Microsoft Adds Post-Quantum Cryptography to OpenVPN. What Does This Mean?

Microsoft has been working to implement post-quantum cryptography within OpenVPN. Let’s explain what this means. Starting with:


This one is easy. If you’ve ever used a VPN, you’re very likely to be familiar with the OpenVPN protocol, the most recommended and most used VPN protocol. It is open-source, meaning that anyone can inspect it and point out any vulnerabilities, and very secure, employing robust encryption techniques. In layman’s terms, it is software that manages the transfer of data through a connection, know as a tunnel, securely across the internet.


Cryptography is roughly synonymous with encryption, the conversion of information from a readable state to seemingly gibberish using a mathematical formula. Encryption is applied to any sensitive data that needs to be stored or transferred privately. The conversion is reversible naturally, but only to those who know the formula.

Here’s how it works. Say you want to encrypt the phrase ‘vpn review’. You can start by substituting each letter with a number, assuming that A is 1, B is 2, and so forth. You can then apply a unique mathematical formula, known as the key, to those numbers – multiply it by X for example, then divide it by Y, subtract Z, etc. Now only people that know this formula can look at the new string of numbers, reverse the process and recover the phrase. Modern day encryption techniques are obviously significantly more complex, but this is the basic idea.

Post Quantum Cryptography

Post-quantum cryptography describes cryptographic algorithms (read: mathematical formulas) that are designed to defend against attacks by quantum computers.

A quantum computer is a computer that performs quantum computing. The computers that we use today encode data into a combination of binary digits, zeros and ones. Quantum computers exploit the laws of quantum mechanics, the physical behavior of elements at the atomic scale, which behave in a very strange manner, able to exist in more than one place or in more than one state of being at a time. Quantum computing is beyond the scope of this article. What you do need to know about quantum computing is that, though still in its infancy today, it has the potential to deliver significantly faster processing power.

We mentioned before that unless you have the key, it is very difficult to break encrypted data, but it’s not impossible. The more complex the encryption, the more time it would take computers to figure out the formula. Right now encryption methods are so advanced that it would take computers a lifetime trying to figure them out. But it is theorized that sufficiently powerful quantum computer would be able to crack encryption algorithms in a short period of time.

Going back to our story, the Microsoft Research Security and Cryptography group has implemented post-quantum cryptography into an OpenVPN fork in order to test the efficiency of PQC algorithms against attacks by quantum computers.

The project, called PQCrypto-VPN, is published on Github. Microsoft warns that the project is still experimental; we won’t be able to confirm if the algorithms are effective against a quantum computing attack for at least another few years.