, quantum computers today exist only in a limited capacity (they are under development and rapidly evolving), and they are still years away from being powerful enough to crack the RSA encryption (the encryption system widely used for secure data transmission; examples include VPNs, browsers, and email chats). Challenges in large-scale quantum computers development include scalability, error correction, and sustaining quantum coherence over long periods.

However, it’s worth noting that cybercriminals are harvesting sensitive information from valuable sources such as banks, governments, etc. using “Store Now, Decrypt Later” attacks. In short, they are storing data encoded using RSA encryption and patiently waiting for Q-day, i.e., when quantum computers are able to unlock encrypted information. This means any data compromised at any point before Q-day, regardless of whether it’s encrypted or not (unless it’s post-quantum encryption), will become compromisable come Q-day.

What is post-quantum encryption?

Post-quantum encryption, or post-quantum cryptography (PQC), are quantum-resistant algorithms capable of remaining safe from both traditional as well as large quantum computers. 

Simply put, it's the solution to Q-day threats, meaning it will keep our data encrypted and private even when quantum technology is robust enough to crack current encryption algorithms.

There are as many as five different types of post-quantum encryption, including:

Code-based cryptography

Code-based cryptography is based on error-correcting codes. It's different from conventional cryptographic schemes in that it relies on coding theory principles, as opposed to elliptical curves or number theory. 

The public key (which is used to encrypt data before transmission over the internet) is obtained from an error-correcting code, and the private key (used for decryption) is a random binary code, which is impossible to crack, even for quantum computers.

Hash-based cryptography

A hash is what you get when you feed an input (a message or a file, for example) into a mathematical formula designed to spit out a fixed-size string of letters and numbers. Supposedly, this string can't be reversed to reveal the original input.

Hash-based cryptography, or one-time signatures, uses one-way properties and collision resistance (wherein two different inputs produce the same hash), which makes it extremely difficult for even powerful quantum algorithms to break hash-based schemes.

Lattice-based cryptography

Lattice-based cryptography uses mathematically complex grid-like structures called lattices (imagine a two-dimensional grid of points, and then imagine this grid being extended to various dimensions) to create cryptographic systems.

Solving lattice problems, which contain computationally intensive operations, is difficult and time-consuming, even for quantum computers, making lattice-based cryptography an excellent type of post-quantum encryption.

Multivariate polynomial-based cryptography

As the name suggests, this form of post-quantum encryption leverages the difficulty of solving multivariate polynomial equations – a form of algebraic equations commonly taught in high schools and universities.

It works by creating a system of multivariate polynomial equations (where the variables interact with each other in super complex ways) as the public key. Then, the private key can be obtained by solving these multivariate equations. These are computationally hard problems, difficult for quantum computers.

Isogeny-based cryptography

Isogeny-based cryptography, or supersingular elliptic curve isogeny cryptography (SIDH), is based on the mathematical concept of isogenies (a unique type of morphism between elliptical curves) to create cryptographic schemes that are quantum-resistant.

Its effectiveness lies in the difficulty of finding isogenies between supersingular elliptic curves, something that no known quantum algorithm is capable of at the time of writing. Isogeny-based cryptography also stands out for its efficiency, as it can create smaller key sizes than usual, meaning it'll be perfect for applications with restricted bandwidth and storage.

How a VPN can protect your data from Q-day

We've established that post-quantum encryption is the answer to the privacy and security threats posed by Q-Day. So, using a VPN (one of the primary tasks of which is to encrypt your internet data) that employs post-quantum encryption will continue to keep your identity and data anonymous from snoopers, even when powerful quantum computers are among us.

It's worth noting that the majority of VPN companies still use encryption algorithms that could be cracked by quantum computers – perhaps they believe Q-day is really far out. While there is some truth to that, i.e., quantum computers are still not powerful enough to break the internet, the threat of Q-day looms near, meaning using post-quantum encryption is not overkill but a must-have.

Luckily, a handful of VPNs are wide awake to the threats posed by quantum computers and Q-day, and have started offering post-quantum protection to future-proof the protection of your data – so that even “Store Now, Decrypt Later” attacks can't harm you.

Which VPNs use post-quantum encryption?

At the time of writing, these are the top five VPNs offering post-quantum encryption, safeguarding users and their data from quantum computers. 

While it's a short round-up right now, I expect more and more VPNs to join the list very soon, as the VPN industry rises to the need for security against Q-day. 


ExpressVPN is one of the best VPN services, and an industry veteran that's been delivering top-notch privacy and security for decades now. It uses industry-standard AES-256 encryption for protection against threats from classical computers. Everything else, from a strict no-logs policy to a reliable kill switch and leak protection, are all in place and working smoothly.

Lightway, which is ExpressVPN's proprietary and open-source VPN protocol, is the standout here. It includes post-quantum encryption by default, keeping your data secure, even after Q-day. Even better, it's available on all ExpressVPN apps, including Android, iOS, Mac, Windows, and Linux. All you have to do is go into the VPN app's settings and ensure you're using Automatic or Lightway UDP/TCP.

