ExpressVPN Adds WireGuard Support with Post‑Quantum Security

WireGuard logo

ExpressVPN embraces WireGuard after years of resistance

ExpressVPN, long known for developing its own Lightway protocol, has finally added support for the open‑source WireGuard VPN protocol. The company previously evaluated WireGuard in 2019 and chose to continue with Lightway, but it now offers WireGuard across its Windows, iOS, and Android applications, with macOS support expected later.

Post‑quantum protection with ML‑KEM

The new WireGuard implementation is paired with the ML‑KEM encryption algorithm, a quantum‑resistant standard issued by the National Institute of Standards and Technology. By integrating ML‑KEM, ExpressVPN aims to protect VPN traffic from future quantum‑computing attacks that could compromise traditional encryption methods.

Lightway remains the default protocol

Despite the addition of WireGuard, ExpressVPN will retain Lightway as its default protocol. Lightway already incorporates ML‑KEM, offering post‑quantum security out of the box. The company positions Lightway as a high‑performance alternative while providing WireGuard as an option for users who prefer the open‑source protocol.

Strategic focus on future‑proof privacy

ExpressVPN’s blog emphasizes the scarcity of practical post‑quantum protections in production deployments and presents its WireGuard‑ML‑KEM combination as a solution for the broader VPN industry. The firm also highlights a partnership that integrates acceleration technology into Lightway, improving performance on slower connections.

Industry implications

By delivering a quantum‑secure version of WireGuard, ExpressVPN sets a precedent for other VPN providers. The implementation demonstrates that open‑source protocols can be hardened against quantum threats without sacrificing speed or usability, potentially prompting wider adoption of post‑quantum encryption across the market.