Use Quantum-Resistant Cryptogtaphic Algorithm
OpenVPN uses TLS for encryption, Quantum Proof Algorithms including the four selected by NIST are provided by liboqs. The library is already present in repositories of many Linux Distros. liboqs is integrated in TLS, means no additional work is required for the client side. This would be very easy to implement in The VPN.
Much better alternative would be that Proton makes it's own Algorithm. It would be a good way to add it as an optional feature in the initial stages for testing.
-
Anthony Rosa commented
"Much better alternative would be that Proton makes it's own Algorithm."
This is a very bad idea. Encryption algorithms are security mechanisms, and the design of a security mechanism should be open rather than secret. Therefore, encryption algorithms should not be proprietary. Cryptographic libraries take years of dedicated testing and research to be considered safe, and new issues are constantly discovered.
"liboqs is integrated in TLS, means no additional work is required for the client side"
The OpenSSL 1.1.1 fork using liboqs is currently for experimental purposes only. It doesn't make a ton of sense to rush into this. Signal and iMessage are implementing Kyber so we'll have good data in a bit to ensure nothing breaks. Additionally, issues have already been discovered in Kyber, both in its math (https://blog.cr.yp.to/20231003-countcorrectly.html) and implementation (https://techmonitor.ai/hardware/quantum/kyberslash-kyber-vulnerabilities).
-
Tom commented
Per https://mullvad.net/en/blog/stable-quantum-resistant-tunnels-in-the-app it would seem that quantum resistant VPN tunnels can be created and deployed. This was back in April 2003, has there been any news/status of proton doing this?