ExpressVPN Unveils Post-Quantum WireGuard, Shares Blueprint with the Industry

• Post-Quantum Encryption Added: Sessions use hybrid ML-KEM for quantum-resistant key exchanges by default.
• Built-In Authentication & Privacy: Includes ephemeral credentials, dynamic IPs, and short-lived access tokens.
• Shared Blueprint for Industry: Architecture retains core WireGuard design, enabling easy adoption by others.

ExpressVPN has announced a new implementation of WireGuard that addresses several of the protocol’s long-standing privacy and security limitations, including the addition of post-quantum encryption. The company has also shared a detailed white paper outlining how other VPN providers can replicate the setup.

This move comes at a time when WireGuard is widely adopted across the VPN industry but still lacks features considered critical for privacy and future-proofing, such as authentication, key rotation, and protection against quantum computing threats.

Why ExpressVPN Built a Custom WireGuard

ExpressVPN's decision to build its own version of WireGuard stems from the protocol’s limitations in its standard form. While WireGuard is known for being fast and minimal, ExpressVPN highlighted key issues: it lacks native authentication, doesn’t rotate keys, uses static internal IPs, and isn’t designed to resist quantum attacks.

Their custom implementation adds several privacy-forward features:

• Post-quantum encryption using NIST-selected hybrid ML-KEM algorithms
• Ephemeral credentials and dynamic IPs to avoid persistent identifiers
• Built-in short-lived authentication tokens
• Real-time provisioning without relying on double NAT
• Full integration with TrustedServer, ExpressVPN’s RAM-only server technology

Importantly, these enhancements were added without modifying the core WireGuard protocol. This means other VPN providers can adopt ExpressVPN’s architecture without having to fork or rebuild WireGuard itself.

Why ExpressVPN Didn't Adopt WireGuard Earlier

ExpressVPN first evaluated WireGuard back in 2019 but decided against using it due to its early-stage nature at the time. According to the company, the protocol lacked formal audits and required trade-offs that weren’t suitable for a global privacy-focused service. These included static internal IPs and the absence of authentication and key rotation.

Instead, ExpressVPN developed Lightway, a proprietary protocol focused on speed, security, and simplicity. Lightway remains the default option for ExpressVPN users today.

Why the Shift Now?

Although WireGuard itself hasn’t changed much, the VPN ecosystem around it has evolved. It’s now a standard offering in many VPN apps. However, most implementations still do not address quantum security risks, a growing concern as quantum computing continues to advance.

ExpressVPN said the urgency of preparing for the quantum era made it clear that waiting was no longer an option. They built a scalable, privacy-focused version of WireGuard and released the blueprint publicly in a white paper to help others follow suit. The company also stated that it is high time to take action to protect users from post-quantum threats. to protection

What's Included and How It Works

Post-Quantum Encryption, By Default

Each session begins with a post-quantum key exchange, using hybrid ML-KEM, an algorithm selected by NIST for quantum-resistant encryption. There are no pre-shared keys or optional toggles; protections are built in from the start.

Dynamic IPs and Ephemeral Credentials

Users are assigned a new internal IP and short-lived keys for every session, making it difficult to link activities over time or track long-term behavior.

Real-Time Credential Provisioning

The system generates and delivers session credentials dynamically, skipping the need for static peer assignment or double NAT. This supports better scalability and cleaner deployments.

Built-In Lightweight Authentication

WireGuard does not natively include user authentication, so ExpressVPN added a custom solution using short-lived access tokens, eliminating the need for manual key exchange.

TrustedServer Integration

As with all ExpressVPN protocols, the WireGuard implementation runs on TrustedServer, meaning all data is wiped with every reboot, nothing is stored on physical drives.

Lightway Still the Default

Despite this new release, Lightway remains ExpressVPN’s primary protocol. Designed from the ground up by ExpressVPN, Lightway continues to offer optimized control over the entire connection process. According to the company, this new WireGuard version is intended to give users and developers more choices, not to replace Lightway.

In addition, ExpressVPN has also introduced manual HTTPS proxy support via Lightway in TCP mode. This is meant for advanced users operating their own servers, particularly in restrictive network environments where VPNs might be blocked or throttled.

Availability of WireGuard on ExpressVPN

ExpressVPN's post-quantum WireGuard implementation is currently available on iOS, Android, and Windows, with macOS support coming soon. Users can select the protocol directly within the ExpressVPN app. Manual proxy features are also available for self-hosted setups.