What's more, ExpressVPN is also one of the best VPNs for beginners thanks to easy-to-use apps and class-leading friendly 24/7 support, along with a comprehensive knowledgebase. Its unblocking capabilities, too, are up there with the very best, and while it's admittedly not the cheapest, you're getting a high-quality VPN with future-proof security. Try it out risk-free with a 30-day money-back guarantee.


QST-VPN advertises itself as a VPN that uses advanced post-quantum cryptography to keep its users and their data safe from Q-day. It uses OpenVPN, which is one of oldest and most reliable VPN protocols. Additional security measures include two-factor authentication via Google Authenticator.

It's not one you'll find in any of our VPN guides, though, because of its relatively shorter list of features and offerings, including the lack of mobile VPN apps for Android and iOS. However, if you're a Windows, Mac, or Linux user after a strong post-quantum VPN, this can be worth a look.


QAL VPN is a fast, secure, and fairly easy-to-use VPN that offers post-quantum protection for large-scale businesses with massive infrastructures and thousands of users and connected devices. Its products are customizable and highly scalable, meaning QAL can crank up your organization's online security, no matter your industry or business type.   

If this business VPN interests you, you can request a free consultation (and ask for a quote) by filling out a form on QAL's website. Also, although it doesn't offer apps for Android or iOS, you'll get a generous 7-day free trial to try out QAL VPN risk-free on your Windows, Mac, or Linux.


In addition to a super-secure RAM-only server infrastructure, Mullvad offers quantum-resistant tunnels, meaning powerful quantum computers won't be able to decrypt your data, even if they were able to access the network traffic. It's also well worth noting that Mullvad's post-quantum protection on WireGuard tunnels is available on both its desktop and mobile apps, unlike QST-VPN and QAL VPN.

To enable post-quantum protection, go to Settings > VPN settings > WireGuard settings > Quantum-resistant tunnel, and set it to On. When the VPN connection is established, the app will have a "Quantum Secure Connection" text on its main screen.  

In our full Mullvad VPN review, we mentioned how the provider has also launched a new security feature against AI-powered online tracking. This feature distorts data packet patterns so that ISPs and other snoopers can't trace back encrypted internet activities to you.

Overall, too, Mullvad is one of the very best for privacy-centered individuals; it doesn't ask for your personal details and has open-source apps and regular audits. It's also sufficiently quick, and prices (especially monthly rates) are some of the most affordable you'll find.


Like Mullvad, Windscribe also offers post-quantum encryption when using the WireGuard protocol. Even if quantum computers are able to intercept your internet traffic, they won't be able to decrypt your data. Quite surprisingly, this protection is also available on Windscribe's free VPN apps, making Windscribe arguably the best free VPN with post-quantum encryption right now. 

Windscribe's open-source apps also come with a number of other security features, including a reliable kill switch, an ad and malware blocker, and a unique Decoy Mode to help dissidents avoid detection in extreme situations. Furthermore, with peak speeds of over 950 Mbps, Windscribe is also one of the fastest VPNs in our testing. 

You can try out Windscribe's full package, including unlimited simultaneous connections, good unblocking, and a decent selection of servers, without risking a single penny thanks to a 3-day money-back guarantee – although this is admittedly a shorter risk-free trial than the competition.

Q-day FAQs

What is Q-day?

Q-day is the day quantum computers will be powerful enough to crack the encryption schemes used to protect most of the data on the Internet. Quantum computing, with its unprecedented processing power, will be able to break even the strongest encryption algorithms we know of today in just a matter of hours.

When Q-day arrives, it would result in digital privacy being thrown out of the window, as our private emails, texts, photos, and documents, as well as our banking info and medical records, could all be compromised. Post-quantum encryption methods are the way forward if we want to stay protected against the dangers of Q-day, which experts estimate could be anywhere between 2030 and 2050.

What is post-quantum encryption?

Post-quantum encryption refers to quantum-resistant algorithms that can keep your data encrypted and safe from both traditional as well as large quantum computers, even when the latter is powerful enough to crack current encryption algorithms. 

There are various types of post-quantum encryption, including lattice-based, code-based, multivariate polynomial-based, hash-based, and isogeny-based schemes.

Do quantum computers pose a threat to VPNs and encryption?

Yes, quantum computers do pose a threat to VPNs. When these machines will be powerful enough (i.e. on Q-day), they will be able to crack the encryption algorithms used by VPNs. However, this would only be true for VPNs that don't use post-quantum encryption.

Leading VPN providers, such as ExpressVPN, Mullvad, and Windscribe, come with quantum-resistant cryptography, which is extremely difficult for even powerful quantum algorithms to get past.

Krishi Chowdhary

Krishi is a VPN writer covering buying guides, how-to's, and other cybersecurity content here at Tom's Guide. His expertise lies in reviewing products and software, from VPNs, online browsers, and antivirus solutions to smartphones and laptops. As a tech fanatic, Krishi also loves writing about the latest happenings in the world of cybersecurity, AI, and software.

With contributions from