It is widely acknowledged that there will come a time when quantum computers technology will progress to a level where it is able to crack the majority of current encryption methods.
This includes the 256-bit AES encryption used by most premium VPN providers today.
So, the news today that the NATO Cyber Security Centre (NCSC) has successfully trialled communication flows that will be secure even in a post-Quantum computing world has been welcomed by security experts around the world.
The tests were carried out on Virtual Private Network (VPN) technology known as Hybrid Post-Quantum VPN, which has been developed by Post-Quantum, a British quantum cyber specialist.
This project has been financed by NATO's Allied Command Transformation's VISTA (Versatile Innovation through Science & Technology Applications) framework.
The aim of this organisation is to make use of research and technology from NATO countries to boost both NATO and all its member states.
What are the security risks that Quantum computing poses?
When quantum computing is able to crack everyday encryption, it is not just bad news for people who use premium VPNs such as ExpressVPN and NordVPN to secure their internet data and protect their online security.
It will also mean that the everyday online activities that rely on encryption which all internet users engage in will suddenly become insecure. We are talking about things like online banking, online retail, email, and messaging services such as WhatsApp, Signal, and Telegram.
To keep services like these secure in a post-Quantum world, companies will need to transition to more secure quantum-secure encryption.
NATO is keen to make progress in this area since it relies on encryption to keep its intelligence and security networks safe. It cannot run the risk that the type of sensitive information that it is communicating falls into the wrong hands.
We are seeing at the moment with the Russian invasion of Ukraine just how important NATO is to the security of all of us.
As the principal scientist at the NCSC, Konrad Wrona, explained, “Securing NATO's communications for the quantum era is paramount to our ability to operate effectively without fear of interception… this is an increasingly important effort to protect against current and future threats.”
Who are Post-Quantum?
Post-Quantum is one of a number of innovative British companies operating in this space.
Its Hybrid Post-Quantum VPN technology has been carefully designed to bring together both post-quantum and traditional encryption algorithms in a way that helps it to ensure that any data passing through its VPN can only be read by the recipient regardless of what quantum computing shenanigans are thrown at it.
This approach is designed to maximise interoperability with existing systems now and assumes that it will take several years at least for companies and systems to be able to move over to entirely quantum-secure solutions.
The team behind the Hybrid Post-Quantum VPN technology successfully tested by the NCSC are the same team of writers of an Internet Engineering Taskforce (IETF) standard for a hybrid post-quantum VPN.
This is a standard that they say makes it possible for a VPN to withstand a quantum level attack.
What is the future for Hybrid Post-Quantum VPN?
Hybrid Post-Quantum VPN technology has now been proposed to the IETF for open standardisation.
It will form part of a suite of quantum-safe software products that Post-Quantum has developed. These are primarily focused on encryption along with identity protection and transmission of data.
The ultimate aim is to be able to provide companies and organisations with an end-to-end suite of quantum secure products that can help secure businesses, financial institutions, governments, and more from malicious actors employing quantum technology.
If the successful testing of this new technology wasn't enough of a feather in their cap, Post-Quantum are also the only remaining finalist in the code-based category in the US's National Institute of Standards and Technology Post-Quantum Cryptography competition.
This aims to find a new standard for quantum secure encryption and Post-Quantum's NTS-KEM algorithm is the last one standing. The company hopes that it will eventually be able to form the basis of an open source cryptographic standard that can be used globally.
As Andersen Cheng, CEO of Post-Quantum explained to Computer Weekly, “over 10 years of deep Research and Development means [Post Quantum] are well placed to engineer real-world quantum-safe solutions.
“This project with NATO is an important milestone in the world's migration to a quantum-safe ecosystem. Organisations would be wise to take action now.”
He is not wrong, and it is reassuring to know that the next generation of VPN technology is already well under development.
For now, VPN users have nothing to fear from quantum computing and users of premium VPNs like ExpressVPN and NordVPN can rest assured that all of their data is secure.
Responsible VPN providers like them will also be looking at this problem and there is every chance that, when it is needed, they too will be making use of Post Quantum's Hybrid Post-Quantum VPN technology.