Documentation
Post-quantum VPN: quantum-resistant encryption
VIGIL-MESH establishes every QUIC session with a hybrid key exchange: X25519 (classical) combined with ML-KEM768 (post-quantum). The goal is to resist the “harvest now, decrypt later” attack, where an adversary captures encrypted traffic today in order to break it once a quantum computer exists.
The “harvest now, decrypt later” threat
An attacker does not need a quantum computer today to harm you tomorrow: recording your encrypted traffic now and waiting is enough. Long-lived data (secrets, intellectual property, personal data) is the most exposed. Purely classical encryption (elliptic curves) would fall the day a sufficiently large quantum computer exists.
What a hybrid key exchange is
VIGIL combines two mechanisms in the same session establishment: X25519, proven over many years, and ML-KEM768 (the post-quantum standard derived from Kyber). The final key derives from both: breaking it would require defeating X25519 AND ML-KEM. This keeps the classical robustness while adding quantum resistance — without betting on either one alone.
Where VIGIL applies post-quantum (and where not yet)
Post-quantum protection covers all end-to-end QUIC sessions — that is, the actual transport of your data. In all honesty: the discovery envelopes (the HPKE mechanism that helps establish sessions) remain X25519 today. The content of your flows, however, benefits from the hybrid exchange.
What this changes for your sensitive data
- Your sessions are protected by default: nothing to enable, the post-quantum hybrid is applied to every QUIC connection.
- Long-lived data is defended against “decrypt later”: capturing it today will not be enough.
- A single layer of end-to-end encryption: the infrastructure relays without ever holding the session key.