Press "Enter" to skip to content

Mullvad Post-Quantum VPN: Does It Actually Work?

By Kieron JH on August 15, 2025 6:17 pm
Encrypted data blocks in the foreground with a quantum processor in the background illustrating harvest now decrypt later risk
Encrypted traffic recorded today could be decrypted in the future by quantum computers

Last updated on February 25, 2026

Quantum-resistant VPNs sound like marketing until you look at what is actually at risk. Mullvad has been one of the first privacy-focused VPN providers to experiment with post-quantum cryptography in real protocols, not just blog posts. This piece looks at what “post-quantum” means in practice, how Mullvad implements it, and how realistic the protection is for ordinary users who care about long-term privacy.

What is quantum resistance in plain language?

Quantum resistance, sometimes called post-quantum cryptography, means using encryption algorithms that stay secure even if large-scale quantum computers arrive. These algorithms are designed to survive attacks that would completely break older methods such as RSA or Elliptic Curve Cryptography (ECC).

Most VPNs and websites today still rely on RSA or ECC for key exchange and authentication. In theory, a sufficiently powerful quantum computer running Shor’s algorithm could factor RSA keys and break elliptic curves in a tiny fraction of the time a classical computer would need. That would make it possible to decrypt years of recorded VPN traffic once the keys are cracked.

If you want a wider view of how VPNs fit into a modern privacy stack, I break down priorities, trade-offs, and why Mullvad keeps appearing in that conversation in Best VPNs for Privacy in 2025 – Mullvad?.

How Mullvad implements post-quantum key exchange

Mullvad has tested post-quantum key exchange inside its VPN protocols, including WireGuard and OpenVPN. Instead of ripping out existing cryptography, they use a hybrid handshake. In simple terms, two key exchanges happen at once and are combined.

  • A classical algorithm such as Curve25519 provides compatibility and the same strong security you expect from modern VPNs today.
  • A post-quantum algorithm such as Kyber or NTRU adds protection against future quantum attacks.
  • The resulting session key depends on both parts, so even if one scheme is broken later, the other still protects past sessions.

This approach matters because post-quantum algorithms are still being standardised and tuned. A hybrid handshake lets Mullvad deploy quantum-resistant building blocks without betting everything on a single new algorithm that could later turn out to be weaker than expected.

If you are interested in how I approach encryption beyond VPNs, there is a separate explainer on messaging and email security in PGP Encryption Explained: What It Is, Why It Matters, and Where It’s Going.

“Harvest now, decrypt later”: why this already matters

It is easy to think quantum resistance is a problem for the next decade. The real issue is the strategy known as “harvest now, decrypt later”. Attackers and state actors can already capture encrypted VPN and web traffic today and store it indefinitely. Once quantum computers are strong enough, the recordings can be decrypted retroactively if the underlying keys are vulnerable.

That means the security question is not just “is my VPN safe today?” but also “will someone be able to replay and decrypt this traffic in ten or twenty years?”. For journalists, whistleblowers, human rights workers, or anyone dealing with long-lived sensitive data, that distinction matters.

On The Reasonable Adjustment, this sits alongside a broader pattern: logs, emails, and documents are rarely short-lived. The same mindset that leads me to build things like a PGP whistleblower tool is what makes post-quantum VPN design worth taking seriously now, not later.

Does Mullvad’s post-quantum VPN actually protect you?

Short answer: it improves your position against long-term decryption, but it does not magically make you anonymous or invincible.

Where it helps:

  • Recorded traffic becomes harder to exploit later. If an adversary stores your traffic now, hybrid post-quantum handshakes give you an extra layer should RSA/ECC be broken by quantum machines in future.
  • No downgrade from today’s security. The classical key exchange is still there. You are not trading proven schemes for experimental ones, you are adding redundancy.
  • Better alignment with modern standards. As NIST and others finalise post-quantum standards, Mullvad is already aligned with the general direction: lattice-based key encapsulation mechanisms and hybrid designs.

Where it does not help:

  • It does not stop browser fingerprinting, cookies, or app telemetry.
  • It does not fix poor operational security, such as logging into identifiable accounts while using the VPN.
  • It does not replace basic network hardening. You still need sane DNS choices, firewall rules, and decent hosting hygiene.

For that last point, I have written separately about using Cloudflare tactically, including tarpit workers and WAF rules, in Free Cloudflare WAF Rule – Basic Website Protection (But Read This First) and Cloudflare: The Wonderful World Of Tarpit Workers. Those pieces show how a VPN is one layer in a wider defence, not a silver bullet.

Where post-quantum VPNs sit in the bigger picture

Post-quantum VPN handshakes are still relatively new, and the underlying algorithms are being standardised by bodies such as NIST. That does not make them gimmicks. It just means the ecosystem is in motion: performance is being tuned, side-channel risks are being studied, and protocol designers are learning how best to combine old and new primitives.

Mullvad’s decision to ship and iterate on hybrid post-quantum designs puts it ahead of many mainstream VPN brands that are still selling the same AES plus RSA story they were pushing ten years ago. If you care about long-term privacy rather than just streaming region-locked content, this kind of design work matters.

If you want to compare Mullvad’s posture with other providers and see where post-quantum fits among more familiar features like kill switches and multihop, the comparison set in Best VPNs for Privacy in 2025 – Mullvad? is a useful next stop.

Key takeaways

  • Large-scale quantum computers are expected to break today’s widely used RSA and ECC schemes, which underpin most current VPN key exchanges.
  • Mullvad is testing and deploying hybrid handshakes that combine classical algorithms such as Curve25519 with post-quantum algorithms such as Kyber-style key encapsulation.
  • This hybrid approach is designed to protect against “harvest now, decrypt later” attacks, where adversaries store encrypted VPN traffic and wait for better decryption tools.
  • Post-quantum VPN encryption does not replace good privacy practice, but it does raise the cost of long-term attacks on recorded traffic.
  • For people who treat privacy as a long game, Mullvad’s early work on post-quantum cryptography is a meaningful step rather than a marketing line.

For more on how this fits into a broader, realistic privacy strategy – from VPN choice, to Cloudflare hardening, to encryption tools that actually get used – explore the wider security and privacy articles on The Reasonable Adjustment and the projects in the open source whistleblower tooling series.

Published in Articles, Cyber, Data, Food For Thought and Tools

More from ArticlesMore posts in Articles »
More from CyberMore posts in Cyber »
More from DataMore posts in Data »
More from Food For ThoughtMore posts in Food For Thought »
More from ToolsMore posts in Tools »

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *