Why ExpressVPN built post-quantum WireGuard (and shared the blueprint)

WireGuard® is fast. It’s minimal. And it's become the VPN industry's default protocol for good reason. But many implementations leave critical gaps. No authentication, no key rotation, and no post-quantum security. That’s not good enough.

We built a version that closes those gaps. Our implementation adds post-quantum encryption, ephemeral credentials, dynamic IPs, and short-lived authentication tokens. It was engineered for privacy, not just speed. And now we’re sharing the blueprint, because the industry needs to get ahead of quantum computing.

Post-quantum WireGuard is ExpressVPN’s contribution to the future of private networking. Users deserve stronger defaults, and we’re giving them a scalable WireGuard implementation—and giving other providers a clear path to follow.

Why we didn’t adopt WireGuard in the beginning

When we first reviewed WireGuard in 2019, it was still early in development. It lacked formal audits and didn’t include elements like built-in authentication or key rotation. Each connection required a static internal IP, making correlation easier and session isolation weaker. For a global service focused on privacy at scale, those trade-offs weren’t appropriate.

We wanted something simpler, safer, and easier to deploy. So we built Lightway, a protocol designed from scratch to meet those needs.

Why now? 

WireGuard hasn't changed much. But the ecosystem around it has. The protocol is now widely used across the VPN industry. Despite growing concerns about quantum-era threats, most providers still don’t offer post-quantum protections. We decided that waiting any longer wasn’t an option.

So we built a scalable WireGuard implementation that meets our standards for privacy and scalability. Then we documented the approach in a detailed white paper so others can do the same. Because protecting users in the quantum era needs action now.

How we made WireGuard ready for ExpressVPN

Post-quantum security, by default

Every session starts with a post-quantum key exchange using hybrid ML-KEM, the algorithm selected by NIST for next-generation encryption. We didn’t rely on pre-shared keys or optional upgrades. These protections are built in from the start.

Ephemeral credentials, dynamic IPs

Every session uses short-lived keys and a fresh internal IP. That makes it significantly harder to correlate activity or track users over time. No persistent identifiers or reused credentials.

Real-time provisioning, no NAT

Our system provisions connection credentials dynamically, without relying on double NAT or static peer assignments. That improves scalability and keeps deployments clean.

Built-in authentication

WireGuard doesn’t include native user authentication, so we built a lightweight system that verifies users with short-lived access tokens. No manual key sharing, and no long-lived credentials.

Runs on TrustedServer

Like every ExpressVPN protocol, our WireGuard implementation runs on TrustedServer, our RAM-only server platform. That means all data is wiped on every reboot; nothing touches a hard drive.

Built to be shared

All of these protections were added without modifying the WireGuard protocol itself. Our architecture wraps around the base design, making it easier for other providers to adopt without having to fork or rebuild. The white paper walks through each step, with implementation guidance that’s agnostic to platform or provider.

Why this matters

The industry has embraced WireGuard. Most implementations are fast, but not future-proof. Post-quantum protections are practically non-existent in production deployments. That’s not sustainable.

We’ve solved those gaps and published the results. Now it’s on the rest of the industry to catch up. 

Why Lightway still leads

Lightway remains our default protocol. It was built in-house to deliver fast, resilient connections with complete control over every layer of the handshake. Nothing about that changes. What this launch does is give users more tools.

One more tool for constrained environments

We're also introducing new manual HTTPS proxy support via Lightway in TCP mode. This is aimed at advanced users running their own infrastructure, especially in environments where VPN traffic may be throttled or blocked. It’s not a replacement for a VPN, but it offers another option when conditions are tough.

Getting started

Our post-quantum WireGuard implementation is now available on iOS, Android, and Windows. macOS support is coming soon. Proxy support is also available for users who configure their own servers. Protocol selection can be done directly through the app.