Quantum-Resistant Tunnels Now Available on iOS!
Quantum-resistant tunnels are now supported across all our operating systems: Linux, Windows, macOS, Android, and now on iOS.
How to Enable (or Verify it's On)
1. Open the app on your iOS device.
2. Navigate to Settings → VPN settings → Quantum-resistant tunnel.
3. Ensure the setting is switched to On.
Once the VPN connection is established, you’ll notice a “QUANTUM SECURE CONNECTION” status in green text on the main view of the app, confirming your connection.
The Future of Quantum Secure Connections
If it turns out to work as well as we hope it will, we will enable this by default on all platform in the future.
The Challenge
The encryption used by WireGuard has no known vulnerabilities. However, the current establishment of a shared secret to use for the encryption is known to be crackable with a strong enough quantum computer.
Although strong enough quantum computers have yet to be demonstrated, having post-quantum secure tunnels today protects against attackers that record encrypted traffic with the hope of decrypting it with a future quantum computer.
Our Solution
A WireGuard tunnel is established, and is used to share a secret in such a way that a quantum computer can’t figure out the secret even if it had access to the network traffic. We then disconnect and start a new WireGuard tunnel specifying the new shared secret with WireGuard’s pre-shared key option.
The post-quantum secure algorithms used here are Classic McEliece and Kyber.