Hey r/Surfshark,

We’ve recently announced Dausos, our new proprietary VPN protocol. Let’s break down the post-quantum security side of it specifically, since that’s where the most significant architectural decisions were made.

What is post-quantum cryptography?

It refers to cryptographic algorithms designed to resist attacks from quantum computers. Most encryption in use today ,including the standards underpinning the majority of VPN protocols, relies on mathematical problems that classical computers can’t solve in any reasonable timeframe.

Quantum computers, once sufficiently powerful, will be able to solve some of those same problems orders of magnitude faster, effectively breaking the encryption. Post-quantum algorithms are built on different mathematical foundations that remain hard even for quantum hardware.

Why it matters now

You might think that since quantum computers aren’t a threat just yet, post-quantum encryption is a problem for the future. But that’s not entirely true.

Sufficiently powerful quantum computers don’t exist yet, true — but the threat model doesn’t require them to. Scammers can collect and store encrypted traffic today, then decrypt it retroactively once quantum hardware catches up. VPN traffic isn’t immune to the risk, which is why waiting until quantum computers actually arrive is already too late.

What we built into Dausos

Root CA with ML-DSA signing

We built a self-signed root certificate authority specifically for Dausos, using ML-DSA — NIST’s newly standardized post-quantum signature scheme. This secures the trust chain at the certificate layer: the system that signs and verifies communication channels is itself quantum-resistant. Most existing VPN implementations still rely on classical schemes like ECDSA or RSA at this layer. Applying a post-quantum signature algorithm with our own root CA is a meaningful architectural departure that future-proofs the verification layer, not just the data channel.

Hybrid key exchange: ML-KEM*X25519 (X25519MLKEM768)

For session key establishment, Dausos uses a hybrid construction combining X25519 (ECDH) with ML-KEM-768. The hybrid approach is deliberate: it doesn’t replace the classical primitive, it layers on top of it. That means if ML-KEM assumptions are ever found to be weaker than expected, security doesn’t regress — you still have X25519. So even if ML-KEM is deemed vulnerable, you will at least still retain some form of security. ML-KEM-768 is currently the leading NIST-recommended candidate for post-quantum key encapsulation across all use cases.

This information is, admittedly, not the easiest to grasp. Which is part of the reason it’s good — some of the security steps built into Dausos have never been used in a VPN protocol before.

If you missed the announcement, you can read the full Dausos introduction here. If you have any post-quantum questions, drop them below and I'll answer when I can.